From 74c95055e9ed156727e54936fa6034f93e18ae8a Mon Sep 17 00:00:00 2001 From: Ansible Core Team Date: Mon, 9 Mar 2020 09:40:32 +0000 Subject: [PATCH] Migrated to fortinet.fortios --- .../network/fortimanager/__init__.py | 0 .../network/fortimanager/common.py | 288 -- .../network/fortimanager/fortimanager.py | 466 --- .../module_utils/network/fortios/__init__.py | 0 .../network/fortios/argspec/__init__.py | 0 .../network/fortios/argspec/facts/__init__.py | 0 .../network/fortios/argspec/facts/facts.py | 45 - .../fortios/argspec/system/__init__.py | 0 .../network/fortios/argspec/system/system.py | 28 - .../network/fortios/facts/__init__.py | 0 .../network/fortios/facts/facts.py | 92 - .../network/fortios/facts/system/__init__.py | 0 .../network/fortios/facts/system/system.py | 63 - .../module_utils/network/fortios/fortios.py | 338 -- .../network/fortios/fortios_address.py | 291 -- .../fortios/fortios_alertemail_setting.py | 602 ---- .../fortios/fortios_antivirus_heuristic.py | 295 -- .../fortios/fortios_antivirus_profile.py | 1366 ------- .../fortios/fortios_antivirus_quarantine.py | 505 --- .../fortios/fortios_antivirus_settings.py | 312 -- .../fortios/fortios_application_custom.py | 388 -- .../fortios/fortios_application_group.py | 382 -- .../fortios/fortios_application_list.py | 705 ---- .../fortios/fortios_application_name.py | 430 --- .../fortios_application_rule_settings.py | 331 -- .../fortios/fortios_authentication_rule.py | 439 --- .../fortios/fortios_authentication_scheme.py | 423 --- .../fortios/fortios_authentication_setting.py | 338 -- .../modules/network/fortios/fortios_config.py | 182 - .../fortios/fortios_dlp_filepattern.py | 457 --- .../fortios/fortios_dlp_fp_doc_source.py | 481 --- .../fortios/fortios_dlp_fp_sensitivity.py | 332 -- .../network/fortios/fortios_dlp_sensor.py | 602 ---- .../network/fortios/fortios_dlp_settings.py | 320 -- .../fortios_dnsfilter_domain_filter.py | 399 --- .../fortios/fortios_dnsfilter_profile.py | 511 --- .../fortios_endpoint_control_client.py | 362 -- ...ortios_endpoint_control_forticlient_ems.py | 396 --- ...t_control_forticlient_registration_sync.py | 336 -- .../fortios_endpoint_control_profile.py | 1177 ------- .../fortios_endpoint_control_settings.py | 392 --- .../fortios_extender_controller_extender.py | 627 ---- .../modules/network/fortios/fortios_facts.py | 282 -- .../fortios/fortios_firewall_DoS_policy.py | 492 --- .../fortios/fortios_firewall_DoS_policy6.py | 492 --- .../fortios/fortios_firewall_address.py | 571 --- .../fortios/fortios_firewall_address6.py | 536 --- .../fortios_firewall_address6_template.py | 406 --- .../fortios/fortios_firewall_addrgrp.py | 428 --- .../fortios/fortios_firewall_addrgrp6.py | 418 --- .../fortios/fortios_firewall_auth_portal.py | 320 -- .../fortios_firewall_central_snat_map.py | 463 --- .../fortios_firewall_dnstranslation.py | 352 -- .../fortios_firewall_identity_based_route.py | 383 -- .../fortios_firewall_interface_policy.py | 555 --- .../fortios_firewall_interface_policy6.py | 555 --- .../fortios_firewall_internet_service.py | 425 --- ...ortios_firewall_internet_service_custom.py | 472 --- ...fortios_firewall_internet_service_group.py | 354 -- .../fortios_firewall_ip_translation.py | 359 -- .../fortios_firewall_ipmacbinding_setting.py | 314 -- .../fortios_firewall_ipmacbinding_table.py | 359 -- .../fortios/fortios_firewall_ippool.py | 428 --- .../fortios/fortios_firewall_ippool6.py | 350 -- .../fortios_firewall_ipv6_eh_filter.py | 358 -- .../fortios/fortios_firewall_ldb_monitor.py | 388 -- .../fortios_firewall_local_in_policy.py | 434 --- .../fortios_firewall_local_in_policy6.py | 423 --- .../fortios_firewall_multicast_address.py | 431 --- .../fortios_firewall_multicast_address6.py | 400 --- .../fortios_firewall_multicast_policy.py | 451 --- .../fortios_firewall_multicast_policy6.py | 428 --- .../fortios/fortios_firewall_policy.py | 1533 -------- .../fortios/fortios_firewall_policy46.py | 525 --- .../fortios/fortios_firewall_policy6.py | 1074 ------ .../fortios/fortios_firewall_policy64.py | 525 --- .../fortios/fortios_firewall_profile_group.py | 413 --- ...rtios_firewall_profile_protocol_options.py | 1083 ------ .../fortios/fortios_firewall_proxy_address.py | 567 --- .../fortios/fortios_firewall_proxy_addrgrp.py | 428 --- .../fortios/fortios_firewall_proxy_policy.py | 881 ----- .../fortios_firewall_schedule_group.py | 354 -- .../fortios_firewall_schedule_onetime.py | 356 -- .../fortios_firewall_schedule_recurring.py | 368 -- .../fortios_firewall_service_category.py | 337 -- .../fortios_firewall_service_custom.py | 566 --- .../fortios/fortios_firewall_service_group.py | 371 -- .../fortios_firewall_shaper_per_ip_shaper.py | 388 -- .../fortios_firewall_shaper_traffic_shaper.py | 394 --- .../fortios_firewall_shaping_policy.py | 670 ---- .../fortios_firewall_shaping_profile.py | 389 -- .../fortios/fortios_firewall_sniffer.py | 629 ---- .../fortios/fortios_firewall_ssh_host_key.py | 396 --- .../fortios/fortios_firewall_ssh_local_ca.py | 360 -- .../fortios/fortios_firewall_ssh_local_key.py | 360 -- .../fortios/fortios_firewall_ssh_setting.py | 344 -- .../fortios/fortios_firewall_ssl_server.py | 456 --- .../fortios/fortios_firewall_ssl_setting.py | 372 -- .../fortios_firewall_ssl_ssh_profile.py | 1060 ------ .../fortios/fortios_firewall_ttl_policy.py | 406 --- .../network/fortios/fortios_firewall_vip.py | 1224 ------- .../network/fortios/fortios_firewall_vip46.py | 567 --- .../network/fortios/fortios_firewall_vip6.py | 1109 ------ .../network/fortios/fortios_firewall_vip64.py | 567 --- .../fortios/fortios_firewall_vipgrp.py | 373 -- .../fortios/fortios_firewall_vipgrp46.py | 367 -- .../fortios/fortios_firewall_vipgrp6.py | 367 -- .../fortios/fortios_firewall_vipgrp64.py | 367 -- .../fortios_firewall_wildcard_fqdn_custom.py | 366 -- .../fortios_firewall_wildcard_fqdn_group.py | 377 -- .../fortios/fortios_ftp_proxy_explicit.py | 323 -- .../network/fortios/fortios_icap_profile.py | 432 --- .../network/fortios/fortios_icap_server.py | 366 -- .../network/fortios/fortios_ips_custom.py | 429 --- .../network/fortios/fortios_ips_decoder.py | 354 -- .../network/fortios/fortios_ips_global.py | 401 --- .../network/fortios/fortios_ips_rule.py | 458 --- .../fortios/fortios_ips_rule_settings.py | 331 -- .../network/fortios/fortios_ips_sensor.py | 807 ----- .../network/fortios/fortios_ips_settings.py | 309 -- .../network/fortios/fortios_ipv4_policy.py | 336 -- .../fortios/fortios_log_custom_field.py | 343 -- .../fortios/fortios_log_disk_filter.py | 621 ---- .../fortios/fortios_log_disk_setting.py | 531 --- .../fortios/fortios_log_eventfilter.py | 397 --- .../fortios_log_fortianalyzer2_filter.py | 434 --- .../fortios_log_fortianalyzer2_setting.py | 445 --- .../fortios_log_fortianalyzer3_filter.py | 434 --- .../fortios_log_fortianalyzer3_setting.py | 445 --- .../fortios_log_fortianalyzer_filter.py | 434 --- ...rtios_log_fortianalyzer_override_filter.py | 434 --- ...tios_log_fortianalyzer_override_setting.py | 465 --- .../fortios_log_fortianalyzer_setting.py | 445 --- .../fortios/fortios_log_fortiguard_filter.py | 434 --- .../fortios_log_fortiguard_override_filter.py | 434 --- ...fortios_log_fortiguard_override_setting.py | 341 -- .../fortios/fortios_log_fortiguard_setting.py | 363 -- .../fortios/fortios_log_gui_display.py | 314 -- .../fortios/fortios_log_memory_filter.py | 610 ---- .../fortios_log_memory_global_setting.py | 309 -- .../fortios/fortios_log_memory_setting.py | 303 -- .../fortios/fortios_log_null_device_filter.py | 424 --- .../fortios_log_null_device_setting.py | 294 -- .../network/fortios/fortios_log_setting.py | 475 --- .../fortios/fortios_log_syslogd2_filter.py | 424 --- .../fortios/fortios_log_syslogd2_setting.py | 438 --- .../fortios/fortios_log_syslogd3_filter.py | 424 --- .../fortios/fortios_log_syslogd3_setting.py | 438 --- .../fortios/fortios_log_syslogd4_filter.py | 424 --- .../fortios/fortios_log_syslogd4_setting.py | 438 --- .../fortios/fortios_log_syslogd_filter.py | 424 --- .../fortios_log_syslogd_override_filter.py | 424 --- .../fortios_log_syslogd_override_setting.py | 448 --- .../fortios/fortios_log_syslogd_setting.py | 438 --- .../fortios/fortios_log_threat_weight.py | 725 ---- .../fortios/fortios_log_webtrends_filter.py | 424 --- .../fortios/fortios_log_webtrends_setting.py | 300 -- .../network/fortios/fortios_report_chart.py | 850 ----- .../network/fortios/fortios_report_dataset.py | 427 --- .../network/fortios/fortios_report_layout.py | 867 ----- .../network/fortios/fortios_report_setting.py | 328 -- .../network/fortios/fortios_report_style.py | 529 --- .../network/fortios/fortios_report_theme.py | 523 --- .../fortios/fortios_router_access_list.py | 392 --- .../fortios/fortios_router_access_list6.py | 364 -- .../fortios/fortios_router_aspath_list.py | 342 -- .../fortios/fortios_router_auth_path.py | 343 -- .../network/fortios/fortios_router_bfd.py | 307 -- .../network/fortios/fortios_router_bfd6.py | 306 -- .../network/fortios/fortios_router_bgp.py | 2350 ------------ .../fortios/fortios_router_community_list.py | 358 -- .../network/fortios/fortios_router_isis.py | 1046 ------ .../fortios/fortios_router_key_chain.py | 344 -- .../fortios/fortios_router_multicast.py | 760 ---- .../fortios/fortios_router_multicast6.py | 372 -- .../fortios/fortios_router_multicast_flow.py | 366 -- .../network/fortios/fortios_router_ospf.py | 1117 ------ .../network/fortios/fortios_router_ospf6.py | 804 ----- .../network/fortios/fortios_router_policy.py | 521 --- .../network/fortios/fortios_router_policy6.py | 410 --- .../fortios/fortios_router_prefix_list.py | 388 -- .../fortios/fortios_router_prefix_list6.py | 366 -- .../network/fortios/fortios_router_rip.py | 682 ---- .../network/fortios/fortios_router_ripng.py | 640 ---- .../fortios/fortios_router_route_map.py | 666 ---- .../network/fortios/fortios_router_setting.py | 296 -- .../network/fortios/fortios_router_static.py | 468 --- .../network/fortios/fortios_router_static6.py | 393 --- .../network/fortios/fortios_spamfilter_bwl.py | 408 --- .../fortios/fortios_spamfilter_bword.py | 410 --- .../fortios/fortios_spamfilter_dnsbl.py | 365 -- .../fortios/fortios_spamfilter_fortishield.py | 309 -- .../fortios/fortios_spamfilter_iptrust.py | 371 -- .../fortios/fortios_spamfilter_mheader.py | 381 -- .../fortios/fortios_spamfilter_options.py | 289 -- .../fortios/fortios_spamfilter_profile.py | 719 ---- .../fortios/fortios_ssh_filter_profile.py | 452 --- ...rtios_switch_controller_802_1X_settings.py | 305 -- ...ortios_switch_controller_custom_command.py | 321 -- .../fortios_switch_controller_global.py | 357 -- ...fortios_switch_controller_igmp_snooping.py | 299 -- .../fortios_switch_controller_lldp_profile.py | 471 --- ...fortios_switch_controller_lldp_settings.py | 323 -- ...ios_switch_controller_mac_sync_settings.py | 290 -- ...ortios_switch_controller_managed_switch.py | 1417 -------- ...tch_controller_network_monitor_settings.py | 294 -- ...fortios_switch_controller_qos_dot1p_map.py | 462 --- ...rtios_switch_controller_qos_ip_dscp_map.py | 397 --- ...ortios_switch_controller_qos_qos_policy.py | 334 -- ...tios_switch_controller_qos_queue_policy.py | 371 -- .../fortios_switch_controller_quarantine.py | 339 -- ...witch_controller_security_policy_802_1X.py | 439 --- ...ntroller_security_policy_captive_portal.py | 324 -- .../fortios_switch_controller_sflow.py | 295 -- ...fortios_switch_controller_storm_control.py | 321 -- .../fortios_switch_controller_stp_settings.py | 337 -- .../fortios_switch_controller_switch_group.py | 332 -- ..._switch_controller_switch_interface_tag.py | 309 -- .../fortios_switch_controller_switch_log.py | 311 -- ...ortios_switch_controller_switch_profile.py | 326 -- .../fortios_switch_controller_system.py | 299 -- ...ios_switch_controller_virtual_port_pool.py | 315 -- .../fortios/fortios_switch_controller_vlan.py | 425 --- .../fortios/fortios_system_accprofile.py | 831 ----- .../network/fortios/fortios_system_admin.py | 1015 ------ .../fortios_system_affinity_interrupt.py | 321 -- ...s_system_affinity_packet_redistribution.py | 328 -- .../network/fortios/fortios_system_alarm.py | 439 --- .../network/fortios/fortios_system_alias.py | 315 -- .../fortios/fortios_system_api_user.py | 436 --- .../fortios/fortios_system_arp_table.py | 328 -- .../fortios/fortios_system_auto_install.py | 316 -- .../fortios/fortios_system_auto_script.py | 344 -- .../fortios_system_automation_action.py | 471 --- .../fortios_system_automation_destination.py | 343 -- .../fortios_system_automation_stitch.py | 360 -- .../fortios_system_automation_trigger.py | 424 --- .../fortios_system_autoupdate_push_update.py | 316 -- .../fortios_system_autoupdate_schedule.py | 328 -- .../fortios_system_autoupdate_tunneling.py | 318 -- .../fortios_system_central_management.py | 478 --- .../fortios/fortios_system_cluster_sync.py | 460 --- .../network/fortios/fortios_system_console.py | 328 -- .../network/fortios/fortios_system_csf.py | 435 --- .../fortios/fortios_system_custom_language.py | 321 -- .../network/fortios/fortios_system_ddns.py | 454 --- .../fortios/fortios_system_dedicated_mgmt.py | 335 -- .../fortios/fortios_system_dhcp6_server.py | 496 --- .../fortios/fortios_system_dhcp_server.py | 938 ----- .../network/fortios/fortios_system_dns.py | 368 -- .../fortios/fortios_system_dns_database.py | 483 --- .../fortios/fortios_system_dns_server.py | 326 -- .../fortios_system_dscp_based_priority.py | 326 -- .../fortios/fortios_system_email_server.py | 385 -- .../fortios_system_external_resource.py | 356 -- .../network/fortios/fortios_system_fips_cc.py | 310 -- .../fortios_system_firmware_upgrade.py | 358 -- .../network/fortios/fortios_system_fm.py | 343 -- .../fortios/fortios_system_fortiguard.py | 517 --- .../fortios/fortios_system_fortimanager.py | 347 -- .../fortios/fortios_system_fortisandbox.py | 337 -- .../fortios/fortios_system_fsso_polling.py | 316 -- .../fortios/fortios_system_ftm_push.py | 305 -- .../fortios/fortios_system_geoip_override.py | 351 -- .../network/fortios/fortios_system_global.py | 2011 ----------- .../fortios/fortios_system_gre_tunnel.py | 428 --- .../network/fortios/fortios_system_ha.py | 903 ----- .../fortios/fortios_system_ha_monitor.py | 305 -- .../fortios/fortios_system_interface.py | 2573 -------------- .../fortios/fortios_system_ipip_tunnel.py | 328 -- .../fortios_system_ips_urlfilter_dns.py | 329 -- .../fortios_system_ips_urlfilter_dns6.py | 319 -- .../fortios_system_ipv6_neighbor_cache.py | 328 -- .../fortios/fortios_system_ipv6_tunnel.py | 328 -- .../fortios/fortios_system_link_monitor.py | 488 --- .../fortios_system_mac_address_table.py | 321 -- .../fortios_system_management_tunnel.py | 351 -- .../fortios/fortios_system_mobile_tunnel.py | 435 --- .../network/fortios/fortios_system_nat64.py | 364 -- .../fortios/fortios_system_nd_proxy.py | 309 -- .../network/fortios/fortios_system_netflow.py | 327 -- .../fortios_system_network_visibility.py | 336 -- .../network/fortios/fortios_system_ntp.py | 405 --- .../fortios/fortios_system_object_tagging.py | 377 -- .../fortios/fortios_system_password_policy.py | 372 -- ...tios_system_password_policy_guest_admin.py | 371 -- .../fortios/fortios_system_pppoe_interface.py | 424 --- .../fortios/fortios_system_probe_response.py | 341 -- .../fortios/fortios_system_proxy_arp.py | 328 -- .../fortios_system_replacemsg_admin.py | 339 -- .../fortios_system_replacemsg_alertmail.py | 339 -- .../fortios/fortios_system_replacemsg_auth.py | 339 -- ...stem_replacemsg_device_detection_portal.py | 339 -- .../fortios/fortios_system_replacemsg_ec.py | 339 -- ...fortios_system_replacemsg_fortiguard_wf.py | 339 -- .../fortios/fortios_system_replacemsg_ftp.py | 339 -- .../fortios_system_replacemsg_group.py | 1162 ------ .../fortios/fortios_system_replacemsg_http.py | 339 -- .../fortios/fortios_system_replacemsg_icap.py | 339 -- .../fortios_system_replacemsg_image.py | 328 -- .../fortios/fortios_system_replacemsg_mail.py | 339 -- .../fortios_system_replacemsg_nac_quar.py | 339 -- .../fortios/fortios_system_replacemsg_nntp.py | 339 -- .../fortios/fortios_system_replacemsg_spam.py | 339 -- .../fortios_system_replacemsg_sslvpn.py | 339 -- ...fortios_system_replacemsg_traffic_quota.py | 339 -- .../fortios/fortios_system_replacemsg_utm.py | 339 -- .../fortios_system_replacemsg_webproxy.py | 339 -- .../fortios/fortios_system_resource_limits.py | 396 --- .../fortios/fortios_system_sdn_connector.py | 665 ---- .../fortios/fortios_system_session_helper.py | 353 -- .../fortios/fortios_system_session_ttl.py | 330 -- .../fortios/fortios_system_settings.py | 1369 ------- .../network/fortios/fortios_system_sflow.py | 302 -- .../fortios/fortios_system_sit_tunnel.py | 334 -- .../fortios/fortios_system_sms_server.py | 315 -- .../fortios/fortios_system_snmp_community.py | 560 --- .../fortios/fortios_system_snmp_sysinfo.py | 337 -- .../fortios/fortios_system_snmp_user.py | 512 --- .../network/fortios/fortios_system_storage.py | 377 -- .../fortios_system_switch_interface.py | 396 --- .../fortios_system_tos_based_priority.py | 327 -- .../network/fortios/fortios_system_vdom.py | 350 -- .../fortios/fortios_system_vdom_dns.py | 324 -- .../fortios/fortios_system_vdom_exception.py | 355 -- .../fortios/fortios_system_vdom_link.py | 329 -- .../fortios/fortios_system_vdom_netflow.py | 312 -- .../fortios/fortios_system_vdom_property.py | 435 --- .../fortios_system_vdom_radius_server.py | 325 -- .../fortios/fortios_system_vdom_sflow.py | 316 -- .../fortios_system_virtual_wan_link.py | 1168 ------ .../fortios_system_virtual_wire_pair.py | 342 -- .../network/fortios/fortios_system_vxlan.py | 382 -- .../network/fortios/fortios_system_wccp.py | 494 --- .../network/fortios/fortios_system_zone.py | 379 -- .../network/fortios/fortios_user_adgrp.py | 337 -- .../network/fortios/fortios_user_device.py | 433 --- .../fortios_user_device_access_list.py | 352 -- .../fortios/fortios_user_device_category.py | 321 -- .../fortios/fortios_user_device_group.py | 373 -- .../fortios/fortios_user_domain_controller.py | 334 -- .../fortios/fortios_user_fortitoken.py | 362 -- .../network/fortios/fortios_user_fsso.py | 423 --- .../fortios/fortios_user_fsso_polling.py | 387 -- .../network/fortios/fortios_user_group.py | 602 ---- .../fortios/fortios_user_krb_keytab.py | 328 -- .../network/fortios/fortios_user_ldap.py | 493 --- .../network/fortios/fortios_user_local.py | 462 --- .../fortios/fortios_user_password_policy.py | 321 -- .../network/fortios/fortios_user_peer.py | 406 --- .../network/fortios/fortios_user_peergrp.py | 326 -- .../network/fortios/fortios_user_pop3.py | 347 -- .../fortios/fortios_user_quarantine.py | 351 -- .../network/fortios/fortios_user_radius.py | 790 ----- .../fortios_user_security_exempt_list.py | 400 --- .../network/fortios/fortios_user_setting.py | 446 --- .../fortios/fortios_user_tacacsplus.py | 406 --- .../network/fortios/fortios_voip_profile.py | 1315 ------- .../fortios/fortios_vpn_certificate_ca.py | 379 -- .../fortios/fortios_vpn_certificate_crl.py | 400 --- .../fortios/fortios_vpn_certificate_local.py | 480 --- .../fortios_vpn_certificate_ocsp_server.py | 351 -- .../fortios/fortios_vpn_certificate_remote.py | 337 -- .../fortios_vpn_certificate_setting.py | 445 --- .../fortios/fortios_vpn_ipsec_concentrator.py | 358 -- .../fortios/fortios_vpn_ipsec_forticlient.py | 355 -- .../fortios/fortios_vpn_ipsec_manualkey.py | 401 --- .../fortios_vpn_ipsec_manualkey_interface.py | 434 --- .../fortios/fortios_vpn_ipsec_phase1.py | 1266 ------- .../fortios_vpn_ipsec_phase1_interface.py | 1500 -------- .../fortios/fortios_vpn_ipsec_phase2.py | 693 ---- .../fortios_vpn_ipsec_phase2_interface.py | 788 ----- .../network/fortios/fortios_vpn_l2tp.py | 322 -- .../network/fortios/fortios_vpn_pptp.py | 328 -- .../fortios/fortios_vpn_ssl_settings.py | 924 ----- ...fortios_vpn_ssl_web_host_check_software.py | 409 --- .../fortios/fortios_vpn_ssl_web_portal.py | 1255 ------- .../fortios/fortios_vpn_ssl_web_realm.py | 327 -- .../fortios_vpn_ssl_web_user_bookmark.py | 541 --- ...fortios_vpn_ssl_web_user_group_bookmark.py | 535 --- .../network/fortios/fortios_waf_main_class.py | 315 -- .../network/fortios/fortios_waf_profile.py | 1754 --------- .../network/fortios/fortios_waf_signature.py | 315 -- .../network/fortios/fortios_waf_sub_class.py | 315 -- .../fortios/fortios_wanopt_auth_group.py | 350 -- .../fortios/fortios_wanopt_cache_service.py | 401 --- ...os_wanopt_content_delivery_network_rule.py | 620 ---- .../network/fortios/fortios_wanopt_peer.py | 314 -- .../network/fortios/fortios_wanopt_profile.py | 790 ----- .../fortios/fortios_wanopt_remote_storage.py | 312 -- .../fortios/fortios_wanopt_settings.py | 309 -- .../fortios/fortios_wanopt_webcache.py | 436 --- .../fortios/fortios_web_proxy_debug_url.py | 336 -- .../fortios/fortios_web_proxy_explicit.py | 595 ---- .../fortios_web_proxy_forward_server.py | 373 -- .../fortios_web_proxy_forward_server_group.py | 366 -- .../fortios/fortios_web_proxy_global.py | 431 --- .../fortios/fortios_web_proxy_profile.py | 473 --- .../fortios/fortios_web_proxy_url_match.py | 348 -- .../network/fortios/fortios_web_proxy_wisp.py | 347 -- .../network/fortios/fortios_webfilter.py | 530 --- .../fortios/fortios_webfilter_content.py | 416 --- .../fortios_webfilter_content_header.py | 378 -- .../fortios/fortios_webfilter_fortiguard.py | 373 -- .../fortios_webfilter_ftgd_local_cat.py | 347 -- .../fortios_webfilter_ftgd_local_rating.py | 347 -- ...s_webfilter_ips_urlfilter_cache_setting.py | 296 -- ...fortios_webfilter_ips_urlfilter_setting.py | 309 -- ...ortios_webfilter_ips_urlfilter_setting6.py | 309 -- .../fortios/fortios_webfilter_override.py | 405 --- .../fortios/fortios_webfilter_profile.py | 1153 ------ .../fortios_webfilter_search_engine.py | 378 -- .../fortios/fortios_webfilter_urlfilter.py | 462 --- .../fortios_wireless_controller_ap_status.py | 333 -- ...fortios_wireless_controller_ble_profile.py | 413 --- ...ios_wireless_controller_bonjour_profile.py | 375 -- .../fortios_wireless_controller_global.py | 422 --- ...controller_hotspot20_anqp_3gpp_cellular.py | 338 -- ...ntroller_hotspot20_anqp_ip_address_type.py | 339 -- ...ess_controller_hotspot20_anqp_nai_realm.py | 455 --- ...roller_hotspot20_anqp_network_auth_type.py | 329 -- ...oller_hotspot20_anqp_roaming_consortium.py | 339 -- ...ss_controller_hotspot20_anqp_venue_name.py | 338 -- ...ntroller_hotspot20_h2qp_conn_capability.py | 434 --- ...controller_hotspot20_h2qp_operator_name.py | 338 -- ..._controller_hotspot20_h2qp_osu_provider.py | 397 --- ...ss_controller_hotspot20_h2qp_wan_metric.py | 372 -- ...ireless_controller_hotspot20_hs_profile.py | 654 ---- ...tios_wireless_controller_hotspot20_icon.py | 364 -- ...s_wireless_controller_hotspot20_qos_map.py | 373 -- ...os_wireless_controller_inter_controller.py | 362 -- ...fortios_wireless_controller_qos_profile.py | 484 --- .../fortios_wireless_controller_setting.py | 489 --- .../fortios_wireless_controller_timers.py | 399 --- ...fortios_wireless_controller_utm_profile.py | 384 -- .../fortios_wireless_controller_vap.py | 1491 -------- .../fortios_wireless_controller_vap_group.py | 332 -- ...ortios_wireless_controller_wids_profile.py | 727 ---- .../fortios_wireless_controller_wtp.py | 1157 ------ .../fortios_wireless_controller_wtp_group.py | 402 --- ...fortios_wireless_controller_wtp_profile.py | 2036 ----------- lib/ansible/plugins/action/fortios_config.py | 32 - lib/ansible/plugins/doc_fragments/fortios.py | 61 - lib/ansible/plugins/httpapi/fortios.py | 138 - .../targets/fortios_address/aliases | 3 - .../fortios_address/files/default_config.conf | 3134 ----------------- .../files/default_config.conf.backup | 3134 ----------------- .../fortios_address/files/requirements.txt | 2 - .../targets/fortios_address/tasks/main.yml | 14 - .../tasks/test_indempotency.yml | 82 - .../tasks/test_params_state_absent.yml | 91 - .../tasks/test_params_state_present.yml | 86 - .../targets/fortios_ipv4_policy/aliases | 3 - .../files/default_config.conf | 3134 ----------------- .../files/requirements.txt | 1 - .../fortios_ipv4_policy/tasks/main.yml | 7 - .../tasks/test_indempotency.yml | 68 - .../fortios_ipv4_policy/tasks/test_params.yml | 74 - test/sanity/ignore.txt | 225 -- .../test_fortios_alertemail_setting.py | 431 --- .../test_fortios_antivirus_heuristic.py | 151 - .../fortios/test_fortios_antivirus_profile.py | 339 -- .../test_fortios_antivirus_quarantine.py | 231 -- .../test_fortios_antivirus_settings.py | 167 - .../test_fortios_application_custom.py | 289 -- .../fortios/test_fortios_application_group.py | 209 -- .../fortios/test_fortios_application_list.py | 309 -- .../fortios/test_fortios_application_name.py | 309 -- .../test_fortios_application_rule_settings.py | 199 -- .../test_fortios_authentication_rule.py | 279 -- .../test_fortios_authentication_scheme.py | 289 -- .../test_fortios_authentication_setting.py | 207 -- .../fortios/test_fortios_dlp_filepattern.py | 219 -- .../fortios/test_fortios_dlp_fp_doc_source.py | 369 -- .../test_fortios_dlp_fp_sensitivity.py | 199 -- .../fortios/test_fortios_dlp_sensor.py | 289 -- .../fortios/test_fortios_dlp_settings.py | 183 - .../test_fortios_dnsfilter_domain_filter.py | 219 -- .../fortios/test_fortios_dnsfilter_profile.py | 289 -- .../test_fortios_endpoint_control_client.py | 249 -- ...ortios_endpoint_control_forticlient_ems.py | 289 -- ...t_control_forticlient_registration_sync.py | 209 -- .../test_fortios_endpoint_control_profile.py | 229 -- .../test_fortios_endpoint_control_settings.py | 255 -- ...st_fortios_extender_controller_extender.py | 559 --- .../network/fortios/test_fortios_facts.py | 103 - .../test_fortios_firewall_DoS_policy.py | 219 -- .../test_fortios_firewall_DoS_policy6.py | 219 -- .../fortios/test_fortios_firewall_address.py | 439 --- .../fortios/test_fortios_firewall_address6.py | 349 -- ...test_fortios_firewall_address6_template.py | 219 -- .../fortios/test_fortios_firewall_addrgrp.py | 249 -- .../fortios/test_fortios_firewall_addrgrp6.py | 239 -- .../test_fortios_firewall_auth_portal.py | 159 - .../test_fortios_firewall_central_snat_map.py | 259 -- .../test_fortios_firewall_dnstranslation.py | 229 -- ...t_fortios_firewall_identity_based_route.py | 219 -- .../test_fortios_firewall_interface_policy.py | 399 --- ...test_fortios_firewall_interface_policy6.py | 399 --- .../test_fortios_firewall_internet_service.py | 269 -- ...ortios_firewall_internet_service_custom.py | 219 -- ...fortios_firewall_internet_service_group.py | 209 -- .../test_fortios_firewall_ip_translation.py | 239 -- ...t_fortios_firewall_ipmacbinding_setting.py | 167 - ...est_fortios_firewall_ipmacbinding_table.py | 239 -- .../fortios/test_fortios_firewall_ippool.py | 329 -- .../fortios/test_fortios_firewall_ippool6.py | 229 -- .../test_fortios_firewall_ipv6_eh_filter.py | 207 -- .../test_fortios_firewall_ldb_monitor.py | 279 -- .../test_fortios_firewall_local_in_policy.py | 259 -- .../test_fortios_firewall_local_in_policy6.py | 249 -- ...test_fortios_firewall_multicast_address.py | 279 -- ...est_fortios_firewall_multicast_address6.py | 239 -- .../test_fortios_firewall_multicast_policy.py | 309 -- ...test_fortios_firewall_multicast_policy6.py | 279 -- .../fortios/test_fortios_firewall_policy.py | 1169 ------ .../fortios/test_fortios_firewall_policy46.py | 359 -- .../fortios/test_fortios_firewall_policy6.py | 789 ----- .../fortios/test_fortios_firewall_policy64.py | 359 -- .../test_fortios_firewall_profile_group.py | 329 -- ...rtios_firewall_profile_protocol_options.py | 249 -- .../test_fortios_firewall_proxy_address.py | 349 -- .../test_fortios_firewall_proxy_addrgrp.py | 249 -- .../test_fortios_firewall_proxy_policy.py | 599 ---- .../test_fortios_firewall_schedule_group.py | 209 -- .../test_fortios_firewall_schedule_onetime.py | 239 -- ...est_fortios_firewall_schedule_recurring.py | 239 -- .../test_fortios_firewall_service_category.py | 209 -- .../test_fortios_firewall_service_custom.py | 409 --- .../test_fortios_firewall_service_group.py | 229 -- ...t_fortios_firewall_shaper_per_ip_shaper.py | 269 -- ..._fortios_firewall_shaper_traffic_shaper.py | 269 -- .../test_fortios_firewall_shaping_policy.py | 299 -- .../test_fortios_firewall_shaping_profile.py | 229 -- .../fortios/test_fortios_firewall_sniffer.py | 439 --- .../test_fortios_firewall_ssh_host_key.py | 269 -- .../test_fortios_firewall_ssh_local_ca.py | 239 -- .../test_fortios_firewall_ssh_local_key.py | 239 -- .../test_fortios_firewall_ssh_setting.py | 215 -- .../test_fortios_firewall_ssl_server.py | 329 -- .../test_fortios_firewall_ssl_setting.py | 231 -- .../test_fortios_firewall_ssl_ssh_profile.py | 309 -- .../test_fortios_firewall_ttl_policy.py | 249 -- .../fortios/test_fortios_firewall_vip.py | 839 ----- .../fortios/test_fortios_firewall_vip46.py | 339 -- .../fortios/test_fortios_firewall_vip6.py | 789 ----- .../fortios/test_fortios_firewall_vip64.py | 339 -- .../fortios/test_fortios_firewall_vipgrp.py | 239 -- .../fortios/test_fortios_firewall_vipgrp46.py | 229 -- .../fortios/test_fortios_firewall_vipgrp6.py | 229 -- .../fortios/test_fortios_firewall_vipgrp64.py | 229 -- ...t_fortios_firewall_wildcard_fqdn_custom.py | 249 -- ...st_fortios_firewall_wildcard_fqdn_group.py | 239 -- .../test_fortios_ftp_proxy_explicit.py | 183 - .../fortios/test_fortios_icap_profile.py | 309 -- .../fortios/test_fortios_icap_server.py | 249 -- .../fortios/test_fortios_ips_custom.py | 329 -- .../fortios/test_fortios_ips_decoder.py | 209 -- .../fortios/test_fortios_ips_global.py | 247 -- .../network/fortios/test_fortios_ips_rule.py | 329 -- .../fortios/test_fortios_ips_rule_settings.py | 199 -- .../fortios/test_fortios_ips_sensor.py | 239 -- .../fortios/test_fortios_ips_settings.py | 175 - .../fortios/test_fortios_log_custom_field.py | 219 -- .../fortios/test_fortios_log_disk_filter.py | 407 --- .../fortios/test_fortios_log_disk_setting.py | 367 -- .../fortios/test_fortios_log_eventfilter.py | 231 -- .../test_fortios_log_fortianalyzer2_filter.py | 263 -- ...test_fortios_log_fortianalyzer2_setting.py | 295 -- .../test_fortios_log_fortianalyzer3_filter.py | 263 -- ...test_fortios_log_fortianalyzer3_setting.py | 295 -- .../test_fortios_log_fortianalyzer_filter.py | 263 -- ...rtios_log_fortianalyzer_override_filter.py | 263 -- ...tios_log_fortianalyzer_override_setting.py | 311 -- .../test_fortios_log_fortianalyzer_setting.py | 295 -- .../test_fortios_log_fortiguard_filter.py | 263 -- ..._fortios_log_fortiguard_override_filter.py | 263 -- ...fortios_log_fortiguard_override_setting.py | 191 - .../test_fortios_log_fortiguard_setting.py | 207 -- .../fortios/test_fortios_log_gui_display.py | 167 - .../fortios/test_fortios_log_memory_filter.py | 399 --- .../test_fortios_log_memory_global_setting.py | 175 - .../test_fortios_log_memory_setting.py | 159 - .../test_fortios_log_null_device_filter.py | 255 -- .../test_fortios_log_null_device_setting.py | 151 - .../fortios/test_fortios_log_setting.py | 279 -- .../test_fortios_log_syslogd2_filter.py | 255 -- .../test_fortios_log_syslogd2_setting.py | 223 -- .../test_fortios_log_syslogd3_filter.py | 255 -- .../test_fortios_log_syslogd3_setting.py | 223 -- .../test_fortios_log_syslogd4_filter.py | 255 -- .../test_fortios_log_syslogd4_setting.py | 223 -- .../test_fortios_log_syslogd_filter.py | 255 -- ...est_fortios_log_syslogd_override_filter.py | 255 -- ...st_fortios_log_syslogd_override_setting.py | 231 -- .../test_fortios_log_syslogd_setting.py | 223 -- .../fortios/test_fortios_log_threat_weight.py | 175 - .../test_fortios_log_webtrends_filter.py | 255 -- .../test_fortios_log_webtrends_setting.py | 159 - .../fortios/test_fortios_report_chart.py | 369 -- .../fortios/test_fortios_report_dataset.py | 209 -- .../fortios/test_fortios_report_layout.py | 329 -- .../fortios/test_fortios_report_setting.py | 183 - .../fortios/test_fortios_report_style.py | 449 --- .../fortios/test_fortios_report_theme.py | 489 --- .../test_fortios_router_access_list.py | 219 -- .../test_fortios_router_access_list6.py | 219 -- .../test_fortios_router_aspath_list.py | 209 -- .../fortios/test_fortios_router_auth_path.py | 219 -- .../fortios/test_fortios_router_bfd.py | 143 - .../fortios/test_fortios_router_bfd6.py | 143 - .../fortios/test_fortios_router_bgp.py | 447 --- .../test_fortios_router_community_list.py | 209 -- .../fortios/test_fortios_router_isis.py | 431 --- .../fortios/test_fortios_router_key_chain.py | 189 - .../fortios/test_fortios_router_multicast.py | 159 - .../fortios/test_fortios_router_multicast6.py | 159 - .../test_fortios_router_multicast_flow.py | 209 -- .../fortios/test_fortios_router_ospf.py | 335 -- .../fortios/test_fortios_router_ospf6.py | 239 -- .../fortios/test_fortios_router_policy.py | 339 -- .../fortios/test_fortios_router_policy6.py | 319 -- .../test_fortios_router_prefix_list.py | 219 -- .../test_fortios_router_prefix_list6.py | 219 -- .../fortios/test_fortios_router_rip.py | 207 -- .../fortios/test_fortios_router_ripng.py | 183 - .../fortios/test_fortios_router_route_map.py | 219 -- .../fortios/test_fortios_router_setting.py | 159 - .../fortios/test_fortios_router_static.py | 379 -- .../fortios/test_fortios_router_static6.py | 309 -- .../fortios/test_fortios_spamfilter_bwl.py | 219 -- .../fortios/test_fortios_spamfilter_bword.py | 219 -- .../fortios/test_fortios_spamfilter_dnsbl.py | 219 -- .../test_fortios_spamfilter_fortishield.py | 167 - .../test_fortios_spamfilter_iptrust.py | 219 -- .../test_fortios_spamfilter_mheader.py | 219 -- .../test_fortios_spamfilter_options.py | 151 - .../test_fortios_spamfilter_profile.py | 339 -- .../test_fortios_ssh_filter_profile.py | 239 -- ...rtios_switch_controller_802_1X_settings.py | 167 - ...ortios_switch_controller_custom_command.py | 219 -- .../test_fortios_switch_controller_global.py | 199 -- ...fortios_switch_controller_igmp_snooping.py | 159 - ..._fortios_switch_controller_lldp_profile.py | 269 -- ...fortios_switch_controller_lldp_settings.py | 183 - ...ios_switch_controller_mac_sync_settings.py | 151 - ...ortios_switch_controller_managed_switch.py | 389 -- ...tch_controller_network_monitor_settings.py | 151 - ...fortios_switch_controller_qos_dot1p_map.py | 289 -- ...rtios_switch_controller_qos_ip_dscp_map.py | 209 -- ...ortios_switch_controller_qos_qos_policy.py | 239 -- ...tios_switch_controller_qos_queue_policy.py | 199 -- ...st_fortios_switch_controller_quarantine.py | 159 - ...witch_controller_security_policy_802_1X.py | 339 -- ...ntroller_security_policy_captive_portal.py | 219 -- .../test_fortios_switch_controller_sflow.py | 159 - ...fortios_switch_controller_storm_control.py | 175 - ..._fortios_switch_controller_stp_settings.py | 207 -- ..._fortios_switch_controller_switch_group.py | 209 -- ..._switch_controller_switch_interface_tag.py | 199 -- ...st_fortios_switch_controller_switch_log.py | 159 - ...ortios_switch_controller_switch_profile.py | 217 -- .../test_fortios_switch_controller_system.py | 159 - ...ios_switch_controller_virtual_port_pool.py | 207 -- .../test_fortios_switch_controller_vlan.py | 287 -- .../fortios/test_fortios_system_accprofile.py | 349 -- .../fortios/test_fortios_system_admin.py | 689 ---- .../test_fortios_system_affinity_interrupt.py | 219 -- ...s_system_affinity_packet_redistribution.py | 229 -- .../fortios/test_fortios_system_alarm.py | 159 - .../fortios/test_fortios_system_alias.py | 209 -- .../fortios/test_fortios_system_api_user.py | 279 -- .../fortios/test_fortios_system_arp_table.py | 229 -- .../test_fortios_system_auto_install.py | 175 - .../test_fortios_system_auto_script.py | 249 -- .../test_fortios_system_automation_action.py | 359 -- ...t_fortios_system_automation_destination.py | 209 -- .../test_fortios_system_automation_stitch.py | 209 -- .../test_fortios_system_automation_trigger.py | 299 -- ...t_fortios_system_autoupdate_push_update.py | 175 - ...test_fortios_system_autoupdate_schedule.py | 175 - ...est_fortios_system_autoupdate_tunneling.py | 183 - .../test_fortios_system_central_management.py | 263 -- .../test_fortios_system_cluster_sync.py | 249 -- .../fortios/test_fortios_system_console.py | 175 - .../fortios/test_fortios_system_csf.py | 215 -- .../test_fortios_system_custom_language.py | 219 -- .../fortios/test_fortios_system_ddns.py | 359 -- .../test_fortios_system_dedicated_mgmt.py | 199 -- .../test_fortios_system_dhcp6_server.py | 359 -- .../test_fortios_system_dhcp_server.py | 589 ---- .../fortios/test_fortios_system_dns.py | 223 -- .../test_fortios_system_dns_database.py | 319 -- .../fortios/test_fortios_system_dns_server.py | 219 -- ...test_fortios_system_dscp_based_priority.py | 219 -- .../test_fortios_system_email_server.py | 239 -- .../test_fortios_system_external_resource.py | 259 -- .../fortios/test_fortios_system_fips_cc.py | 167 - .../test_fortios_system_firmware_upgrade.py | 68 - .../network/fortios/test_fortios_system_fm.py | 199 -- .../fortios/test_fortios_system_fortiguard.py | 391 -- .../test_fortios_system_fortimanager.py | 199 -- .../test_fortios_system_fortisandbox.py | 191 - .../test_fortios_system_fsso_polling.py | 175 - .../fortios/test_fortios_system_ftm_push.py | 167 - .../test_fortios_system_geoip_override.py | 219 -- .../fortios/test_fortios_system_global.py | 1567 --------- .../fortios/test_fortios_system_gre_tunnel.py | 349 -- .../network/fortios/test_fortios_system_ha.py | 647 ---- .../fortios/test_fortios_system_ha_monitor.py | 167 - .../fortios/test_fortios_system_interface.py | 1769 ---------- .../test_fortios_system_ipip_tunnel.py | 229 -- .../test_fortios_system_ips_urlfilter_dns.py | 219 -- .../test_fortios_system_ips_urlfilter_dns6.py | 209 -- ...test_fortios_system_ipv6_neighbor_cache.py | 229 -- .../test_fortios_system_ipv6_tunnel.py | 229 -- .../test_fortios_system_link_monitor.py | 409 --- .../test_fortios_system_mac_address_table.py | 219 -- .../test_fortios_system_management_tunnel.py | 199 -- .../test_fortios_system_mobile_tunnel.py | 329 -- .../fortios/test_fortios_system_nat64.py | 191 - .../fortios/test_fortios_system_nd_proxy.py | 143 - .../fortios/test_fortios_system_netflow.py | 199 -- .../test_fortios_system_network_visibility.py | 191 - .../fortios/test_fortios_system_ntp.py | 183 - .../test_fortios_system_object_tagging.py | 259 -- .../test_fortios_system_password_policy.py | 231 -- ...tios_system_password_policy_guest_admin.py | 231 -- .../test_fortios_system_pppoe_interface.py | 349 -- .../test_fortios_system_probe_response.py | 199 -- .../fortios/test_fortios_system_proxy_arp.py | 229 -- .../test_fortios_system_replacemsg_admin.py | 229 -- ...est_fortios_system_replacemsg_alertmail.py | 229 -- .../test_fortios_system_replacemsg_auth.py | 229 -- ...stem_replacemsg_device_detection_portal.py | 229 -- .../test_fortios_system_replacemsg_ec.py | 229 -- ...fortios_system_replacemsg_fortiguard_wf.py | 229 -- .../test_fortios_system_replacemsg_ftp.py | 229 -- .../test_fortios_system_replacemsg_group.py | 219 -- .../test_fortios_system_replacemsg_http.py | 229 -- .../test_fortios_system_replacemsg_icap.py | 229 -- .../test_fortios_system_replacemsg_image.py | 219 -- .../test_fortios_system_replacemsg_mail.py | 229 -- ...test_fortios_system_replacemsg_nac_quar.py | 229 -- .../test_fortios_system_replacemsg_nntp.py | 229 -- .../test_fortios_system_replacemsg_spam.py | 229 -- .../test_fortios_system_replacemsg_sslvpn.py | 229 -- ...fortios_system_replacemsg_traffic_quota.py | 229 -- .../test_fortios_system_replacemsg_utm.py | 229 -- ...test_fortios_system_replacemsg_webproxy.py | 229 -- .../test_fortios_system_resource_limits.py | 287 -- .../test_fortios_system_sdn_connector.py | 489 --- .../test_fortios_system_session_helper.py | 229 -- .../test_fortios_system_session_ttl.py | 159 - .../fortios/test_fortios_system_settings.py | 1031 ------ .../fortios/test_fortios_system_sflow.py | 167 - .../fortios/test_fortios_system_sit_tunnel.py | 239 -- .../fortios/test_fortios_system_sms_server.py | 209 -- .../test_fortios_system_snmp_community.py | 329 -- .../test_fortios_system_snmp_sysinfo.py | 207 -- .../fortios/test_fortios_system_snmp_user.py | 339 -- .../fortios/test_fortios_system_storage.py | 279 -- .../test_fortios_system_switch_interface.py | 259 -- .../test_fortios_system_tos_based_priority.py | 219 -- .../fortios/test_fortios_system_vdom.py | 229 -- .../fortios/test_fortios_system_vdom_dns.py | 191 - .../test_fortios_system_vdom_exception.py | 239 -- .../fortios/test_fortios_system_vdom_link.py | 219 -- .../test_fortios_system_vdom_netflow.py | 175 - .../test_fortios_system_vdom_property.py | 399 --- .../test_fortios_system_vdom_radius_server.py | 219 -- .../fortios/test_fortios_system_vdom_sflow.py | 175 - .../test_fortios_system_virtual_wan_link.py | 159 - .../test_fortios_system_virtual_wire_pair.py | 209 -- .../fortios/test_fortios_system_vxlan.py | 249 -- .../fortios/test_fortios_system_wccp.py | 419 --- .../fortios/test_fortios_system_zone.py | 209 -- .../fortios/test_fortios_user_adgrp.py | 209 -- .../fortios/test_fortios_user_device.py | 269 -- .../test_fortios_user_device_access_list.py | 209 -- .../test_fortios_user_device_category.py | 219 -- .../fortios/test_fortios_user_device_group.py | 219 -- .../test_fortios_user_domain_controller.py | 239 -- .../fortios/test_fortios_user_fortitoken.py | 279 -- .../network/fortios/test_fortios_user_fsso.py | 379 -- .../fortios/test_fortios_user_fsso_polling.py | 279 -- .../fortios/test_fortios_user_group.py | 399 --- .../fortios/test_fortios_user_krb_keytab.py | 229 -- .../network/fortios/test_fortios_user_ldap.py | 429 --- .../fortios/test_fortios_user_local.py | 399 --- .../test_fortios_user_password_policy.py | 219 -- .../network/fortios/test_fortios_user_peer.py | 319 -- .../fortios/test_fortios_user_peergrp.py | 189 - .../network/fortios/test_fortios_user_pop3.py | 239 -- .../fortios/test_fortios_user_quarantine.py | 159 - .../fortios/test_fortios_user_radius.py | 539 --- .../test_fortios_user_security_exempt_list.py | 219 -- .../fortios/test_fortios_user_setting.py | 263 -- .../fortios/test_fortios_user_tacacsplus.py | 299 -- .../fortios/test_fortios_voip_profile.py | 219 -- .../test_fortios_vpn_certificate_ca.py | 289 -- .../test_fortios_vpn_certificate_crl.py | 329 -- .../test_fortios_vpn_certificate_local.py | 429 --- ...est_fortios_vpn_certificate_ocsp_server.py | 259 -- .../test_fortios_vpn_certificate_remote.py | 229 -- .../test_fortios_vpn_certificate_setting.py | 287 -- .../test_fortios_vpn_ipsec_concentrator.py | 199 -- .../test_fortios_vpn_ipsec_forticlient.py | 229 -- .../test_fortios_vpn_ipsec_manualkey.py | 289 -- ...t_fortios_vpn_ipsec_manualkey_interface.py | 329 -- .../fortios/test_fortios_vpn_ipsec_phase1.py | 1149 ------ ...test_fortios_vpn_ipsec_phase1_interface.py | 1419 -------- .../fortios/test_fortios_vpn_ipsec_phase2.py | 599 ---- ...test_fortios_vpn_ipsec_phase2_interface.py | 589 ---- .../network/fortios/test_fortios_vpn_l2tp.py | 183 - .../network/fortios/test_fortios_vpn_pptp.py | 191 - .../fortios/test_fortios_vpn_ssl_settings.py | 495 --- ...fortios_vpn_ssl_web_host_check_software.py | 229 -- .../test_fortios_vpn_ssl_web_portal.py | 689 ---- .../fortios/test_fortios_vpn_ssl_web_realm.py | 229 -- .../test_fortios_vpn_ssl_web_user_bookmark.py | 199 -- ...fortios_vpn_ssl_web_user_group_bookmark.py | 189 - .../fortios/test_fortios_waf_main_class.py | 209 -- .../fortios/test_fortios_waf_profile.py | 229 -- .../fortios/test_fortios_waf_signature.py | 209 -- .../fortios/test_fortios_waf_sub_class.py | 209 -- .../fortios/test_fortios_wanopt_auth_group.py | 249 -- .../test_fortios_wanopt_cache_service.py | 183 - ...os_wanopt_content_delivery_network_rule.py | 279 -- .../fortios/test_fortios_wanopt_peer.py | 209 -- .../fortios/test_fortios_wanopt_profile.py | 229 -- .../test_fortios_wanopt_remote_storage.py | 175 - .../fortios/test_fortios_wanopt_settings.py | 167 - .../fortios/test_fortios_wanopt_webcache.py | 279 -- .../test_fortios_web_proxy_debug_url.py | 229 -- .../test_fortios_web_proxy_explicit.py | 351 -- .../test_fortios_web_proxy_forward_server.py | 279 -- ..._fortios_web_proxy_forward_server_group.py | 239 -- .../fortios/test_fortios_web_proxy_global.py | 247 -- .../fortios/test_fortios_web_proxy_profile.py | 289 -- .../test_fortios_web_proxy_url_match.py | 249 -- .../fortios/test_fortios_web_proxy_wisp.py | 259 -- .../fortios/test_fortios_webfilter_content.py | 219 -- .../test_fortios_webfilter_content_header.py | 219 -- .../test_fortios_webfilter_fortiguard.py | 231 -- .../test_fortios_webfilter_ftgd_local_cat.py | 219 -- ...est_fortios_webfilter_ftgd_local_rating.py | 219 -- ...s_webfilter_ips_urlfilter_cache_setting.py | 159 - ...fortios_webfilter_ips_urlfilter_setting.py | 175 - ...ortios_webfilter_ips_urlfilter_setting6.py | 175 - .../test_fortios_webfilter_override.py | 299 -- .../fortios/test_fortios_webfilter_profile.py | 479 --- .../test_fortios_webfilter_search_engine.py | 259 -- .../test_fortios_webfilter_urlfilter.py | 239 -- ...t_fortios_wireless_controller_ap_status.py | 229 -- ...fortios_wireless_controller_ble_profile.py | 319 -- ...ios_wireless_controller_bonjour_profile.py | 219 -- ...test_fortios_wireless_controller_global.py | 279 -- ...controller_hotspot20_anqp_3gpp_cellular.py | 189 - ...ntroller_hotspot20_anqp_ip_address_type.py | 219 -- ...ess_controller_hotspot20_anqp_nai_realm.py | 189 - ...roller_hotspot20_anqp_network_auth_type.py | 219 -- ...oller_hotspot20_anqp_roaming_consortium.py | 209 -- ...ss_controller_hotspot20_anqp_venue_name.py | 209 -- ...ntroller_hotspot20_h2qp_conn_capability.py | 309 -- ...controller_hotspot20_h2qp_operator_name.py | 209 -- ..._controller_hotspot20_h2qp_osu_provider.py | 239 -- ...ss_controller_hotspot20_h2qp_wan_metric.py | 279 -- ...ireless_controller_hotspot20_hs_profile.py | 489 --- ...tios_wireless_controller_hotspot20_icon.py | 189 - ...s_wireless_controller_hotspot20_qos_map.py | 189 - ...os_wireless_controller_inter_controller.py | 183 - ...fortios_wireless_controller_qos_profile.py | 329 -- ...est_fortios_wireless_controller_setting.py | 175 - ...test_fortios_wireless_controller_timers.py | 255 -- ...fortios_wireless_controller_utm_profile.py | 269 -- .../test_fortios_wireless_controller_vap.py | 1109 ------ ...t_fortios_wireless_controller_vap_group.py | 219 -- ...ortios_wireless_controller_wids_profile.py | 679 ---- .../test_fortios_wireless_controller_wtp.py | 509 --- ...t_fortios_wireless_controller_wtp_group.py | 219 -- ...fortios_wireless_controller_wtp_profile.py | 439 --- 882 files changed, 331460 deletions(-) delete mode 100644 lib/ansible/module_utils/network/fortimanager/__init__.py delete mode 100644 lib/ansible/module_utils/network/fortimanager/common.py delete mode 100644 lib/ansible/module_utils/network/fortimanager/fortimanager.py delete mode 100644 lib/ansible/module_utils/network/fortios/__init__.py delete mode 100644 lib/ansible/module_utils/network/fortios/argspec/__init__.py delete mode 100644 lib/ansible/module_utils/network/fortios/argspec/facts/__init__.py delete mode 100644 lib/ansible/module_utils/network/fortios/argspec/facts/facts.py delete mode 100644 lib/ansible/module_utils/network/fortios/argspec/system/__init__.py delete mode 100644 lib/ansible/module_utils/network/fortios/argspec/system/system.py delete mode 100644 lib/ansible/module_utils/network/fortios/facts/__init__.py delete mode 100644 lib/ansible/module_utils/network/fortios/facts/facts.py delete mode 100644 lib/ansible/module_utils/network/fortios/facts/system/__init__.py delete mode 100644 lib/ansible/module_utils/network/fortios/facts/system/system.py delete mode 100644 lib/ansible/module_utils/network/fortios/fortios.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_address.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_alertemail_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_antivirus_heuristic.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_antivirus_profile.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_antivirus_quarantine.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_antivirus_settings.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_application_custom.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_application_group.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_application_list.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_application_name.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_application_rule_settings.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_authentication_rule.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_authentication_scheme.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_authentication_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_config.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_dlp_filepattern.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_dlp_fp_doc_source.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_dlp_fp_sensitivity.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_dlp_sensor.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_dlp_settings.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_dnsfilter_domain_filter.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_dnsfilter_profile.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_endpoint_control_client.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_endpoint_control_forticlient_ems.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_endpoint_control_forticlient_registration_sync.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_endpoint_control_profile.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_endpoint_control_settings.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_extender_controller_extender.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_facts.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_DoS_policy.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_DoS_policy6.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_address.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_address6.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_address6_template.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_addrgrp.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_addrgrp6.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_auth_portal.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_central_snat_map.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_dnstranslation.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_identity_based_route.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_interface_policy.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_interface_policy6.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_internet_service.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_internet_service_custom.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_internet_service_group.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_ip_translation.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_ipmacbinding_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_ipmacbinding_table.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_ippool.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_ippool6.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_ipv6_eh_filter.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_ldb_monitor.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_local_in_policy.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_local_in_policy6.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_multicast_address.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_multicast_address6.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_multicast_policy.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_multicast_policy6.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_policy.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_policy46.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_policy6.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_policy64.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_profile_group.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_profile_protocol_options.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_proxy_address.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_proxy_addrgrp.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_proxy_policy.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_schedule_group.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_schedule_onetime.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_schedule_recurring.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_service_category.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_service_custom.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_service_group.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_shaper_per_ip_shaper.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_shaper_traffic_shaper.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_shaping_policy.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_shaping_profile.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_sniffer.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_ssh_host_key.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_ssh_local_ca.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_ssh_local_key.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_ssh_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_ssl_server.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_ssl_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_ssl_ssh_profile.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_ttl_policy.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_vip.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_vip46.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_vip6.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_vip64.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_vipgrp.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_vipgrp46.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_vipgrp6.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_vipgrp64.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_wildcard_fqdn_custom.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_firewall_wildcard_fqdn_group.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_ftp_proxy_explicit.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_icap_profile.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_icap_server.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_ips_custom.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_ips_decoder.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_ips_global.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_ips_rule.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_ips_rule_settings.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_ips_sensor.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_ips_settings.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_ipv4_policy.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_custom_field.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_disk_filter.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_disk_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_eventfilter.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_fortianalyzer2_filter.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_fortianalyzer2_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_fortianalyzer3_filter.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_fortianalyzer3_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_filter.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_override_filter.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_override_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_fortiguard_filter.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_fortiguard_override_filter.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_fortiguard_override_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_fortiguard_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_gui_display.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_memory_filter.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_memory_global_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_memory_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_null_device_filter.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_null_device_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_syslogd2_filter.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_syslogd2_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_syslogd3_filter.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_syslogd3_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_syslogd4_filter.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_syslogd4_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_syslogd_filter.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_syslogd_override_filter.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_syslogd_override_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_syslogd_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_threat_weight.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_webtrends_filter.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_log_webtrends_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_report_chart.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_report_dataset.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_report_layout.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_report_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_report_style.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_report_theme.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_router_access_list.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_router_access_list6.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_router_aspath_list.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_router_auth_path.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_router_bfd.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_router_bfd6.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_router_bgp.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_router_community_list.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_router_isis.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_router_key_chain.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_router_multicast.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_router_multicast6.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_router_multicast_flow.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_router_ospf.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_router_ospf6.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_router_policy.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_router_policy6.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_router_prefix_list.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_router_prefix_list6.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_router_rip.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_router_ripng.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_router_route_map.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_router_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_router_static.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_router_static6.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_spamfilter_bwl.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_spamfilter_bword.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_spamfilter_dnsbl.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_spamfilter_fortishield.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_spamfilter_iptrust.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_spamfilter_mheader.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_spamfilter_options.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_spamfilter_profile.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_ssh_filter_profile.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_switch_controller_802_1X_settings.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_switch_controller_custom_command.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_switch_controller_global.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_switch_controller_igmp_snooping.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_switch_controller_lldp_profile.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_switch_controller_lldp_settings.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_switch_controller_mac_sync_settings.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_switch_controller_managed_switch.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_switch_controller_network_monitor_settings.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_switch_controller_qos_dot1p_map.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_switch_controller_qos_ip_dscp_map.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_switch_controller_qos_qos_policy.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_switch_controller_qos_queue_policy.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_switch_controller_quarantine.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_switch_controller_security_policy_802_1X.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_switch_controller_security_policy_captive_portal.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_switch_controller_sflow.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_switch_controller_storm_control.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_switch_controller_stp_settings.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_switch_controller_switch_group.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_switch_controller_switch_interface_tag.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_switch_controller_switch_log.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_switch_controller_switch_profile.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_switch_controller_system.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_switch_controller_virtual_port_pool.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_switch_controller_vlan.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_accprofile.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_admin.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_affinity_interrupt.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_affinity_packet_redistribution.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_alarm.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_alias.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_api_user.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_arp_table.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_auto_install.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_auto_script.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_automation_action.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_automation_destination.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_automation_stitch.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_automation_trigger.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_autoupdate_push_update.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_autoupdate_schedule.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_autoupdate_tunneling.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_central_management.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_cluster_sync.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_console.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_csf.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_custom_language.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_ddns.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_dedicated_mgmt.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_dhcp6_server.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_dhcp_server.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_dns.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_dns_database.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_dns_server.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_dscp_based_priority.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_email_server.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_external_resource.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_fips_cc.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_firmware_upgrade.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_fm.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_fortiguard.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_fortimanager.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_fortisandbox.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_fsso_polling.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_ftm_push.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_geoip_override.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_global.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_gre_tunnel.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_ha.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_ha_monitor.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_interface.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_ipip_tunnel.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_ips_urlfilter_dns.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_ips_urlfilter_dns6.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_ipv6_neighbor_cache.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_ipv6_tunnel.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_link_monitor.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_mac_address_table.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_management_tunnel.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_mobile_tunnel.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_nat64.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_nd_proxy.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_netflow.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_network_visibility.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_ntp.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_object_tagging.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_password_policy.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_password_policy_guest_admin.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_pppoe_interface.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_probe_response.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_proxy_arp.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_replacemsg_admin.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_replacemsg_alertmail.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_replacemsg_auth.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_replacemsg_device_detection_portal.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_replacemsg_ec.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_replacemsg_fortiguard_wf.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_replacemsg_ftp.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_replacemsg_group.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_replacemsg_http.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_replacemsg_icap.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_replacemsg_image.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_replacemsg_mail.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_replacemsg_nac_quar.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_replacemsg_nntp.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_replacemsg_spam.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_replacemsg_sslvpn.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_replacemsg_traffic_quota.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_replacemsg_utm.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_replacemsg_webproxy.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_resource_limits.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_sdn_connector.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_session_helper.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_session_ttl.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_settings.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_sflow.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_sit_tunnel.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_sms_server.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_snmp_community.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_snmp_sysinfo.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_snmp_user.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_storage.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_switch_interface.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_tos_based_priority.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_vdom.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_vdom_dns.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_vdom_exception.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_vdom_link.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_vdom_netflow.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_vdom_property.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_vdom_radius_server.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_vdom_sflow.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_virtual_wan_link.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_virtual_wire_pair.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_vxlan.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_wccp.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_system_zone.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_user_adgrp.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_user_device.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_user_device_access_list.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_user_device_category.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_user_device_group.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_user_domain_controller.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_user_fortitoken.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_user_fsso.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_user_fsso_polling.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_user_group.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_user_krb_keytab.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_user_ldap.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_user_local.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_user_password_policy.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_user_peer.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_user_peergrp.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_user_pop3.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_user_quarantine.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_user_radius.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_user_security_exempt_list.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_user_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_user_tacacsplus.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_voip_profile.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_vpn_certificate_ca.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_vpn_certificate_crl.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_vpn_certificate_local.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_vpn_certificate_ocsp_server.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_vpn_certificate_remote.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_vpn_certificate_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_vpn_ipsec_concentrator.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_vpn_ipsec_forticlient.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_vpn_ipsec_manualkey.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_vpn_ipsec_manualkey_interface.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1_interface.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase2.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase2_interface.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_vpn_l2tp.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_vpn_pptp.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_vpn_ssl_settings.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_host_check_software.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_portal.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_realm.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_user_bookmark.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_user_group_bookmark.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_waf_main_class.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_waf_profile.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_waf_signature.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_waf_sub_class.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wanopt_auth_group.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wanopt_cache_service.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wanopt_content_delivery_network_rule.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wanopt_peer.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wanopt_profile.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wanopt_remote_storage.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wanopt_settings.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wanopt_webcache.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_web_proxy_debug_url.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_web_proxy_explicit.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_web_proxy_forward_server.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_web_proxy_forward_server_group.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_web_proxy_global.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_web_proxy_profile.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_web_proxy_url_match.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_web_proxy_wisp.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_webfilter.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_webfilter_content.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_webfilter_content_header.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_webfilter_fortiguard.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_webfilter_ftgd_local_cat.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_webfilter_ftgd_local_rating.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_webfilter_ips_urlfilter_cache_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_webfilter_ips_urlfilter_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_webfilter_ips_urlfilter_setting6.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_webfilter_override.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_webfilter_profile.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_webfilter_search_engine.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_webfilter_urlfilter.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wireless_controller_ap_status.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wireless_controller_ble_profile.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wireless_controller_bonjour_profile.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wireless_controller_global.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_anqp_3gpp_cellular.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_anqp_ip_address_type.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_anqp_nai_realm.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_anqp_network_auth_type.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_anqp_roaming_consortium.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_anqp_venue_name.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_h2qp_conn_capability.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_h2qp_operator_name.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_h2qp_osu_provider.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_h2qp_wan_metric.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_hs_profile.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_icon.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_qos_map.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wireless_controller_inter_controller.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wireless_controller_qos_profile.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wireless_controller_setting.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wireless_controller_timers.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wireless_controller_utm_profile.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wireless_controller_vap.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wireless_controller_vap_group.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wireless_controller_wids_profile.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp_group.py delete mode 100644 lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp_profile.py delete mode 100644 lib/ansible/plugins/action/fortios_config.py delete mode 100644 lib/ansible/plugins/doc_fragments/fortios.py delete mode 100644 lib/ansible/plugins/httpapi/fortios.py delete mode 100644 test/integration/targets/fortios_address/aliases delete mode 100644 test/integration/targets/fortios_address/files/default_config.conf delete mode 100644 test/integration/targets/fortios_address/files/default_config.conf.backup delete mode 100644 test/integration/targets/fortios_address/files/requirements.txt delete mode 100644 test/integration/targets/fortios_address/tasks/main.yml delete mode 100644 test/integration/targets/fortios_address/tasks/test_indempotency.yml delete mode 100644 test/integration/targets/fortios_address/tasks/test_params_state_absent.yml delete mode 100644 test/integration/targets/fortios_address/tasks/test_params_state_present.yml delete mode 100644 test/integration/targets/fortios_ipv4_policy/aliases delete mode 100644 test/integration/targets/fortios_ipv4_policy/files/default_config.conf delete mode 100644 test/integration/targets/fortios_ipv4_policy/files/requirements.txt delete mode 100644 test/integration/targets/fortios_ipv4_policy/tasks/main.yml delete mode 100644 test/integration/targets/fortios_ipv4_policy/tasks/test_indempotency.yml delete mode 100644 test/integration/targets/fortios_ipv4_policy/tasks/test_params.yml delete mode 100644 test/units/modules/network/fortios/test_fortios_alertemail_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_antivirus_heuristic.py delete mode 100644 test/units/modules/network/fortios/test_fortios_antivirus_profile.py delete mode 100644 test/units/modules/network/fortios/test_fortios_antivirus_quarantine.py delete mode 100644 test/units/modules/network/fortios/test_fortios_antivirus_settings.py delete mode 100644 test/units/modules/network/fortios/test_fortios_application_custom.py delete mode 100644 test/units/modules/network/fortios/test_fortios_application_group.py delete mode 100644 test/units/modules/network/fortios/test_fortios_application_list.py delete mode 100644 test/units/modules/network/fortios/test_fortios_application_name.py delete mode 100644 test/units/modules/network/fortios/test_fortios_application_rule_settings.py delete mode 100644 test/units/modules/network/fortios/test_fortios_authentication_rule.py delete mode 100644 test/units/modules/network/fortios/test_fortios_authentication_scheme.py delete mode 100644 test/units/modules/network/fortios/test_fortios_authentication_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_dlp_filepattern.py delete mode 100644 test/units/modules/network/fortios/test_fortios_dlp_fp_doc_source.py delete mode 100644 test/units/modules/network/fortios/test_fortios_dlp_fp_sensitivity.py delete mode 100644 test/units/modules/network/fortios/test_fortios_dlp_sensor.py delete mode 100644 test/units/modules/network/fortios/test_fortios_dlp_settings.py delete mode 100644 test/units/modules/network/fortios/test_fortios_dnsfilter_domain_filter.py delete mode 100644 test/units/modules/network/fortios/test_fortios_dnsfilter_profile.py delete mode 100644 test/units/modules/network/fortios/test_fortios_endpoint_control_client.py delete mode 100644 test/units/modules/network/fortios/test_fortios_endpoint_control_forticlient_ems.py delete mode 100644 test/units/modules/network/fortios/test_fortios_endpoint_control_forticlient_registration_sync.py delete mode 100644 test/units/modules/network/fortios/test_fortios_endpoint_control_profile.py delete mode 100644 test/units/modules/network/fortios/test_fortios_endpoint_control_settings.py delete mode 100644 test/units/modules/network/fortios/test_fortios_extender_controller_extender.py delete mode 100644 test/units/modules/network/fortios/test_fortios_facts.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_DoS_policy.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_DoS_policy6.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_address.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_address6.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_address6_template.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_addrgrp.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_addrgrp6.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_auth_portal.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_central_snat_map.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_dnstranslation.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_identity_based_route.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_interface_policy.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_interface_policy6.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_internet_service.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_internet_service_custom.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_internet_service_group.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_ip_translation.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_ipmacbinding_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_ipmacbinding_table.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_ippool.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_ippool6.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_ipv6_eh_filter.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_ldb_monitor.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_local_in_policy.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_local_in_policy6.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_multicast_address.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_multicast_address6.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_multicast_policy.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_multicast_policy6.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_policy.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_policy46.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_policy6.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_policy64.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_profile_group.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_profile_protocol_options.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_proxy_address.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_proxy_addrgrp.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_proxy_policy.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_schedule_group.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_schedule_onetime.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_schedule_recurring.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_service_category.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_service_custom.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_service_group.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_shaper_per_ip_shaper.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_shaper_traffic_shaper.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_shaping_policy.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_shaping_profile.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_sniffer.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_ssh_host_key.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_ssh_local_ca.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_ssh_local_key.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_ssh_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_ssl_server.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_ssl_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_ssl_ssh_profile.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_ttl_policy.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_vip.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_vip46.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_vip6.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_vip64.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_vipgrp.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_vipgrp46.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_vipgrp6.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_vipgrp64.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_wildcard_fqdn_custom.py delete mode 100644 test/units/modules/network/fortios/test_fortios_firewall_wildcard_fqdn_group.py delete mode 100644 test/units/modules/network/fortios/test_fortios_ftp_proxy_explicit.py delete mode 100644 test/units/modules/network/fortios/test_fortios_icap_profile.py delete mode 100644 test/units/modules/network/fortios/test_fortios_icap_server.py delete mode 100644 test/units/modules/network/fortios/test_fortios_ips_custom.py delete mode 100644 test/units/modules/network/fortios/test_fortios_ips_decoder.py delete mode 100644 test/units/modules/network/fortios/test_fortios_ips_global.py delete mode 100644 test/units/modules/network/fortios/test_fortios_ips_rule.py delete mode 100644 test/units/modules/network/fortios/test_fortios_ips_rule_settings.py delete mode 100644 test/units/modules/network/fortios/test_fortios_ips_sensor.py delete mode 100644 test/units/modules/network/fortios/test_fortios_ips_settings.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_custom_field.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_disk_filter.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_disk_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_eventfilter.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_fortianalyzer2_filter.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_fortianalyzer2_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_fortianalyzer3_filter.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_fortianalyzer3_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_fortianalyzer_filter.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_fortianalyzer_override_filter.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_fortianalyzer_override_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_fortianalyzer_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_fortiguard_filter.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_fortiguard_override_filter.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_fortiguard_override_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_fortiguard_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_gui_display.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_memory_filter.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_memory_global_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_memory_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_null_device_filter.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_null_device_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_syslogd2_filter.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_syslogd2_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_syslogd3_filter.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_syslogd3_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_syslogd4_filter.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_syslogd4_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_syslogd_filter.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_syslogd_override_filter.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_syslogd_override_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_syslogd_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_threat_weight.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_webtrends_filter.py delete mode 100644 test/units/modules/network/fortios/test_fortios_log_webtrends_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_report_chart.py delete mode 100644 test/units/modules/network/fortios/test_fortios_report_dataset.py delete mode 100644 test/units/modules/network/fortios/test_fortios_report_layout.py delete mode 100644 test/units/modules/network/fortios/test_fortios_report_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_report_style.py delete mode 100644 test/units/modules/network/fortios/test_fortios_report_theme.py delete mode 100644 test/units/modules/network/fortios/test_fortios_router_access_list.py delete mode 100644 test/units/modules/network/fortios/test_fortios_router_access_list6.py delete mode 100644 test/units/modules/network/fortios/test_fortios_router_aspath_list.py delete mode 100644 test/units/modules/network/fortios/test_fortios_router_auth_path.py delete mode 100644 test/units/modules/network/fortios/test_fortios_router_bfd.py delete mode 100644 test/units/modules/network/fortios/test_fortios_router_bfd6.py delete mode 100644 test/units/modules/network/fortios/test_fortios_router_bgp.py delete mode 100644 test/units/modules/network/fortios/test_fortios_router_community_list.py delete mode 100644 test/units/modules/network/fortios/test_fortios_router_isis.py delete mode 100644 test/units/modules/network/fortios/test_fortios_router_key_chain.py delete mode 100644 test/units/modules/network/fortios/test_fortios_router_multicast.py delete mode 100644 test/units/modules/network/fortios/test_fortios_router_multicast6.py delete mode 100644 test/units/modules/network/fortios/test_fortios_router_multicast_flow.py delete mode 100644 test/units/modules/network/fortios/test_fortios_router_ospf.py delete mode 100644 test/units/modules/network/fortios/test_fortios_router_ospf6.py delete mode 100644 test/units/modules/network/fortios/test_fortios_router_policy.py delete mode 100644 test/units/modules/network/fortios/test_fortios_router_policy6.py delete mode 100644 test/units/modules/network/fortios/test_fortios_router_prefix_list.py delete mode 100644 test/units/modules/network/fortios/test_fortios_router_prefix_list6.py delete mode 100644 test/units/modules/network/fortios/test_fortios_router_rip.py delete mode 100644 test/units/modules/network/fortios/test_fortios_router_ripng.py delete mode 100644 test/units/modules/network/fortios/test_fortios_router_route_map.py delete mode 100644 test/units/modules/network/fortios/test_fortios_router_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_router_static.py delete mode 100644 test/units/modules/network/fortios/test_fortios_router_static6.py delete mode 100644 test/units/modules/network/fortios/test_fortios_spamfilter_bwl.py delete mode 100644 test/units/modules/network/fortios/test_fortios_spamfilter_bword.py delete mode 100644 test/units/modules/network/fortios/test_fortios_spamfilter_dnsbl.py delete mode 100644 test/units/modules/network/fortios/test_fortios_spamfilter_fortishield.py delete mode 100644 test/units/modules/network/fortios/test_fortios_spamfilter_iptrust.py delete mode 100644 test/units/modules/network/fortios/test_fortios_spamfilter_mheader.py delete mode 100644 test/units/modules/network/fortios/test_fortios_spamfilter_options.py delete mode 100644 test/units/modules/network/fortios/test_fortios_spamfilter_profile.py delete mode 100644 test/units/modules/network/fortios/test_fortios_ssh_filter_profile.py delete mode 100644 test/units/modules/network/fortios/test_fortios_switch_controller_802_1X_settings.py delete mode 100644 test/units/modules/network/fortios/test_fortios_switch_controller_custom_command.py delete mode 100644 test/units/modules/network/fortios/test_fortios_switch_controller_global.py delete mode 100644 test/units/modules/network/fortios/test_fortios_switch_controller_igmp_snooping.py delete mode 100644 test/units/modules/network/fortios/test_fortios_switch_controller_lldp_profile.py delete mode 100644 test/units/modules/network/fortios/test_fortios_switch_controller_lldp_settings.py delete mode 100644 test/units/modules/network/fortios/test_fortios_switch_controller_mac_sync_settings.py delete mode 100644 test/units/modules/network/fortios/test_fortios_switch_controller_managed_switch.py delete mode 100644 test/units/modules/network/fortios/test_fortios_switch_controller_network_monitor_settings.py delete mode 100644 test/units/modules/network/fortios/test_fortios_switch_controller_qos_dot1p_map.py delete mode 100644 test/units/modules/network/fortios/test_fortios_switch_controller_qos_ip_dscp_map.py delete mode 100644 test/units/modules/network/fortios/test_fortios_switch_controller_qos_qos_policy.py delete mode 100644 test/units/modules/network/fortios/test_fortios_switch_controller_qos_queue_policy.py delete mode 100644 test/units/modules/network/fortios/test_fortios_switch_controller_quarantine.py delete mode 100644 test/units/modules/network/fortios/test_fortios_switch_controller_security_policy_802_1X.py delete mode 100644 test/units/modules/network/fortios/test_fortios_switch_controller_security_policy_captive_portal.py delete mode 100644 test/units/modules/network/fortios/test_fortios_switch_controller_sflow.py delete mode 100644 test/units/modules/network/fortios/test_fortios_switch_controller_storm_control.py delete mode 100644 test/units/modules/network/fortios/test_fortios_switch_controller_stp_settings.py delete mode 100644 test/units/modules/network/fortios/test_fortios_switch_controller_switch_group.py delete mode 100644 test/units/modules/network/fortios/test_fortios_switch_controller_switch_interface_tag.py delete mode 100644 test/units/modules/network/fortios/test_fortios_switch_controller_switch_log.py delete mode 100644 test/units/modules/network/fortios/test_fortios_switch_controller_switch_profile.py delete mode 100644 test/units/modules/network/fortios/test_fortios_switch_controller_system.py delete mode 100644 test/units/modules/network/fortios/test_fortios_switch_controller_virtual_port_pool.py delete mode 100644 test/units/modules/network/fortios/test_fortios_switch_controller_vlan.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_accprofile.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_admin.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_affinity_interrupt.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_affinity_packet_redistribution.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_alarm.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_alias.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_api_user.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_arp_table.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_auto_install.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_auto_script.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_automation_action.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_automation_destination.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_automation_stitch.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_automation_trigger.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_autoupdate_push_update.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_autoupdate_schedule.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_autoupdate_tunneling.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_central_management.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_cluster_sync.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_console.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_csf.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_custom_language.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_ddns.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_dedicated_mgmt.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_dhcp6_server.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_dhcp_server.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_dns.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_dns_database.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_dns_server.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_dscp_based_priority.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_email_server.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_external_resource.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_fips_cc.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_firmware_upgrade.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_fm.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_fortiguard.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_fortimanager.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_fortisandbox.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_fsso_polling.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_ftm_push.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_geoip_override.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_global.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_gre_tunnel.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_ha.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_ha_monitor.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_interface.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_ipip_tunnel.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_ips_urlfilter_dns.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_ips_urlfilter_dns6.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_ipv6_neighbor_cache.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_ipv6_tunnel.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_link_monitor.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_mac_address_table.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_management_tunnel.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_mobile_tunnel.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_nat64.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_nd_proxy.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_netflow.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_network_visibility.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_ntp.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_object_tagging.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_password_policy.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_password_policy_guest_admin.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_pppoe_interface.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_probe_response.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_proxy_arp.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_replacemsg_admin.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_replacemsg_alertmail.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_replacemsg_auth.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_replacemsg_device_detection_portal.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_replacemsg_ec.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_replacemsg_fortiguard_wf.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_replacemsg_ftp.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_replacemsg_group.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_replacemsg_http.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_replacemsg_icap.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_replacemsg_image.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_replacemsg_mail.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_replacemsg_nac_quar.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_replacemsg_nntp.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_replacemsg_spam.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_replacemsg_sslvpn.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_replacemsg_traffic_quota.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_replacemsg_utm.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_replacemsg_webproxy.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_resource_limits.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_sdn_connector.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_session_helper.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_session_ttl.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_settings.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_sflow.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_sit_tunnel.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_sms_server.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_snmp_community.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_snmp_sysinfo.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_snmp_user.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_storage.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_switch_interface.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_tos_based_priority.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_vdom.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_vdom_dns.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_vdom_exception.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_vdom_link.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_vdom_netflow.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_vdom_property.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_vdom_radius_server.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_vdom_sflow.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_virtual_wan_link.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_virtual_wire_pair.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_vxlan.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_wccp.py delete mode 100644 test/units/modules/network/fortios/test_fortios_system_zone.py delete mode 100644 test/units/modules/network/fortios/test_fortios_user_adgrp.py delete mode 100644 test/units/modules/network/fortios/test_fortios_user_device.py delete mode 100644 test/units/modules/network/fortios/test_fortios_user_device_access_list.py delete mode 100644 test/units/modules/network/fortios/test_fortios_user_device_category.py delete mode 100644 test/units/modules/network/fortios/test_fortios_user_device_group.py delete mode 100644 test/units/modules/network/fortios/test_fortios_user_domain_controller.py delete mode 100644 test/units/modules/network/fortios/test_fortios_user_fortitoken.py delete mode 100644 test/units/modules/network/fortios/test_fortios_user_fsso.py delete mode 100644 test/units/modules/network/fortios/test_fortios_user_fsso_polling.py delete mode 100644 test/units/modules/network/fortios/test_fortios_user_group.py delete mode 100644 test/units/modules/network/fortios/test_fortios_user_krb_keytab.py delete mode 100644 test/units/modules/network/fortios/test_fortios_user_ldap.py delete mode 100644 test/units/modules/network/fortios/test_fortios_user_local.py delete mode 100644 test/units/modules/network/fortios/test_fortios_user_password_policy.py delete mode 100644 test/units/modules/network/fortios/test_fortios_user_peer.py delete mode 100644 test/units/modules/network/fortios/test_fortios_user_peergrp.py delete mode 100644 test/units/modules/network/fortios/test_fortios_user_pop3.py delete mode 100644 test/units/modules/network/fortios/test_fortios_user_quarantine.py delete mode 100644 test/units/modules/network/fortios/test_fortios_user_radius.py delete mode 100644 test/units/modules/network/fortios/test_fortios_user_security_exempt_list.py delete mode 100644 test/units/modules/network/fortios/test_fortios_user_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_user_tacacsplus.py delete mode 100644 test/units/modules/network/fortios/test_fortios_voip_profile.py delete mode 100644 test/units/modules/network/fortios/test_fortios_vpn_certificate_ca.py delete mode 100644 test/units/modules/network/fortios/test_fortios_vpn_certificate_crl.py delete mode 100644 test/units/modules/network/fortios/test_fortios_vpn_certificate_local.py delete mode 100644 test/units/modules/network/fortios/test_fortios_vpn_certificate_ocsp_server.py delete mode 100644 test/units/modules/network/fortios/test_fortios_vpn_certificate_remote.py delete mode 100644 test/units/modules/network/fortios/test_fortios_vpn_certificate_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_vpn_ipsec_concentrator.py delete mode 100644 test/units/modules/network/fortios/test_fortios_vpn_ipsec_forticlient.py delete mode 100644 test/units/modules/network/fortios/test_fortios_vpn_ipsec_manualkey.py delete mode 100644 test/units/modules/network/fortios/test_fortios_vpn_ipsec_manualkey_interface.py delete mode 100644 test/units/modules/network/fortios/test_fortios_vpn_ipsec_phase1.py delete mode 100644 test/units/modules/network/fortios/test_fortios_vpn_ipsec_phase1_interface.py delete mode 100644 test/units/modules/network/fortios/test_fortios_vpn_ipsec_phase2.py delete mode 100644 test/units/modules/network/fortios/test_fortios_vpn_ipsec_phase2_interface.py delete mode 100644 test/units/modules/network/fortios/test_fortios_vpn_l2tp.py delete mode 100644 test/units/modules/network/fortios/test_fortios_vpn_pptp.py delete mode 100644 test/units/modules/network/fortios/test_fortios_vpn_ssl_settings.py delete mode 100644 test/units/modules/network/fortios/test_fortios_vpn_ssl_web_host_check_software.py delete mode 100644 test/units/modules/network/fortios/test_fortios_vpn_ssl_web_portal.py delete mode 100644 test/units/modules/network/fortios/test_fortios_vpn_ssl_web_realm.py delete mode 100644 test/units/modules/network/fortios/test_fortios_vpn_ssl_web_user_bookmark.py delete mode 100644 test/units/modules/network/fortios/test_fortios_vpn_ssl_web_user_group_bookmark.py delete mode 100644 test/units/modules/network/fortios/test_fortios_waf_main_class.py delete mode 100644 test/units/modules/network/fortios/test_fortios_waf_profile.py delete mode 100644 test/units/modules/network/fortios/test_fortios_waf_signature.py delete mode 100644 test/units/modules/network/fortios/test_fortios_waf_sub_class.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wanopt_auth_group.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wanopt_cache_service.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wanopt_content_delivery_network_rule.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wanopt_peer.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wanopt_profile.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wanopt_remote_storage.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wanopt_settings.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wanopt_webcache.py delete mode 100644 test/units/modules/network/fortios/test_fortios_web_proxy_debug_url.py delete mode 100644 test/units/modules/network/fortios/test_fortios_web_proxy_explicit.py delete mode 100644 test/units/modules/network/fortios/test_fortios_web_proxy_forward_server.py delete mode 100644 test/units/modules/network/fortios/test_fortios_web_proxy_forward_server_group.py delete mode 100644 test/units/modules/network/fortios/test_fortios_web_proxy_global.py delete mode 100644 test/units/modules/network/fortios/test_fortios_web_proxy_profile.py delete mode 100644 test/units/modules/network/fortios/test_fortios_web_proxy_url_match.py delete mode 100644 test/units/modules/network/fortios/test_fortios_web_proxy_wisp.py delete mode 100644 test/units/modules/network/fortios/test_fortios_webfilter_content.py delete mode 100644 test/units/modules/network/fortios/test_fortios_webfilter_content_header.py delete mode 100644 test/units/modules/network/fortios/test_fortios_webfilter_fortiguard.py delete mode 100644 test/units/modules/network/fortios/test_fortios_webfilter_ftgd_local_cat.py delete mode 100644 test/units/modules/network/fortios/test_fortios_webfilter_ftgd_local_rating.py delete mode 100644 test/units/modules/network/fortios/test_fortios_webfilter_ips_urlfilter_cache_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_webfilter_ips_urlfilter_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_webfilter_ips_urlfilter_setting6.py delete mode 100644 test/units/modules/network/fortios/test_fortios_webfilter_override.py delete mode 100644 test/units/modules/network/fortios/test_fortios_webfilter_profile.py delete mode 100644 test/units/modules/network/fortios/test_fortios_webfilter_search_engine.py delete mode 100644 test/units/modules/network/fortios/test_fortios_webfilter_urlfilter.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wireless_controller_ap_status.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wireless_controller_ble_profile.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wireless_controller_bonjour_profile.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wireless_controller_global.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_anqp_3gpp_cellular.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_anqp_ip_address_type.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_anqp_nai_realm.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_anqp_network_auth_type.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_anqp_roaming_consortium.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_anqp_venue_name.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_h2qp_conn_capability.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_h2qp_operator_name.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_h2qp_osu_provider.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_h2qp_wan_metric.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_hs_profile.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_icon.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_qos_map.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wireless_controller_inter_controller.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wireless_controller_qos_profile.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wireless_controller_setting.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wireless_controller_timers.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wireless_controller_utm_profile.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wireless_controller_vap.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wireless_controller_vap_group.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wireless_controller_wids_profile.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wireless_controller_wtp.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wireless_controller_wtp_group.py delete mode 100644 test/units/modules/network/fortios/test_fortios_wireless_controller_wtp_profile.py diff --git a/lib/ansible/module_utils/network/fortimanager/__init__.py b/lib/ansible/module_utils/network/fortimanager/__init__.py deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/lib/ansible/module_utils/network/fortimanager/common.py b/lib/ansible/module_utils/network/fortimanager/common.py deleted file mode 100644 index 6da07d4bca5..00000000000 --- a/lib/ansible/module_utils/network/fortimanager/common.py +++ /dev/null @@ -1,288 +0,0 @@ -# This code is part of Ansible, but is an independent component. -# This particular file snippet, and this file snippet only, is BSD licensed. -# Modules you write using this snippet, which is embedded dynamically by Ansible -# still belong to the author of the module, and may assign their own license -# to the complete work. -# -# (c) 2017 Fortinet, Inc -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without modification, -# are permitted provided that the following conditions are met: -# -# * Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright notice, -# this list of conditions and the following disclaimer in the documentation -# and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE -# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -# BEGIN STATIC DATA / MESSAGES -class FMGRMethods: - GET = "get" - SET = "set" - EXEC = "exec" - EXECUTE = "exec" - UPDATE = "update" - ADD = "add" - DELETE = "delete" - REPLACE = "replace" - CLONE = "clone" - MOVE = "move" - - -BASE_HEADERS = { - 'Content-Type': 'application/json', - 'Accept': 'application/json' -} - - -# FMGR RETURN CODES -FMGR_RC = { - "fmgr_return_codes": { - 0: { - "msg": "OK", - "changed": True, - "stop_on_success": True - }, - -100000: { - "msg": "Module returned without actually running anything. " - "Check parameters, and please contact the authors if needed.", - "failed": True - }, - -2: { - "msg": "Object already exists.", - "skipped": True, - "changed": False, - "good_codes": [0, -2] - }, - -6: { - "msg": "Invalid Url. Sometimes this can happen because the path is mapped to a hostname or object that" - " doesn't exist. Double check your input object parameters." - }, - -3: { - "msg": "Object doesn't exist.", - "skipped": True, - "changed": False, - "good_codes": [0, -3] - }, - -10131: { - "msg": "Object dependency failed. Do all named objects in parameters exist?", - "changed": False, - "skipped": True - }, - -9998: { - "msg": "Duplicate object. Try using mode='set', if using add. STOPPING. Use 'ignore_errors=yes' in playbook" - "to override and mark successful.", - }, - -20042: { - "msg": "Device Unreachable.", - "skipped": True - }, - -10033: { - "msg": "Duplicate object. Try using mode='set', if using add.", - "changed": False, - "skipped": True - }, - -10000: { - "msg": "Duplicate object. Try using mode='set', if using add.", - "changed": False, - "skipped": True - }, - -20010: { - "msg": "Device already added to FortiManager. Serial number already in use.", - "good_codes": [0, -20010], - "changed": False, - "stop_on_success": True - }, - -20002: { - "msg": "Invalid Argument -- Does this Device exist on FortiManager?", - "changed": False, - "skipped": True, - } - } -} - -DEFAULT_RESULT_OBJ = (-100000, {"msg": "Nothing Happened. Check that handle_response is being called!"}) -FAIL_SOCKET_MSG = {"msg": "Socket Path Empty! The persistent connection manager is messed up. " - "Try again in a few moments."} - - -# BEGIN ERROR EXCEPTIONS -class FMGBaseException(Exception): - """Wrapper to catch the unexpected""" - - def __init__(self, msg=None, *args, **kwargs): - if msg is None: - msg = "An exception occurred within the fortimanager.py httpapi connection plugin." - super(FMGBaseException, self).__init__(msg, *args) - -# END ERROR CLASSES - - -# BEGIN CLASSES -class FMGRCommon(object): - - @staticmethod - def format_request(method, url, *args, **kwargs): - """ - Formats the payload from the module, into a payload the API handler can use. - - :param url: Connection URL to access - :type url: string - :param method: The preferred API Request method (GET, ADD, POST, etc....) - :type method: basestring - :param kwargs: The payload dictionary from the module to be converted. - - :return: Properly formatted dictionary payload for API Request via Connection Plugin. - :rtype: dict - """ - - params = [{"url": url}] - if args: - for arg in args: - params[0].update(arg) - if kwargs: - keylist = list(kwargs) - for k in keylist: - kwargs[k.replace("__", "-")] = kwargs.pop(k) - if method == "get" or method == "clone": - params[0].update(kwargs) - else: - if kwargs.get("data", False): - params[0]["data"] = kwargs["data"] - else: - params[0]["data"] = kwargs - return params - - @staticmethod - def split_comma_strings_into_lists(obj): - """ - Splits a CSV String into a list. Also takes a dictionary, and converts any CSV strings in any key, to a list. - - :param obj: object in CSV format to be parsed. - :type obj: str or dict - - :return: A list containing the CSV items. - :rtype: list - """ - return_obj = () - if isinstance(obj, dict): - if len(obj) > 0: - for k, v in obj.items(): - if isinstance(v, str): - new_list = list() - if "," in v: - new_items = v.split(",") - for item in new_items: - new_list.append(item.strip()) - obj[k] = new_list - return_obj = obj - elif isinstance(obj, str): - return_obj = obj.replace(" ", "").split(",") - - return return_obj - - @staticmethod - def cidr_to_netmask(cidr): - """ - Converts a CIDR Network string to full blown IP/Subnet format in decimal format. - Decided not use IP Address module to keep includes to a minimum. - - :param cidr: String object in CIDR format to be processed - :type cidr: str - - :return: A string object that looks like this "x.x.x.x/y.y.y.y" - :rtype: str - """ - if isinstance(cidr, str): - cidr = int(cidr) - mask = (0xffffffff >> (32 - cidr)) << (32 - cidr) - return (str((0xff000000 & mask) >> 24) + '.' - + str((0x00ff0000 & mask) >> 16) + '.' - + str((0x0000ff00 & mask) >> 8) + '.' - + str((0x000000ff & mask))) - - @staticmethod - def paramgram_child_list_override(list_overrides, paramgram, module): - """ - If a list of items was provided to a "parent" paramgram attribute, the paramgram needs to be rewritten. - The child keys of the desired attribute need to be deleted, and then that "parent" keys' contents is replaced - With the list of items that was provided. - - :param list_overrides: Contains the response from the FortiManager. - :type list_overrides: list - :param paramgram: Contains the paramgram passed to the modules' local modify function. - :type paramgram: dict - :param module: Contains the Ansible Module Object being used by the module. - :type module: classObject - - :return: A new "paramgram" refactored to allow for multiple entries being added. - :rtype: dict - """ - if len(list_overrides) > 0: - for list_variable in list_overrides: - try: - list_variable = list_variable.replace("-", "_") - override_data = module.params[list_variable] - if override_data: - del paramgram[list_variable] - paramgram[list_variable] = override_data - except BaseException as e: - raise FMGBaseException("Error occurred merging custom lists for the paramgram parent: " + str(e)) - return paramgram - - @staticmethod - def syslog(module, msg): - try: - module.log(msg=msg) - except BaseException: - pass - - -# RECURSIVE FUNCTIONS START -def prepare_dict(obj): - """ - Removes any keys from a dictionary that are only specific to our use in the module. FortiManager will reject - requests with these empty/None keys in it. - - :param obj: Dictionary object to be processed. - :type obj: dict - - :return: Processed dictionary. - :rtype: dict - """ - - list_of_elems = ["mode", "adom", "host", "username", "password"] - - if isinstance(obj, dict): - obj = dict((key, prepare_dict(value)) for (key, value) in obj.items() if key not in list_of_elems) - return obj - - -def scrub_dict(obj): - """ - Removes any keys from a dictionary that are EMPTY -- this includes parent keys. FortiManager doesn't - like empty keys in dictionaries - - :param obj: Dictionary object to be processed. - :type obj: dict - - :return: Processed dictionary. - :rtype: dict - """ - - if isinstance(obj, dict): - return dict((k, scrub_dict(v)) for k, v in obj.items() if v and scrub_dict(v)) - else: - return obj diff --git a/lib/ansible/module_utils/network/fortimanager/fortimanager.py b/lib/ansible/module_utils/network/fortimanager/fortimanager.py deleted file mode 100644 index 5a3875c2365..00000000000 --- a/lib/ansible/module_utils/network/fortimanager/fortimanager.py +++ /dev/null @@ -1,466 +0,0 @@ -# This code is part of Ansible, but is an independent component. -# This particular file snippet, and this file snippet only, is BSD licensed. -# Modules you write using this snippet, which is embedded dynamically by Ansible -# still belong to the author of the module, and may assign their own license -# to the complete work. -# -# (c) 2017 Fortinet, Inc -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without modification, -# are permitted provided that the following conditions are met: -# -# * Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright notice, -# this list of conditions and the following disclaimer in the documentation -# and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE -# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# - -from ansible.module_utils.network.fortimanager.common import FMGR_RC -from ansible.module_utils.network.fortimanager.common import FMGBaseException -from ansible.module_utils.network.fortimanager.common import FMGRCommon -from ansible.module_utils.network.fortimanager.common import scrub_dict - -# check for pyFMG lib - DEPRECATING -try: - from pyFMG.fortimgr import FortiManager - HAS_PYFMGR = True -except ImportError: - HAS_PYFMGR = False - -# ACTIVE BUG WITH OUR DEBUG IMPORT CALL -- BECAUSE IT'S UNDER MODULE_UTILITIES -# WHEN module_common.recursive_finder() runs under the module loader, it looks for this namespace debug import -# and because it's not there, it always fails, regardless of it being under a try/catch here. -# we're going to move it to a different namespace. -# # check for debug lib -# try: -# from ansible.module_utils.network.fortimanager.fortimanager_debug import debug_dump -# HAS_FMGR_DEBUG = True -# except: -# HAS_FMGR_DEBUG = False - - -# BEGIN HANDLER CLASSES -class FortiManagerHandler(object): - def __init__(self, conn, module): - self._conn = conn - self._module = module - self._tools = FMGRCommon - - def process_request(self, url, datagram, method): - """ - Formats and Runs the API Request via Connection Plugin. Streamlined for use FROM Modules. - - :param url: Connection URL to access - :type url: string - :param datagram: The prepared payload for the API Request in dictionary format - :type datagram: dict - :param method: The preferred API Request method (GET, ADD, POST, etc....) - :type method: basestring - - :return: Dictionary containing results of the API Request via Connection Plugin - :rtype: dict - """ - data = self._tools.format_request(method, url, **datagram) - response = self._conn.send_request(method, data) - - # if HAS_FMGR_DEBUG: - # try: - # debug_dump(response, datagram, self._module.paramgram, url, method) - # except BaseException: - # pass - - return response - - def govern_response(self, module, results, msg=None, good_codes=None, - stop_on_fail=None, stop_on_success=None, skipped=None, - changed=None, unreachable=None, failed=None, success=None, changed_if_success=None, - ansible_facts=None): - """ - This function will attempt to apply default values to canned responses from FortiManager we know of. - This saves time, and turns the response in the module into a "one-liner", while still giving us... - the flexibility to directly use return_response in modules if we have too. This function saves repeated code. - - :param module: The Ansible Module CLASS object, used to run fail/exit json - :type module: object - :param msg: An overridable custom message from the module that called this. - :type msg: string - :param results: A dictionary object containing an API call results - :type results: dict - :param good_codes: A list of exit codes considered successful from FortiManager - :type good_codes: list - :param stop_on_fail: If true, stops playbook run when return code is NOT IN good codes (default: true) - :type stop_on_fail: boolean - :param stop_on_success: If true, stops playbook run when return code is IN good codes (default: false) - :type stop_on_success: boolean - :param changed: If True, tells Ansible that object was changed (default: false) - :type skipped: boolean - :param skipped: If True, tells Ansible that object was skipped (default: false) - :type skipped: boolean - :param unreachable: If True, tells Ansible that object was unreachable (default: false) - :type unreachable: boolean - :param failed: If True, tells Ansible that execution was a failure. Overrides good_codes. (default: false) - :type unreachable: boolean - :param success: If True, tells Ansible that execution was a success. Overrides good_codes. (default: false) - :type unreachable: boolean - :param changed_if_success: If True, defaults to changed if successful if you specify or not" - :type changed_if_success: boolean - :param ansible_facts: A prepared dictionary of ansible facts from the execution. - :type ansible_facts: dict - """ - if module is None and results is None: - raise FMGBaseException("govern_response() was called without a module and/or results tuple! Fix!") - # Get the Return code from results - try: - rc = results[0] - except BaseException: - raise FMGBaseException("govern_response() was called without the return code at results[0]") - - # init a few items - rc_data = None - - # Get the default values for the said return code. - try: - rc_codes = FMGR_RC.get('fmgr_return_codes') - rc_data = rc_codes.get(rc) - except BaseException: - pass - - if not rc_data: - rc_data = {} - # ONLY add to overrides if not none -- This is very important that the keys aren't added at this stage - # if they are empty. And there aren't that many, so let's just do a few if then statements. - if good_codes is not None: - rc_data["good_codes"] = good_codes - if stop_on_fail is not None: - rc_data["stop_on_fail"] = stop_on_fail - if stop_on_success is not None: - rc_data["stop_on_success"] = stop_on_success - if skipped is not None: - rc_data["skipped"] = skipped - if changed is not None: - rc_data["changed"] = changed - if unreachable is not None: - rc_data["unreachable"] = unreachable - if failed is not None: - rc_data["failed"] = failed - if success is not None: - rc_data["success"] = success - if changed_if_success is not None: - rc_data["changed_if_success"] = changed_if_success - if results is not None: - rc_data["results"] = results - if msg is not None: - rc_data["msg"] = msg - if ansible_facts is None: - rc_data["ansible_facts"] = {} - else: - rc_data["ansible_facts"] = ansible_facts - - return self.return_response(module=module, - results=results, - msg=rc_data.get("msg", "NULL"), - good_codes=rc_data.get("good_codes", (0,)), - stop_on_fail=rc_data.get("stop_on_fail", True), - stop_on_success=rc_data.get("stop_on_success", False), - skipped=rc_data.get("skipped", False), - changed=rc_data.get("changed", False), - changed_if_success=rc_data.get("changed_if_success", False), - unreachable=rc_data.get("unreachable", False), - failed=rc_data.get("failed", False), - success=rc_data.get("success", False), - ansible_facts=rc_data.get("ansible_facts", dict())) - - @staticmethod - def return_response(module, results, msg="NULL", good_codes=(0,), - stop_on_fail=True, stop_on_success=False, skipped=False, - changed=False, unreachable=False, failed=False, success=False, changed_if_success=True, - ansible_facts=()): - """ - This function controls the logout and error reporting after an method or function runs. The exit_json for - ansible comes from logic within this function. If this function returns just the msg, it means to continue - execution on the playbook. It is called from the ansible module, or from the self.govern_response function. - - :param module: The Ansible Module CLASS object, used to run fail/exit json - :type module: object - :param msg: An overridable custom message from the module that called this. - :type msg: string - :param results: A dictionary object containing an API call results - :type results: dict - :param good_codes: A list of exit codes considered successful from FortiManager - :type good_codes: list - :param stop_on_fail: If true, stops playbook run when return code is NOT IN good codes (default: true) - :type stop_on_fail: boolean - :param stop_on_success: If true, stops playbook run when return code is IN good codes (default: false) - :type stop_on_success: boolean - :param changed: If True, tells Ansible that object was changed (default: false) - :type skipped: boolean - :param skipped: If True, tells Ansible that object was skipped (default: false) - :type skipped: boolean - :param unreachable: If True, tells Ansible that object was unreachable (default: false) - :type unreachable: boolean - :param failed: If True, tells Ansible that execution was a failure. Overrides good_codes. (default: false) - :type unreachable: boolean - :param success: If True, tells Ansible that execution was a success. Overrides good_codes. (default: false) - :type unreachable: boolean - :param changed_if_success: If True, defaults to changed if successful if you specify or not" - :type changed_if_success: boolean - :param ansible_facts: A prepared dictionary of ansible facts from the execution. - :type ansible_facts: dict - - :return: A string object that contains an error message - :rtype: str - """ - - # VALIDATION ERROR - if (len(results) == 0) or (failed and success) or (changed and unreachable): - module.exit_json(msg="Handle_response was called with no results, or conflicting failed/success or " - "changed/unreachable parameters. Fix the exit code on module. " - "Generic Failure", failed=True) - - # IDENTIFY SUCCESS/FAIL IF NOT DEFINED - if not failed and not success: - if len(results) > 0: - if results[0] not in good_codes: - failed = True - elif results[0] in good_codes: - success = True - - if len(results) > 0: - # IF NO MESSAGE WAS SUPPLIED, GET IT FROM THE RESULTS, IF THAT DOESN'T WORK, THEN WRITE AN ERROR MESSAGE - if msg == "NULL": - try: - msg = results[1]['status']['message'] - except BaseException: - msg = "No status message returned at results[1][status][message], " \ - "and none supplied to msg parameter for handle_response." - - if failed: - # BECAUSE SKIPPED/FAILED WILL OFTEN OCCUR ON CODES THAT DON'T GET INCLUDED, THEY ARE CONSIDERED FAILURES - # HOWEVER, THEY ARE MUTUALLY EXCLUSIVE, SO IF IT IS MARKED SKIPPED OR UNREACHABLE BY THE MODULE LOGIC - # THEN REMOVE THE FAILED FLAG SO IT DOESN'T OVERRIDE THE DESIRED STATUS OF SKIPPED OR UNREACHABLE. - if failed and skipped: - failed = False - if failed and unreachable: - failed = False - if stop_on_fail: - module.exit_json(msg=msg, failed=failed, changed=changed, unreachable=unreachable, skipped=skipped, - results=results[1], ansible_facts=ansible_facts, rc=results[0], - invocation={"module_args": ansible_facts["ansible_params"]}) - elif success: - if changed_if_success: - changed = True - success = False - if stop_on_success: - module.exit_json(msg=msg, success=success, changed=changed, unreachable=unreachable, - skipped=skipped, results=results[1], ansible_facts=ansible_facts, rc=results[0], - invocation={"module_args": ansible_facts["ansible_params"]}) - return msg - - def construct_ansible_facts(self, response, ansible_params, paramgram, *args, **kwargs): - """ - Constructs a dictionary to return to ansible facts, containing various information about the execution. - - :param response: Contains the response from the FortiManager. - :type response: dict - :param ansible_params: Contains the parameters Ansible was called with. - :type ansible_params: dict - :param paramgram: Contains the paramgram passed to the modules' local modify function. - :type paramgram: dict - :param args: Free-form arguments that could be added. - :param kwargs: Free-form keyword arguments that could be added. - - :return: A dictionary containing lots of information to append to Ansible Facts. - :rtype: dict - """ - - facts = { - "response": response, - "ansible_params": scrub_dict(ansible_params), - "paramgram": scrub_dict(paramgram), - "connected_fmgr": self._conn.return_connected_fmgr() - } - - if args: - facts["custom_args"] = args - if kwargs: - facts.update(kwargs) - - return facts - - -########################## -# BEGIN DEPRECATED METHODS -########################## - -# SOME OF THIS CODE IS DUPLICATED IN THE PLUGIN, BUT THOSE ARE PLUGIN SPECIFIC. THIS VERSION STILL ALLOWS FOR -# THE USAGE OF PYFMG FOR CUSTOMERS WHO HAVE NOT YET UPGRADED TO ANSIBLE 2.7 - -# LEGACY PYFMG METHODS START -# USED TO DETERMINE LOCK CONTEXT ON A FORTIMANAGER. A DATABASE LOCKING CONCEPT THAT NEEDS TO BE ACCOUNTED FOR. - -class FMGLockContext(object): - """ - - DEPRECATING: USING CONNECTION MANAGER NOW INSTEAD. EVENTUALLY THIS CLASS WILL DISAPPEAR. PLEASE - - CONVERT ALL MODULES TO CONNECTION MANAGER METHOD. - - LEGACY pyFMG HANDLER OBJECT: REQUIRES A CHECK FOR PY FMG AT TOP OF PAGE - """ - def __init__(self, fmg): - self._fmg = fmg - self._locked_adom_list = list() - self._uses_workspace = False - self._uses_adoms = False - - @property - def uses_workspace(self): - return self._uses_workspace - - @uses_workspace.setter - def uses_workspace(self, val): - self._uses_workspace = val - - @property - def uses_adoms(self): - return self._uses_adoms - - @uses_adoms.setter - def uses_adoms(self, val): - self._uses_adoms = val - - def add_adom_to_lock_list(self, adom): - if adom not in self._locked_adom_list: - self._locked_adom_list.append(adom) - - def remove_adom_from_lock_list(self, adom): - if adom in self._locked_adom_list: - self._locked_adom_list.remove(adom) - - def check_mode(self): - url = "/cli/global/system/global" - code, resp_obj = self._fmg.get(url, fields=["workspace-mode", "adom-status"]) - try: - if resp_obj["workspace-mode"] != 0: - self.uses_workspace = True - except KeyError: - self.uses_workspace = False - try: - if resp_obj["adom-status"] == 1: - self.uses_adoms = True - except KeyError: - self.uses_adoms = False - - def run_unlock(self): - for adom_locked in self._locked_adom_list: - self.unlock_adom(adom_locked) - - def lock_adom(self, adom=None, *args, **kwargs): - if adom: - if adom.lower() == "global": - url = "/dvmdb/global/workspace/lock/" - else: - url = "/dvmdb/adom/{adom}/workspace/lock/".format(adom=adom) - else: - url = "/dvmdb/adom/root/workspace/lock" - code, respobj = self._fmg.execute(url, {}, *args, **kwargs) - if code == 0 and respobj["status"]["message"].lower() == "ok": - self.add_adom_to_lock_list(adom) - return code, respobj - - def unlock_adom(self, adom=None, *args, **kwargs): - if adom: - if adom.lower() == "global": - url = "/dvmdb/global/workspace/unlock/" - else: - url = "/dvmdb/adom/{adom}/workspace/unlock/".format(adom=adom) - else: - url = "/dvmdb/adom/root/workspace/unlock" - code, respobj = self._fmg.execute(url, {}, *args, **kwargs) - if code == 0 and respobj["status"]["message"].lower() == "ok": - self.remove_adom_from_lock_list(adom) - return code, respobj - - def commit_changes(self, adom=None, aux=False, *args, **kwargs): - if adom: - if aux: - url = "/pm/config/adom/{adom}/workspace/commit".format(adom=adom) - else: - if adom.lower() == "global": - url = "/dvmdb/global/workspace/commit/" - else: - url = "/dvmdb/adom/{adom}/workspace/commit".format(adom=adom) - else: - url = "/dvmdb/adom/root/workspace/commit" - return self._fmg.execute(url, {}, *args, **kwargs) - - -# DEPRECATED -- USE PLUGIN INSTEAD -class AnsibleFortiManager(object): - """ - - DEPRECATING: USING CONNECTION MANAGER NOW INSTEAD. EVENTUALLY THIS CLASS WILL DISAPPEAR. PLEASE - - CONVERT ALL MODULES TO CONNECTION MANAGER METHOD. - - LEGACY pyFMG HANDLER OBJECT: REQUIRES A CHECK FOR PY FMG AT TOP OF PAGE - """ - - def __init__(self, module, ip=None, username=None, passwd=None, use_ssl=True, verify_ssl=False, timeout=300): - self.ip = ip - self.username = username - self.passwd = passwd - self.use_ssl = use_ssl - self.verify_ssl = verify_ssl - self.timeout = timeout - self.fmgr_instance = None - - if not HAS_PYFMGR: - module.fail_json(msg='Could not import the python library pyFMG required by this module') - - self.module = module - - def login(self): - if self.ip is not None: - self.fmgr_instance = FortiManager(self.ip, self.username, self.passwd, use_ssl=self.use_ssl, - verify_ssl=self.verify_ssl, timeout=self.timeout, debug=False, - disable_request_warnings=True) - return self.fmgr_instance.login() - - def logout(self): - if self.fmgr_instance.sid is not None: - self.fmgr_instance.logout() - - def get(self, url, data): - return self.fmgr_instance.get(url, **data) - - def set(self, url, data): - return self.fmgr_instance.set(url, **data) - - def update(self, url, data): - return self.fmgr_instance.update(url, **data) - - def delete(self, url, data): - return self.fmgr_instance.delete(url, **data) - - def add(self, url, data): - return self.fmgr_instance.add(url, **data) - - def execute(self, url, data): - return self.fmgr_instance.execute(url, **data) - - def move(self, url, data): - return self.fmgr_instance.move(url, **data) - - def clone(self, url, data): - return self.fmgr_instance.clone(url, **data) - -########################## -# END DEPRECATED METHODS -########################## diff --git a/lib/ansible/module_utils/network/fortios/__init__.py b/lib/ansible/module_utils/network/fortios/__init__.py deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/lib/ansible/module_utils/network/fortios/argspec/__init__.py b/lib/ansible/module_utils/network/fortios/argspec/__init__.py deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/lib/ansible/module_utils/network/fortios/argspec/facts/__init__.py b/lib/ansible/module_utils/network/fortios/argspec/facts/__init__.py deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/lib/ansible/module_utils/network/fortios/argspec/facts/facts.py b/lib/ansible/module_utils/network/fortios/argspec/facts/facts.py deleted file mode 100644 index 2f3e341810e..00000000000 --- a/lib/ansible/module_utils/network/fortios/argspec/facts/facts.py +++ /dev/null @@ -1,45 +0,0 @@ -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -""" -The arg spec for the fortios monitor module. -""" - - -class FactsArgs(object): - """ The arg spec for the fortios monitor module - """ - - def __init__(self, **kwargs): - pass - - argument_spec = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": False}, - "gather_subset": { - "required": True, "type": "list", "elements": "dict", - "options": { - "fact": {"required": True, "type": "str"}, - "filters": {"required": False, "type": "list", "elements": "dict"} - } - } - } diff --git a/lib/ansible/module_utils/network/fortios/argspec/system/__init__.py b/lib/ansible/module_utils/network/fortios/argspec/system/__init__.py deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/lib/ansible/module_utils/network/fortios/argspec/system/system.py b/lib/ansible/module_utils/network/fortios/argspec/system/system.py deleted file mode 100644 index 76454f9d9ec..00000000000 --- a/lib/ansible/module_utils/network/fortios/argspec/system/system.py +++ /dev/null @@ -1,28 +0,0 @@ -# -# -*- coding: utf-8 -*- -# Copyright 2019 Fortinet, Inc. -# GNU General Public License v3.0+ -# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) -""" -The arg spec for the fortios_facts module -""" -from __future__ import absolute_import, division, print_function -__metaclass__ = type - - -class SystemArgs(object): - """The arg spec for the fortios_facts module - """ - - FACT_SYSTEM_SUBSETS = frozenset([ - 'system_current-admins_select', - 'system_firmware_select', - 'system_fortimanager_status', - 'system_ha-checksums_select', - 'system_interface_select', - 'system_status_select', - 'system_time_select', - ]) - - def __init__(self, **kwargs): - pass diff --git a/lib/ansible/module_utils/network/fortios/facts/__init__.py b/lib/ansible/module_utils/network/fortios/facts/__init__.py deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/lib/ansible/module_utils/network/fortios/facts/facts.py b/lib/ansible/module_utils/network/fortios/facts/facts.py deleted file mode 100644 index a881b5aeda1..00000000000 --- a/lib/ansible/module_utils/network/fortios/facts/facts.py +++ /dev/null @@ -1,92 +0,0 @@ -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -""" -The facts class for fortios -this file validates each subset of monitor and selectively -calls the appropriate facts gathering and monitoring function -""" - -from ansible.module_utils.network.fortios.argspec.facts.facts import FactsArgs -from ansible.module_utils.network.fortios.argspec.system.system import SystemArgs -from ansible.module_utils.network.common.facts.facts import FactsBase -from ansible.module_utils.network.fortios.facts.system.system import SystemFacts - - -class Facts(FactsBase): - """ The facts class for fortios - """ - - FACT_SUBSETS = { - "system": SystemFacts - } - - def __init__(self, module, fos=None, subset=None): - super(Facts, self).__init__(module) - self._fos = fos - self._subset = subset - - def gen_runable(self, subsets, valid_subsets): - """ Generate the runable subset - - :param module: The module instance - :param subsets: The provided subsets - :param valid_subsets: The valid subsets - :rtype: list - :returns: The runable subsets - """ - runable_subsets = [] - FACT_DETAIL_SUBSETS = [] - FACT_DETAIL_SUBSETS.extend(SystemArgs.FACT_SYSTEM_SUBSETS) - - for subset in subsets: - if subset['fact'] not in FACT_DETAIL_SUBSETS: - self._module.fail_json(msg='Subset must be one of [%s], got %s' % - (', '.join(sorted([item for item in FACT_DETAIL_SUBSETS])), subset['fact'])) - - for valid_subset in frozenset(self.FACT_SUBSETS.keys()): - if subset['fact'].startswith(valid_subset): - runable_subsets.append((subset, valid_subset)) - - return runable_subsets - - def get_network_legacy_facts(self, fact_legacy_obj_map, legacy_facts_type=None): - if not legacy_facts_type: - legacy_facts_type = self._gather_subset - - runable_subsets = self.gen_runable(legacy_facts_type, frozenset(fact_legacy_obj_map.keys())) - if runable_subsets: - self.ansible_facts['ansible_net_gather_subset'] = [] - - instances = list() - for (subset, valid_subset) in runable_subsets: - instances.append(fact_legacy_obj_map[valid_subset](self._module, self._fos, subset)) - - for inst in instances: - inst.populate_facts(self._connection, self.ansible_facts) - - def get_facts(self, facts_type=None, data=None): - """ Collect the facts for fortios - :param facts_type: List of facts types - :param data: previously collected conf - :rtype: dict - :return: the facts gathered - """ - self.get_network_legacy_facts(self.FACT_SUBSETS, facts_type) - - return self.ansible_facts, self._warnings diff --git a/lib/ansible/module_utils/network/fortios/facts/system/__init__.py b/lib/ansible/module_utils/network/fortios/facts/system/__init__.py deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/lib/ansible/module_utils/network/fortios/facts/system/system.py b/lib/ansible/module_utils/network/fortios/facts/system/system.py deleted file mode 100644 index 5731a0985b1..00000000000 --- a/lib/ansible/module_utils/network/fortios/facts/system/system.py +++ /dev/null @@ -1,63 +0,0 @@ -# -# -*- coding: utf-8 -*- -# Copyright 2019 Fortinet, Inc. -# GNU General Public License v3.0+ -# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) -""" -The fortios system facts class -It is in this file the runtime information is collected from the device -for a given resource, parsed, and the facts tree is populated -based on the configuration. -""" -from __future__ import absolute_import, division, print_function -__metaclass__ = type - -import re -from ansible.module_utils.network.common import utils -from ansible.module_utils.network.fortios.argspec.system.system import SystemArgs - - -class SystemFacts(object): - """ The fortios system facts class - """ - - def __init__(self, module, fos=None, subset=None, subspec='config', options='options'): - self._module = module - self._fos = fos - self._subset = subset - - def populate_facts(self, connection, ansible_facts, data=None): - """ Populate the facts for system - :param connection: the device connection - :param ansible_facts: Facts dictionary - :rtype: dictionary - :returns: facts - """ - ansible_facts['ansible_network_resources'].pop('system', None) - facts = {} - if self._subset['fact'].startswith(tuple(SystemArgs.FACT_SYSTEM_SUBSETS)): - gather_method = getattr(self, self._subset['fact'].replace('-', '_'), self.system_fact) - resp = gather_method() - facts.update({self._subset['fact']: resp}) - - ansible_facts['ansible_network_resources'].update(facts) - return ansible_facts - - def system_fact(self): - fos = self._fos - vdom = self._module.params['vdom'] - return fos.monitor('system', self._subset['fact'][len('system_'):].replace('_', '/'), vdom=vdom) - - def system_interface_select(self): - fos = self._fos - vdom = self._module.params['vdom'] - - query_string = '?vdom=' + vdom - system_interface_select_param = self._subset['filters'] - if system_interface_select_param: - for filter in system_interface_select_param: - for key, val in filter.items(): - if val: - query_string += '&' + str(key) + '=' + str(val) - - return fos.monitor('system', self._subset['fact'][len('system_'):].replace('_', '/') + query_string, vdom=None) diff --git a/lib/ansible/module_utils/network/fortios/fortios.py b/lib/ansible/module_utils/network/fortios/fortios.py deleted file mode 100644 index 45992aa8c47..00000000000 --- a/lib/ansible/module_utils/network/fortios/fortios.py +++ /dev/null @@ -1,338 +0,0 @@ -# This code is part of Ansible, but is an independent component. -# This particular file snippet, and this file snippet only, is BSD licensed. -# Modules you write using this snippet, which is embedded dynamically by Ansible -# still belong to the author of the module, and may assign their own license -# to the complete work. -# -# Copyright (c), Benjamin Jolivot , 2014, -# Miguel Angel Munoz , 2019 -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without modification, -# are permitted provided that the following conditions are met: -# -# * Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright notice, -# this list of conditions and the following disclaimer in the documentation -# and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE -# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE -# -import os -import time -import traceback - -from ansible.module_utils._text import to_text -from ansible.module_utils.basic import env_fallback - -import json - -# BEGIN DEPRECATED - -# check for pyFG lib -try: - from pyFG import FortiOS, FortiConfig - from pyFG.exceptions import FailedCommit - HAS_PYFG = True -except ImportError: - HAS_PYFG = False - -fortios_argument_spec = dict( - file_mode=dict(type='bool', default=False), - config_file=dict(type='path'), - host=dict(), - username=dict(fallback=(env_fallback, ['ANSIBLE_NET_USERNAME'])), - password=dict(fallback=(env_fallback, ['ANSIBLE_NET_PASSWORD']), no_log=True), - timeout=dict(type='int', default=60), - vdom=dict(type='str'), - backup=dict(type='bool', default=False), - backup_path=dict(type='path'), - backup_filename=dict(type='str'), -) - -fortios_required_if = [ - ['file_mode', False, ['host', 'username', 'password']], - ['file_mode', True, ['config_file']], - ['backup', True, ['backup_path']], -] - -fortios_mutually_exclusive = [ - ['config_file', 'host'], - ['config_file', 'username'], - ['config_file', 'password'] -] - -fortios_error_codes = { - '-3': "Object not found", - '-61': "Command error" -} - -# END DEPRECATED - - -class FortiOSHandler(object): - - def __init__(self, conn): - self._conn = conn - - def cmdb_url(self, path, name, vdom=None, mkey=None): - - url = '/api/v2/cmdb/' + path + '/' + name - if mkey: - url = url + '/' + str(mkey) - if vdom: - if vdom == "global": - url += '?global=1' - else: - url += '?vdom=' + vdom - return url - - def mon_url(self, path, name, vdom=None, mkey=None): - url = '/api/v2/monitor/' + path + '/' + name - if mkey: - url = url + '/' + str(mkey) - if vdom: - if vdom == "global": - url += '?global=1' - else: - url += '?vdom=' + vdom - return url - - def schema(self, path, name, vdom=None): - if vdom is None: - url = self.cmdb_url(path, name) + "?action=schema" - else: - url = self.cmdb_url(path, name, vdom=vdom) + "&action=schema" - - status, result_data = self._conn.send_request(url=url) - - if status == 200: - if vdom == "global": - return json.loads(to_text(result_data))[0]['results'] - else: - return json.loads(to_text(result_data))['results'] - else: - return json.loads(to_text(result_data)) - - def get_mkeyname(self, path, name, vdom=None): - schema = self.schema(path, name, vdom=vdom) - try: - keyname = schema['mkey'] - except KeyError: - return False - return keyname - - def get_mkey(self, path, name, data, vdom=None): - - keyname = self.get_mkeyname(path, name, vdom) - if not keyname: - return None - else: - try: - mkey = data[keyname] - except KeyError: - return None - return mkey - - def get(self, path, name, vdom=None, mkey=None, parameters=None): - url = self.cmdb_url(path, name, vdom, mkey=mkey) - - status, result_data = self._conn.send_request(url=url, params=parameters, method='GET') - - return self.formatresponse(result_data, vdom=vdom) - - def monitor(self, path, name, vdom=None, mkey=None, parameters=None): - url = self.mon_url(path, name, vdom, mkey) - - status, result_data = self._conn.send_request(url=url, params=parameters, method='GET') - - return self.formatresponse(result_data, vdom=vdom) - - def set(self, path, name, data, mkey=None, vdom=None, parameters=None): - - if not mkey: - mkey = self.get_mkey(path, name, data, vdom=vdom) - url = self.cmdb_url(path, name, vdom, mkey) - - status, result_data = self._conn.send_request(url=url, params=parameters, data=json.dumps(data), method='PUT') - - if status == 404 or status == 405 or status == 500: - return self.post(path, name, data, vdom, mkey) - else: - return self.formatresponse(result_data, vdom=vdom) - - def post(self, path, name, data, vdom=None, - mkey=None, parameters=None): - - if mkey: - mkeyname = self.get_mkeyname(path, name, vdom) - data[mkeyname] = mkey - - url = self.cmdb_url(path, name, vdom, mkey=None) - - status, result_data = self._conn.send_request(url=url, params=parameters, data=json.dumps(data), method='POST') - - return self.formatresponse(result_data, vdom=vdom) - - def execute(self, path, name, data, vdom=None, - mkey=None, parameters=None, timeout=300): - url = self.mon_url(path, name, vdom, mkey=mkey) - - status, result_data = self._conn.send_request(url=url, params=parameters, data=json.dumps(data), method='POST', timeout=timeout) - - return self.formatresponse(result_data, vdom=vdom) - - def delete(self, path, name, vdom=None, mkey=None, parameters=None, data=None): - if not mkey: - mkey = self.get_mkey(path, name, data, vdom=vdom) - url = self.cmdb_url(path, name, vdom, mkey) - status, result_data = self._conn.send_request(url=url, params=parameters, data=json.dumps(data), method='DELETE') - return self.formatresponse(result_data, vdom=vdom) - - def formatresponse(self, res, vdom=None): - if vdom == "global": - resp = json.loads(to_text(res))[0] - resp['vdom'] = "global" - else: - resp = json.loads(to_text(res)) - return resp - -# BEGIN DEPRECATED - - -def backup(module, running_config): - backup_path = module.params['backup_path'] - backup_filename = module.params['backup_filename'] - if not os.path.exists(backup_path): - try: - os.mkdir(backup_path) - except Exception: - module.fail_json(msg="Can't create directory {0} Permission denied ?".format(backup_path)) - tstamp = time.strftime("%Y-%m-%d@%H:%M:%S", time.localtime(time.time())) - if 0 < len(backup_filename): - filename = '%s/%s' % (backup_path, backup_filename) - else: - filename = '%s/%s_config.%s' % (backup_path, module.params['host'], tstamp) - try: - open(filename, 'w').write(running_config) - except Exception: - module.fail_json(msg="Can't create backup file {0} Permission denied ?".format(filename)) - - -class AnsibleFortios(object): - def __init__(self, module): - if not HAS_PYFG: - module.fail_json(msg='Could not import the python library pyFG required by this module') - - self.result = { - 'changed': False, - } - self.module = module - - def _connect(self): - if self.module.params['file_mode']: - self.forti_device = FortiOS('') - else: - host = self.module.params['host'] - username = self.module.params['username'] - password = self.module.params['password'] - timeout = self.module.params['timeout'] - vdom = self.module.params['vdom'] - - self.forti_device = FortiOS(host, username=username, password=password, timeout=timeout, vdom=vdom) - - try: - self.forti_device.open() - except Exception as e: - self.module.fail_json(msg='Error connecting device. %s' % to_text(e), - exception=traceback.format_exc()) - - def load_config(self, path): - self.path = path - self._connect() - # load in file_mode - if self.module.params['file_mode']: - try: - f = open(self.module.params['config_file'], 'r') - running = f.read() - f.close() - except IOError as e: - self.module.fail_json(msg='Error reading configuration file. %s' % to_text(e), - exception=traceback.format_exc()) - self.forti_device.load_config(config_text=running, path=path) - - else: - # get config - try: - self.forti_device.load_config(path=path) - except Exception as e: - self.forti_device.close() - self.module.fail_json(msg='Error reading running config. %s' % to_text(e), - exception=traceback.format_exc()) - - # set configs in object - self.result['running_config'] = self.forti_device.running_config.to_text() - self.candidate_config = self.forti_device.candidate_config - - # backup if needed - if self.module.params['backup']: - backup(self.module, self.forti_device.running_config.to_text()) - - def apply_changes(self): - change_string = self.forti_device.compare_config() - if change_string: - self.result['change_string'] = change_string - self.result['changed'] = True - - # Commit if not check mode - if change_string and not self.module.check_mode: - if self.module.params['file_mode']: - try: - f = open(self.module.params['config_file'], 'w') - f.write(self.candidate_config.to_text()) - f.close() - except IOError as e: - self.module.fail_json(msg='Error writing configuration file. %s' % - to_text(e), exception=traceback.format_exc()) - else: - try: - self.forti_device.commit() - except FailedCommit as e: - # Something's wrong (rollback is automatic) - self.forti_device.close() - error_list = self.get_error_infos(e) - self.module.fail_json(msg_error_list=error_list, msg="Unable to commit change, check your args, the error was %s" % e.message) - - self.forti_device.close() - self.module.exit_json(**self.result) - - def del_block(self, block_id): - self.forti_device.candidate_config[self.path].del_block(block_id) - - def add_block(self, block_id, block): - self.forti_device.candidate_config[self.path][block_id] = block - - def get_error_infos(self, cli_errors): - error_list = [] - for errors in cli_errors.args: - for error in errors: - error_code = error[0] - error_string = error[1] - error_type = fortios_error_codes.get(error_code, "unknown") - error_list.append(dict(error_code=error_code, error_type=error_type, error_string=error_string)) - - return error_list - - def get_empty_configuration_block(self, block_name, block_type): - return FortiConfig(block_name, block_type) - -# END DEPRECATED diff --git a/lib/ansible/modules/network/fortios/fortios_address.py b/lib/ansible/modules/network/fortios/fortios_address.py deleted file mode 100644 index 03c4a82309c..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_address.py +++ /dev/null @@ -1,291 +0,0 @@ -#!/usr/bin/python -# -# Ansible module to manage IP addresses on fortios devices -# (c) 2016, Benjamin Jolivot -# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) - -from __future__ import absolute_import, division, print_function -__metaclass__ = type - - -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} - -DOCUMENTATION = """ ---- -module: fortios_address -version_added: "2.4" -author: "Benjamin Jolivot (@bjolivot)" -short_description: Manage fortios firewall address objects -description: - - This module provide management of firewall addresses on FortiOS devices. -extends_documentation_fragment: fortios -options: - state: - description: - - Specifies if address need to be added or deleted. - required: true - choices: ['present', 'absent'] - name: - description: - - Name of the address to add or delete. - required: true - type: - description: - - Type of the address. - choices: ['iprange', 'fqdn', 'ipmask', 'geography'] - value: - description: - - Address value, based on type. - If type=fqdn, something like www.google.com. - If type=ipmask, you can use simple ip (192.168.0.1), ip+mask (192.168.0.1 255.255.255.0) or CIDR (192.168.0.1/32). - start_ip: - description: - - First ip in range (used only with type=iprange). - end_ip: - description: - - Last ip in range (used only with type=iprange). - country: - description: - - 2 letter country code (like FR). - interface: - description: - - interface name the address apply to. - default: any - comment: - description: - - free text to describe address. -notes: - - This module requires netaddr python library. -""" - -EXAMPLES = """ -- name: Register french addresses - fortios_address: - host: 192.168.0.254 - username: admin - password: p4ssw0rd - state: present - name: "fromfrance" - type: geography - country: FR - comment: "French geoip address" - -- name: Register some fqdn - fortios_address: - host: 192.168.0.254 - username: admin - password: p4ssw0rd - state: present - name: "Ansible" - type: fqdn - value: www.ansible.com - comment: "Ansible website" - -- name: Register google DNS - fortios_address: - host: 192.168.0.254 - username: admin - password: p4ssw0rd - state: present - name: "google_dns" - type: ipmask - value: 8.8.8.8 - -""" - -RETURN = """ -firewall_address_config: - description: full firewall addresses config string. - returned: always - type: str -change_string: - description: The commands executed by the module. - returned: only if config changed - type: str -""" - -from ansible.module_utils.network.fortios.fortios import fortios_argument_spec, fortios_required_if -from ansible.module_utils.network.fortios.fortios import backup, AnsibleFortios - -from ansible.module_utils.basic import AnsibleModule - - -# check for netaddr lib -try: - from netaddr import IPNetwork - HAS_NETADDR = True -except Exception: - HAS_NETADDR = False - - -# define valid country list for GEOIP address type -FG_COUNTRY_LIST = ( - 'ZZ', 'A1', 'A2', 'O1', 'AD', 'AE', 'AF', 'AG', 'AI', 'AL', 'AM', 'AN', 'AO', - 'AP', 'AQ', 'AR', 'AS', 'AT', 'AU', 'AW', 'AX', 'AZ', 'BA', 'BB', 'BD', 'BE', - 'BF', 'BG', 'BH', 'BI', 'BJ', 'BL', 'BM', 'BN', 'BO', 'BQ', 'BR', 'BS', 'BT', - 'BV', 'BW', 'BY', 'BZ', 'CA', 'CC', 'CD', 'CF', 'CG', 'CH', 'CI', 'CK', 'CL', - 'CM', 'CN', 'CO', 'CR', 'CU', 'CV', 'CW', 'CX', 'CY', 'CZ', 'DE', 'DJ', 'DK', - 'DM', 'DO', 'DZ', 'EC', 'EE', 'EG', 'EH', 'ER', 'ES', 'ET', 'EU', 'FI', 'FJ', - 'FK', 'FM', 'FO', 'FR', 'GA', 'GB', 'GD', 'GE', 'GF', 'GG', 'GH', 'GI', 'GL', - 'GM', 'GN', 'GP', 'GQ', 'GR', 'GS', 'GT', 'GU', 'GW', 'GY', 'HK', 'HM', 'HN', - 'HR', 'HT', 'HU', 'ID', 'IE', 'IL', 'IM', 'IN', 'IO', 'IQ', 'IR', 'IS', 'IT', - 'JE', 'JM', 'JO', 'JP', 'KE', 'KG', 'KH', 'KI', 'KM', 'KN', 'KP', 'KR', 'KW', - 'KY', 'KZ', 'LA', 'LB', 'LC', 'LI', 'LK', 'LR', 'LS', 'LT', 'LU', 'LV', 'LY', - 'MA', 'MC', 'MD', 'ME', 'MF', 'MG', 'MH', 'MK', 'ML', 'MM', 'MN', 'MO', 'MP', - 'MQ', 'MR', 'MS', 'MT', 'MU', 'MV', 'MW', 'MX', 'MY', 'MZ', 'NA', 'NC', 'NE', - 'NF', 'NG', 'NI', 'NL', 'NO', 'NP', 'NR', 'NU', 'NZ', 'OM', 'PA', 'PE', 'PF', - 'PG', 'PH', 'PK', 'PL', 'PM', 'PN', 'PR', 'PS', 'PT', 'PW', 'PY', 'QA', 'RE', - 'RO', 'RS', 'RU', 'RW', 'SA', 'SB', 'SC', 'SD', 'SE', 'SG', 'SH', 'SI', 'SJ', - 'SK', 'SL', 'SM', 'SN', 'SO', 'SR', 'SS', 'ST', 'SV', 'SX', 'SY', 'SZ', 'TC', - 'TD', 'TF', 'TG', 'TH', 'TJ', 'TK', 'TL', 'TM', 'TN', 'TO', 'TR', 'TT', 'TV', - 'TW', 'TZ', 'UA', 'UG', 'UM', 'US', 'UY', 'UZ', 'VA', 'VC', 'VE', 'VG', 'VI', - 'VN', 'VU', 'WF', 'WS', 'YE', 'YT', 'ZA', 'ZM', 'ZW' -) - - -def get_formated_ipaddr(input_ip): - """ - Format given ip address string to fortigate format (ip netmask) - Args: - * **ip_str** (string) : string representing ip address - accepted format: - - ip netmask (ex: 192.168.0.10 255.255.255.0) - - ip (ex: 192.168.0.10) - - CIDR (ex: 192.168.0.10/24) - - Returns: - formated ip if ip is valid (ex: "192.168.0.10 255.255.255.0") - False if ip is not valid - """ - try: - if " " in input_ip: - # ip netmask format - str_ip, str_netmask = input_ip.split(" ") - ip = IPNetwork(str_ip) - mask = IPNetwork(str_netmask) - return "%s %s" % (str_ip, str_netmask) - else: - ip = IPNetwork(input_ip) - return "%s %s" % (str(ip.ip), str(ip.netmask)) - except Exception: - return False - - return False - - -def main(): - argument_spec = dict( - state=dict(required=True, choices=['present', 'absent']), - name=dict(required=True), - type=dict(choices=['iprange', 'fqdn', 'ipmask', 'geography'], default='ipmask'), - value=dict(), - start_ip=dict(), - end_ip=dict(), - country=dict(), - interface=dict(default='any'), - comment=dict(), - ) - - # merge argument_spec from module_utils/fortios.py - argument_spec.update(fortios_argument_spec) - - # Load module - module = AnsibleModule( - argument_spec=argument_spec, - required_if=fortios_required_if, - supports_check_mode=True, - ) - result = dict(changed=False) - - if not HAS_NETADDR: - module.fail_json(msg='Could not import the python library netaddr required by this module') - - # check params - if module.params['state'] == 'absent': - if module.params['type'] != "ipmask": - module.fail_json(msg='Invalid argument type=%s when state=absent' % module.params['type']) - if module.params['value'] is not None: - module.fail_json(msg='Invalid argument `value` when state=absent') - if module.params['start_ip'] is not None: - module.fail_json(msg='Invalid argument `start_ip` when state=absent') - if module.params['end_ip'] is not None: - module.fail_json(msg='Invalid argument `end_ip` when state=absent') - if module.params['country'] is not None: - module.fail_json(msg='Invalid argument `country` when state=absent') - if module.params['interface'] != "any": - module.fail_json(msg='Invalid argument `interface` when state=absent') - if module.params['comment'] is not None: - module.fail_json(msg='Invalid argument `comment` when state=absent') - else: - # state=present - # validate IP - if module.params['type'] == "ipmask": - formated_ip = get_formated_ipaddr(module.params['value']) - if formated_ip is not False: - module.params['value'] = get_formated_ipaddr(module.params['value']) - else: - module.fail_json(msg="Bad ip address format") - - # validate country - if module.params['type'] == "geography": - if module.params['country'] not in FG_COUNTRY_LIST: - module.fail_json(msg="Invalid country argument, need to be in `diagnose firewall ipgeo country-list`") - - # validate iprange - if module.params['type'] == "iprange": - if module.params['start_ip'] is None: - module.fail_json(msg="Missing argument 'start_ip' when type is iprange") - if module.params['end_ip'] is None: - module.fail_json(msg="Missing argument 'end_ip' when type is iprange") - - # init forti object - fortigate = AnsibleFortios(module) - - # Config path - config_path = 'firewall address' - - # load config - fortigate.load_config(config_path) - - # Absent State - if module.params['state'] == 'absent': - fortigate.candidate_config[config_path].del_block(module.params['name']) - - # Present state - if module.params['state'] == 'present': - # define address params - new_addr = fortigate.get_empty_configuration_block(module.params['name'], 'edit') - - if module.params['comment'] is not None: - new_addr.set_param('comment', '"%s"' % (module.params['comment'])) - - if module.params['type'] == 'iprange': - new_addr.set_param('type', 'iprange') - new_addr.set_param('start-ip', module.params['start_ip']) - new_addr.set_param('end-ip', module.params['end_ip']) - - if module.params['type'] == 'geography': - new_addr.set_param('type', 'geography') - new_addr.set_param('country', '"%s"' % (module.params['country'])) - - if module.params['interface'] != 'any': - new_addr.set_param('associated-interface', '"%s"' % (module.params['interface'])) - - if module.params['value'] is not None: - if module.params['type'] == 'fqdn': - new_addr.set_param('type', 'fqdn') - new_addr.set_param('fqdn', '"%s"' % (module.params['value'])) - if module.params['type'] == 'ipmask': - new_addr.set_param('subnet', module.params['value']) - - # add the new address object to the device - fortigate.add_block(module.params['name'], new_addr) - - # Apply changes (check mode is managed directly by the fortigate object) - fortigate.apply_changes() - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_alertemail_setting.py b/lib/ansible/modules/network/fortios/fortios_alertemail_setting.py deleted file mode 100644 index 82b7a6e3b8f..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_alertemail_setting.py +++ /dev/null @@ -1,602 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_alertemail_setting -short_description: Configure alert email settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify alertemail feature and setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - alertemail_setting: - description: - - Configure alert email settings. - default: null - type: dict - suboptions: - admin_login_logs: - description: - - Enable/disable administrator login/logout logs in alert email. - type: str - choices: - - enable - - disable - alert_interval: - description: - - Alert alert interval in minutes. - type: int - amc_interface_bypass_mode: - description: - - Enable/disable Fortinet Advanced Mezzanine Card (AMC) interface bypass mode logs in alert email. - type: str - choices: - - enable - - disable - antivirus_logs: - description: - - Enable/disable antivirus logs in alert email. - type: str - choices: - - enable - - disable - configuration_changes_logs: - description: - - Enable/disable configuration change logs in alert email. - type: str - choices: - - enable - - disable - critical_interval: - description: - - Critical alert interval in minutes. - type: int - debug_interval: - description: - - Debug alert interval in minutes. - type: int - email_interval: - description: - - Interval between sending alert emails (1 - 99999 min). - type: int - emergency_interval: - description: - - Emergency alert interval in minutes. - type: int - error_interval: - description: - - Error alert interval in minutes. - type: int - FDS_license_expiring_days: - description: - - Number of days to send alert email prior to FortiGuard license expiration (1 - 100 days). - type: int - FDS_license_expiring_warning: - description: - - Enable/disable FortiGuard license expiration warnings in alert email. - type: str - choices: - - enable - - disable - FDS_update_logs: - description: - - Enable/disable FortiGuard update logs in alert email. - type: str - choices: - - enable - - disable - filter_mode: - description: - - How to filter log messages that are sent to alert emails. - type: str - choices: - - category - - threshold - FIPS_CC_errors: - description: - - Enable/disable FIPS and Common Criteria error logs in alert email. - type: str - choices: - - enable - - disable - firewall_authentication_failure_logs: - description: - - Enable/disable firewall authentication failure logs in alert email. - type: str - choices: - - enable - - disable - fortiguard_log_quota_warning: - description: - - Enable/disable FortiCloud log quota warnings in alert email. - type: str - choices: - - enable - - disable - FSSO_disconnect_logs: - description: - - Enable/disable logging of FSSO collector agent disconnect. - type: str - choices: - - enable - - disable - HA_logs: - description: - - Enable/disable HA logs in alert email. - type: str - choices: - - enable - - disable - information_interval: - description: - - Information alert interval in minutes. - type: int - IPS_logs: - description: - - Enable/disable IPS logs in alert email. - type: str - choices: - - enable - - disable - IPsec_errors_logs: - description: - - Enable/disable IPsec error logs in alert email. - type: str - choices: - - enable - - disable - local_disk_usage: - description: - - Disk usage percentage at which to send alert email (1 - 99 percent). - type: int - log_disk_usage_warning: - description: - - Enable/disable disk usage warnings in alert email. - type: str - choices: - - enable - - disable - mailto1: - description: - - Email address to send alert email to (usually a system administrator) (max. 64 characters). - type: str - mailto2: - description: - - Optional second email address to send alert email to (max. 64 characters). - type: str - mailto3: - description: - - Optional third email address to send alert email to (max. 64 characters). - type: str - notification_interval: - description: - - Notification alert interval in minutes. - type: int - PPP_errors_logs: - description: - - Enable/disable PPP error logs in alert email. - type: str - choices: - - enable - - disable - severity: - description: - - Lowest severity level to log. - type: str - choices: - - emergency - - alert - - critical - - error - - warning - - notification - - information - - debug - ssh_logs: - description: - - Enable/disable SSH logs in alert email. - type: str - choices: - - enable - - disable - sslvpn_authentication_errors_logs: - description: - - Enable/disable SSL-VPN authentication error logs in alert email. - type: str - choices: - - enable - - disable - username: - description: - - "Name that appears in the From: field of alert emails (max. 36 characters)." - type: str - violation_traffic_logs: - description: - - Enable/disable violation traffic logs in alert email. - type: str - choices: - - enable - - disable - warning_interval: - description: - - Warning alert interval in minutes. - type: int - webfilter_logs: - description: - - Enable/disable web filter logs in alert email. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure alert email settings. - fortios_alertemail_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - alertemail_setting: - admin_login_logs: "enable" - alert_interval: "4" - amc_interface_bypass_mode: "enable" - antivirus_logs: "enable" - configuration_changes_logs: "enable" - critical_interval: "8" - debug_interval: "9" - email_interval: "10" - emergency_interval: "11" - error_interval: "12" - FDS_license_expiring_days: "13" - FDS_license_expiring_warning: "enable" - FDS_update_logs: "enable" - filter_mode: "category" - FIPS_CC_errors: "enable" - firewall_authentication_failure_logs: "enable" - fortiguard_log_quota_warning: "enable" - FSSO_disconnect_logs: "enable" - HA_logs: "enable" - information_interval: "22" - IPS_logs: "enable" - IPsec_errors_logs: "enable" - local_disk_usage: "25" - log_disk_usage_warning: "enable" - mailto1: "" - mailto2: "" - mailto3: "" - notification_interval: "30" - PPP_errors_logs: "enable" - severity: "emergency" - ssh_logs: "enable" - sslvpn_authentication_errors_logs: "enable" - username: "" - violation_traffic_logs: "enable" - warning_interval: "37" - webfilter_logs: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_alertemail_setting_data(json): - option_list = ['admin_login_logs', 'alert_interval', 'amc_interface_bypass_mode', - 'antivirus_logs', 'configuration_changes_logs', 'critical_interval', - 'debug_interval', 'email_interval', 'emergency_interval', - 'error_interval', 'FDS_license_expiring_days', 'FDS_license_expiring_warning', - 'FDS_update_logs', 'filter_mode', 'FIPS_CC_errors', - 'firewall_authentication_failure_logs', 'fortiguard_log_quota_warning', 'FSSO_disconnect_logs', - 'HA_logs', 'information_interval', 'IPS_logs', - 'IPsec_errors_logs', 'local_disk_usage', 'log_disk_usage_warning', - 'mailto1', 'mailto2', 'mailto3', - 'notification_interval', 'PPP_errors_logs', 'severity', - 'ssh_logs', 'sslvpn_authentication_errors_logs', 'username', - 'violation_traffic_logs', 'warning_interval', 'webfilter_logs'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def alertemail_setting(data, fos): - vdom = data['vdom'] - alertemail_setting_data = data['alertemail_setting'] - filtered_data = underscore_to_hyphen(filter_alertemail_setting_data(alertemail_setting_data)) - - return fos.set('alertemail', - 'setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_alertemail(data, fos): - - if data['alertemail_setting']: - resp = alertemail_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "alertemail_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "admin_login_logs": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "alert_interval": {"required": False, "type": "int"}, - "amc_interface_bypass_mode": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "antivirus_logs": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "configuration_changes_logs": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "critical_interval": {"required": False, "type": "int"}, - "debug_interval": {"required": False, "type": "int"}, - "email_interval": {"required": False, "type": "int"}, - "emergency_interval": {"required": False, "type": "int"}, - "error_interval": {"required": False, "type": "int"}, - "FDS_license_expiring_days": {"required": False, "type": "int"}, - "FDS_license_expiring_warning": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "FDS_update_logs": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "filter_mode": {"required": False, "type": "str", - "choices": ["category", "threshold"]}, - "FIPS_CC_errors": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "firewall_authentication_failure_logs": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "fortiguard_log_quota_warning": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "FSSO_disconnect_logs": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "HA_logs": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "information_interval": {"required": False, "type": "int"}, - "IPS_logs": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "IPsec_errors_logs": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_disk_usage": {"required": False, "type": "int"}, - "log_disk_usage_warning": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "mailto1": {"required": False, "type": "str"}, - "mailto2": {"required": False, "type": "str"}, - "mailto3": {"required": False, "type": "str"}, - "notification_interval": {"required": False, "type": "int"}, - "PPP_errors_logs": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "severity": {"required": False, "type": "str", - "choices": ["emergency", "alert", "critical", - "error", "warning", "notification", - "information", "debug"]}, - "ssh_logs": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sslvpn_authentication_errors_logs": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "username": {"required": False, "type": "str"}, - "violation_traffic_logs": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "warning_interval": {"required": False, "type": "int"}, - "webfilter_logs": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_alertemail(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_alertemail(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_antivirus_heuristic.py b/lib/ansible/modules/network/fortios/fortios_antivirus_heuristic.py deleted file mode 100644 index 38a899b7d67..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_antivirus_heuristic.py +++ /dev/null @@ -1,295 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_antivirus_heuristic -short_description: Configure global heuristic options in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify antivirus feature and heuristic category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - antivirus_heuristic: - description: - - Configure global heuristic options. - default: null - type: dict - suboptions: - mode: - description: - - Enable/disable heuristics and determine how the system behaves if heuristics detects a problem. - type: str - choices: - - pass - - block - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure global heuristic options. - fortios_antivirus_heuristic: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - antivirus_heuristic: - mode: "pass" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_antivirus_heuristic_data(json): - option_list = ['mode'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def antivirus_heuristic(data, fos): - vdom = data['vdom'] - antivirus_heuristic_data = data['antivirus_heuristic'] - filtered_data = underscore_to_hyphen(filter_antivirus_heuristic_data(antivirus_heuristic_data)) - - return fos.set('antivirus', - 'heuristic', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_antivirus(data, fos): - - if data['antivirus_heuristic']: - resp = antivirus_heuristic(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "antivirus_heuristic": { - "required": False, "type": "dict", "default": None, - "options": { - "mode": {"required": False, "type": "str", - "choices": ["pass", "block", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_antivirus(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_antivirus(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_antivirus_profile.py b/lib/ansible/modules/network/fortios/fortios_antivirus_profile.py deleted file mode 100644 index b35c0415c0a..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_antivirus_profile.py +++ /dev/null @@ -1,1366 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_antivirus_profile -short_description: Configure AntiVirus profiles in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify antivirus feature and profile category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - antivirus_profile: - description: - - Configure AntiVirus profiles. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - analytics_bl_filetype: - description: - - Only submit files matching this DLP file-pattern to FortiSandbox. Source dlp.filepattern.id. - type: int - analytics_db: - description: - - Enable/disable using the FortiSandbox signature database to supplement the AV signature databases. - type: str - choices: - - disable - - enable - analytics_max_upload: - description: - - Maximum size of files that can be uploaded to FortiSandbox (1 - 395 MBytes). - type: int - analytics_wl_filetype: - description: - - Do not submit files matching this DLP file-pattern to FortiSandbox. Source dlp.filepattern.id. - type: int - av_block_log: - description: - - Enable/disable logging for AntiVirus file blocking. - type: str - choices: - - enable - - disable - av_virus_log: - description: - - Enable/disable AntiVirus logging. - type: str - choices: - - enable - - disable - comment: - description: - - Comment. - type: str - content_disarm: - description: - - AV Content Disarm and Reconstruction settings. - type: dict - suboptions: - cover_page: - description: - - Enable/disable inserting a cover page into the disarmed document. - type: str - choices: - - disable - - enable - detect_only: - description: - - Enable/disable only detect disarmable files, do not alter content. - type: str - choices: - - disable - - enable - office_embed: - description: - - Enable/disable stripping of embedded objects in Microsoft Office documents. - type: str - choices: - - disable - - enable - office_hylink: - description: - - Enable/disable stripping of hyperlinks in Microsoft Office documents. - type: str - choices: - - disable - - enable - office_linked: - description: - - Enable/disable stripping of linked objects in Microsoft Office documents. - type: str - choices: - - disable - - enable - office_macro: - description: - - Enable/disable stripping of macros in Microsoft Office documents. - type: str - choices: - - disable - - enable - original_file_destination: - description: - - Destination to send original file if active content is removed. - type: str - choices: - - fortisandbox - - quarantine - - discard - pdf_act_form: - description: - - Enable/disable stripping of actions that submit data to other targets in PDF documents. - type: str - choices: - - disable - - enable - pdf_act_gotor: - description: - - Enable/disable stripping of links to other PDFs in PDF documents. - type: str - choices: - - disable - - enable - pdf_act_java: - description: - - Enable/disable stripping of actions that execute JavaScript code in PDF documents. - type: str - choices: - - disable - - enable - pdf_act_launch: - description: - - Enable/disable stripping of links to external applications in PDF documents. - type: str - choices: - - disable - - enable - pdf_act_movie: - description: - - Enable/disable stripping of embedded movies in PDF documents. - type: str - choices: - - disable - - enable - pdf_act_sound: - description: - - Enable/disable stripping of embedded sound files in PDF documents. - type: str - choices: - - disable - - enable - pdf_embedfile: - description: - - Enable/disable stripping of embedded files in PDF documents. - type: str - choices: - - disable - - enable - pdf_hyperlink: - description: - - Enable/disable stripping of hyperlinks from PDF documents. - type: str - choices: - - disable - - enable - pdf_javacode: - description: - - Enable/disable stripping of JavaScript code in PDF documents. - type: str - choices: - - disable - - enable - extended_log: - description: - - Enable/disable extended logging for antivirus. - type: str - choices: - - enable - - disable - ftgd_analytics: - description: - - Settings to control which files are uploaded to FortiSandbox. - type: str - choices: - - disable - - suspicious - - everything - ftp: - description: - - Configure FTP AntiVirus options. - type: dict - suboptions: - archive_block: - description: - - Select the archive types to block. - type: str - choices: - - encrypted - - corrupted - - partiallycorrupted - - multipart - - nested - - mailbomb - - fileslimit - - timeout - - unhandled - archive_log: - description: - - Select the archive types to log. - type: str - choices: - - encrypted - - corrupted - - partiallycorrupted - - multipart - - nested - - mailbomb - - fileslimit - - timeout - - unhandled - emulator: - description: - - Enable/disable the virus emulator. - type: str - choices: - - enable - - disable - options: - description: - - Enable/disable FTP AntiVirus scanning, monitoring, and quarantine. - type: str - choices: - - scan - - avmonitor - - quarantine - outbreak_prevention: - description: - - Enable FortiGuard Virus Outbreak Prevention service. - type: str - choices: - - disabled - - files - - full-archive - http: - description: - - Configure HTTP AntiVirus options. - type: dict - suboptions: - archive_block: - description: - - Select the archive types to block. - type: str - choices: - - encrypted - - corrupted - - partiallycorrupted - - multipart - - nested - - mailbomb - - fileslimit - - timeout - - unhandled - archive_log: - description: - - Select the archive types to log. - type: str - choices: - - encrypted - - corrupted - - partiallycorrupted - - multipart - - nested - - mailbomb - - fileslimit - - timeout - - unhandled - content_disarm: - description: - - Enable Content Disarm and Reconstruction for this protocol. - type: str - choices: - - disable - - enable - emulator: - description: - - Enable/disable the virus emulator. - type: str - choices: - - enable - - disable - options: - description: - - Enable/disable HTTP AntiVirus scanning, monitoring, and quarantine. - type: str - choices: - - scan - - avmonitor - - quarantine - outbreak_prevention: - description: - - Enable FortiGuard Virus Outbreak Prevention service. - type: str - choices: - - disabled - - files - - full-archive - imap: - description: - - Configure IMAP AntiVirus options. - type: dict - suboptions: - archive_block: - description: - - Select the archive types to block. - type: str - choices: - - encrypted - - corrupted - - partiallycorrupted - - multipart - - nested - - mailbomb - - fileslimit - - timeout - - unhandled - archive_log: - description: - - Select the archive types to log. - type: str - choices: - - encrypted - - corrupted - - partiallycorrupted - - multipart - - nested - - mailbomb - - fileslimit - - timeout - - unhandled - content_disarm: - description: - - Enable Content Disarm and Reconstruction for this protocol. - type: str - choices: - - disable - - enable - emulator: - description: - - Enable/disable the virus emulator. - type: str - choices: - - enable - - disable - executables: - description: - - Treat Windows executable files as viruses for the purpose of blocking or monitoring. - type: str - choices: - - default - - virus - options: - description: - - Enable/disable IMAP AntiVirus scanning, monitoring, and quarantine. - type: str - choices: - - scan - - avmonitor - - quarantine - outbreak_prevention: - description: - - Enable FortiGuard Virus Outbreak Prevention service. - type: str - choices: - - disabled - - files - - full-archive - inspection_mode: - description: - - Inspection mode. - type: str - choices: - - proxy - - flow-based - mapi: - description: - - Configure MAPI AntiVirus options. - type: dict - suboptions: - archive_block: - description: - - Select the archive types to block. - type: str - choices: - - encrypted - - corrupted - - partiallycorrupted - - multipart - - nested - - mailbomb - - fileslimit - - timeout - - unhandled - archive_log: - description: - - Select the archive types to log. - type: str - choices: - - encrypted - - corrupted - - partiallycorrupted - - multipart - - nested - - mailbomb - - fileslimit - - timeout - - unhandled - emulator: - description: - - Enable/disable the virus emulator. - type: str - choices: - - enable - - disable - executables: - description: - - Treat Windows executable files as viruses for the purpose of blocking or monitoring. - type: str - choices: - - default - - virus - options: - description: - - Enable/disable MAPI AntiVirus scanning, monitoring, and quarantine. - type: str - choices: - - scan - - avmonitor - - quarantine - outbreak_prevention: - description: - - Enable FortiGuard Virus Outbreak Prevention service. - type: str - choices: - - disabled - - files - - full-archive - mobile_malware_db: - description: - - Enable/disable using the mobile malware signature database. - type: str - choices: - - disable - - enable - nac_quar: - description: - - Configure AntiVirus quarantine settings. - type: dict - suboptions: - expiry: - description: - - Duration of quarantine. - type: str - infected: - description: - - Enable/Disable quarantining infected hosts to the banned user list. - type: str - choices: - - none - - quar-src-ip - log: - description: - - Enable/disable AntiVirus quarantine logging. - type: str - choices: - - enable - - disable - name: - description: - - Profile name. - required: true - type: str - nntp: - description: - - Configure NNTP AntiVirus options. - type: dict - suboptions: - archive_block: - description: - - Select the archive types to block. - type: str - choices: - - encrypted - - corrupted - - partiallycorrupted - - multipart - - nested - - mailbomb - - fileslimit - - timeout - - unhandled - archive_log: - description: - - Select the archive types to log. - type: str - choices: - - encrypted - - corrupted - - partiallycorrupted - - multipart - - nested - - mailbomb - - fileslimit - - timeout - - unhandled - emulator: - description: - - Enable/disable the virus emulator. - type: str - choices: - - enable - - disable - options: - description: - - Enable/disable NNTP AntiVirus scanning, monitoring, and quarantine. - type: str - choices: - - scan - - avmonitor - - quarantine - outbreak_prevention: - description: - - Enable FortiGuard Virus Outbreak Prevention service. - type: str - choices: - - disabled - - files - - full-archive - pop3: - description: - - Configure POP3 AntiVirus options. - type: dict - suboptions: - archive_block: - description: - - Select the archive types to block. - type: str - choices: - - encrypted - - corrupted - - partiallycorrupted - - multipart - - nested - - mailbomb - - fileslimit - - timeout - - unhandled - archive_log: - description: - - Select the archive types to log. - type: str - choices: - - encrypted - - corrupted - - partiallycorrupted - - multipart - - nested - - mailbomb - - fileslimit - - timeout - - unhandled - content_disarm: - description: - - Enable Content Disarm and Reconstruction for this protocol. - type: str - choices: - - disable - - enable - emulator: - description: - - Enable/disable the virus emulator. - type: str - choices: - - enable - - disable - executables: - description: - - Treat Windows executable files as viruses for the purpose of blocking or monitoring. - type: str - choices: - - default - - virus - options: - description: - - Enable/disable POP3 AntiVirus scanning, monitoring, and quarantine. - type: str - choices: - - scan - - avmonitor - - quarantine - outbreak_prevention: - description: - - Enable FortiGuard Virus Outbreak Prevention service. - type: str - choices: - - disabled - - files - - full-archive - replacemsg_group: - description: - - Replacement message group customized for this profile. Source system.replacemsg-group.name. - type: str - scan_mode: - description: - - Choose between full scan mode and quick scan mode. - type: str - choices: - - quick - - full - smb: - description: - - Configure SMB AntiVirus options. - type: dict - suboptions: - archive_block: - description: - - Select the archive types to block. - type: str - choices: - - encrypted - - corrupted - - partiallycorrupted - - multipart - - nested - - mailbomb - - fileslimit - - timeout - - unhandled - archive_log: - description: - - Select the archive types to log. - type: str - choices: - - encrypted - - corrupted - - partiallycorrupted - - multipart - - nested - - mailbomb - - fileslimit - - timeout - - unhandled - emulator: - description: - - Enable/disable the virus emulator. - type: str - choices: - - enable - - disable - options: - description: - - Enable/disable SMB AntiVirus scanning, monitoring, and quarantine. - type: str - choices: - - scan - - avmonitor - - quarantine - outbreak_prevention: - description: - - Enable FortiGuard Virus Outbreak Prevention service. - type: str - choices: - - disabled - - files - - full-archive - smtp: - description: - - Configure SMTP AntiVirus options. - type: dict - suboptions: - archive_block: - description: - - Select the archive types to block. - type: str - choices: - - encrypted - - corrupted - - partiallycorrupted - - multipart - - nested - - mailbomb - - fileslimit - - timeout - - unhandled - archive_log: - description: - - Select the archive types to log. - type: str - choices: - - encrypted - - corrupted - - partiallycorrupted - - multipart - - nested - - mailbomb - - fileslimit - - timeout - - unhandled - content_disarm: - description: - - Enable Content Disarm and Reconstruction for this protocol. - type: str - choices: - - disable - - enable - emulator: - description: - - Enable/disable the virus emulator. - type: str - choices: - - enable - - disable - executables: - description: - - Treat Windows executable files as viruses for the purpose of blocking or monitoring. - type: str - choices: - - default - - virus - options: - description: - - Enable/disable SMTP AntiVirus scanning, monitoring, and quarantine. - type: str - choices: - - scan - - avmonitor - - quarantine - outbreak_prevention: - description: - - Enable FortiGuard Virus Outbreak Prevention service. - type: str - choices: - - disabled - - files - - full-archive -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure AntiVirus profiles. - fortios_antivirus_profile: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - antivirus_profile: - analytics_bl_filetype: "3 (source dlp.filepattern.id)" - analytics_db: "disable" - analytics_max_upload: "5" - analytics_wl_filetype: "6 (source dlp.filepattern.id)" - av_block_log: "enable" - av_virus_log: "enable" - comment: "Comment." - content_disarm: - cover_page: "disable" - detect_only: "disable" - office_embed: "disable" - office_hylink: "disable" - office_linked: "disable" - office_macro: "disable" - original_file_destination: "fortisandbox" - pdf_act_form: "disable" - pdf_act_gotor: "disable" - pdf_act_java: "disable" - pdf_act_launch: "disable" - pdf_act_movie: "disable" - pdf_act_sound: "disable" - pdf_embedfile: "disable" - pdf_hyperlink: "disable" - pdf_javacode: "disable" - extended_log: "enable" - ftgd_analytics: "disable" - ftp: - archive_block: "encrypted" - archive_log: "encrypted" - emulator: "enable" - options: "scan" - outbreak_prevention: "disabled" - http: - archive_block: "encrypted" - archive_log: "encrypted" - content_disarm: "disable" - emulator: "enable" - options: "scan" - outbreak_prevention: "disabled" - imap: - archive_block: "encrypted" - archive_log: "encrypted" - content_disarm: "disable" - emulator: "enable" - executables: "default" - options: "scan" - outbreak_prevention: "disabled" - inspection_mode: "proxy" - mapi: - archive_block: "encrypted" - archive_log: "encrypted" - emulator: "enable" - executables: "default" - options: "scan" - outbreak_prevention: "disabled" - mobile_malware_db: "disable" - nac_quar: - expiry: "" - infected: "none" - log: "enable" - name: "default_name_63" - nntp: - archive_block: "encrypted" - archive_log: "encrypted" - emulator: "enable" - options: "scan" - outbreak_prevention: "disabled" - pop3: - archive_block: "encrypted" - archive_log: "encrypted" - content_disarm: "disable" - emulator: "enable" - executables: "default" - options: "scan" - outbreak_prevention: "disabled" - replacemsg_group: " (source system.replacemsg-group.name)" - scan_mode: "quick" - smb: - archive_block: "encrypted" - archive_log: "encrypted" - emulator: "enable" - options: "scan" - outbreak_prevention: "disabled" - smtp: - archive_block: "encrypted" - archive_log: "encrypted" - content_disarm: "disable" - emulator: "enable" - executables: "default" - options: "scan" - outbreak_prevention: "disabled" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_antivirus_profile_data(json): - option_list = ['analytics_bl_filetype', 'analytics_db', 'analytics_max_upload', - 'analytics_wl_filetype', 'av_block_log', 'av_virus_log', - 'comment', 'content_disarm', 'extended_log', - 'ftgd_analytics', 'ftp', 'http', - 'imap', 'inspection_mode', 'mapi', - 'mobile_malware_db', 'nac_quar', 'name', - 'nntp', 'pop3', 'replacemsg_group', - 'scan_mode', 'smb', 'smtp'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def antivirus_profile(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['antivirus_profile'] and data['antivirus_profile']: - state = data['antivirus_profile']['state'] - else: - state = True - antivirus_profile_data = data['antivirus_profile'] - filtered_data = underscore_to_hyphen(filter_antivirus_profile_data(antivirus_profile_data)) - - if state == "present": - return fos.set('antivirus', - 'profile', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('antivirus', - 'profile', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_antivirus(data, fos): - - if data['antivirus_profile']: - resp = antivirus_profile(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "antivirus_profile": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "analytics_bl_filetype": {"required": False, "type": "int"}, - "analytics_db": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "analytics_max_upload": {"required": False, "type": "int"}, - "analytics_wl_filetype": {"required": False, "type": "int"}, - "av_block_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "av_virus_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "comment": {"required": False, "type": "str"}, - "content_disarm": {"required": False, "type": "dict", - "options": { - "cover_page": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "detect_only": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "office_embed": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "office_hylink": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "office_linked": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "office_macro": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "original_file_destination": {"required": False, "type": "str", - "choices": ["fortisandbox", "quarantine", "discard"]}, - "pdf_act_form": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "pdf_act_gotor": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "pdf_act_java": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "pdf_act_launch": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "pdf_act_movie": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "pdf_act_sound": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "pdf_embedfile": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "pdf_hyperlink": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "pdf_javacode": {"required": False, "type": "str", - "choices": ["disable", "enable"]} - }}, - "extended_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ftgd_analytics": {"required": False, "type": "str", - "choices": ["disable", "suspicious", "everything"]}, - "ftp": {"required": False, "type": "dict", - "options": { - "archive_block": {"required": False, "type": "str", - "choices": ["encrypted", "corrupted", "partiallycorrupted", - "multipart", "nested", "mailbomb", - "fileslimit", "timeout", "unhandled"]}, - "archive_log": {"required": False, "type": "str", - "choices": ["encrypted", "corrupted", "partiallycorrupted", - "multipart", "nested", "mailbomb", - "fileslimit", "timeout", "unhandled"]}, - "emulator": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "options": {"required": False, "type": "str", - "choices": ["scan", "avmonitor", "quarantine"]}, - "outbreak_prevention": {"required": False, "type": "str", - "choices": ["disabled", "files", "full-archive"]} - }}, - "http": {"required": False, "type": "dict", - "options": { - "archive_block": {"required": False, "type": "str", - "choices": ["encrypted", "corrupted", "partiallycorrupted", - "multipart", "nested", "mailbomb", - "fileslimit", "timeout", "unhandled"]}, - "archive_log": {"required": False, "type": "str", - "choices": ["encrypted", "corrupted", "partiallycorrupted", - "multipart", "nested", "mailbomb", - "fileslimit", "timeout", "unhandled"]}, - "content_disarm": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "emulator": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "options": {"required": False, "type": "str", - "choices": ["scan", "avmonitor", "quarantine"]}, - "outbreak_prevention": {"required": False, "type": "str", - "choices": ["disabled", "files", "full-archive"]} - }}, - "imap": {"required": False, "type": "dict", - "options": { - "archive_block": {"required": False, "type": "str", - "choices": ["encrypted", "corrupted", "partiallycorrupted", - "multipart", "nested", "mailbomb", - "fileslimit", "timeout", "unhandled"]}, - "archive_log": {"required": False, "type": "str", - "choices": ["encrypted", "corrupted", "partiallycorrupted", - "multipart", "nested", "mailbomb", - "fileslimit", "timeout", "unhandled"]}, - "content_disarm": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "emulator": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "executables": {"required": False, "type": "str", - "choices": ["default", "virus"]}, - "options": {"required": False, "type": "str", - "choices": ["scan", "avmonitor", "quarantine"]}, - "outbreak_prevention": {"required": False, "type": "str", - "choices": ["disabled", "files", "full-archive"]} - }}, - "inspection_mode": {"required": False, "type": "str", - "choices": ["proxy", "flow-based"]}, - "mapi": {"required": False, "type": "dict", - "options": { - "archive_block": {"required": False, "type": "str", - "choices": ["encrypted", "corrupted", "partiallycorrupted", - "multipart", "nested", "mailbomb", - "fileslimit", "timeout", "unhandled"]}, - "archive_log": {"required": False, "type": "str", - "choices": ["encrypted", "corrupted", "partiallycorrupted", - "multipart", "nested", "mailbomb", - "fileslimit", "timeout", "unhandled"]}, - "emulator": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "executables": {"required": False, "type": "str", - "choices": ["default", "virus"]}, - "options": {"required": False, "type": "str", - "choices": ["scan", "avmonitor", "quarantine"]}, - "outbreak_prevention": {"required": False, "type": "str", - "choices": ["disabled", "files", "full-archive"]} - }}, - "mobile_malware_db": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "nac_quar": {"required": False, "type": "dict", - "options": { - "expiry": {"required": False, "type": "str"}, - "infected": {"required": False, "type": "str", - "choices": ["none", "quar-src-ip"]}, - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "name": {"required": True, "type": "str"}, - "nntp": {"required": False, "type": "dict", - "options": { - "archive_block": {"required": False, "type": "str", - "choices": ["encrypted", "corrupted", "partiallycorrupted", - "multipart", "nested", "mailbomb", - "fileslimit", "timeout", "unhandled"]}, - "archive_log": {"required": False, "type": "str", - "choices": ["encrypted", "corrupted", "partiallycorrupted", - "multipart", "nested", "mailbomb", - "fileslimit", "timeout", "unhandled"]}, - "emulator": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "options": {"required": False, "type": "str", - "choices": ["scan", "avmonitor", "quarantine"]}, - "outbreak_prevention": {"required": False, "type": "str", - "choices": ["disabled", "files", "full-archive"]} - }}, - "pop3": {"required": False, "type": "dict", - "options": { - "archive_block": {"required": False, "type": "str", - "choices": ["encrypted", "corrupted", "partiallycorrupted", - "multipart", "nested", "mailbomb", - "fileslimit", "timeout", "unhandled"]}, - "archive_log": {"required": False, "type": "str", - "choices": ["encrypted", "corrupted", "partiallycorrupted", - "multipart", "nested", "mailbomb", - "fileslimit", "timeout", "unhandled"]}, - "content_disarm": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "emulator": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "executables": {"required": False, "type": "str", - "choices": ["default", "virus"]}, - "options": {"required": False, "type": "str", - "choices": ["scan", "avmonitor", "quarantine"]}, - "outbreak_prevention": {"required": False, "type": "str", - "choices": ["disabled", "files", "full-archive"]} - }}, - "replacemsg_group": {"required": False, "type": "str"}, - "scan_mode": {"required": False, "type": "str", - "choices": ["quick", "full"]}, - "smb": {"required": False, "type": "dict", - "options": { - "archive_block": {"required": False, "type": "str", - "choices": ["encrypted", "corrupted", "partiallycorrupted", - "multipart", "nested", "mailbomb", - "fileslimit", "timeout", "unhandled"]}, - "archive_log": {"required": False, "type": "str", - "choices": ["encrypted", "corrupted", "partiallycorrupted", - "multipart", "nested", "mailbomb", - "fileslimit", "timeout", "unhandled"]}, - "emulator": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "options": {"required": False, "type": "str", - "choices": ["scan", "avmonitor", "quarantine"]}, - "outbreak_prevention": {"required": False, "type": "str", - "choices": ["disabled", "files", "full-archive"]} - }}, - "smtp": {"required": False, "type": "dict", - "options": { - "archive_block": {"required": False, "type": "str", - "choices": ["encrypted", "corrupted", "partiallycorrupted", - "multipart", "nested", "mailbomb", - "fileslimit", "timeout", "unhandled"]}, - "archive_log": {"required": False, "type": "str", - "choices": ["encrypted", "corrupted", "partiallycorrupted", - "multipart", "nested", "mailbomb", - "fileslimit", "timeout", "unhandled"]}, - "content_disarm": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "emulator": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "executables": {"required": False, "type": "str", - "choices": ["default", "virus"]}, - "options": {"required": False, "type": "str", - "choices": ["scan", "avmonitor", "quarantine"]}, - "outbreak_prevention": {"required": False, "type": "str", - "choices": ["disabled", "files", "full-archive"]} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_antivirus(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_antivirus(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_antivirus_quarantine.py b/lib/ansible/modules/network/fortios/fortios_antivirus_quarantine.py deleted file mode 100644 index ac1e0ffb85e..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_antivirus_quarantine.py +++ /dev/null @@ -1,505 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_antivirus_quarantine -short_description: Configure quarantine options in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify antivirus feature and quarantine category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - antivirus_quarantine: - description: - - Configure quarantine options. - default: null - type: dict - suboptions: - agelimit: - description: - - Age limit for quarantined files (0 - 479 hours, 0 means forever). - type: int - destination: - description: - - Choose whether to quarantine files to the FortiGate disk or to FortiAnalyzer or to delete them instead of quarantining them. - type: str - choices: - - NULL - - disk - - FortiAnalyzer - drop_blocked: - description: - - Do not quarantine dropped files found in sessions using the selected protocols. Dropped files are deleted instead of being quarantined. - type: str - choices: - - imap - - smtp - - pop3 - - http - - ftp - - nntp - - imaps - - smtps - - pop3s - - ftps - - mapi - - cifs - - mm1 - - mm3 - - mm4 - - mm7 - drop_heuristic: - description: - - Do not quarantine files detected by heuristics found in sessions using the selected protocols. Dropped files are deleted instead of - being quarantined. - type: str - choices: - - imap - - smtp - - pop3 - - http - - ftp - - nntp - - imaps - - smtps - - pop3s - - https - - ftps - - mapi - - cifs - - mm1 - - mm3 - - mm4 - - mm7 - drop_infected: - description: - - Do not quarantine infected files found in sessions using the selected protocols. Dropped files are deleted instead of being quarantined. - type: str - choices: - - imap - - smtp - - pop3 - - http - - ftp - - nntp - - imaps - - smtps - - pop3s - - https - - ftps - - mapi - - cifs - - mm1 - - mm3 - - mm4 - - mm7 - lowspace: - description: - - Select the method for handling additional files when running low on disk space. - type: str - choices: - - drop-new - - ovrw-old - maxfilesize: - description: - - Maximum file size to quarantine (0 - 500 Mbytes, 0 means unlimited). - type: int - quarantine_quota: - description: - - The amount of disk space to reserve for quarantining files (0 - 4294967295 Mbytes, depends on disk space). - type: int - store_blocked: - description: - - Quarantine blocked files found in sessions using the selected protocols. - type: str - choices: - - imap - - smtp - - pop3 - - http - - ftp - - nntp - - imaps - - smtps - - pop3s - - ftps - - mapi - - cifs - - mm1 - - mm3 - - mm4 - - mm7 - store_heuristic: - description: - - Quarantine files detected by heuristics found in sessions using the selected protocols. - type: str - choices: - - imap - - smtp - - pop3 - - http - - ftp - - nntp - - imaps - - smtps - - pop3s - - https - - ftps - - mapi - - cifs - - mm1 - - mm3 - - mm4 - - mm7 - store_infected: - description: - - Quarantine infected files found in sessions using the selected protocols. - type: str - choices: - - imap - - smtp - - pop3 - - http - - ftp - - nntp - - imaps - - smtps - - pop3s - - https - - ftps - - mapi - - cifs - - mm1 - - mm3 - - mm4 - - mm7 -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure quarantine options. - fortios_antivirus_quarantine: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - antivirus_quarantine: - agelimit: "3" - destination: "NULL" - drop_blocked: "imap" - drop_heuristic: "imap" - drop_infected: "imap" - lowspace: "drop-new" - maxfilesize: "9" - quarantine_quota: "10" - store_blocked: "imap" - store_heuristic: "imap" - store_infected: "imap" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_antivirus_quarantine_data(json): - option_list = ['agelimit', 'destination', 'drop_blocked', - 'drop_heuristic', 'drop_infected', 'lowspace', - 'maxfilesize', 'quarantine_quota', 'store_blocked', - 'store_heuristic', 'store_infected'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def antivirus_quarantine(data, fos): - vdom = data['vdom'] - antivirus_quarantine_data = data['antivirus_quarantine'] - filtered_data = underscore_to_hyphen(filter_antivirus_quarantine_data(antivirus_quarantine_data)) - - return fos.set('antivirus', - 'quarantine', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_antivirus(data, fos): - - if data['antivirus_quarantine']: - resp = antivirus_quarantine(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "antivirus_quarantine": { - "required": False, "type": "dict", "default": None, - "options": { - "agelimit": {"required": False, "type": "int"}, - "destination": {"required": False, "type": "str", - "choices": ["NULL", "disk", "FortiAnalyzer"]}, - "drop_blocked": {"required": False, "type": "str", - "choices": ["imap", "smtp", "pop3", - "http", "ftp", "nntp", - "imaps", "smtps", "pop3s", - "ftps", "mapi", "cifs", - "mm1", "mm3", "mm4", - "mm7"]}, - "drop_heuristic": {"required": False, "type": "str", - "choices": ["imap", "smtp", "pop3", - "http", "ftp", "nntp", - "imaps", "smtps", "pop3s", - "https", "ftps", "mapi", - "cifs", "mm1", "mm3", - "mm4", "mm7"]}, - "drop_infected": {"required": False, "type": "str", - "choices": ["imap", "smtp", "pop3", - "http", "ftp", "nntp", - "imaps", "smtps", "pop3s", - "https", "ftps", "mapi", - "cifs", "mm1", "mm3", - "mm4", "mm7"]}, - "lowspace": {"required": False, "type": "str", - "choices": ["drop-new", "ovrw-old"]}, - "maxfilesize": {"required": False, "type": "int"}, - "quarantine_quota": {"required": False, "type": "int"}, - "store_blocked": {"required": False, "type": "str", - "choices": ["imap", "smtp", "pop3", - "http", "ftp", "nntp", - "imaps", "smtps", "pop3s", - "ftps", "mapi", "cifs", - "mm1", "mm3", "mm4", - "mm7"]}, - "store_heuristic": {"required": False, "type": "str", - "choices": ["imap", "smtp", "pop3", - "http", "ftp", "nntp", - "imaps", "smtps", "pop3s", - "https", "ftps", "mapi", - "cifs", "mm1", "mm3", - "mm4", "mm7"]}, - "store_infected": {"required": False, "type": "str", - "choices": ["imap", "smtp", "pop3", - "http", "ftp", "nntp", - "imaps", "smtps", "pop3s", - "https", "ftps", "mapi", - "cifs", "mm1", "mm3", - "mm4", "mm7"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_antivirus(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_antivirus(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_antivirus_settings.py b/lib/ansible/modules/network/fortios/fortios_antivirus_settings.py deleted file mode 100644 index f895ab23ed7..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_antivirus_settings.py +++ /dev/null @@ -1,312 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_antivirus_settings -short_description: Configure AntiVirus settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify antivirus feature and settings category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - antivirus_settings: - description: - - Configure AntiVirus settings. - default: null - type: dict - suboptions: - default_db: - description: - - Select the AV database to be used for AV scanning. - type: str - choices: - - normal - - extended - - extreme - grayware: - description: - - Enable/disable grayware detection when an AntiVirus profile is applied to traffic. - type: str - choices: - - enable - - disable - override_timeout: - description: - - Override the large file scan timeout value in seconds (30 - 3600). Zero is the default value and is used to disable this command. When - disabled, the daemon adjusts the large file scan timeout based on the file size. - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure AntiVirus settings. - fortios_antivirus_settings: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - antivirus_settings: - default_db: "normal" - grayware: "enable" - override_timeout: "5" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_antivirus_settings_data(json): - option_list = ['default_db', 'grayware', 'override_timeout'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def antivirus_settings(data, fos): - vdom = data['vdom'] - antivirus_settings_data = data['antivirus_settings'] - filtered_data = underscore_to_hyphen(filter_antivirus_settings_data(antivirus_settings_data)) - - return fos.set('antivirus', - 'settings', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_antivirus(data, fos): - - if data['antivirus_settings']: - resp = antivirus_settings(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "antivirus_settings": { - "required": False, "type": "dict", "default": None, - "options": { - "default_db": {"required": False, "type": "str", - "choices": ["normal", "extended", "extreme"]}, - "grayware": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "override_timeout": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_antivirus(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_antivirus(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_application_custom.py b/lib/ansible/modules/network/fortios/fortios_application_custom.py deleted file mode 100644 index 116b1f9d3d9..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_application_custom.py +++ /dev/null @@ -1,388 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_application_custom -short_description: Configure custom application signatures in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify application feature and custom category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - application_custom: - description: - - Configure custom application signatures. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - behavior: - description: - - Custom application signature behavior. - type: str - category: - description: - - Custom application category ID (use ? to view available options). - type: int - comment: - description: - - Comment. - type: str - id: - description: - - Custom application category ID (use ? to view available options). - type: int - name: - description: - - Name of this custom application signature. - type: str - protocol: - description: - - Custom application signature protocol. - type: str - signature: - description: - - The text that makes up the actual custom application signature. - type: str - tag: - description: - - Signature tag. - required: true - type: str - technology: - description: - - Custom application signature technology. - type: str - vendor: - description: - - Custom application signature vendor. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure custom application signatures. - fortios_application_custom: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - application_custom: - behavior: "" - category: "4" - comment: "Comment." - id: "6" - name: "default_name_7" - protocol: "" - signature: "" - tag: "" - technology: "" - vendor: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_application_custom_data(json): - option_list = ['behavior', 'category', 'comment', - 'id', 'name', 'protocol', - 'signature', 'tag', 'technology', - 'vendor'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def application_custom(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['application_custom'] and data['application_custom']: - state = data['application_custom']['state'] - else: - state = True - application_custom_data = data['application_custom'] - filtered_data = underscore_to_hyphen(filter_application_custom_data(application_custom_data)) - - if state == "present": - return fos.set('application', - 'custom', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('application', - 'custom', - mkey=filtered_data['tag'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_application(data, fos): - - if data['application_custom']: - resp = application_custom(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "application_custom": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "behavior": {"required": False, "type": "str"}, - "category": {"required": False, "type": "int"}, - "comment": {"required": False, "type": "str"}, - "id": {"required": False, "type": "int"}, - "name": {"required": False, "type": "str"}, - "protocol": {"required": False, "type": "str"}, - "signature": {"required": False, "type": "str"}, - "tag": {"required": True, "type": "str"}, - "technology": {"required": False, "type": "str"}, - "vendor": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_application(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_application(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_application_group.py b/lib/ansible/modules/network/fortios/fortios_application_group.py deleted file mode 100644 index 1cbf4ec350e..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_application_group.py +++ /dev/null @@ -1,382 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_application_group -short_description: Configure firewall application groups in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify application feature and group category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - application_group: - description: - - Configure firewall application groups. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - application: - description: - - Application ID list. - type: list - suboptions: - id: - description: - - Application IDs. - required: true - type: int - category: - description: - - Application category ID list. - type: list - suboptions: - id: - description: - - Category IDs. - required: true - type: int - comment: - description: - - Comment - type: str - name: - description: - - Application group name. - required: true - type: str - type: - description: - - Application group type. - type: str - choices: - - application - - category -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure firewall application groups. - fortios_application_group: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - application_group: - application: - - - id: "4" - category: - - - id: "6" - comment: "Comment" - name: "default_name_8" - type: "application" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_application_group_data(json): - option_list = ['application', 'category', 'comment', - 'name', 'type'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def application_group(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['application_group'] and data['application_group']: - state = data['application_group']['state'] - else: - state = True - application_group_data = data['application_group'] - filtered_data = underscore_to_hyphen(filter_application_group_data(application_group_data)) - - if state == "present": - return fos.set('application', - 'group', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('application', - 'group', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_application(data, fos): - - if data['application_group']: - resp = application_group(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "application_group": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "application": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "category": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "comment": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "type": {"required": False, "type": "str", - "choices": ["application", "category"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_application(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_application(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_application_list.py b/lib/ansible/modules/network/fortios/fortios_application_list.py deleted file mode 100644 index ce2dd10619b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_application_list.py +++ /dev/null @@ -1,705 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_application_list -short_description: Configure application control lists in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify application feature and list category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - application_list: - description: - - Configure application control lists. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - app_replacemsg: - description: - - Enable/disable replacement messages for blocked applications. - type: str - choices: - - disable - - enable - comment: - description: - - comments - type: str - deep_app_inspection: - description: - - Enable/disable deep application inspection. - type: str - choices: - - disable - - enable - entries: - description: - - Application list entries. - type: list - suboptions: - action: - description: - - Pass or block traffic, or reset connection for traffic from this application. - type: str - choices: - - pass - - block - - reset - application: - description: - - ID of allowed applications. - type: list - suboptions: - id: - description: - - Application IDs. - required: true - type: int - behavior: - description: - - Application behavior filter. - type: str - category: - description: - - Category ID list. - type: list - suboptions: - id: - description: - - Application category ID. - required: true - type: int - id: - description: - - Entry ID. - required: true - type: int - log: - description: - - Enable/disable logging for this application list. - type: str - choices: - - disable - - enable - log_packet: - description: - - Enable/disable packet logging. - type: str - choices: - - disable - - enable - parameters: - description: - - Application parameters. - type: list - suboptions: - id: - description: - - Parameter ID. - required: true - type: int - value: - description: - - Parameter value. - type: str - per_ip_shaper: - description: - - Per-IP traffic shaper. Source firewall.shaper.per-ip-shaper.name. - type: str - popularity: - description: - - Application popularity filter (1 - 5, from least to most popular). - type: str - choices: - - 1 - - 2 - - 3 - - 4 - - 5 - protocols: - description: - - Application protocol filter. - type: str - quarantine: - description: - - Quarantine method. - type: str - choices: - - none - - attacker - quarantine_expiry: - description: - - Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m). Requires quarantine set to attacker. - type: str - quarantine_log: - description: - - Enable/disable quarantine logging. - type: str - choices: - - disable - - enable - rate_count: - description: - - Count of the rate. - type: int - rate_duration: - description: - - Duration (sec) of the rate. - type: int - rate_mode: - description: - - Rate limit mode. - type: str - choices: - - periodical - - continuous - rate_track: - description: - - Track the packet protocol field. - type: str - choices: - - none - - src-ip - - dest-ip - - dhcp-client-mac - - dns-domain - risk: - description: - - Risk, or impact, of allowing traffic from this application to occur (1 - 5; Low, Elevated, Medium, High, and Critical). - type: list - suboptions: - level: - description: - - Risk, or impact, of allowing traffic from this application to occur (1 - 5; Low, Elevated, Medium, High, and Critical). - required: true - type: int - session_ttl: - description: - - Session TTL (0 = default). - type: int - shaper: - description: - - Traffic shaper. Source firewall.shaper.traffic-shaper.name. - type: str - shaper_reverse: - description: - - Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name. - type: str - sub_category: - description: - - Application Sub-category ID list. - type: list - suboptions: - id: - description: - - Application sub-category ID. - required: true - type: int - technology: - description: - - Application technology filter. - type: str - vendor: - description: - - Application vendor filter. - type: str - extended_log: - description: - - Enable/disable extended logging. - type: str - choices: - - enable - - disable - name: - description: - - List name. - required: true - type: str - options: - description: - - Basic application protocol signatures allowed by default. - type: str - choices: - - allow-dns - - allow-icmp - - allow-http - - allow-ssl - - allow-quic - other_application_action: - description: - - Action for other applications. - type: str - choices: - - pass - - block - other_application_log: - description: - - Enable/disable logging for other applications. - type: str - choices: - - disable - - enable - p2p_black_list: - description: - - P2P applications to be black listed. - type: str - choices: - - skype - - edonkey - - bittorrent - replacemsg_group: - description: - - Replacement message group. Source system.replacemsg-group.name. - type: str - unknown_application_action: - description: - - Pass or block traffic from unknown applications. - type: str - choices: - - pass - - block - unknown_application_log: - description: - - Enable/disable logging for unknown applications. - type: str - choices: - - disable - - enable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure application control lists. - fortios_application_list: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - application_list: - app_replacemsg: "disable" - comment: "comments" - deep_app_inspection: "disable" - entries: - - - action: "pass" - application: - - - id: "9" - behavior: "" - category: - - - id: "12" - id: "13" - log: "disable" - log_packet: "disable" - parameters: - - - id: "17" - value: "" - per_ip_shaper: " (source firewall.shaper.per-ip-shaper.name)" - popularity: "1" - protocols: "" - quarantine: "none" - quarantine_expiry: "" - quarantine_log: "disable" - rate_count: "25" - rate_duration: "26" - rate_mode: "periodical" - rate_track: "none" - risk: - - - level: "30" - session_ttl: "31" - shaper: " (source firewall.shaper.traffic-shaper.name)" - shaper_reverse: " (source firewall.shaper.traffic-shaper.name)" - sub_category: - - - id: "35" - technology: "" - vendor: "" - extended_log: "enable" - name: "default_name_39" - options: "allow-dns" - other_application_action: "pass" - other_application_log: "disable" - p2p_black_list: "skype" - replacemsg_group: " (source system.replacemsg-group.name)" - unknown_application_action: "pass" - unknown_application_log: "disable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_application_list_data(json): - option_list = ['app_replacemsg', 'comment', 'deep_app_inspection', - 'entries', 'extended_log', 'name', - 'options', 'other_application_action', 'other_application_log', - 'p2p_black_list', 'replacemsg_group', 'unknown_application_action', - 'unknown_application_log'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def application_list(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['application_list'] and data['application_list']: - state = data['application_list']['state'] - else: - state = True - application_list_data = data['application_list'] - filtered_data = underscore_to_hyphen(filter_application_list_data(application_list_data)) - - if state == "present": - return fos.set('application', - 'list', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('application', - 'list', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_application(data, fos): - - if data['application_list']: - resp = application_list(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "application_list": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "app_replacemsg": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "comment": {"required": False, "type": "str"}, - "deep_app_inspection": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "entries": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["pass", "block", "reset"]}, - "application": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "behavior": {"required": False, "type": "str"}, - "category": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "id": {"required": True, "type": "int"}, - "log": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "log_packet": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "parameters": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "value": {"required": False, "type": "str"} - }}, - "per_ip_shaper": {"required": False, "type": "str"}, - "popularity": {"required": False, "type": "str", - "choices": ["1", "2", "3", - "4", "5"]}, - "protocols": {"required": False, "type": "str"}, - "quarantine": {"required": False, "type": "str", - "choices": ["none", "attacker"]}, - "quarantine_expiry": {"required": False, "type": "str"}, - "quarantine_log": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "rate_count": {"required": False, "type": "int"}, - "rate_duration": {"required": False, "type": "int"}, - "rate_mode": {"required": False, "type": "str", - "choices": ["periodical", "continuous"]}, - "rate_track": {"required": False, "type": "str", - "choices": ["none", "src-ip", "dest-ip", - "dhcp-client-mac", "dns-domain"]}, - "risk": {"required": False, "type": "list", - "options": { - "level": {"required": True, "type": "int"} - }}, - "session_ttl": {"required": False, "type": "int"}, - "shaper": {"required": False, "type": "str"}, - "shaper_reverse": {"required": False, "type": "str"}, - "sub_category": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "technology": {"required": False, "type": "str"}, - "vendor": {"required": False, "type": "str"} - }}, - "extended_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "name": {"required": True, "type": "str"}, - "options": {"required": False, "type": "str", - "choices": ["allow-dns", "allow-icmp", "allow-http", - "allow-ssl", "allow-quic"]}, - "other_application_action": {"required": False, "type": "str", - "choices": ["pass", "block"]}, - "other_application_log": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "p2p_black_list": {"required": False, "type": "str", - "choices": ["skype", "edonkey", "bittorrent"]}, - "replacemsg_group": {"required": False, "type": "str"}, - "unknown_application_action": {"required": False, "type": "str", - "choices": ["pass", "block"]}, - "unknown_application_log": {"required": False, "type": "str", - "choices": ["disable", "enable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_application(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_application(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_application_name.py b/lib/ansible/modules/network/fortios/fortios_application_name.py deleted file mode 100644 index ed872e98fd3..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_application_name.py +++ /dev/null @@ -1,430 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_application_name -short_description: Configure application signatures in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify application feature and name category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - application_name: - description: - - Configure application signatures. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - behavior: - description: - - Application behavior. - type: str - category: - description: - - Application category ID. - type: int - id: - description: - - Application ID. - type: int - metadata: - description: - - Meta data. - type: list - suboptions: - id: - description: - - ID. - required: true - type: int - metaid: - description: - - Meta ID. - type: int - valueid: - description: - - Value ID. - type: int - name: - description: - - Application name. - required: true - type: str - parameter: - description: - - Application parameter name. - type: str - popularity: - description: - - Application popularity. - type: int - protocol: - description: - - Application protocol. - type: str - risk: - description: - - Application risk. - type: int - sub_category: - description: - - Application sub-category ID. - type: int - technology: - description: - - Application technology. - type: str - vendor: - description: - - Application vendor. - type: str - weight: - description: - - Application weight. - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure application signatures. - fortios_application_name: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - application_name: - behavior: "" - category: "4" - id: "5" - metadata: - - - id: "7" - metaid: "8" - valueid: "9" - name: "default_name_10" - parameter: "" - popularity: "12" - protocol: "" - risk: "14" - sub_category: "15" - technology: "" - vendor: "" - weight: "18" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_application_name_data(json): - option_list = ['behavior', 'category', 'id', - 'metadata', 'name', 'parameter', - 'popularity', 'protocol', 'risk', - 'sub_category', 'technology', 'vendor', - 'weight'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def application_name(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['application_name'] and data['application_name']: - state = data['application_name']['state'] - else: - state = True - application_name_data = data['application_name'] - filtered_data = underscore_to_hyphen(filter_application_name_data(application_name_data)) - - if state == "present": - return fos.set('application', - 'name', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('application', - 'name', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_application(data, fos): - - if data['application_name']: - resp = application_name(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "application_name": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "behavior": {"required": False, "type": "str"}, - "category": {"required": False, "type": "int"}, - "id": {"required": False, "type": "int"}, - "metadata": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "metaid": {"required": False, "type": "int"}, - "valueid": {"required": False, "type": "int"} - }}, - "name": {"required": True, "type": "str"}, - "parameter": {"required": False, "type": "str"}, - "popularity": {"required": False, "type": "int"}, - "protocol": {"required": False, "type": "str"}, - "risk": {"required": False, "type": "int"}, - "sub_category": {"required": False, "type": "int"}, - "technology": {"required": False, "type": "str"}, - "vendor": {"required": False, "type": "str"}, - "weight": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_application(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_application(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_application_rule_settings.py b/lib/ansible/modules/network/fortios/fortios_application_rule_settings.py deleted file mode 100644 index f81fc044dea..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_application_rule_settings.py +++ /dev/null @@ -1,331 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_application_rule_settings -short_description: Configure application rule settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify application feature and rule_settings category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - application_rule_settings: - description: - - Configure application rule settings. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - id: - description: - - Rule ID. - required: true - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure application rule settings. - fortios_application_rule_settings: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - application_rule_settings: - id: "3" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_application_rule_settings_data(json): - option_list = ['id'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def application_rule_settings(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['application_rule_settings'] and data['application_rule_settings']: - state = data['application_rule_settings']['state'] - else: - state = True - application_rule_settings_data = data['application_rule_settings'] - filtered_data = underscore_to_hyphen(filter_application_rule_settings_data(application_rule_settings_data)) - - if state == "present": - return fos.set('application', - 'rule-settings', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('application', - 'rule-settings', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_application(data, fos): - - if data['application_rule_settings']: - resp = application_rule_settings(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "application_rule_settings": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "id": {"required": True, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_application(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_application(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_authentication_rule.py b/lib/ansible/modules/network/fortios/fortios_authentication_rule.py deleted file mode 100644 index bb0937ecd74..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_authentication_rule.py +++ /dev/null @@ -1,439 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_authentication_rule -short_description: Configure Authentication Rules in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify authentication feature and rule category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - authentication_rule: - description: - - Configure Authentication Rules. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - active_auth_method: - description: - - Select an active authentication method. Source authentication.scheme.name. - type: str - comments: - description: - - Comment. - type: str - ip_based: - description: - - Enable/disable IP-based authentication. Once a user authenticates all traffic from the IP address the user authenticated from is allowed. - type: str - choices: - - enable - - disable - name: - description: - - Authentication rule name. - required: true - type: str - protocol: - description: - - Select the protocol to use for authentication . Users connect to the FortiGate using this protocol and are asked to authenticate. - type: str - choices: - - http - - ftp - - socks - - ssh - srcaddr: - description: - - Select an IPv4 source address from available options. Required for web proxy authentication. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name. - required: true - type: str - srcaddr6: - description: - - Select an IPv6 source address. Required for web proxy authentication. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address6.name firewall.addrgrp6.name. - required: true - type: str - sso_auth_method: - description: - - Select a single-sign on (SSO) authentication method. Source authentication.scheme.name. - type: str - status: - description: - - Enable/disable this authentication rule. - type: str - choices: - - enable - - disable - transaction_based: - description: - - Enable/disable transaction based authentication . - type: str - choices: - - enable - - disable - web_auth_cookie: - description: - - Enable/disable Web authentication cookies . - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure Authentication Rules. - fortios_authentication_rule: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - authentication_rule: - active_auth_method: " (source authentication.scheme.name)" - comments: "" - ip_based: "enable" - name: "default_name_6" - protocol: "http" - srcaddr: - - - name: "default_name_9 (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name)" - srcaddr6: - - - name: "default_name_11 (source firewall.address6.name firewall.addrgrp6.name)" - sso_auth_method: " (source authentication.scheme.name)" - status: "enable" - transaction_based: "enable" - web_auth_cookie: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_authentication_rule_data(json): - option_list = ['active_auth_method', 'comments', 'ip_based', - 'name', 'protocol', 'srcaddr', - 'srcaddr6', 'sso_auth_method', 'status', - 'transaction_based', 'web_auth_cookie'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def authentication_rule(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['authentication_rule'] and data['authentication_rule']: - state = data['authentication_rule']['state'] - else: - state = True - authentication_rule_data = data['authentication_rule'] - filtered_data = underscore_to_hyphen(filter_authentication_rule_data(authentication_rule_data)) - - if state == "present": - return fos.set('authentication', - 'rule', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('authentication', - 'rule', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_authentication(data, fos): - - if data['authentication_rule']: - resp = authentication_rule(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "authentication_rule": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "active_auth_method": {"required": False, "type": "str"}, - "comments": {"required": False, "type": "str"}, - "ip_based": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "name": {"required": True, "type": "str"}, - "protocol": {"required": False, "type": "str", - "choices": ["http", "ftp", "socks", - "ssh"]}, - "srcaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "srcaddr6": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "sso_auth_method": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "transaction_based": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "web_auth_cookie": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_authentication(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_authentication(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_authentication_scheme.py b/lib/ansible/modules/network/fortios/fortios_authentication_scheme.py deleted file mode 100644 index b283a6ab16c..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_authentication_scheme.py +++ /dev/null @@ -1,423 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_authentication_scheme -short_description: Configure Authentication Schemes in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify authentication feature and scheme category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - authentication_scheme: - description: - - Configure Authentication Schemes. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - domain_controller: - description: - - Domain controller setting. Source user.domain-controller.name. - type: str - fsso_agent_for_ntlm: - description: - - FSSO agent to use for NTLM authentication. Source user.fsso.name. - type: str - fsso_guest: - description: - - Enable/disable user fsso-guest authentication . - type: str - choices: - - enable - - disable - kerberos_keytab: - description: - - Kerberos keytab setting. Source user.krb-keytab.name. - type: str - method: - description: - - Authentication methods . - type: str - choices: - - ntlm - - basic - - digest - - form - - negotiate - - fsso - - rsso - - ssh-publickey - name: - description: - - Authentication scheme name. - required: true - type: str - negotiate_ntlm: - description: - - Enable/disable negotiate authentication for NTLM . - type: str - choices: - - enable - - disable - require_tfa: - description: - - Enable/disable two-factor authentication . - type: str - choices: - - enable - - disable - ssh_ca: - description: - - SSH CA name. Source firewall.ssh.local-ca.name. - type: str - user_database: - description: - - Authentication server to contain user information; "local" (default) or "123" (for LDAP). - type: list - suboptions: - name: - description: - - Authentication server name. Source system.datasource.name user.radius.name user.tacacs+.name user.ldap.name user.group.name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure Authentication Schemes. - fortios_authentication_scheme: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - authentication_scheme: - domain_controller: " (source user.domain-controller.name)" - fsso_agent_for_ntlm: " (source user.fsso.name)" - fsso_guest: "enable" - kerberos_keytab: " (source user.krb-keytab.name)" - method: "ntlm" - name: "default_name_8" - negotiate_ntlm: "enable" - require_tfa: "enable" - ssh_ca: " (source firewall.ssh.local-ca.name)" - user_database: - - - name: "default_name_13 (source system.datasource.name user.radius.name user.tacacs+.name user.ldap.name user.group.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_authentication_scheme_data(json): - option_list = ['domain_controller', 'fsso_agent_for_ntlm', 'fsso_guest', - 'kerberos_keytab', 'method', 'name', - 'negotiate_ntlm', 'require_tfa', 'ssh_ca', - 'user_database'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def authentication_scheme(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['authentication_scheme'] and data['authentication_scheme']: - state = data['authentication_scheme']['state'] - else: - state = True - authentication_scheme_data = data['authentication_scheme'] - filtered_data = underscore_to_hyphen(filter_authentication_scheme_data(authentication_scheme_data)) - - if state == "present": - return fos.set('authentication', - 'scheme', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('authentication', - 'scheme', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_authentication(data, fos): - - if data['authentication_scheme']: - resp = authentication_scheme(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "authentication_scheme": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "domain_controller": {"required": False, "type": "str"}, - "fsso_agent_for_ntlm": {"required": False, "type": "str"}, - "fsso_guest": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "kerberos_keytab": {"required": False, "type": "str"}, - "method": {"required": False, "type": "str", - "choices": ["ntlm", "basic", "digest", - "form", "negotiate", "fsso", - "rsso", "ssh-publickey"]}, - "name": {"required": True, "type": "str"}, - "negotiate_ntlm": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "require_tfa": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssh_ca": {"required": False, "type": "str"}, - "user_database": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_authentication(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_authentication(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_authentication_setting.py b/lib/ansible/modules/network/fortios/fortios_authentication_setting.py deleted file mode 100644 index 5e91f9e3ed7..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_authentication_setting.py +++ /dev/null @@ -1,338 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_authentication_setting -short_description: Configure authentication setting in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify authentication feature and setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - authentication_setting: - description: - - Configure authentication setting. - default: null - type: dict - suboptions: - active_auth_scheme: - description: - - Active authentication method (scheme name). Source authentication.scheme.name. - type: str - captive_portal: - description: - - Captive portal host name. Source firewall.address.name. - type: str - captive_portal_ip: - description: - - Captive portal IP address. - type: str - captive_portal_ip6: - description: - - Captive portal IPv6 address. - type: str - captive_portal_port: - description: - - Captive portal port number (1 - 65535). - type: int - captive_portal_type: - description: - - Captive portal type. - type: str - choices: - - fqdn - - ip - captive_portal6: - description: - - IPv6 captive portal host name. Source firewall.address6.name. - type: str - sso_auth_scheme: - description: - - Single-Sign-On authentication method (scheme name). Source authentication.scheme.name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure authentication setting. - fortios_authentication_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - authentication_setting: - active_auth_scheme: " (source authentication.scheme.name)" - captive_portal: " (source firewall.address.name)" - captive_portal_ip: "" - captive_portal_ip6: "" - captive_portal_port: "7" - captive_portal_type: "fqdn" - captive_portal6: " (source firewall.address6.name)" - sso_auth_scheme: " (source authentication.scheme.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_authentication_setting_data(json): - option_list = ['active_auth_scheme', 'captive_portal', 'captive_portal_ip', - 'captive_portal_ip6', 'captive_portal_port', 'captive_portal_type', - 'captive_portal6', 'sso_auth_scheme'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def authentication_setting(data, fos): - vdom = data['vdom'] - authentication_setting_data = data['authentication_setting'] - filtered_data = underscore_to_hyphen(filter_authentication_setting_data(authentication_setting_data)) - - return fos.set('authentication', - 'setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_authentication(data, fos): - - if data['authentication_setting']: - resp = authentication_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "authentication_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "active_auth_scheme": {"required": False, "type": "str"}, - "captive_portal": {"required": False, "type": "str"}, - "captive_portal_ip": {"required": False, "type": "str"}, - "captive_portal_ip6": {"required": False, "type": "str"}, - "captive_portal_port": {"required": False, "type": "int"}, - "captive_portal_type": {"required": False, "type": "str", - "choices": ["fqdn", "ip"]}, - "captive_portal6": {"required": False, "type": "str"}, - "sso_auth_scheme": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_authentication(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_authentication(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_config.py b/lib/ansible/modules/network/fortios/fortios_config.py deleted file mode 100644 index 97c013235a6..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_config.py +++ /dev/null @@ -1,182 +0,0 @@ -#!/usr/bin/python -# -# Ansible module to manage configuration on fortios devices -# (c) 2016, Benjamin Jolivot -# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) - -from __future__ import absolute_import, division, print_function -__metaclass__ = type - - -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} - - -DOCUMENTATION = """ ---- -module: fortios_config -version_added: "2.3" -author: "Benjamin Jolivot (@bjolivot)" -short_description: Manage config on Fortinet FortiOS firewall devices -description: - - This module provides management of FortiOS Devices configuration. -extends_documentation_fragment: fortios -options: - src: - description: - - The I(src) argument provides a path to the configuration template - to load into the remote device. - filter: - description: - - Only for partial backup, you can restrict by giving expected configuration path (ex. firewall address). - default: "" -requirements: - - pyFG -""" - -EXAMPLES = """ -- name: Backup current config - fortios_config: - host: 192.168.0.254 - username: admin - password: password - backup: yes - -- name: Backup only address objects - fortios_config: - host: 192.168.0.254 - username: admin - password: password - backup: yes - backup_path: /tmp/forti_backup/ - filter: "firewall address" - -- name: Update configuration from file - fortios_config: - host: 192.168.0.254 - username: admin - password: password - src: new_configuration.conf.j2 - -""" - -RETURN = """ -running_config: - description: full config string - returned: always - type: str -change_string: - description: The commands really executed by the module - returned: only if config changed - type: str -""" - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.network.fortios.fortios import fortios_argument_spec, fortios_required_if -from ansible.module_utils.network.fortios.fortios import backup - -# check for pyFG lib -try: - from pyFG import FortiOS, FortiConfig - from pyFG.fortios import logger - from pyFG.exceptions import CommandExecutionException, FailedCommit, ForcedCommit - HAS_PYFG = True -except Exception: - HAS_PYFG = False - - -# some blocks don't support update, so remove them -NOT_UPDATABLE_CONFIG_OBJECTS = [ - "vpn certificate local", -] - - -def main(): - argument_spec = dict( - src=dict(type='str', default=None), - filter=dict(type='str', default=""), - ) - - argument_spec.update(fortios_argument_spec) - - required_if = fortios_required_if - - module = AnsibleModule( - argument_spec=argument_spec, - supports_check_mode=True, - required_if=required_if, - ) - - result = dict(changed=False) - - # fail if pyFG not present - if not HAS_PYFG: - module.fail_json(msg='Could not import the python library pyFG required by this module') - - # define device - f = FortiOS(module.params['host'], - username=module.params['username'], - password=module.params['password'], - timeout=module.params['timeout'], - vdom=module.params['vdom']) - - # connect - try: - f.open() - except Exception: - module.fail_json(msg='Error connecting device') - - # get config - try: - f.load_config(path=module.params['filter']) - result['running_config'] = f.running_config.to_text() - - except Exception: - module.fail_json(msg='Error reading running config') - - # backup config - if module.params['backup']: - backup(module, f.running_config.to_text()) - - # update config - if module.params['src'] is not None: - # store config in str - try: - conf_str = module.params['src'] - f.load_config(in_candidate=True, config_text=conf_str) - except Exception: - module.fail_json(msg="Can't open configuration file, or configuration invalid") - - # get updates lines - change_string = f.compare_config() - - # remove not updatable parts - c = FortiConfig() - c.parse_config_output(change_string) - - for o in NOT_UPDATABLE_CONFIG_OBJECTS: - c.del_block(o) - - change_string = c.to_text() - - if change_string != "": - result['change_string'] = change_string - result['changed'] = True - - # Commit if not check mode - if module.check_mode is False and change_string != "": - try: - f.commit(change_string) - except CommandExecutionException as e: - module.fail_json(msg="Unable to execute command, check your args, the error was {0}".format(e.message)) - except FailedCommit as e: - module.fail_json(msg="Unable to commit, check your args, the error was {0}".format(e.message)) - except ForcedCommit as e: - module.fail_json(msg="Failed to force commit, check your args, the error was {0}".format(e.message)) - - module.exit_json(**result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_dlp_filepattern.py b/lib/ansible/modules/network/fortios/fortios_dlp_filepattern.py deleted file mode 100644 index 72d2c37a59b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_dlp_filepattern.py +++ /dev/null @@ -1,457 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_dlp_filepattern -short_description: Configure file patterns used by DLP blocking in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify dlp feature and filepattern category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - dlp_filepattern: - description: - - Configure file patterns used by DLP blocking. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - comment: - description: - - Optional comments. - type: str - entries: - description: - - Configure file patterns used by DLP blocking. - type: list - suboptions: - file_type: - description: - - Select a file type. - type: str - choices: - - 7z - - arj - - cab - - lzh - - rar - - tar - - zip - - bzip - - gzip - - bzip2 - - xz - - bat - - msc - - uue - - mime - - base64 - - binhex - - elf - - exe - - hta - - html - - jad - - class - - cod - - javascript - - msoffice - - msofficex - - fsg - - upx - - petite - - aspack - - sis - - hlp - - activemime - - jpeg - - gif - - tiff - - png - - bmp - - ignored - - unknown - - mpeg - - mov - - mp3 - - wma - - wav - - pdf - - avi - - rm - - torrent - - hibun - - msi - - mach-o - - dmg - - .net - - xar - - chm - - iso - - crx - filter_type: - description: - - Filter by file name pattern or by file type. - type: str - choices: - - pattern - - type - pattern: - description: - - Add a file name pattern. - required: true - type: str - id: - description: - - ID. - required: true - type: int - name: - description: - - Name of table containing the file pattern list. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure file patterns used by DLP blocking. - fortios_dlp_filepattern: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - dlp_filepattern: - comment: "Optional comments." - entries: - - - file_type: "7z" - filter_type: "pattern" - pattern: "" - id: "8" - name: "default_name_9" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_dlp_filepattern_data(json): - option_list = ['comment', 'entries', 'id', - 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def dlp_filepattern(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['dlp_filepattern'] and data['dlp_filepattern']: - state = data['dlp_filepattern']['state'] - else: - state = True - dlp_filepattern_data = data['dlp_filepattern'] - filtered_data = underscore_to_hyphen(filter_dlp_filepattern_data(dlp_filepattern_data)) - - if state == "present": - return fos.set('dlp', - 'filepattern', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('dlp', - 'filepattern', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_dlp(data, fos): - - if data['dlp_filepattern']: - resp = dlp_filepattern(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "dlp_filepattern": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "comment": {"required": False, "type": "str"}, - "entries": {"required": False, "type": "list", - "options": { - "file_type": {"required": False, "type": "str", - "choices": ["7z", "arj", "cab", - "lzh", "rar", "tar", - "zip", "bzip", "gzip", - "bzip2", "xz", "bat", - "msc", "uue", "mime", - "base64", "binhex", "elf", - "exe", "hta", "html", - "jad", "class", "cod", - "javascript", "msoffice", "msofficex", - "fsg", "upx", "petite", - "aspack", "sis", "hlp", - "activemime", "jpeg", "gif", - "tiff", "png", "bmp", - "ignored", "unknown", "mpeg", - "mov", "mp3", "wma", - "wav", "pdf", "avi", - "rm", "torrent", "hibun", - "msi", "mach-o", "dmg", - ".net", "xar", "chm", - "iso", "crx"]}, - "filter_type": {"required": False, "type": "str", - "choices": ["pattern", "type"]}, - "pattern": {"required": True, "type": "str"} - }}, - "id": {"required": True, "type": "int"}, - "name": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_dlp(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_dlp(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_dlp_fp_doc_source.py b/lib/ansible/modules/network/fortios/fortios_dlp_fp_doc_source.py deleted file mode 100644 index 960be872438..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_dlp_fp_doc_source.py +++ /dev/null @@ -1,481 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_dlp_fp_doc_source -short_description: Create a DLP fingerprint database by allowing the FortiGate to access a file server containing files from which to create fingerprints in - Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify dlp feature and fp_doc_source category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - dlp_fp_doc_source: - description: - - Create a DLP fingerprint database by allowing the FortiGate to access a file server containing files from which to create fingerprints. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - date: - description: - - Day of the month on which to scan the server (1 - 31). - type: int - file_path: - description: - - Path on the server to the fingerprint files (max 119 characters). - type: str - file_pattern: - description: - - Files matching this pattern on the server are fingerprinted. Optionally use the * and ? wildcards. - type: str - keep_modified: - description: - - Enable so that when a file is changed on the server the FortiGate keeps the old fingerprint and adds a new fingerprint to the database. - type: str - choices: - - enable - - disable - name: - description: - - Name of the DLP fingerprint database. - required: true - type: str - password: - description: - - Password required to log into the file server. - type: str - period: - description: - - Frequency for which the FortiGate checks the server for new or changed files. - type: str - choices: - - none - - daily - - weekly - - monthly - remove_deleted: - description: - - Enable to keep the fingerprint database up to date when a file is deleted from the server. - type: str - choices: - - enable - - disable - scan_on_creation: - description: - - Enable to keep the fingerprint database up to date when a file is added or changed on the server. - type: str - choices: - - enable - - disable - scan_subdirectories: - description: - - Enable/disable scanning subdirectories to find files to create fingerprints from. - type: str - choices: - - enable - - disable - sensitivity: - description: - - Select a sensitivity or threat level for matches with this fingerprint database. Add sensitivities using fp-sensitivity. Source dlp - .fp-sensitivity.name. - type: str - server: - description: - - IPv4 or IPv6 address of the server. - type: str - server_type: - description: - - Protocol used to communicate with the file server. Currently only Samba (SMB) servers are supported. - type: str - choices: - - samba - tod_hour: - description: - - Hour of the day on which to scan the server (0 - 23). - type: int - tod_min: - description: - - Minute of the hour on which to scan the server (0 - 59). - type: int - username: - description: - - User name required to log into the file server. - type: str - vdom: - description: - - Select the VDOM that can communicate with the file server. - type: str - choices: - - mgmt - - current - weekday: - description: - - Day of the week on which to scan the server. - type: str - choices: - - sunday - - monday - - tuesday - - wednesday - - thursday - - friday - - saturday -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Create a DLP fingerprint database by allowing the FortiGate to access a file server containing files from which to create fingerprints. - fortios_dlp_fp_doc_source: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - dlp_fp_doc_source: - date: "3" - file_path: "" - file_pattern: "" - keep_modified: "enable" - name: "default_name_7" - password: "" - period: "none" - remove_deleted: "enable" - scan_on_creation: "enable" - scan_subdirectories: "enable" - sensitivity: " (source dlp.fp-sensitivity.name)" - server: "192.168.100.40" - server_type: "samba" - tod_hour: "16" - tod_min: "17" - username: "" - vdom: "mgmt" - weekday: "sunday" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_dlp_fp_doc_source_data(json): - option_list = ['date', 'file_path', 'file_pattern', - 'keep_modified', 'name', 'password', - 'period', 'remove_deleted', 'scan_on_creation', - 'scan_subdirectories', 'sensitivity', 'server', - 'server_type', 'tod_hour', 'tod_min', - 'username', 'vdom', 'weekday'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def dlp_fp_doc_source(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['dlp_fp_doc_source'] and data['dlp_fp_doc_source']: - state = data['dlp_fp_doc_source']['state'] - else: - state = True - dlp_fp_doc_source_data = data['dlp_fp_doc_source'] - filtered_data = underscore_to_hyphen(filter_dlp_fp_doc_source_data(dlp_fp_doc_source_data)) - - if state == "present": - return fos.set('dlp', - 'fp-doc-source', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('dlp', - 'fp-doc-source', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_dlp(data, fos): - - if data['dlp_fp_doc_source']: - resp = dlp_fp_doc_source(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "dlp_fp_doc_source": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "date": {"required": False, "type": "int"}, - "file_path": {"required": False, "type": "str"}, - "file_pattern": {"required": False, "type": "str"}, - "keep_modified": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "name": {"required": True, "type": "str"}, - "password": {"required": False, "type": "str"}, - "period": {"required": False, "type": "str", - "choices": ["none", "daily", "weekly", - "monthly"]}, - "remove_deleted": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "scan_on_creation": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "scan_subdirectories": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sensitivity": {"required": False, "type": "str"}, - "server": {"required": False, "type": "str"}, - "server_type": {"required": False, "type": "str", - "choices": ["samba"]}, - "tod_hour": {"required": False, "type": "int"}, - "tod_min": {"required": False, "type": "int"}, - "username": {"required": False, "type": "str"}, - "vdom": {"required": False, "type": "str", - "choices": ["mgmt", "current"]}, - "weekday": {"required": False, "type": "str", - "choices": ["sunday", "monday", "tuesday", - "wednesday", "thursday", "friday", - "saturday"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_dlp(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_dlp(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_dlp_fp_sensitivity.py b/lib/ansible/modules/network/fortios/fortios_dlp_fp_sensitivity.py deleted file mode 100644 index 563b77c7d43..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_dlp_fp_sensitivity.py +++ /dev/null @@ -1,332 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_dlp_fp_sensitivity -short_description: Create self-explanatory DLP sensitivity levels to be used when setting sensitivity under config fp-doc-source in Fortinet's FortiOS and - FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify dlp feature and fp_sensitivity category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - dlp_fp_sensitivity: - description: - - Create self-explanatory DLP sensitivity levels to be used when setting sensitivity under config fp-doc-source. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - name: - description: - - DLP Sensitivity Levels. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Create self-explanatory DLP sensitivity levels to be used when setting sensitivity under config fp-doc-source. - fortios_dlp_fp_sensitivity: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - dlp_fp_sensitivity: - name: "default_name_3" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_dlp_fp_sensitivity_data(json): - option_list = ['name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def dlp_fp_sensitivity(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['dlp_fp_sensitivity'] and data['dlp_fp_sensitivity']: - state = data['dlp_fp_sensitivity']['state'] - else: - state = True - dlp_fp_sensitivity_data = data['dlp_fp_sensitivity'] - filtered_data = underscore_to_hyphen(filter_dlp_fp_sensitivity_data(dlp_fp_sensitivity_data)) - - if state == "present": - return fos.set('dlp', - 'fp-sensitivity', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('dlp', - 'fp-sensitivity', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_dlp(data, fos): - - if data['dlp_fp_sensitivity']: - resp = dlp_fp_sensitivity(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "dlp_fp_sensitivity": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_dlp(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_dlp(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_dlp_sensor.py b/lib/ansible/modules/network/fortios/fortios_dlp_sensor.py deleted file mode 100644 index a78f6c30037..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_dlp_sensor.py +++ /dev/null @@ -1,602 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_dlp_sensor -short_description: Configure DLP sensors in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify dlp feature and sensor category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - dlp_sensor: - description: - - Configure DLP sensors. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - comment: - description: - - Comment. - type: str - dlp_log: - description: - - Enable/disable DLP logging. - type: str - choices: - - enable - - disable - extended_log: - description: - - Enable/disable extended logging for data leak prevention. - type: str - choices: - - enable - - disable - filter: - description: - - Set up DLP filters for this sensor. - type: list - suboptions: - action: - description: - - Action to take with content that this DLP sensor matches. - type: str - choices: - - allow - - log-only - - block - - quarantine-ip - archive: - description: - - Enable/disable DLP archiving. - type: str - choices: - - disable - - enable - company_identifier: - description: - - Enter a company identifier watermark to match. Only watermarks that your company has placed on the files are matched. - type: str - expiry: - description: - - Quarantine duration in days, hours, minutes format (dddhhmm). - type: str - file_size: - description: - - Match files this size or larger (0 - 4294967295 kbytes). - type: int - file_type: - description: - - Select the number of a DLP file pattern table to match. Source dlp.filepattern.id. - type: int - filter_by: - description: - - Select the type of content to match. - type: str - choices: - - credit-card - - ssn - - regexp - - file-type - - file-size - - fingerprint - - watermark - - encrypted - fp_sensitivity: - description: - - Select a DLP file pattern sensitivity to match. - type: list - suboptions: - name: - description: - - Select a DLP sensitivity. Source dlp.fp-sensitivity.name. - required: true - type: str - id: - description: - - ID. - required: true - type: int - match_percentage: - description: - - Percentage of fingerprints in the fingerprint databases designated with the selected fp-sensitivity to match. - type: int - name: - description: - - Filter name. - type: str - proto: - description: - - Check messages or files over one or more of these protocols. - type: str - choices: - - smtp - - pop3 - - imap - - http-get - - http-post - - ftp - - nntp - - mapi - - mm1 - - mm3 - - mm4 - - mm7 - regexp: - description: - - Enter a regular expression to match (max. 255 characters). - type: str - severity: - description: - - Select the severity or threat level that matches this filter. - type: str - choices: - - info - - low - - medium - - high - - critical - type: - description: - - Select whether to check the content of messages (an email message) or files (downloaded files or email attachments). - type: str - choices: - - file - - message - flow_based: - description: - - Enable/disable flow-based DLP. - type: str - choices: - - enable - - disable - full_archive_proto: - description: - - Protocols to always content archive. - type: str - choices: - - smtp - - pop3 - - imap - - http-get - - http-post - - ftp - - nntp - - mapi - - mm1 - - mm3 - - mm4 - - mm7 - nac_quar_log: - description: - - Enable/disable NAC quarantine logging. - type: str - choices: - - enable - - disable - name: - description: - - Name of the DLP sensor. - required: true - type: str - options: - description: - - Configure DLP options. - type: str - replacemsg_group: - description: - - Replacement message group used by this DLP sensor. Source system.replacemsg-group.name. - type: str - summary_proto: - description: - - Protocols to always log summary. - type: str - choices: - - smtp - - pop3 - - imap - - http-get - - http-post - - ftp - - nntp - - mapi - - mm1 - - mm3 - - mm4 - - mm7 -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure DLP sensors. - fortios_dlp_sensor: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - dlp_sensor: - comment: "Comment." - dlp_log: "enable" - extended_log: "enable" - filter: - - - action: "allow" - archive: "disable" - company_identifier: "myId_9" - expiry: "" - file_size: "11" - file_type: "12 (source dlp.filepattern.id)" - filter_by: "credit-card" - fp_sensitivity: - - - name: "default_name_15 (source dlp.fp-sensitivity.name)" - id: "16" - match_percentage: "17" - name: "default_name_18" - proto: "smtp" - regexp: "" - severity: "info" - type: "file" - flow_based: "enable" - full_archive_proto: "smtp" - nac_quar_log: "enable" - name: "default_name_26" - options: "" - replacemsg_group: " (source system.replacemsg-group.name)" - summary_proto: "smtp" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_dlp_sensor_data(json): - option_list = ['comment', 'dlp_log', 'extended_log', - 'filter', 'flow_based', 'full_archive_proto', - 'nac_quar_log', 'name', 'options', - 'replacemsg_group', 'summary_proto'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def dlp_sensor(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['dlp_sensor'] and data['dlp_sensor']: - state = data['dlp_sensor']['state'] - else: - state = True - dlp_sensor_data = data['dlp_sensor'] - filtered_data = underscore_to_hyphen(filter_dlp_sensor_data(dlp_sensor_data)) - - if state == "present": - return fos.set('dlp', - 'sensor', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('dlp', - 'sensor', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_dlp(data, fos): - - if data['dlp_sensor']: - resp = dlp_sensor(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "dlp_sensor": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "comment": {"required": False, "type": "str"}, - "dlp_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "extended_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "filter": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["allow", "log-only", "block", - "quarantine-ip"]}, - "archive": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "company_identifier": {"required": False, "type": "str"}, - "expiry": {"required": False, "type": "str"}, - "file_size": {"required": False, "type": "int"}, - "file_type": {"required": False, "type": "int"}, - "filter_by": {"required": False, "type": "str", - "choices": ["credit-card", "ssn", "regexp", - "file-type", "file-size", "fingerprint", - "watermark", "encrypted"]}, - "fp_sensitivity": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "id": {"required": True, "type": "int"}, - "match_percentage": {"required": False, "type": "int"}, - "name": {"required": False, "type": "str"}, - "proto": {"required": False, "type": "str", - "choices": ["smtp", "pop3", "imap", - "http-get", "http-post", "ftp", - "nntp", "mapi", "mm1", - "mm3", "mm4", "mm7"]}, - "regexp": {"required": False, "type": "str"}, - "severity": {"required": False, "type": "str", - "choices": ["info", "low", "medium", - "high", "critical"]}, - "type": {"required": False, "type": "str", - "choices": ["file", "message"]} - }}, - "flow_based": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "full_archive_proto": {"required": False, "type": "str", - "choices": ["smtp", "pop3", "imap", - "http-get", "http-post", "ftp", - "nntp", "mapi", "mm1", - "mm3", "mm4", "mm7"]}, - "nac_quar_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "name": {"required": True, "type": "str"}, - "options": {"required": False, "type": "str"}, - "replacemsg_group": {"required": False, "type": "str"}, - "summary_proto": {"required": False, "type": "str", - "choices": ["smtp", "pop3", "imap", - "http-get", "http-post", "ftp", - "nntp", "mapi", "mm1", - "mm3", "mm4", "mm7"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_dlp(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_dlp(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_dlp_settings.py b/lib/ansible/modules/network/fortios/fortios_dlp_settings.py deleted file mode 100644 index 5c937cb84c8..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_dlp_settings.py +++ /dev/null @@ -1,320 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_dlp_settings -short_description: Designate logical storage for DLP fingerprint database in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify dlp feature and settings category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - dlp_settings: - description: - - Designate logical storage for DLP fingerprint database. - default: null - type: dict - suboptions: - cache_mem_percent: - description: - - Maximum percentage of available memory allocated to caching (1 - 15%). - type: int - chunk_size: - description: - - Maximum fingerprint chunk size. **Changing will flush the entire database**. - type: int - db_mode: - description: - - Behaviour when the maximum size is reached. - type: str - choices: - - stop-adding - - remove-modified-then-oldest - - remove-oldest - size: - description: - - Maximum total size of files within the storage (MB). - type: int - storage_device: - description: - - Storage device name. Source system.storage.name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Designate logical storage for DLP fingerprint database. - fortios_dlp_settings: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - dlp_settings: - cache_mem_percent: "3" - chunk_size: "4" - db_mode: "stop-adding" - size: "6" - storage_device: " (source system.storage.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_dlp_settings_data(json): - option_list = ['cache_mem_percent', 'chunk_size', 'db_mode', - 'size', 'storage_device'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def dlp_settings(data, fos): - vdom = data['vdom'] - dlp_settings_data = data['dlp_settings'] - filtered_data = underscore_to_hyphen(filter_dlp_settings_data(dlp_settings_data)) - - return fos.set('dlp', - 'settings', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_dlp(data, fos): - - if data['dlp_settings']: - resp = dlp_settings(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "dlp_settings": { - "required": False, "type": "dict", "default": None, - "options": { - "cache_mem_percent": {"required": False, "type": "int"}, - "chunk_size": {"required": False, "type": "int"}, - "db_mode": {"required": False, "type": "str", - "choices": ["stop-adding", "remove-modified-then-oldest", "remove-oldest"]}, - "size": {"required": False, "type": "int"}, - "storage_device": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_dlp(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_dlp(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_dnsfilter_domain_filter.py b/lib/ansible/modules/network/fortios/fortios_dnsfilter_domain_filter.py deleted file mode 100644 index df206175db7..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_dnsfilter_domain_filter.py +++ /dev/null @@ -1,399 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_dnsfilter_domain_filter -short_description: Configure DNS domain filters in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify dnsfilter feature and domain_filter category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - dnsfilter_domain_filter: - description: - - Configure DNS domain filters. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - comment: - description: - - Optional comments. - type: str - entries: - description: - - DNS domain filter entries. - type: list - suboptions: - action: - description: - - Action to take for domain filter matches. - type: str - choices: - - block - - allow - - monitor - domain: - description: - - Domain entries to be filtered. - type: str - id: - description: - - Id. - required: true - type: int - status: - description: - - Enable/disable this domain filter. - type: str - choices: - - enable - - disable - type: - description: - - DNS domain filter type. - type: str - choices: - - simple - - regex - - wildcard - id: - description: - - ID. - required: true - type: int - name: - description: - - Name of table. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure DNS domain filters. - fortios_dnsfilter_domain_filter: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - dnsfilter_domain_filter: - comment: "Optional comments." - entries: - - - action: "block" - domain: "" - id: "7" - status: "enable" - type: "simple" - id: "10" - name: "default_name_11" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_dnsfilter_domain_filter_data(json): - option_list = ['comment', 'entries', 'id', - 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def dnsfilter_domain_filter(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['dnsfilter_domain_filter'] and data['dnsfilter_domain_filter']: - state = data['dnsfilter_domain_filter']['state'] - else: - state = True - dnsfilter_domain_filter_data = data['dnsfilter_domain_filter'] - filtered_data = underscore_to_hyphen(filter_dnsfilter_domain_filter_data(dnsfilter_domain_filter_data)) - - if state == "present": - return fos.set('dnsfilter', - 'domain-filter', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('dnsfilter', - 'domain-filter', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_dnsfilter(data, fos): - - if data['dnsfilter_domain_filter']: - resp = dnsfilter_domain_filter(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "dnsfilter_domain_filter": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "comment": {"required": False, "type": "str"}, - "entries": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["block", "allow", "monitor"]}, - "domain": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "type": {"required": False, "type": "str", - "choices": ["simple", "regex", "wildcard"]} - }}, - "id": {"required": True, "type": "int"}, - "name": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_dnsfilter(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_dnsfilter(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_dnsfilter_profile.py b/lib/ansible/modules/network/fortios/fortios_dnsfilter_profile.py deleted file mode 100644 index 7bec71695e9..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_dnsfilter_profile.py +++ /dev/null @@ -1,511 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_dnsfilter_profile -short_description: Configure DNS domain filter profiles in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify dnsfilter feature and profile category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - dnsfilter_profile: - description: - - Configure DNS domain filter profiles. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - block_action: - description: - - Action to take for blocked domains. - type: str - choices: - - block - - redirect - block_botnet: - description: - - Enable/disable blocking botnet C&C DNS lookups. - type: str - choices: - - disable - - enable - comment: - description: - - Comment. - type: str - domain_filter: - description: - - Domain filter settings. - type: dict - suboptions: - domain_filter_table: - description: - - DNS domain filter table ID. Source dnsfilter.domain-filter.id. - type: int - external_ip_blocklist: - description: - - One or more external IP block lists. - type: list - suboptions: - name: - description: - - External domain block list name. Source system.external-resource.name. - required: true - type: str - ftgd_dns: - description: - - FortiGuard DNS Filter settings. - type: dict - suboptions: - filters: - description: - - FortiGuard DNS domain filters. - type: list - suboptions: - action: - description: - - Action to take for DNS requests matching the category. - type: str - choices: - - block - - monitor - category: - description: - - Category number. - type: int - id: - description: - - ID number. - required: true - type: int - log: - description: - - Enable/disable DNS filter logging for this DNS profile. - type: str - choices: - - enable - - disable - options: - description: - - FortiGuard DNS filter options. - type: str - choices: - - error-allow - - ftgd-disable - log_all_domain: - description: - - Enable/disable logging of all domains visited (detailed DNS logging). - type: str - choices: - - enable - - disable - name: - description: - - Profile name. - required: true - type: str - redirect_portal: - description: - - IP address of the SDNS redirect portal. - type: str - safe_search: - description: - - Enable/disable Google, Bing, and YouTube safe search. - type: str - choices: - - disable - - enable - sdns_domain_log: - description: - - Enable/disable domain filtering and botnet domain logging. - type: str - choices: - - enable - - disable - sdns_ftgd_err_log: - description: - - Enable/disable FortiGuard SDNS rating error logging. - type: str - choices: - - enable - - disable - youtube_restrict: - description: - - Set safe search for YouTube restriction level. - type: str - choices: - - strict - - moderate -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure DNS domain filter profiles. - fortios_dnsfilter_profile: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - dnsfilter_profile: - block_action: "block" - block_botnet: "disable" - comment: "Comment." - domain_filter: - domain_filter_table: "7 (source dnsfilter.domain-filter.id)" - external_ip_blocklist: - - - name: "default_name_9 (source system.external-resource.name)" - ftgd_dns: - filters: - - - action: "block" - category: "13" - id: "14" - log: "enable" - options: "error-allow" - log_all_domain: "enable" - name: "default_name_18" - redirect_portal: "" - safe_search: "disable" - sdns_domain_log: "enable" - sdns_ftgd_err_log: "enable" - youtube_restrict: "strict" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_dnsfilter_profile_data(json): - option_list = ['block_action', 'block_botnet', 'comment', - 'domain_filter', 'external_ip_blocklist', 'ftgd_dns', - 'log_all_domain', 'name', 'redirect_portal', - 'safe_search', 'sdns_domain_log', 'sdns_ftgd_err_log', - 'youtube_restrict'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def dnsfilter_profile(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['dnsfilter_profile'] and data['dnsfilter_profile']: - state = data['dnsfilter_profile']['state'] - else: - state = True - dnsfilter_profile_data = data['dnsfilter_profile'] - filtered_data = underscore_to_hyphen(filter_dnsfilter_profile_data(dnsfilter_profile_data)) - - if state == "present": - return fos.set('dnsfilter', - 'profile', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('dnsfilter', - 'profile', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_dnsfilter(data, fos): - - if data['dnsfilter_profile']: - resp = dnsfilter_profile(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "dnsfilter_profile": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "block_action": {"required": False, "type": "str", - "choices": ["block", "redirect"]}, - "block_botnet": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "comment": {"required": False, "type": "str"}, - "domain_filter": {"required": False, "type": "dict", - "options": { - "domain_filter_table": {"required": False, "type": "int"} - }}, - "external_ip_blocklist": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "ftgd_dns": {"required": False, "type": "dict", - "options": { - "filters": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["block", "monitor"]}, - "category": {"required": False, "type": "int"}, - "id": {"required": True, "type": "int"}, - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "options": {"required": False, "type": "str", - "choices": ["error-allow", "ftgd-disable"]} - }}, - "log_all_domain": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "name": {"required": True, "type": "str"}, - "redirect_portal": {"required": False, "type": "str"}, - "safe_search": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "sdns_domain_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sdns_ftgd_err_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "youtube_restrict": {"required": False, "type": "str", - "choices": ["strict", "moderate"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_dnsfilter(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_dnsfilter(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_endpoint_control_client.py b/lib/ansible/modules/network/fortios/fortios_endpoint_control_client.py deleted file mode 100644 index e8cf9d374d9..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_endpoint_control_client.py +++ /dev/null @@ -1,362 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_endpoint_control_client -short_description: Configure endpoint control client lists in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify endpoint_control feature and client category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - endpoint_control_client: - description: - - Configure endpoint control client lists. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - ad_groups: - description: - - Endpoint client AD logon groups. - type: str - ftcl_uid: - description: - - Endpoint FortiClient UID. - type: str - id: - description: - - Endpoint client ID. - required: true - type: int - info: - description: - - Endpoint client information. - type: str - src_ip: - description: - - Endpoint client IP address. - type: str - src_mac: - description: - - Endpoint client MAC address. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure endpoint control client lists. - fortios_endpoint_control_client: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - endpoint_control_client: - ad_groups: "" - ftcl_uid: "" - id: "5" - info: "" - src_ip: "" - src_mac: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_endpoint_control_client_data(json): - option_list = ['ad_groups', 'ftcl_uid', 'id', - 'info', 'src_ip', 'src_mac'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def endpoint_control_client(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['endpoint_control_client'] and data['endpoint_control_client']: - state = data['endpoint_control_client']['state'] - else: - state = True - endpoint_control_client_data = data['endpoint_control_client'] - filtered_data = underscore_to_hyphen(filter_endpoint_control_client_data(endpoint_control_client_data)) - - if state == "present": - return fos.set('endpoint-control', - 'client', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('endpoint-control', - 'client', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_endpoint_control(data, fos): - - if data['endpoint_control_client']: - resp = endpoint_control_client(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "endpoint_control_client": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "ad_groups": {"required": False, "type": "str"}, - "ftcl_uid": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "info": {"required": False, "type": "str"}, - "src_ip": {"required": False, "type": "str"}, - "src_mac": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_endpoint_control(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_endpoint_control(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_endpoint_control_forticlient_ems.py b/lib/ansible/modules/network/fortios/fortios_endpoint_control_forticlient_ems.py deleted file mode 100644 index 526a03a7af8..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_endpoint_control_forticlient_ems.py +++ /dev/null @@ -1,396 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_endpoint_control_forticlient_ems -short_description: Configure FortiClient Enterprise Management Server (EMS) entries in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify endpoint_control feature and forticlient_ems category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - endpoint_control_forticlient_ems: - description: - - Configure FortiClient Enterprise Management Server (EMS) entries. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - address: - description: - - Firewall address name. Source firewall.address.name. - type: str - admin_password: - description: - - FortiClient EMS admin password. - type: str - admin_type: - description: - - FortiClient EMS admin type. - type: str - choices: - - Windows - - LDAP - admin_username: - description: - - FortiClient EMS admin username. - type: str - https_port: - description: - - "FortiClient EMS HTTPS access port number. (1 - 65535)." - type: int - listen_port: - description: - - "FortiClient EMS telemetry listen port number. (1 - 65535)." - type: int - name: - description: - - FortiClient Enterprise Management Server (EMS) name. - required: true - type: str - rest_api_auth: - description: - - FortiClient EMS REST API authentication. - type: str - choices: - - disable - - userpass - serial_number: - description: - - FortiClient EMS Serial Number. - type: str - upload_port: - description: - - "FortiClient EMS telemetry upload port number. (1 - 65535)." - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiClient Enterprise Management Server (EMS) entries. - fortios_endpoint_control_forticlient_ems: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - endpoint_control_forticlient_ems: - address: " (source firewall.address.name)" - admin_password: "" - admin_type: "Windows" - admin_username: "" - https_port: "7" - listen_port: "8" - name: "default_name_9" - rest_api_auth: "disable" - serial_number: "" - upload_port: "12" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_endpoint_control_forticlient_ems_data(json): - option_list = ['address', 'admin_password', 'admin_type', - 'admin_username', 'https_port', 'listen_port', - 'name', 'rest_api_auth', 'serial_number', - 'upload_port'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def endpoint_control_forticlient_ems(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['endpoint_control_forticlient_ems'] and data['endpoint_control_forticlient_ems']: - state = data['endpoint_control_forticlient_ems']['state'] - else: - state = True - endpoint_control_forticlient_ems_data = data['endpoint_control_forticlient_ems'] - filtered_data = underscore_to_hyphen(filter_endpoint_control_forticlient_ems_data(endpoint_control_forticlient_ems_data)) - - if state == "present": - return fos.set('endpoint-control', - 'forticlient-ems', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('endpoint-control', - 'forticlient-ems', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_endpoint_control(data, fos): - - if data['endpoint_control_forticlient_ems']: - resp = endpoint_control_forticlient_ems(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "endpoint_control_forticlient_ems": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "address": {"required": False, "type": "str"}, - "admin_password": {"required": False, "type": "str"}, - "admin_type": {"required": False, "type": "str", - "choices": ["Windows", "LDAP"]}, - "admin_username": {"required": False, "type": "str"}, - "https_port": {"required": False, "type": "int"}, - "listen_port": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "rest_api_auth": {"required": False, "type": "str", - "choices": ["disable", "userpass"]}, - "serial_number": {"required": False, "type": "str"}, - "upload_port": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_endpoint_control(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_endpoint_control(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_endpoint_control_forticlient_registration_sync.py b/lib/ansible/modules/network/fortios/fortios_endpoint_control_forticlient_registration_sync.py deleted file mode 100644 index fcbe4ae04b5..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_endpoint_control_forticlient_registration_sync.py +++ /dev/null @@ -1,336 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_endpoint_control_forticlient_registration_sync -short_description: Configure FortiClient registration synchronization settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify endpoint_control feature and forticlient_registration_sync category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - endpoint_control_forticlient_registration_sync: - description: - - Configure FortiClient registration synchronization settings. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - peer_ip: - description: - - IP address of the peer FortiGate for endpoint license synchronization. - type: str - peer_name: - description: - - Peer name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiClient registration synchronization settings. - fortios_endpoint_control_forticlient_registration_sync: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - endpoint_control_forticlient_registration_sync: - peer_ip: "" - peer_name: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_endpoint_control_forticlient_registration_sync_data(json): - option_list = ['peer_ip', 'peer_name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def endpoint_control_forticlient_registration_sync(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['endpoint_control_forticlient_registration_sync'] and data['endpoint_control_forticlient_registration_sync']: - state = data['endpoint_control_forticlient_registration_sync']['state'] - else: - state = True - endpoint_control_forticlient_registration_sync_data = data['endpoint_control_forticlient_registration_sync'] - filtered_data = underscore_to_hyphen(filter_endpoint_control_forticlient_registration_sync_data(endpoint_control_forticlient_registration_sync_data)) - - if state == "present": - return fos.set('endpoint-control', - 'forticlient-registration-sync', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('endpoint-control', - 'forticlient-registration-sync', - mkey=filtered_data['peer-name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_endpoint_control(data, fos): - - if data['endpoint_control_forticlient_registration_sync']: - resp = endpoint_control_forticlient_registration_sync(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "endpoint_control_forticlient_registration_sync": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "peer_ip": {"required": False, "type": "str"}, - "peer_name": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_endpoint_control(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_endpoint_control(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_endpoint_control_profile.py b/lib/ansible/modules/network/fortios/fortios_endpoint_control_profile.py deleted file mode 100644 index 2a1b910cbd7..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_endpoint_control_profile.py +++ /dev/null @@ -1,1177 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_endpoint_control_profile -short_description: Configure FortiClient endpoint control profiles in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify endpoint_control feature and profile category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - endpoint_control_profile: - description: - - Configure FortiClient endpoint control profiles. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - description: - description: - - Description. - type: str - device_groups: - description: - - Device groups. - type: list - suboptions: - name: - description: - - Device group object from available options. Source user.device-group.name user.device-category.name. - required: true - type: str - forticlient_android_settings: - description: - - FortiClient settings for Android platform. - type: dict - suboptions: - disable_wf_when_protected: - description: - - Enable/disable FortiClient web category filtering when protected by FortiGate. - type: str - choices: - - enable - - disable - forticlient_advanced_vpn: - description: - - Enable/disable advanced FortiClient VPN configuration. - type: str - choices: - - enable - - disable - forticlient_advanced_vpn_buffer: - description: - - Advanced FortiClient VPN configuration. - type: str - forticlient_vpn_provisioning: - description: - - Enable/disable FortiClient VPN provisioning. - type: str - choices: - - enable - - disable - forticlient_vpn_settings: - description: - - FortiClient VPN settings. - type: list - suboptions: - auth_method: - description: - - Authentication method. - type: str - choices: - - psk - - certificate - name: - description: - - VPN name. - required: true - type: str - preshared_key: - description: - - Pre-shared secret for PSK authentication. - type: str - remote_gw: - description: - - IP address or FQDN of the remote VPN gateway. - type: str - sslvpn_access_port: - description: - - SSL VPN access port (1 - 65535). - type: int - sslvpn_require_certificate: - description: - - Enable/disable requiring SSL VPN client certificate. - type: str - choices: - - enable - - disable - type: - description: - - VPN type (IPsec or SSL VPN). - type: str - choices: - - ipsec - - ssl - forticlient_wf: - description: - - Enable/disable FortiClient web filtering. - type: str - choices: - - enable - - disable - forticlient_wf_profile: - description: - - The FortiClient web filter profile to apply. Source webfilter.profile.name. - type: str - forticlient_ios_settings: - description: - - FortiClient settings for iOS platform. - type: dict - suboptions: - client_vpn_provisioning: - description: - - FortiClient VPN provisioning. - type: str - choices: - - enable - - disable - client_vpn_settings: - description: - - FortiClient VPN settings. - type: list - suboptions: - auth_method: - description: - - Authentication method. - type: str - choices: - - psk - - certificate - name: - description: - - VPN name. - required: true - type: str - preshared_key: - description: - - Pre-shared secret for PSK authentication. - type: str - remote_gw: - description: - - IP address or FQDN of the remote VPN gateway. - type: str - sslvpn_access_port: - description: - - SSL VPN access port (1 - 65535). - type: int - sslvpn_require_certificate: - description: - - Enable/disable requiring SSL VPN client certificate. - type: str - choices: - - enable - - disable - type: - description: - - VPN type (IPsec or SSL VPN). - type: str - choices: - - ipsec - - ssl - vpn_configuration_content: - description: - - Content of VPN configuration. - type: str - vpn_configuration_name: - description: - - Name of VPN configuration. - type: str - configuration_content: - description: - - Content of configuration profile. - type: str - configuration_name: - description: - - Name of configuration profile. - type: str - disable_wf_when_protected: - description: - - Enable/disable FortiClient web category filtering when protected by FortiGate. - type: str - choices: - - enable - - disable - distribute_configuration_profile: - description: - - Enable/disable configuration profile (.mobileconfig file) distribution. - type: str - choices: - - enable - - disable - forticlient_wf: - description: - - Enable/disable FortiClient web filtering. - type: str - choices: - - enable - - disable - forticlient_wf_profile: - description: - - The FortiClient web filter profile to apply. Source webfilter.profile.name. - type: str - forticlient_winmac_settings: - description: - - FortiClient settings for Windows/Mac platform. - type: dict - suboptions: - av_realtime_protection: - description: - - Enable/disable FortiClient AntiVirus real-time protection. - type: str - choices: - - enable - - disable - av_signature_up_to_date: - description: - - Enable/disable FortiClient AV signature updates. - type: str - choices: - - enable - - disable - forticlient_application_firewall: - description: - - Enable/disable the FortiClient application firewall. - type: str - choices: - - enable - - disable - forticlient_application_firewall_list: - description: - - FortiClient application firewall rule list. Source application.list.name. - type: str - forticlient_av: - description: - - Enable/disable FortiClient AntiVirus scanning. - type: str - choices: - - enable - - disable - forticlient_ems_compliance: - description: - - Enable/disable FortiClient Enterprise Management Server (EMS) compliance. - type: str - choices: - - enable - - disable - forticlient_ems_compliance_action: - description: - - FortiClient EMS compliance action. - type: str - choices: - - block - - warning - forticlient_ems_entries: - description: - - FortiClient EMS entries. - type: list - suboptions: - name: - description: - - FortiClient EMS name. Source endpoint-control.forticlient-ems.name. - required: true - type: str - forticlient_linux_ver: - description: - - Minimum FortiClient Linux version. - type: str - forticlient_log_upload: - description: - - Enable/disable uploading FortiClient logs. - type: str - choices: - - enable - - disable - forticlient_log_upload_level: - description: - - Select the FortiClient logs to upload. - type: str - choices: - - traffic - - vulnerability - - event - forticlient_log_upload_server: - description: - - IP address or FQDN of the server to which to upload FortiClient logs. - type: str - forticlient_mac_ver: - description: - - Minimum FortiClient Mac OS version. - type: str - forticlient_minimum_software_version: - description: - - Enable/disable requiring clients to run FortiClient with a minimum software version number. - type: str - choices: - - enable - - disable - forticlient_operating_system: - description: - - FortiClient operating system. - type: list - suboptions: - id: - description: - - Operating system entry ID. - required: true - type: int - os_name: - description: - - "Customize operating system name or Mac OS format:x.x.x" - type: str - os_type: - description: - - Operating system type. - type: str - choices: - - custom - - mac-os - - win-7 - - win-80 - - win-81 - - win-10 - - win-2000 - - win-home-svr - - win-svr-10 - - win-svr-2003 - - win-svr-2003-r2 - - win-svr-2008 - - win-svr-2008-r2 - - win-svr-2012 - - win-svr-2012-r2 - - win-sto-svr-2003 - - win-vista - - win-xp - - ubuntu-linux - - centos-linux - - redhat-linux - - fedora-linux - forticlient_own_file: - description: - - Checking the path and filename of the FortiClient application. - type: list - suboptions: - file: - description: - - File path and name. - type: str - id: - description: - - File ID. - required: true - type: int - forticlient_registration_compliance_action: - description: - - FortiClient registration compliance action. - type: str - choices: - - block - - warning - forticlient_registry_entry: - description: - - FortiClient registry entry. - type: list - suboptions: - id: - description: - - Registry entry ID. - required: true - type: int - registry_entry: - description: - - Registry entry. - type: str - forticlient_running_app: - description: - - Use FortiClient to verify if the listed applications are running on the client. - type: list - suboptions: - app_name: - description: - - Application name. - type: str - app_sha256_signature: - description: - - App's SHA256 signature. - type: str - app_sha256_signature2: - description: - - App's SHA256 Signature. - type: str - app_sha256_signature3: - description: - - App's SHA256 Signature. - type: str - app_sha256_signature4: - description: - - App's SHA256 Signature. - type: str - application_check_rule: - description: - - Application check rule. - type: str - choices: - - present - - absent - id: - description: - - Application ID. - required: true - type: int - process_name: - description: - - Process name. - type: str - process_name2: - description: - - Process name. - type: str - process_name3: - description: - - Process name. - type: str - process_name4: - description: - - Process name. - type: str - forticlient_security_posture: - description: - - Enable/disable FortiClient security posture check options. - type: str - choices: - - enable - - disable - forticlient_security_posture_compliance_action: - description: - - FortiClient security posture compliance action. - type: str - choices: - - block - - warning - forticlient_system_compliance: - description: - - Enable/disable enforcement of FortiClient system compliance. - type: str - choices: - - enable - - disable - forticlient_system_compliance_action: - description: - - Block or warn clients not compliant with FortiClient requirements. - type: str - choices: - - block - - warning - forticlient_vuln_scan: - description: - - Enable/disable FortiClient vulnerability scanning. - type: str - choices: - - enable - - disable - forticlient_vuln_scan_compliance_action: - description: - - FortiClient vulnerability compliance action. - type: str - choices: - - block - - warning - forticlient_vuln_scan_enforce: - description: - - Configure the level of the vulnerability found that causes a FortiClient vulnerability compliance action. - type: str - choices: - - critical - - high - - medium - - low - - info - forticlient_vuln_scan_enforce_grace: - description: - - FortiClient vulnerability scan enforcement grace period (0 - 30 days). - type: int - forticlient_vuln_scan_exempt: - description: - - Enable/disable compliance exemption for vulnerabilities that cannot be patched automatically. - type: str - choices: - - enable - - disable - forticlient_wf: - description: - - Enable/disable FortiClient web filtering. - type: str - choices: - - enable - - disable - forticlient_wf_profile: - description: - - The FortiClient web filter profile to apply. Source webfilter.profile.name. - type: str - forticlient_win_ver: - description: - - Minimum FortiClient Windows version. - type: str - os_av_software_installed: - description: - - Enable/disable checking for OS recognized AntiVirus software. - type: str - choices: - - enable - - disable - sandbox_address: - description: - - FortiSandbox address. - type: str - sandbox_analysis: - description: - - Enable/disable sending files to FortiSandbox for analysis. - type: str - choices: - - enable - - disable - on_net_addr: - description: - - Addresses for on-net detection. - type: list - suboptions: - name: - description: - - Address object from available options. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - profile_name: - description: - - Profile name. - type: str - replacemsg_override_group: - description: - - Select an endpoint control replacement message override group from available options. Source system.replacemsg-group.name. - type: str - src_addr: - description: - - Source addresses. - type: list - suboptions: - name: - description: - - Address object from available options. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - user_groups: - description: - - User groups. - type: list - suboptions: - name: - description: - - User group name. Source user.group.name. - required: true - type: str - users: - description: - - Users. - type: list - suboptions: - name: - description: - - User name. Source user.local.name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiClient endpoint control profiles. - fortios_endpoint_control_profile: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - endpoint_control_profile: - description: "" - device_groups: - - - name: "default_name_5 (source user.device-group.name user.device-category.name)" - forticlient_android_settings: - disable_wf_when_protected: "enable" - forticlient_advanced_vpn: "enable" - forticlient_advanced_vpn_buffer: "" - forticlient_vpn_provisioning: "enable" - forticlient_vpn_settings: - - - auth_method: "psk" - name: "default_name_13" - preshared_key: "" - remote_gw: "" - sslvpn_access_port: "16" - sslvpn_require_certificate: "enable" - type: "ipsec" - forticlient_wf: "enable" - forticlient_wf_profile: " (source webfilter.profile.name)" - forticlient_ios_settings: - client_vpn_provisioning: "enable" - client_vpn_settings: - - - auth_method: "psk" - name: "default_name_25" - preshared_key: "" - remote_gw: "" - sslvpn_access_port: "28" - sslvpn_require_certificate: "enable" - type: "ipsec" - vpn_configuration_content: "" - vpn_configuration_name: "" - configuration_content: "" - configuration_name: "" - disable_wf_when_protected: "enable" - distribute_configuration_profile: "enable" - forticlient_wf: "enable" - forticlient_wf_profile: " (source webfilter.profile.name)" - forticlient_winmac_settings: - av_realtime_protection: "enable" - av_signature_up_to_date: "enable" - forticlient_application_firewall: "enable" - forticlient_application_firewall_list: " (source application.list.name)" - forticlient_av: "enable" - forticlient_ems_compliance: "enable" - forticlient_ems_compliance_action: "block" - forticlient_ems_entries: - - - name: "default_name_48 (source endpoint-control.forticlient-ems.name)" - forticlient_linux_ver: "" - forticlient_log_upload: "enable" - forticlient_log_upload_level: "traffic" - forticlient_log_upload_server: "" - forticlient_mac_ver: "" - forticlient_minimum_software_version: "enable" - forticlient_operating_system: - - - id: "56" - os_name: "" - os_type: "custom" - forticlient_own_file: - - - file: "" - id: "61" - forticlient_registration_compliance_action: "block" - forticlient_registry_entry: - - - id: "64" - registry_entry: "" - forticlient_running_app: - - - app_name: "" - app_sha256_signature: "" - app_sha256_signature2: "" - app_sha256_signature3: "" - app_sha256_signature4: "" - application_check_rule: "present" - id: "73" - process_name: "" - process_name2: "" - process_name3: "" - process_name4: "" - forticlient_security_posture: "enable" - forticlient_security_posture_compliance_action: "block" - forticlient_system_compliance: "enable" - forticlient_system_compliance_action: "block" - forticlient_vuln_scan: "enable" - forticlient_vuln_scan_compliance_action: "block" - forticlient_vuln_scan_enforce: "critical" - forticlient_vuln_scan_enforce_grace: "85" - forticlient_vuln_scan_exempt: "enable" - forticlient_wf: "enable" - forticlient_wf_profile: " (source webfilter.profile.name)" - forticlient_win_ver: "" - os_av_software_installed: "enable" - sandbox_address: "" - sandbox_analysis: "enable" - on_net_addr: - - - name: "default_name_94 (source firewall.address.name firewall.addrgrp.name)" - profile_name: "" - replacemsg_override_group: " (source system.replacemsg-group.name)" - src_addr: - - - name: "default_name_98 (source firewall.address.name firewall.addrgrp.name)" - user_groups: - - - name: "default_name_100 (source user.group.name)" - users: - - - name: "default_name_102 (source user.local.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_endpoint_control_profile_data(json): - option_list = ['description', 'device_groups', 'forticlient_android_settings', - 'forticlient_ios_settings', 'forticlient_winmac_settings', 'on_net_addr', - 'profile_name', 'replacemsg_override_group', 'src_addr', - 'user_groups', 'users'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def endpoint_control_profile(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['endpoint_control_profile'] and data['endpoint_control_profile']: - state = data['endpoint_control_profile']['state'] - else: - state = True - endpoint_control_profile_data = data['endpoint_control_profile'] - filtered_data = underscore_to_hyphen(filter_endpoint_control_profile_data(endpoint_control_profile_data)) - - if state == "present": - return fos.set('endpoint-control', - 'profile', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('endpoint-control', - 'profile', - mkey=filtered_data['profile-name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_endpoint_control(data, fos): - - if data['endpoint_control_profile']: - resp = endpoint_control_profile(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "endpoint_control_profile": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "description": {"required": False, "type": "str"}, - "device_groups": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "forticlient_android_settings": {"required": False, "type": "dict", - "options": { - "disable_wf_when_protected": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "forticlient_advanced_vpn": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "forticlient_advanced_vpn_buffer": {"required": False, "type": "str"}, - "forticlient_vpn_provisioning": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "forticlient_vpn_settings": {"required": False, "type": "list", - "options": { - "auth_method": {"required": False, "type": "str", - "choices": ["psk", "certificate"]}, - "name": {"required": True, "type": "str"}, - "preshared_key": {"required": False, "type": "str"}, - "remote_gw": {"required": False, "type": "str"}, - "sslvpn_access_port": {"required": False, "type": "int"}, - "sslvpn_require_certificate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "type": {"required": False, "type": "str", - "choices": ["ipsec", "ssl"]} - }}, - "forticlient_wf": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "forticlient_wf_profile": {"required": False, "type": "str"} - }}, - "forticlient_ios_settings": {"required": False, "type": "dict", - "options": { - "client_vpn_provisioning": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "client_vpn_settings": {"required": False, "type": "list", - "options": { - "auth_method": {"required": False, "type": "str", - "choices": ["psk", "certificate"]}, - "name": {"required": True, "type": "str"}, - "preshared_key": {"required": False, "type": "str"}, - "remote_gw": {"required": False, "type": "str"}, - "sslvpn_access_port": {"required": False, "type": "int"}, - "sslvpn_require_certificate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "type": {"required": False, "type": "str", - "choices": ["ipsec", "ssl"]}, - "vpn_configuration_content": {"required": False, "type": "str"}, - "vpn_configuration_name": {"required": False, "type": "str"} - }}, - "configuration_content": {"required": False, "type": "str"}, - "configuration_name": {"required": False, "type": "str"}, - "disable_wf_when_protected": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "distribute_configuration_profile": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "forticlient_wf": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "forticlient_wf_profile": {"required": False, "type": "str"} - }}, - "forticlient_winmac_settings": {"required": False, "type": "dict", - "options": { - "av_realtime_protection": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "av_signature_up_to_date": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "forticlient_application_firewall": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "forticlient_application_firewall_list": {"required": False, "type": "str"}, - "forticlient_av": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "forticlient_ems_compliance": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "forticlient_ems_compliance_action": {"required": False, "type": "str", - "choices": ["block", "warning"]}, - "forticlient_ems_entries": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "forticlient_linux_ver": {"required": False, "type": "str"}, - "forticlient_log_upload": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "forticlient_log_upload_level": {"required": False, "type": "str", - "choices": ["traffic", "vulnerability", "event"]}, - "forticlient_log_upload_server": {"required": False, "type": "str"}, - "forticlient_mac_ver": {"required": False, "type": "str"}, - "forticlient_minimum_software_version": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "forticlient_operating_system": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "os_name": {"required": False, "type": "str"}, - "os_type": {"required": False, "type": "str", - "choices": ["custom", "mac-os", "win-7", - "win-80", "win-81", "win-10", - "win-2000", "win-home-svr", "win-svr-10", - "win-svr-2003", "win-svr-2003-r2", - "win-svr-2008", "win-svr-2008-r2", - "win-svr-2012", "win-svr-2012-r2", - "win-sto-svr-2003", "win-vista", "win-xp", - "ubuntu-linux", "centos-linux", "redhat-linux", - "fedora-linux"]} - }}, - "forticlient_own_file": {"required": False, "type": "list", - "options": { - "file": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"} - }}, - "forticlient_registration_compliance_action": {"required": False, "type": "str", - "choices": ["block", "warning"]}, - "forticlient_registry_entry": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "registry_entry": {"required": False, "type": "str"} - }}, - "forticlient_running_app": {"required": False, "type": "list", - "options": { - "app_name": {"required": False, "type": "str"}, - "app_sha256_signature": {"required": False, "type": "str"}, - "app_sha256_signature2": {"required": False, "type": "str"}, - "app_sha256_signature3": {"required": False, "type": "str"}, - "app_sha256_signature4": {"required": False, "type": "str"}, - "application_check_rule": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "id": {"required": True, "type": "int"}, - "process_name": {"required": False, "type": "str"}, - "process_name2": {"required": False, "type": "str"}, - "process_name3": {"required": False, "type": "str"}, - "process_name4": {"required": False, "type": "str"} - }}, - "forticlient_security_posture": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "forticlient_security_posture_compliance_action": {"required": False, "type": "str", - "choices": ["block", "warning"]}, - "forticlient_system_compliance": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "forticlient_system_compliance_action": {"required": False, "type": "str", - "choices": ["block", "warning"]}, - "forticlient_vuln_scan": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "forticlient_vuln_scan_compliance_action": {"required": False, "type": "str", - "choices": ["block", "warning"]}, - "forticlient_vuln_scan_enforce": {"required": False, "type": "str", - "choices": ["critical", "high", "medium", - "low", "info"]}, - "forticlient_vuln_scan_enforce_grace": {"required": False, "type": "int"}, - "forticlient_vuln_scan_exempt": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "forticlient_wf": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "forticlient_wf_profile": {"required": False, "type": "str"}, - "forticlient_win_ver": {"required": False, "type": "str"}, - "os_av_software_installed": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sandbox_address": {"required": False, "type": "str"}, - "sandbox_analysis": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "on_net_addr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "profile_name": {"required": False, "type": "str"}, - "replacemsg_override_group": {"required": False, "type": "str"}, - "src_addr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "user_groups": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "users": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_endpoint_control(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_endpoint_control(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_endpoint_control_settings.py b/lib/ansible/modules/network/fortios/fortios_endpoint_control_settings.py deleted file mode 100644 index 5f7375c6d8b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_endpoint_control_settings.py +++ /dev/null @@ -1,392 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_endpoint_control_settings -short_description: Configure endpoint control settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify endpoint_control feature and settings category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - endpoint_control_settings: - description: - - Configure endpoint control settings. - default: null - type: dict - suboptions: - download_custom_link: - description: - - Customized URL for downloading FortiClient. - type: str - download_location: - description: - - FortiClient download location (FortiGuard or custom). - type: str - choices: - - fortiguard - - custom - forticlient_avdb_update_interval: - description: - - Period of time between FortiClient AntiVirus database updates (0 - 24 hours). - type: int - forticlient_dereg_unsupported_client: - description: - - Enable/disable deregistering unsupported FortiClient endpoints. - type: str - choices: - - enable - - disable - forticlient_ems_rest_api_call_timeout: - description: - - FortiClient EMS call timeout in milliseconds (500 - 30000 milliseconds). - type: int - forticlient_keepalive_interval: - description: - - Interval between two KeepAlive messages from FortiClient (20 - 300 sec). - type: int - forticlient_offline_grace: - description: - - Enable/disable grace period for offline registered clients. - type: str - choices: - - enable - - disable - forticlient_offline_grace_interval: - description: - - Grace period for offline registered FortiClient (60 - 600 sec). - type: int - forticlient_reg_key: - description: - - FortiClient registration key. - type: str - forticlient_reg_key_enforce: - description: - - Enable/disable requiring or enforcing FortiClient registration keys. - type: str - choices: - - enable - - disable - forticlient_reg_timeout: - description: - - FortiClient registration license timeout (days, min = 1, max = 180, 0 means unlimited). - type: int - forticlient_sys_update_interval: - description: - - Interval between two system update messages from FortiClient (30 - 1440 min). - type: int - forticlient_user_avatar: - description: - - Enable/disable uploading FortiClient user avatars. - type: str - choices: - - enable - - disable - forticlient_warning_interval: - description: - - Period of time between FortiClient portal warnings (0 - 24 hours). - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure endpoint control settings. - fortios_endpoint_control_settings: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - endpoint_control_settings: - download_custom_link: "" - download_location: "fortiguard" - forticlient_avdb_update_interval: "5" - forticlient_dereg_unsupported_client: "enable" - forticlient_ems_rest_api_call_timeout: "7" - forticlient_keepalive_interval: "8" - forticlient_offline_grace: "enable" - forticlient_offline_grace_interval: "10" - forticlient_reg_key: "" - forticlient_reg_key_enforce: "enable" - forticlient_reg_timeout: "13" - forticlient_sys_update_interval: "14" - forticlient_user_avatar: "enable" - forticlient_warning_interval: "16" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_endpoint_control_settings_data(json): - option_list = ['download_custom_link', 'download_location', 'forticlient_avdb_update_interval', - 'forticlient_dereg_unsupported_client', 'forticlient_ems_rest_api_call_timeout', 'forticlient_keepalive_interval', - 'forticlient_offline_grace', 'forticlient_offline_grace_interval', 'forticlient_reg_key', - 'forticlient_reg_key_enforce', 'forticlient_reg_timeout', 'forticlient_sys_update_interval', - 'forticlient_user_avatar', 'forticlient_warning_interval'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def endpoint_control_settings(data, fos): - vdom = data['vdom'] - endpoint_control_settings_data = data['endpoint_control_settings'] - filtered_data = underscore_to_hyphen(filter_endpoint_control_settings_data(endpoint_control_settings_data)) - - return fos.set('endpoint-control', - 'settings', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_endpoint_control(data, fos): - - if data['endpoint_control_settings']: - resp = endpoint_control_settings(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "endpoint_control_settings": { - "required": False, "type": "dict", "default": None, - "options": { - "download_custom_link": {"required": False, "type": "str"}, - "download_location": {"required": False, "type": "str", - "choices": ["fortiguard", "custom"]}, - "forticlient_avdb_update_interval": {"required": False, "type": "int"}, - "forticlient_dereg_unsupported_client": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "forticlient_ems_rest_api_call_timeout": {"required": False, "type": "int"}, - "forticlient_keepalive_interval": {"required": False, "type": "int"}, - "forticlient_offline_grace": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "forticlient_offline_grace_interval": {"required": False, "type": "int"}, - "forticlient_reg_key": {"required": False, "type": "str"}, - "forticlient_reg_key_enforce": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "forticlient_reg_timeout": {"required": False, "type": "int"}, - "forticlient_sys_update_interval": {"required": False, "type": "int"}, - "forticlient_user_avatar": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "forticlient_warning_interval": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_endpoint_control(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_endpoint_control(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_extender_controller_extender.py b/lib/ansible/modules/network/fortios/fortios_extender_controller_extender.py deleted file mode 100644 index d2795d2a195..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_extender_controller_extender.py +++ /dev/null @@ -1,627 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_extender_controller_extender -short_description: Extender controller configuration in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify extender_controller feature and extender category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - extender_controller_extender: - description: - - Extender controller configuration. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - aaa_shared_secret: - description: - - AAA shared secret. - type: str - access_point_name: - description: - - Access point name(APN). - type: str - admin: - description: - - FortiExtender Administration (enable or disable). - type: str - choices: - - disable - - discovered - - enable - at_dial_script: - description: - - Initialization AT commands specific to the MODEM. - type: str - billing_start_day: - description: - - Billing start day. - type: int - cdma_aaa_spi: - description: - - CDMA AAA SPI. - type: str - cdma_ha_spi: - description: - - CDMA HA SPI. - type: str - cdma_nai: - description: - - NAI for CDMA MODEMS. - type: str - conn_status: - description: - - Connection status. - type: int - description: - description: - - Description. - type: str - dial_mode: - description: - - Dial mode (dial-on-demand or always-connect). - type: str - choices: - - dial-on-demand - - always-connect - dial_status: - description: - - Dial status. - type: int - ext_name: - description: - - FortiExtender name. - type: str - ha_shared_secret: - description: - - HA shared secret. - type: str - id: - description: - - FortiExtender serial number. - required: true - type: str - ifname: - description: - - FortiExtender interface name. - type: str - initiated_update: - description: - - Allow/disallow network initiated updates to the MODEM. - type: str - choices: - - enable - - disable - mode: - description: - - FortiExtender mode. - type: str - choices: - - standalone - - redundant - modem_passwd: - description: - - MODEM password. - type: str - modem_type: - description: - - MODEM type (CDMA, GSM/LTE or WIMAX). - type: str - choices: - - cdma - - gsm/lte - - wimax - multi_mode: - description: - - MODEM mode of operation(3G,LTE,etc). - type: str - choices: - - auto - - auto-3g - - force-lte - - force-3g - - force-2g - ppp_auth_protocol: - description: - - PPP authentication protocol (PAP,CHAP or auto). - type: str - choices: - - auto - - pap - - chap - ppp_echo_request: - description: - - Enable/disable PPP echo request. - type: str - choices: - - enable - - disable - ppp_password: - description: - - PPP password. - type: str - ppp_username: - description: - - PPP username. - type: str - primary_ha: - description: - - Primary HA. - type: str - quota_limit_mb: - description: - - Monthly quota limit (MB). - type: int - redial: - description: - - Number of redials allowed based on failed attempts. - type: str - choices: - - none - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - - 8 - - 9 - - 10 - redundant_intf: - description: - - Redundant interface. - type: str - roaming: - description: - - Enable/disable MODEM roaming. - type: str - choices: - - enable - - disable - role: - description: - - FortiExtender work role(Primary, Secondary, None). - type: str - choices: - - none - - primary - - secondary - secondary_ha: - description: - - Secondary HA. - type: str - sim_pin: - description: - - SIM PIN. - type: str - vdom: - description: - - VDOM - type: int - wimax_auth_protocol: - description: - - WiMax authentication protocol(TLS or TTLS). - type: str - choices: - - tls - - ttls - wimax_carrier: - description: - - WiMax carrier. - type: str - wimax_realm: - description: - - WiMax realm. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Extender controller configuration. - fortios_extender_controller_extender: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - extender_controller_extender: - aaa_shared_secret: "" - access_point_name: "" - admin: "disable" - at_dial_script: "" - billing_start_day: "7" - cdma_aaa_spi: "" - cdma_ha_spi: "" - cdma_nai: "" - conn_status: "11" - description: "" - dial_mode: "dial-on-demand" - dial_status: "14" - ext_name: "" - ha_shared_secret: "" - id: "17" - ifname: "" - initiated_update: "enable" - mode: "standalone" - modem_passwd: "" - modem_type: "cdma" - multi_mode: "auto" - ppp_auth_protocol: "auto" - ppp_echo_request: "enable" - ppp_password: "" - ppp_username: "" - primary_ha: "" - quota_limit_mb: "29" - redial: "none" - redundant_intf: "" - roaming: "enable" - role: "none" - secondary_ha: "" - sim_pin: "" - vdom: "36" - wimax_auth_protocol: "tls" - wimax_carrier: "" - wimax_realm: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_extender_controller_extender_data(json): - option_list = ['aaa_shared_secret', 'access_point_name', 'admin', - 'at_dial_script', 'billing_start_day', 'cdma_aaa_spi', - 'cdma_ha_spi', 'cdma_nai', 'conn_status', - 'description', 'dial_mode', 'dial_status', - 'ext_name', 'ha_shared_secret', 'id', - 'ifname', 'initiated_update', 'mode', - 'modem_passwd', 'modem_type', 'multi_mode', - 'ppp_auth_protocol', 'ppp_echo_request', 'ppp_password', - 'ppp_username', 'primary_ha', 'quota_limit_mb', - 'redial', 'redundant_intf', 'roaming', - 'role', 'secondary_ha', 'sim_pin', - 'vdom', 'wimax_auth_protocol', 'wimax_carrier', - 'wimax_realm'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def extender_controller_extender(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['extender_controller_extender'] and data['extender_controller_extender']: - state = data['extender_controller_extender']['state'] - else: - state = True - extender_controller_extender_data = data['extender_controller_extender'] - filtered_data = underscore_to_hyphen(filter_extender_controller_extender_data(extender_controller_extender_data)) - - if state == "present": - return fos.set('extender-controller', - 'extender', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('extender-controller', - 'extender', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_extender_controller(data, fos): - - if data['extender_controller_extender']: - resp = extender_controller_extender(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "extender_controller_extender": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "aaa_shared_secret": {"required": False, "type": "str"}, - "access_point_name": {"required": False, "type": "str"}, - "admin": {"required": False, "type": "str", - "choices": ["disable", "discovered", "enable"]}, - "at_dial_script": {"required": False, "type": "str"}, - "billing_start_day": {"required": False, "type": "int"}, - "cdma_aaa_spi": {"required": False, "type": "str"}, - "cdma_ha_spi": {"required": False, "type": "str"}, - "cdma_nai": {"required": False, "type": "str"}, - "conn_status": {"required": False, "type": "int"}, - "description": {"required": False, "type": "str"}, - "dial_mode": {"required": False, "type": "str", - "choices": ["dial-on-demand", "always-connect"]}, - "dial_status": {"required": False, "type": "int"}, - "ext_name": {"required": False, "type": "str"}, - "ha_shared_secret": {"required": False, "type": "str"}, - "id": {"required": True, "type": "str"}, - "ifname": {"required": False, "type": "str"}, - "initiated_update": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "mode": {"required": False, "type": "str", - "choices": ["standalone", "redundant"]}, - "modem_passwd": {"required": False, "type": "str"}, - "modem_type": {"required": False, "type": "str", - "choices": ["cdma", "gsm/lte", "wimax"]}, - "multi_mode": {"required": False, "type": "str", - "choices": ["auto", "auto-3g", "force-lte", - "force-3g", "force-2g"]}, - "ppp_auth_protocol": {"required": False, "type": "str", - "choices": ["auto", "pap", "chap"]}, - "ppp_echo_request": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ppp_password": {"required": False, "type": "str"}, - "ppp_username": {"required": False, "type": "str"}, - "primary_ha": {"required": False, "type": "str"}, - "quota_limit_mb": {"required": False, "type": "int"}, - "redial": {"required": False, "type": "str", - "choices": ["none", "1", "2", - "3", "4", "5", - "6", "7", "8", - "9", "10"]}, - "redundant_intf": {"required": False, "type": "str"}, - "roaming": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "role": {"required": False, "type": "str", - "choices": ["none", "primary", "secondary"]}, - "secondary_ha": {"required": False, "type": "str"}, - "sim_pin": {"required": False, "type": "str"}, - "vdom": {"required": False, "type": "int"}, - "wimax_auth_protocol": {"required": False, "type": "str", - "choices": ["tls", "ttls"]}, - "wimax_carrier": {"required": False, "type": "str"}, - "wimax_realm": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_extender_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_extender_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_facts.py b/lib/ansible/modules/network/fortios/fortios_facts.py deleted file mode 100644 index 7359fd0dc36..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_facts.py +++ /dev/null @@ -1,282 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_facts -version_added: "2.9" -short_description: Get facts about fortios devices. -description: - - Collects facts from network devices running the fortios operating - system. This module places the facts gathered in the fact tree keyed by the - respective resource name. This facts module will only collect those - facts which user specified in playbook. -author: - - Don Yao (@fortinetps) - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Support both legacy mode (local_action) and httpapi - - Legacy mode run as a local_action in your playbook, requires fortiosapi library developed by Fortinet - - httpapi mode is the new recommend way for network modules -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - required: false - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - required: false - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - required: false - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: false - required: false - gather_subset: - description: - - When supplied, this argument will restrict the facts collected - to a given subset. Possible values for this argument include - system_current-admins_select, system_firmware_select, - system_fortimanager_status, system_ha-checksums_select, - system_interface_select, system_status_select and system_time_select - type: list - elements: dict - required: true - suboptions: - fact: - description: - - Name of the facts to gather - type: str - required: true - filters: - description: - - Filters apply when gathering facts - type: list - elements: dict - required: false -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - - tasks: - - name: gather basic system status facts - fortios_facts: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - gather_subset: - - fact: 'system_status_select' - - - name: gather all physical interfaces status facts - fortios_facts: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - gather_subset: - - fact: 'system_interface_select' - - - name: gather gather all physical and vlan interfaces status facts - fortios_facts: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - gather_subset: - - fact: 'system_interface_select' - filters: - - include_vlan: true - - - name: gather basic system info and physical interface port3 status facts - fortios_facts: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - gather_subset: - - fact: 'system_status_select' - - fact: 'system_interface_select' - filters: - - interface_name: 'port3' -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'GET' -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "firmware" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "system" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" -ansible_facts: - description: The list of fact subsets collected from the device - returned: always - type: dict - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG -from ansible.module_utils.network.fortios.argspec.facts.facts import FactsArgs -from ansible.module_utils.network.fortios.facts.facts import Facts - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def main(): - """ Main entry point for AnsibleModule - """ - argument_spec = FactsArgs.argument_spec - - module = AnsibleModule(argument_spec=argument_spec, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - warnings = [] - connection = Connection(module._socket_path) - module._connection = connection - fos = FortiOSHandler(connection) - - result = Facts(module, fos).get_facts() - - ansible_facts, additional_warnings = result - warnings.extend(additional_warnings) - - module.exit_json(ansible_facts=ansible_facts, warnings=warnings) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - warnings = [] - - fos = FortiOSAPI() - login(module.params, fos) - module._connection = fos - - result = Facts(module, fos).get_facts() - - ansible_facts, additional_warnings = result - warnings.extend(additional_warnings) - - module.exit_json(ansible_facts=ansible_facts, warnings=warnings) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_DoS_policy.py b/lib/ansible/modules/network/fortios/fortios_firewall_DoS_policy.py deleted file mode 100644 index 71a9fa39e92..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_DoS_policy.py +++ /dev/null @@ -1,492 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_DoS_policy -short_description: Configure IPv4 DoS policies in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and DoS_policy category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_DoS_policy: - description: - - Configure IPv4 DoS policies. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - anomaly: - description: - - Anomaly name. - type: list - suboptions: - action: - description: - - Action taken when the threshold is reached. - type: str - choices: - - pass - - block - log: - description: - - Enable/disable anomaly logging. - type: str - choices: - - enable - - disable - name: - description: - - Anomaly name. - required: true - type: str - quarantine: - description: - - Quarantine method. - type: str - choices: - - none - - attacker - quarantine_expiry: - description: - - Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m). Requires quarantine set to attacker. - type: str - quarantine_log: - description: - - Enable/disable quarantine logging. - type: str - choices: - - disable - - enable - status: - description: - - Enable/disable this anomaly. - type: str - choices: - - disable - - enable - threshold: - description: - - Anomaly threshold. Number of detected instances per minute that triggers the anomaly action. - type: int - threshold(default): - description: - - Number of detected instances per minute which triggers action (1 - 2147483647). Note that each anomaly has a different threshold - value assigned to it. - type: int - comments: - description: - - Comment. - type: str - dstaddr: - description: - - Destination address name from available addresses. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - interface: - description: - - Incoming interface name from available interfaces. Source system.zone.name system.interface.name. - type: str - policyid: - description: - - Policy ID. - required: true - type: int - service: - description: - - Service object from available options. - type: list - suboptions: - name: - description: - - Service name. Source firewall.service.custom.name firewall.service.group.name. - required: true - type: str - srcaddr: - description: - - Source address name from available addresses. - type: list - suboptions: - name: - description: - - Service name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - status: - description: - - Enable/disable this policy. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv4 DoS policies. - fortios_firewall_DoS_policy: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_DoS_policy: - anomaly: - - - action: "pass" - log: "enable" - name: "default_name_6" - quarantine: "none" - quarantine_expiry: "" - quarantine_log: "disable" - status: "disable" - threshold: "11" - threshold(default): "12" - comments: "" - dstaddr: - - - name: "default_name_15 (source firewall.address.name firewall.addrgrp.name)" - interface: " (source system.zone.name system.interface.name)" - policyid: "17" - service: - - - name: "default_name_19 (source firewall.service.custom.name firewall.service.group.name)" - srcaddr: - - - name: "default_name_21 (source firewall.address.name firewall.addrgrp.name)" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_DoS_policy_data(json): - option_list = ['anomaly', 'comments', 'dstaddr', - 'interface', 'policyid', 'service', - 'srcaddr', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_DoS_policy(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_DoS_policy'] and data['firewall_DoS_policy']: - state = data['firewall_DoS_policy']['state'] - else: - state = True - firewall_DoS_policy_data = data['firewall_DoS_policy'] - filtered_data = underscore_to_hyphen(filter_firewall_DoS_policy_data(firewall_DoS_policy_data)) - - if state == "present": - return fos.set('firewall', - 'DoS-policy', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'DoS-policy', - mkey=filtered_data['policyid'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_DoS_policy']: - resp = firewall_DoS_policy(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_DoS_policy": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "anomaly": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["pass", "block"]}, - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "name": {"required": True, "type": "str"}, - "quarantine": {"required": False, "type": "str", - "choices": ["none", "attacker"]}, - "quarantine_expiry": {"required": False, "type": "str"}, - "quarantine_log": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "status": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "threshold": {"required": False, "type": "int"}, - "threshold(default)": {"required": False, "type": "int"} - }}, - "comments": {"required": False, "type": "str"}, - "dstaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "interface": {"required": False, "type": "str"}, - "policyid": {"required": True, "type": "int"}, - "service": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "srcaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_DoS_policy6.py b/lib/ansible/modules/network/fortios/fortios_firewall_DoS_policy6.py deleted file mode 100644 index e20f2aa2fe4..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_DoS_policy6.py +++ /dev/null @@ -1,492 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_DoS_policy6 -short_description: Configure IPv6 DoS policies in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and DoS_policy6 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_DoS_policy6: - description: - - Configure IPv6 DoS policies. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - anomaly: - description: - - Anomaly name. - type: list - suboptions: - action: - description: - - Action taken when the threshold is reached. - type: str - choices: - - pass - - block - log: - description: - - Enable/disable anomaly logging. - type: str - choices: - - enable - - disable - name: - description: - - Anomaly name. - required: true - type: str - quarantine: - description: - - Quarantine method. - type: str - choices: - - none - - attacker - quarantine_expiry: - description: - - Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m). Requires quarantine set to attacker. - type: str - quarantine_log: - description: - - Enable/disable quarantine logging. - type: str - choices: - - disable - - enable - status: - description: - - Enable/disable this anomaly. - type: str - choices: - - disable - - enable - threshold: - description: - - Anomaly threshold. Number of detected instances per minute that triggers the anomaly action. - type: int - threshold(default): - description: - - Number of detected instances per minute which triggers action (1 - 2147483647). Note that each anomaly has a different threshold - value assigned to it. - type: int - comments: - description: - - Comment. - type: str - dstaddr: - description: - - Destination address name from available addresses. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address6.name firewall.addrgrp6.name. - required: true - type: str - interface: - description: - - Incoming interface name from available interfaces. Source system.zone.name system.interface.name. - type: str - policyid: - description: - - Policy ID. - required: true - type: int - service: - description: - - Service object from available options. - type: list - suboptions: - name: - description: - - Service name. Source firewall.service.custom.name firewall.service.group.name. - required: true - type: str - srcaddr: - description: - - Source address name from available addresses. - type: list - suboptions: - name: - description: - - Service name. Source firewall.address6.name firewall.addrgrp6.name. - required: true - type: str - status: - description: - - Enable/disable this policy. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv6 DoS policies. - fortios_firewall_DoS_policy6: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_DoS_policy6: - anomaly: - - - action: "pass" - log: "enable" - name: "default_name_6" - quarantine: "none" - quarantine_expiry: "" - quarantine_log: "disable" - status: "disable" - threshold: "11" - threshold(default): "12" - comments: "" - dstaddr: - - - name: "default_name_15 (source firewall.address6.name firewall.addrgrp6.name)" - interface: " (source system.zone.name system.interface.name)" - policyid: "17" - service: - - - name: "default_name_19 (source firewall.service.custom.name firewall.service.group.name)" - srcaddr: - - - name: "default_name_21 (source firewall.address6.name firewall.addrgrp6.name)" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_DoS_policy6_data(json): - option_list = ['anomaly', 'comments', 'dstaddr', - 'interface', 'policyid', 'service', - 'srcaddr', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_DoS_policy6(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_DoS_policy6'] and data['firewall_DoS_policy6']: - state = data['firewall_DoS_policy6']['state'] - else: - state = True - firewall_DoS_policy6_data = data['firewall_DoS_policy6'] - filtered_data = underscore_to_hyphen(filter_firewall_DoS_policy6_data(firewall_DoS_policy6_data)) - - if state == "present": - return fos.set('firewall', - 'DoS-policy6', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'DoS-policy6', - mkey=filtered_data['policyid'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_DoS_policy6']: - resp = firewall_DoS_policy6(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_DoS_policy6": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "anomaly": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["pass", "block"]}, - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "name": {"required": True, "type": "str"}, - "quarantine": {"required": False, "type": "str", - "choices": ["none", "attacker"]}, - "quarantine_expiry": {"required": False, "type": "str"}, - "quarantine_log": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "status": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "threshold": {"required": False, "type": "int"}, - "threshold(default)": {"required": False, "type": "int"} - }}, - "comments": {"required": False, "type": "str"}, - "dstaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "interface": {"required": False, "type": "str"}, - "policyid": {"required": True, "type": "int"}, - "service": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "srcaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_address.py b/lib/ansible/modules/network/fortios/fortios_firewall_address.py deleted file mode 100644 index a3371a0f76d..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_address.py +++ /dev/null @@ -1,571 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_address -short_description: Configure IPv4 addresses in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and address category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_address: - description: - - Configure IPv4 addresses. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - allow_routing: - description: - - Enable/disable use of this address in the static route configuration. - type: str - choices: - - enable - - disable - associated_interface: - description: - - Network interface associated with address. Source system.interface.name system.zone.name. - type: str - cache_ttl: - description: - - Defines the minimal TTL of individual IP addresses in FQDN cache measured in seconds. - type: int - color: - description: - - Color of icon on the GUI. - type: int - comment: - description: - - Comment. - type: str - country: - description: - - IP addresses associated to a specific country. - type: str - end_ip: - description: - - Final IP address (inclusive) in the range for the address. - type: str - epg_name: - description: - - Endpoint group name. - type: str - filter: - description: - - Match criteria filter. - type: str - fqdn: - description: - - Fully Qualified Domain Name address. - type: str - list: - description: - - IP address list. - type: list - suboptions: - ip: - description: - - IP. - required: true - type: str - name: - description: - - Address name. - required: true - type: str - obj_id: - description: - - Object ID for NSX. - type: str - organization: - description: - - "Organization domain name (Syntax: organization/domain)." - type: str - policy_group: - description: - - Policy group name. - type: str - sdn: - description: - - SDN. - type: str - choices: - - aci - - aws - - azure - - gcp - - nsx - - nuage - - oci - - openstack - sdn_tag: - description: - - SDN Tag. - type: str - start_ip: - description: - - First IP address (inclusive) in the range for the address. - type: str - subnet: - description: - - IP address and subnet mask of address. - type: str - subnet_name: - description: - - Subnet name. - type: str - tagging: - description: - - Config object tagging. - type: list - suboptions: - category: - description: - - Tag category. Source system.object-tagging.category. - type: str - name: - description: - - Tagging entry name. - required: true - type: str - tags: - description: - - Tags. - type: list - suboptions: - name: - description: - - Tag name. Source system.object-tagging.tags.name. - required: true - type: str - tenant: - description: - - Tenant. - type: str - type: - description: - - Type of address. - type: str - choices: - - ipmask - - iprange - - fqdn - - geography - - wildcard - - wildcard-fqdn - - dynamic - uuid: - description: - - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). - type: str - visibility: - description: - - Enable/disable address visibility in the GUI. - type: str - choices: - - enable - - disable - wildcard: - description: - - IP address and wildcard netmask. - type: str - wildcard_fqdn: - description: - - Fully Qualified Domain Name with wildcard characters. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv4 addresses. - fortios_firewall_address: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_address: - allow_routing: "enable" - associated_interface: " (source system.interface.name system.zone.name)" - cache_ttl: "5" - color: "6" - comment: "Comment." - country: "" - end_ip: "" - epg_name: "" - filter: "" - fqdn: "" - list: - - - ip: "" - name: "default_name_15" - obj_id: "" - organization: "" - policy_group: "" - sdn: "aci" - sdn_tag: "" - start_ip: "" - subnet: "" - subnet_name: "" - tagging: - - - category: " (source system.object-tagging.category)" - name: "default_name_26" - tags: - - - name: "default_name_28 (source system.object-tagging.tags.name)" - tenant: "" - type: "ipmask" - uuid: "" - visibility: "enable" - wildcard: "" - wildcard_fqdn: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_address_data(json): - option_list = ['allow_routing', 'associated_interface', 'cache_ttl', - 'color', 'comment', 'country', - 'end_ip', 'epg_name', 'filter', - 'fqdn', 'list', 'name', - 'obj_id', 'organization', 'policy_group', - 'sdn', 'sdn_tag', 'start_ip', - 'subnet', 'subnet_name', 'tagging', - 'tenant', 'type', 'uuid', - 'visibility', 'wildcard', 'wildcard_fqdn'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_address(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_address'] and data['firewall_address']: - state = data['firewall_address']['state'] - else: - state = True - firewall_address_data = data['firewall_address'] - filtered_data = underscore_to_hyphen(filter_firewall_address_data(firewall_address_data)) - - if state == "present": - return fos.set('firewall', - 'address', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'address', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_address']: - resp = firewall_address(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_address": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "allow_routing": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "associated_interface": {"required": False, "type": "str"}, - "cache_ttl": {"required": False, "type": "int"}, - "color": {"required": False, "type": "int"}, - "comment": {"required": False, "type": "str"}, - "country": {"required": False, "type": "str"}, - "end_ip": {"required": False, "type": "str"}, - "epg_name": {"required": False, "type": "str"}, - "filter": {"required": False, "type": "str"}, - "fqdn": {"required": False, "type": "str"}, - "list": {"required": False, "type": "list", - "options": { - "ip": {"required": True, "type": "str"} - }}, - "name": {"required": True, "type": "str"}, - "obj_id": {"required": False, "type": "str"}, - "organization": {"required": False, "type": "str"}, - "policy_group": {"required": False, "type": "str"}, - "sdn": {"required": False, "type": "str", - "choices": ["aci", "aws", "azure", - "gcp", "nsx", "nuage", - "oci", "openstack"]}, - "sdn_tag": {"required": False, "type": "str"}, - "start_ip": {"required": False, "type": "str"}, - "subnet": {"required": False, "type": "str"}, - "subnet_name": {"required": False, "type": "str"}, - "tagging": {"required": False, "type": "list", - "options": { - "category": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "tags": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }} - }}, - "tenant": {"required": False, "type": "str"}, - "type": {"required": False, "type": "str", - "choices": ["ipmask", "iprange", "fqdn", - "geography", "wildcard", "wildcard-fqdn", - "dynamic"]}, - "uuid": {"required": False, "type": "str"}, - "visibility": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "wildcard": {"required": False, "type": "str"}, - "wildcard_fqdn": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_address6.py b/lib/ansible/modules/network/fortios/fortios_firewall_address6.py deleted file mode 100644 index c8bae7ccabb..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_address6.py +++ /dev/null @@ -1,536 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_address6 -short_description: Configure IPv6 firewall addresses in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and address6 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_address6: - description: - - Configure IPv6 firewall addresses. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - cache_ttl: - description: - - Minimal TTL of individual IPv6 addresses in FQDN cache. - type: int - color: - description: - - Integer value to determine the color of the icon in the GUI (range 1 to 32). - type: int - comment: - description: - - Comment. - type: str - end_ip: - description: - - "Final IP address (inclusive) in the range for the address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx)." - type: str - fqdn: - description: - - Fully qualified domain name. - type: str - host: - description: - - Host Address. - type: str - host_type: - description: - - Host type. - type: str - choices: - - any - - specific - ip6: - description: - - "IPv6 address prefix (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx)." - type: str - list: - description: - - IP address list. - type: list - suboptions: - ip: - description: - - IP. - required: true - type: str - name: - description: - - Address name. - required: true - type: str - obj_id: - description: - - Object ID for NSX. - type: str - sdn: - description: - - SDN. - type: str - choices: - - nsx - start_ip: - description: - - "First IP address (inclusive) in the range for the address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx)." - type: str - subnet_segment: - description: - - IPv6 subnet segments. - type: list - suboptions: - name: - description: - - Name. - required: true - type: str - type: - description: - - Subnet segment type. - type: str - choices: - - any - - specific - value: - description: - - Subnet segment value. - type: str - tagging: - description: - - Config object tagging - type: list - suboptions: - category: - description: - - Tag category. Source system.object-tagging.category. - type: str - name: - description: - - Tagging entry name. - required: true - type: str - tags: - description: - - Tags. - type: list - suboptions: - name: - description: - - Tag name. Source system.object-tagging.tags.name. - required: true - type: str - template: - description: - - IPv6 address template. Source firewall.address6-template.name. - type: str - type: - description: - - Type of IPv6 address object . - type: str - choices: - - ipprefix - - iprange - - fqdn - - dynamic - - template - uuid: - description: - - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). - type: str - visibility: - description: - - Enable/disable the visibility of the object in the GUI. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv6 firewall addresses. - fortios_firewall_address6: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_address6: - cache_ttl: "3" - color: "4" - comment: "Comment." - end_ip: "" - fqdn: "" - host: "" - host_type: "any" - ip6: "" - list: - - - ip: "" - name: "default_name_13" - obj_id: "" - sdn: "nsx" - start_ip: "" - subnet_segment: - - - name: "default_name_18" - type: "any" - value: "" - tagging: - - - category: " (source system.object-tagging.category)" - name: "default_name_23" - tags: - - - name: "default_name_25 (source system.object-tagging.tags.name)" - template: " (source firewall.address6-template.name)" - type: "ipprefix" - uuid: "" - visibility: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_address6_data(json): - option_list = ['cache_ttl', 'color', 'comment', - 'end_ip', 'fqdn', 'host', - 'host_type', 'ip6', 'list', - 'name', 'obj_id', 'sdn', - 'start_ip', 'subnet_segment', 'tagging', - 'template', 'type', 'uuid', - 'visibility'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_address6(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_address6'] and data['firewall_address6']: - state = data['firewall_address6']['state'] - else: - state = True - firewall_address6_data = data['firewall_address6'] - filtered_data = underscore_to_hyphen(filter_firewall_address6_data(firewall_address6_data)) - - if state == "present": - return fos.set('firewall', - 'address6', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'address6', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_address6']: - resp = firewall_address6(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_address6": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "cache_ttl": {"required": False, "type": "int"}, - "color": {"required": False, "type": "int"}, - "comment": {"required": False, "type": "str"}, - "end_ip": {"required": False, "type": "str"}, - "fqdn": {"required": False, "type": "str"}, - "host": {"required": False, "type": "str"}, - "host_type": {"required": False, "type": "str", - "choices": ["any", "specific"]}, - "ip6": {"required": False, "type": "str"}, - "list": {"required": False, "type": "list", - "options": { - "ip": {"required": True, "type": "str"} - }}, - "name": {"required": True, "type": "str"}, - "obj_id": {"required": False, "type": "str"}, - "sdn": {"required": False, "type": "str", - "choices": ["nsx"]}, - "start_ip": {"required": False, "type": "str"}, - "subnet_segment": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"}, - "type": {"required": False, "type": "str", - "choices": ["any", "specific"]}, - "value": {"required": False, "type": "str"} - }}, - "tagging": {"required": False, "type": "list", - "options": { - "category": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "tags": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }} - }}, - "template": {"required": False, "type": "str"}, - "type": {"required": False, "type": "str", - "choices": ["ipprefix", "iprange", "fqdn", - "dynamic", "template"]}, - "uuid": {"required": False, "type": "str"}, - "visibility": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_address6_template.py b/lib/ansible/modules/network/fortios/fortios_firewall_address6_template.py deleted file mode 100644 index ca2488f6d7b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_address6_template.py +++ /dev/null @@ -1,406 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_address6_template -short_description: Configure IPv6 address templates in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and address6_template category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_address6_template: - description: - - Configure IPv6 address templates. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - ip6: - description: - - IPv6 address prefix. - type: str - name: - description: - - IPv6 address template name. - required: true - type: str - subnet_segment: - description: - - IPv6 subnet segments. - type: list - suboptions: - bits: - description: - - Number of bits. - type: int - exclusive: - description: - - Enable/disable exclusive value. - type: str - choices: - - enable - - disable - id: - description: - - Subnet segment ID. - required: true - type: int - name: - description: - - Subnet segment name. - type: str - values: - description: - - Subnet segment values. - type: list - suboptions: - name: - description: - - Subnet segment value name. - required: true - type: str - value: - description: - - Subnet segment value. - type: str - subnet_segment_count: - description: - - Number of IPv6 subnet segments. - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv6 address templates. - fortios_firewall_address6_template: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_address6_template: - ip6: "" - name: "default_name_4" - subnet_segment: - - - bits: "6" - exclusive: "enable" - id: "8" - name: "default_name_9" - values: - - - name: "default_name_11" - value: "" - subnet_segment_count: "13" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_address6_template_data(json): - option_list = ['ip6', 'name', 'subnet_segment', - 'subnet_segment_count'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_address6_template(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_address6_template'] and data['firewall_address6_template']: - state = data['firewall_address6_template']['state'] - else: - state = True - firewall_address6_template_data = data['firewall_address6_template'] - filtered_data = underscore_to_hyphen(filter_firewall_address6_template_data(firewall_address6_template_data)) - - if state == "present": - return fos.set('firewall', - 'address6-template', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'address6-template', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_address6_template']: - resp = firewall_address6_template(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_address6_template": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "ip6": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "subnet_segment": {"required": False, "type": "list", - "options": { - "bits": {"required": False, "type": "int"}, - "exclusive": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "id": {"required": True, "type": "int"}, - "name": {"required": False, "type": "str"}, - "values": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"}, - "value": {"required": False, "type": "str"} - }} - }}, - "subnet_segment_count": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_addrgrp.py b/lib/ansible/modules/network/fortios/fortios_firewall_addrgrp.py deleted file mode 100644 index ea63a365298..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_addrgrp.py +++ /dev/null @@ -1,428 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_addrgrp -short_description: Configure IPv4 address groups in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and addrgrp category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_addrgrp: - description: - - Configure IPv4 address groups. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - allow_routing: - description: - - Enable/disable use of this group in the static route configuration. - type: str - choices: - - enable - - disable - color: - description: - - Color of icon on the GUI. - type: int - comment: - description: - - Comment. - type: str - member: - description: - - Address objects contained within the group. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - name: - description: - - Address group name. - required: true - type: str - tagging: - description: - - Config object tagging. - type: list - suboptions: - category: - description: - - Tag category. Source system.object-tagging.category. - type: str - name: - description: - - Tagging entry name. - required: true - type: str - tags: - description: - - Tags. - type: list - suboptions: - name: - description: - - Tag name. Source system.object-tagging.tags.name. - required: true - type: str - uuid: - description: - - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). - type: str - visibility: - description: - - Enable/disable address visibility in the GUI. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv4 address groups. - fortios_firewall_addrgrp: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_addrgrp: - allow_routing: "enable" - color: "4" - comment: "Comment." - member: - - - name: "default_name_7 (source firewall.address.name firewall.addrgrp.name)" - name: "default_name_8" - tagging: - - - category: " (source system.object-tagging.category)" - name: "default_name_11" - tags: - - - name: "default_name_13 (source system.object-tagging.tags.name)" - uuid: "" - visibility: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_addrgrp_data(json): - option_list = ['allow_routing', 'color', 'comment', - 'member', 'name', 'tagging', - 'uuid', 'visibility'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_addrgrp(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_addrgrp'] and data['firewall_addrgrp']: - state = data['firewall_addrgrp']['state'] - else: - state = True - firewall_addrgrp_data = data['firewall_addrgrp'] - filtered_data = underscore_to_hyphen(filter_firewall_addrgrp_data(firewall_addrgrp_data)) - - if state == "present": - return fos.set('firewall', - 'addrgrp', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'addrgrp', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_addrgrp']: - resp = firewall_addrgrp(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_addrgrp": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "allow_routing": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "color": {"required": False, "type": "int"}, - "comment": {"required": False, "type": "str"}, - "member": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "name": {"required": True, "type": "str"}, - "tagging": {"required": False, "type": "list", - "options": { - "category": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "tags": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }} - }}, - "uuid": {"required": False, "type": "str"}, - "visibility": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_addrgrp6.py b/lib/ansible/modules/network/fortios/fortios_firewall_addrgrp6.py deleted file mode 100644 index 1eff778c694..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_addrgrp6.py +++ /dev/null @@ -1,418 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_addrgrp6 -short_description: Configure IPv6 address groups in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and addrgrp6 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_addrgrp6: - description: - - Configure IPv6 address groups. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - color: - description: - - Integer value to determine the color of the icon in the GUI (1 - 32). - type: int - comment: - description: - - Comment. - type: str - member: - description: - - Address objects contained within the group. - type: list - suboptions: - name: - description: - - Address6/addrgrp6 name. Source firewall.address6.name firewall.addrgrp6.name. - required: true - type: str - name: - description: - - IPv6 address group name. - required: true - type: str - tagging: - description: - - Config object tagging. - type: list - suboptions: - category: - description: - - Tag category. Source system.object-tagging.category. - type: str - name: - description: - - Tagging entry name. - required: true - type: str - tags: - description: - - Tags. - type: list - suboptions: - name: - description: - - Tag name. Source system.object-tagging.tags.name. - required: true - type: str - uuid: - description: - - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). - type: str - visibility: - description: - - Enable/disable address group6 visibility in the GUI. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv6 address groups. - fortios_firewall_addrgrp6: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_addrgrp6: - color: "3" - comment: "Comment." - member: - - - name: "default_name_6 (source firewall.address6.name firewall.addrgrp6.name)" - name: "default_name_7" - tagging: - - - category: " (source system.object-tagging.category)" - name: "default_name_10" - tags: - - - name: "default_name_12 (source system.object-tagging.tags.name)" - uuid: "" - visibility: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_addrgrp6_data(json): - option_list = ['color', 'comment', 'member', - 'name', 'tagging', 'uuid', - 'visibility'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_addrgrp6(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_addrgrp6'] and data['firewall_addrgrp6']: - state = data['firewall_addrgrp6']['state'] - else: - state = True - firewall_addrgrp6_data = data['firewall_addrgrp6'] - filtered_data = underscore_to_hyphen(filter_firewall_addrgrp6_data(firewall_addrgrp6_data)) - - if state == "present": - return fos.set('firewall', - 'addrgrp6', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'addrgrp6', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_addrgrp6']: - resp = firewall_addrgrp6(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_addrgrp6": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "color": {"required": False, "type": "int"}, - "comment": {"required": False, "type": "str"}, - "member": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "name": {"required": True, "type": "str"}, - "tagging": {"required": False, "type": "list", - "options": { - "category": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "tags": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }} - }}, - "uuid": {"required": False, "type": "str"}, - "visibility": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_auth_portal.py b/lib/ansible/modules/network/fortios/fortios_firewall_auth_portal.py deleted file mode 100644 index 085325f269b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_auth_portal.py +++ /dev/null @@ -1,320 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_auth_portal -short_description: Configure firewall authentication portals in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and auth_portal category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - firewall_auth_portal: - description: - - Configure firewall authentication portals. - default: null - type: dict - suboptions: - groups: - description: - - Firewall user groups permitted to authenticate through this portal. Separate group names with spaces. - type: list - suboptions: - name: - description: - - Group name. Source user.group.name. - required: true - type: str - identity_based_route: - description: - - Name of the identity-based route that applies to this portal. Source firewall.identity-based-route.name. - type: str - portal_addr: - description: - - Address (or FQDN) of the authentication portal. - type: str - portal_addr6: - description: - - IPv6 address (or FQDN) of authentication portal. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure firewall authentication portals. - fortios_firewall_auth_portal: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - firewall_auth_portal: - groups: - - - name: "default_name_4 (source user.group.name)" - identity_based_route: " (source firewall.identity-based-route.name)" - portal_addr: "" - portal_addr6: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_auth_portal_data(json): - option_list = ['groups', 'identity_based_route', 'portal_addr', - 'portal_addr6'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_auth_portal(data, fos): - vdom = data['vdom'] - firewall_auth_portal_data = data['firewall_auth_portal'] - filtered_data = underscore_to_hyphen(filter_firewall_auth_portal_data(firewall_auth_portal_data)) - - return fos.set('firewall', - 'auth-portal', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_auth_portal']: - resp = firewall_auth_portal(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "firewall_auth_portal": { - "required": False, "type": "dict", "default": None, - "options": { - "groups": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "identity_based_route": {"required": False, "type": "str"}, - "portal_addr": {"required": False, "type": "str"}, - "portal_addr6": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_central_snat_map.py b/lib/ansible/modules/network/fortios/fortios_firewall_central_snat_map.py deleted file mode 100644 index fb44e63ab03..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_central_snat_map.py +++ /dev/null @@ -1,463 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_central_snat_map -short_description: Configure central SNAT policies in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and central_snat_map category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_central_snat_map: - description: - - Configure central SNAT policies. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - comments: - description: - - Comment. - type: str - dst_addr: - description: - - Destination address name from available addresses. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - dstintf: - description: - - Destination interface name from available interfaces. - type: list - suboptions: - name: - description: - - Interface name. Source system.interface.name system.zone.name. - required: true - type: str - nat: - description: - - Enable/disable source NAT. - type: str - choices: - - disable - - enable - nat_ippool: - description: - - Name of the IP pools to be used to translate addresses from available IP Pools. - type: list - suboptions: - name: - description: - - IP pool name. Source firewall.ippool.name. - required: true - type: str - nat_port: - description: - - Translated port or port range (0 to 65535). - type: str - orig_addr: - description: - - Original address. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - orig_port: - description: - - Original TCP port (0 to 65535). - type: str - policyid: - description: - - Policy ID. - required: true - type: int - protocol: - description: - - Integer value for the protocol type (0 - 255). - type: int - srcintf: - description: - - Source interface name from available interfaces. - type: list - suboptions: - name: - description: - - Interface name. Source system.interface.name system.zone.name. - required: true - type: str - status: - description: - - Enable/disable the active status of this policy. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure central SNAT policies. - fortios_firewall_central_snat_map: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_central_snat_map: - comments: "" - dst_addr: - - - name: "default_name_5 (source firewall.address.name firewall.addrgrp.name)" - dstintf: - - - name: "default_name_7 (source system.interface.name system.zone.name)" - nat: "disable" - nat_ippool: - - - name: "default_name_10 (source firewall.ippool.name)" - nat_port: "" - orig_addr: - - - name: "default_name_13 (source firewall.address.name firewall.addrgrp.name)" - orig_port: "" - policyid: "15" - protocol: "16" - srcintf: - - - name: "default_name_18 (source system.interface.name system.zone.name)" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_central_snat_map_data(json): - option_list = ['comments', 'dst_addr', 'dstintf', - 'nat', 'nat_ippool', 'nat_port', - 'orig_addr', 'orig_port', 'policyid', - 'protocol', 'srcintf', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_central_snat_map(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_central_snat_map'] and data['firewall_central_snat_map']: - state = data['firewall_central_snat_map']['state'] - else: - state = True - firewall_central_snat_map_data = data['firewall_central_snat_map'] - filtered_data = underscore_to_hyphen(filter_firewall_central_snat_map_data(firewall_central_snat_map_data)) - - if state == "present": - return fos.set('firewall', - 'central-snat-map', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'central-snat-map', - mkey=filtered_data['policyid'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_central_snat_map']: - resp = firewall_central_snat_map(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_central_snat_map": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "comments": {"required": False, "type": "str"}, - "dst_addr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "dstintf": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "nat": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "nat_ippool": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "nat_port": {"required": False, "type": "str"}, - "orig_addr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "orig_port": {"required": False, "type": "str"}, - "policyid": {"required": True, "type": "int"}, - "protocol": {"required": False, "type": "int"}, - "srcintf": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_dnstranslation.py b/lib/ansible/modules/network/fortios/fortios_firewall_dnstranslation.py deleted file mode 100644 index 5f9c796b77b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_dnstranslation.py +++ /dev/null @@ -1,352 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_dnstranslation -short_description: Configure DNS translation in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and dnstranslation category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_dnstranslation: - description: - - Configure DNS translation. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - dst: - description: - - IPv4 address or subnet on the external network to substitute for the resolved address in DNS query replies. Can be single IP address or - subnet on the external network, but number of addresses must equal number of mapped IP addresses in src. - type: str - id: - description: - - ID. - required: true - type: int - netmask: - description: - - If src and dst are subnets rather than single IP addresses, enter the netmask for both src and dst. - type: str - src: - description: - - IPv4 address or subnet on the internal network to compare with the resolved address in DNS query replies. If the resolved address - matches, the resolved address is substituted with dst. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure DNS translation. - fortios_firewall_dnstranslation: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_dnstranslation: - dst: "" - id: "4" - netmask: "" - src: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_dnstranslation_data(json): - option_list = ['dst', 'id', 'netmask', - 'src'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_dnstranslation(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_dnstranslation'] and data['firewall_dnstranslation']: - state = data['firewall_dnstranslation']['state'] - else: - state = True - firewall_dnstranslation_data = data['firewall_dnstranslation'] - filtered_data = underscore_to_hyphen(filter_firewall_dnstranslation_data(firewall_dnstranslation_data)) - - if state == "present": - return fos.set('firewall', - 'dnstranslation', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'dnstranslation', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_dnstranslation']: - resp = firewall_dnstranslation(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_dnstranslation": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "dst": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "netmask": {"required": False, "type": "str"}, - "src": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_identity_based_route.py b/lib/ansible/modules/network/fortios/fortios_firewall_identity_based_route.py deleted file mode 100644 index fcdc6c4612f..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_identity_based_route.py +++ /dev/null @@ -1,383 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_identity_based_route -short_description: Configure identity based routing in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and identity_based_route category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_identity_based_route: - description: - - Configure identity based routing. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - comments: - description: - - Comments. - type: str - name: - description: - - Name. - required: true - type: str - rule: - description: - - Rule. - type: list - suboptions: - device: - description: - - Outgoing interface for the rule. Source system.interface.name. - type: str - gateway: - description: - - "IPv4 address of the gateway (Format: xxx.xxx.xxx.xxx )." - type: str - groups: - description: - - Select one or more group(s) from available groups that are allowed to use this route. Separate group names with a space. - type: list - suboptions: - name: - description: - - Group name. Source user.group.name. - required: true - type: str - id: - description: - - Rule ID. - required: true - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure identity based routing. - fortios_firewall_identity_based_route: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_identity_based_route: - comments: "" - name: "default_name_4" - rule: - - - device: " (source system.interface.name)" - gateway: "" - groups: - - - name: "default_name_9 (source user.group.name)" - id: "10" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_identity_based_route_data(json): - option_list = ['comments', 'name', 'rule'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_identity_based_route(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_identity_based_route'] and data['firewall_identity_based_route']: - state = data['firewall_identity_based_route']['state'] - else: - state = True - firewall_identity_based_route_data = data['firewall_identity_based_route'] - filtered_data = underscore_to_hyphen(filter_firewall_identity_based_route_data(firewall_identity_based_route_data)) - - if state == "present": - return fos.set('firewall', - 'identity-based-route', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'identity-based-route', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_identity_based_route']: - resp = firewall_identity_based_route(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_identity_based_route": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "comments": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "rule": {"required": False, "type": "list", - "options": { - "device": {"required": False, "type": "str"}, - "gateway": {"required": False, "type": "str"}, - "groups": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "id": {"required": True, "type": "int"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_interface_policy.py b/lib/ansible/modules/network/fortios/fortios_firewall_interface_policy.py deleted file mode 100644 index 433b83c264a..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_interface_policy.py +++ /dev/null @@ -1,555 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_interface_policy -short_description: Configure IPv4 interface policies in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and interface_policy category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_interface_policy: - description: - - Configure IPv4 interface policies. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - address_type: - description: - - Policy address type (IPv4 or IPv6). - type: str - choices: - - ipv4 - - ipv6 - application_list: - description: - - Application list name. Source application.list.name. - type: str - application_list_status: - description: - - Enable/disable application control. - type: str - choices: - - enable - - disable - av_profile: - description: - - Antivirus profile. Source antivirus.profile.name. - type: str - av_profile_status: - description: - - Enable/disable antivirus. - type: str - choices: - - enable - - disable - comments: - description: - - Comments. - type: str - dlp_sensor: - description: - - DLP sensor name. Source dlp.sensor.name. - type: str - dlp_sensor_status: - description: - - Enable/disable DLP. - type: str - choices: - - enable - - disable - dsri: - description: - - Enable/disable DSRI. - type: str - choices: - - enable - - disable - dstaddr: - description: - - Address object to limit traffic monitoring to network traffic sent to the specified address or range. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - interface: - description: - - Monitored interface name from available interfaces. Source system.zone.name system.interface.name. - type: str - ips_sensor: - description: - - IPS sensor name. Source ips.sensor.name. - type: str - ips_sensor_status: - description: - - Enable/disable IPS. - type: str - choices: - - enable - - disable - label: - description: - - Label. - type: str - logtraffic: - description: - - "Logging type to be used in this policy (Options: all | utm | disable)." - type: str - choices: - - all - - utm - - disable - policyid: - description: - - Policy ID. - required: true - type: int - scan_botnet_connections: - description: - - Enable/disable scanning for connections to Botnet servers. - type: str - choices: - - disable - - block - - monitor - service: - description: - - Service object from available options. - type: list - suboptions: - name: - description: - - Service name. Source firewall.service.custom.name firewall.service.group.name. - required: true - type: str - spamfilter_profile: - description: - - Antispam profile. Source spamfilter.profile.name. - type: str - spamfilter_profile_status: - description: - - Enable/disable antispam. - type: str - choices: - - enable - - disable - srcaddr: - description: - - Address object to limit traffic monitoring to network traffic sent from the specified address or range. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - status: - description: - - Enable/disable this policy. - type: str - choices: - - enable - - disable - webfilter_profile: - description: - - Web filter profile. Source webfilter.profile.name. - type: str - webfilter_profile_status: - description: - - Enable/disable web filtering. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv4 interface policies. - fortios_firewall_interface_policy: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_interface_policy: - address_type: "ipv4" - application_list: " (source application.list.name)" - application_list_status: "enable" - av_profile: " (source antivirus.profile.name)" - av_profile_status: "enable" - comments: "" - dlp_sensor: " (source dlp.sensor.name)" - dlp_sensor_status: "enable" - dsri: "enable" - dstaddr: - - - name: "default_name_13 (source firewall.address.name firewall.addrgrp.name)" - interface: " (source system.zone.name system.interface.name)" - ips_sensor: " (source ips.sensor.name)" - ips_sensor_status: "enable" - label: "" - logtraffic: "all" - policyid: "19" - scan_botnet_connections: "disable" - service: - - - name: "default_name_22 (source firewall.service.custom.name firewall.service.group.name)" - spamfilter_profile: " (source spamfilter.profile.name)" - spamfilter_profile_status: "enable" - srcaddr: - - - name: "default_name_26 (source firewall.address.name firewall.addrgrp.name)" - status: "enable" - webfilter_profile: " (source webfilter.profile.name)" - webfilter_profile_status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_interface_policy_data(json): - option_list = ['address_type', 'application_list', 'application_list_status', - 'av_profile', 'av_profile_status', 'comments', - 'dlp_sensor', 'dlp_sensor_status', 'dsri', - 'dstaddr', 'interface', 'ips_sensor', - 'ips_sensor_status', 'label', 'logtraffic', - 'policyid', 'scan_botnet_connections', 'service', - 'spamfilter_profile', 'spamfilter_profile_status', 'srcaddr', - 'status', 'webfilter_profile', 'webfilter_profile_status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_interface_policy(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_interface_policy'] and data['firewall_interface_policy']: - state = data['firewall_interface_policy']['state'] - else: - state = True - firewall_interface_policy_data = data['firewall_interface_policy'] - filtered_data = underscore_to_hyphen(filter_firewall_interface_policy_data(firewall_interface_policy_data)) - - if state == "present": - return fos.set('firewall', - 'interface-policy', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'interface-policy', - mkey=filtered_data['policyid'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_interface_policy']: - resp = firewall_interface_policy(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_interface_policy": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "address_type": {"required": False, "type": "str", - "choices": ["ipv4", "ipv6"]}, - "application_list": {"required": False, "type": "str"}, - "application_list_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "av_profile": {"required": False, "type": "str"}, - "av_profile_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "comments": {"required": False, "type": "str"}, - "dlp_sensor": {"required": False, "type": "str"}, - "dlp_sensor_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dsri": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dstaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "interface": {"required": False, "type": "str"}, - "ips_sensor": {"required": False, "type": "str"}, - "ips_sensor_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "label": {"required": False, "type": "str"}, - "logtraffic": {"required": False, "type": "str", - "choices": ["all", "utm", "disable"]}, - "policyid": {"required": True, "type": "int"}, - "scan_botnet_connections": {"required": False, "type": "str", - "choices": ["disable", "block", "monitor"]}, - "service": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "spamfilter_profile": {"required": False, "type": "str"}, - "spamfilter_profile_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "srcaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "webfilter_profile": {"required": False, "type": "str"}, - "webfilter_profile_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_interface_policy6.py b/lib/ansible/modules/network/fortios/fortios_firewall_interface_policy6.py deleted file mode 100644 index 6cdde1d5024..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_interface_policy6.py +++ /dev/null @@ -1,555 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_interface_policy6 -short_description: Configure IPv6 interface policies in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and interface_policy6 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_interface_policy6: - description: - - Configure IPv6 interface policies. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - address_type: - description: - - Policy address type (IPv4 or IPv6). - type: str - choices: - - ipv4 - - ipv6 - application_list: - description: - - Application list name. Source application.list.name. - type: str - application_list_status: - description: - - Enable/disable application control. - type: str - choices: - - enable - - disable - av_profile: - description: - - Antivirus profile. Source antivirus.profile.name. - type: str - av_profile_status: - description: - - Enable/disable antivirus. - type: str - choices: - - enable - - disable - comments: - description: - - Comments. - type: str - dlp_sensor: - description: - - DLP sensor name. Source dlp.sensor.name. - type: str - dlp_sensor_status: - description: - - Enable/disable DLP. - type: str - choices: - - enable - - disable - dsri: - description: - - Enable/disable DSRI. - type: str - choices: - - enable - - disable - dstaddr6: - description: - - IPv6 address object to limit traffic monitoring to network traffic sent to the specified address or range. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address6.name firewall.addrgrp6.name. - required: true - type: str - interface: - description: - - Monitored interface name from available interfaces. Source system.zone.name system.interface.name. - type: str - ips_sensor: - description: - - IPS sensor name. Source ips.sensor.name. - type: str - ips_sensor_status: - description: - - Enable/disable IPS. - type: str - choices: - - enable - - disable - label: - description: - - Label. - type: str - logtraffic: - description: - - "Logging type to be used in this policy (Options: all | utm | disable)." - type: str - choices: - - all - - utm - - disable - policyid: - description: - - Policy ID. - required: true - type: int - scan_botnet_connections: - description: - - Enable/disable scanning for connections to Botnet servers. - type: str - choices: - - disable - - block - - monitor - service6: - description: - - Service name. - type: list - suboptions: - name: - description: - - Address name. Source firewall.service.custom.name firewall.service.group.name. - required: true - type: str - spamfilter_profile: - description: - - Antispam profile. Source spamfilter.profile.name. - type: str - spamfilter_profile_status: - description: - - Enable/disable antispam. - type: str - choices: - - enable - - disable - srcaddr6: - description: - - IPv6 address object to limit traffic monitoring to network traffic sent from the specified address or range. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address6.name firewall.addrgrp6.name. - required: true - type: str - status: - description: - - Enable/disable this policy. - type: str - choices: - - enable - - disable - webfilter_profile: - description: - - Web filter profile. Source webfilter.profile.name. - type: str - webfilter_profile_status: - description: - - Enable/disable web filtering. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv6 interface policies. - fortios_firewall_interface_policy6: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_interface_policy6: - address_type: "ipv4" - application_list: " (source application.list.name)" - application_list_status: "enable" - av_profile: " (source antivirus.profile.name)" - av_profile_status: "enable" - comments: "" - dlp_sensor: " (source dlp.sensor.name)" - dlp_sensor_status: "enable" - dsri: "enable" - dstaddr6: - - - name: "default_name_13 (source firewall.address6.name firewall.addrgrp6.name)" - interface: " (source system.zone.name system.interface.name)" - ips_sensor: " (source ips.sensor.name)" - ips_sensor_status: "enable" - label: "" - logtraffic: "all" - policyid: "19" - scan_botnet_connections: "disable" - service6: - - - name: "default_name_22 (source firewall.service.custom.name firewall.service.group.name)" - spamfilter_profile: " (source spamfilter.profile.name)" - spamfilter_profile_status: "enable" - srcaddr6: - - - name: "default_name_26 (source firewall.address6.name firewall.addrgrp6.name)" - status: "enable" - webfilter_profile: " (source webfilter.profile.name)" - webfilter_profile_status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_interface_policy6_data(json): - option_list = ['address_type', 'application_list', 'application_list_status', - 'av_profile', 'av_profile_status', 'comments', - 'dlp_sensor', 'dlp_sensor_status', 'dsri', - 'dstaddr6', 'interface', 'ips_sensor', - 'ips_sensor_status', 'label', 'logtraffic', - 'policyid', 'scan_botnet_connections', 'service6', - 'spamfilter_profile', 'spamfilter_profile_status', 'srcaddr6', - 'status', 'webfilter_profile', 'webfilter_profile_status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_interface_policy6(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_interface_policy6'] and data['firewall_interface_policy6']: - state = data['firewall_interface_policy6']['state'] - else: - state = True - firewall_interface_policy6_data = data['firewall_interface_policy6'] - filtered_data = underscore_to_hyphen(filter_firewall_interface_policy6_data(firewall_interface_policy6_data)) - - if state == "present": - return fos.set('firewall', - 'interface-policy6', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'interface-policy6', - mkey=filtered_data['policyid'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_interface_policy6']: - resp = firewall_interface_policy6(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_interface_policy6": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "address_type": {"required": False, "type": "str", - "choices": ["ipv4", "ipv6"]}, - "application_list": {"required": False, "type": "str"}, - "application_list_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "av_profile": {"required": False, "type": "str"}, - "av_profile_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "comments": {"required": False, "type": "str"}, - "dlp_sensor": {"required": False, "type": "str"}, - "dlp_sensor_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dsri": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dstaddr6": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "interface": {"required": False, "type": "str"}, - "ips_sensor": {"required": False, "type": "str"}, - "ips_sensor_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "label": {"required": False, "type": "str"}, - "logtraffic": {"required": False, "type": "str", - "choices": ["all", "utm", "disable"]}, - "policyid": {"required": True, "type": "int"}, - "scan_botnet_connections": {"required": False, "type": "str", - "choices": ["disable", "block", "monitor"]}, - "service6": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "spamfilter_profile": {"required": False, "type": "str"}, - "spamfilter_profile_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "srcaddr6": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "webfilter_profile": {"required": False, "type": "str"}, - "webfilter_profile_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_internet_service.py b/lib/ansible/modules/network/fortios/fortios_firewall_internet_service.py deleted file mode 100644 index 87188c7f13d..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_internet_service.py +++ /dev/null @@ -1,425 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_internet_service -short_description: Show Internet Service application in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and internet_service category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_internet_service: - description: - - Show Internet Service application. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - database: - description: - - Database name this Internet Service belongs to. - type: str - choices: - - isdb - - irdb - direction: - description: - - How this service may be used in a firewall policy (source, destination or both). - type: str - choices: - - src - - dst - - both - entry: - description: - - Entries in the Internet Service database. - type: list - suboptions: - id: - description: - - Entry ID. - required: true - type: int - ip_number: - description: - - Total number of IP addresses. - type: int - ip_range_number: - description: - - Total number of IP ranges. - type: int - port: - description: - - Integer value for the TCP/IP port (0 - 65535). - type: int - protocol: - description: - - Integer value for the protocol type as defined by IANA (0 - 255). - type: int - icon_id: - description: - - Icon ID of Internet Service. - type: int - id: - description: - - Internet Service ID. - required: true - type: int - name: - description: - - Internet Service name. - type: str - offset: - description: - - Offset of Internet Service ID. - type: int - reputation: - description: - - Reputation level of the Internet Service. - type: int - sld_id: - description: - - Second Level Domain. - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Show Internet Service application. - fortios_firewall_internet_service: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_internet_service: - database: "isdb" - direction: "src" - entry: - - - id: "6" - ip_number: "7" - ip_range_number: "8" - port: "9" - protocol: "10" - icon_id: "11" - id: "12" - name: "default_name_13" - offset: "14" - reputation: "15" - sld_id: "16" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_internet_service_data(json): - option_list = ['database', 'direction', 'entry', - 'icon_id', 'id', 'name', - 'offset', 'reputation', 'sld_id'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_internet_service(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_internet_service'] and data['firewall_internet_service']: - state = data['firewall_internet_service']['state'] - else: - state = True - firewall_internet_service_data = data['firewall_internet_service'] - filtered_data = underscore_to_hyphen(filter_firewall_internet_service_data(firewall_internet_service_data)) - - if state == "present": - return fos.set('firewall', - 'internet-service', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'internet-service', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_internet_service']: - resp = firewall_internet_service(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_internet_service": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "database": {"required": False, "type": "str", - "choices": ["isdb", "irdb"]}, - "direction": {"required": False, "type": "str", - "choices": ["src", "dst", "both"]}, - "entry": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "ip_number": {"required": False, "type": "int"}, - "ip_range_number": {"required": False, "type": "int"}, - "port": {"required": False, "type": "int"}, - "protocol": {"required": False, "type": "int"} - }}, - "icon_id": {"required": False, "type": "int"}, - "id": {"required": True, "type": "int"}, - "name": {"required": False, "type": "str"}, - "offset": {"required": False, "type": "int"}, - "reputation": {"required": False, "type": "int"}, - "sld_id": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_internet_service_custom.py b/lib/ansible/modules/network/fortios/fortios_firewall_internet_service_custom.py deleted file mode 100644 index 169fcce8e29..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_internet_service_custom.py +++ /dev/null @@ -1,472 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_internet_service_custom -short_description: Configure custom Internet Services in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and internet_service_custom category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_internet_service_custom: - description: - - Configure custom Internet Services. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - comment: - description: - - Comment. - type: str - disable_entry: - description: - - Disable entries in the Internet Service database. - type: list - suboptions: - id: - description: - - Disable entry ID. - required: true - type: int - ip_range: - description: - - IP ranges in the disable entry. - type: list - suboptions: - end_ip: - description: - - End IP address. - type: str - id: - description: - - Disable entry range ID. - required: true - type: int - start_ip: - description: - - Start IP address. - type: str - port: - description: - - Integer value for the TCP/IP port (0 - 65535). - type: int - protocol: - description: - - Integer value for the protocol type as defined by IANA (0 - 255). - type: int - entry: - description: - - Entries added to the Internet Service database and custom database. - type: list - suboptions: - dst: - description: - - Destination address or address group name. - type: list - suboptions: - name: - description: - - Select the destination address or address group object from available options. Source firewall.address.name firewall - .addrgrp.name. - required: true - type: str - id: - description: - - Entry ID(1-255). - required: true - type: int - port_range: - description: - - Port ranges in the custom entry. - type: list - suboptions: - end_port: - description: - - Integer value for ending TCP/UDP/SCTP destination port in range (1 to 65535). - type: int - id: - description: - - Custom entry port range ID. - required: true - type: int - start_port: - description: - - Integer value for starting TCP/UDP/SCTP destination port in range (1 to 65535). - type: int - protocol: - description: - - Integer value for the protocol type as defined by IANA (0 - 255). - type: int - master_service_id: - description: - - Internet Service ID in the Internet Service database. Source firewall.internet-service.id. - type: int - name: - description: - - Internet Service name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure custom Internet Services. - fortios_firewall_internet_service_custom: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_internet_service_custom: - comment: "Comment." - disable_entry: - - - id: "5" - ip_range: - - - end_ip: "" - id: "8" - start_ip: "" - port: "10" - protocol: "11" - entry: - - - dst: - - - name: "default_name_14 (source firewall.address.name firewall.addrgrp.name)" - id: "15" - port_range: - - - end_port: "17" - id: "18" - start_port: "19" - protocol: "20" - master_service_id: "21 (source firewall.internet-service.id)" - name: "default_name_22" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_internet_service_custom_data(json): - option_list = ['comment', 'disable_entry', 'entry', - 'master_service_id', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_internet_service_custom(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_internet_service_custom'] and data['firewall_internet_service_custom']: - state = data['firewall_internet_service_custom']['state'] - else: - state = True - firewall_internet_service_custom_data = data['firewall_internet_service_custom'] - filtered_data = underscore_to_hyphen(filter_firewall_internet_service_custom_data(firewall_internet_service_custom_data)) - - if state == "present": - return fos.set('firewall', - 'internet-service-custom', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'internet-service-custom', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_internet_service_custom']: - resp = firewall_internet_service_custom(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_internet_service_custom": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "comment": {"required": False, "type": "str"}, - "disable_entry": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "ip_range": {"required": False, "type": "list", - "options": { - "end_ip": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "start_ip": {"required": False, "type": "str"} - }}, - "port": {"required": False, "type": "int"}, - "protocol": {"required": False, "type": "int"} - }}, - "entry": {"required": False, "type": "list", - "options": { - "dst": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "id": {"required": True, "type": "int"}, - "port_range": {"required": False, "type": "list", - "options": { - "end_port": {"required": False, "type": "int"}, - "id": {"required": True, "type": "int"}, - "start_port": {"required": False, "type": "int"} - }}, - "protocol": {"required": False, "type": "int"} - }}, - "master_service_id": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_internet_service_group.py b/lib/ansible/modules/network/fortios/fortios_firewall_internet_service_group.py deleted file mode 100644 index 4081bab9135..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_internet_service_group.py +++ /dev/null @@ -1,354 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_internet_service_group -short_description: Configure group of Internet Service in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and internet_service_group category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_internet_service_group: - description: - - Configure group of Internet Service. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - comment: - description: - - Comment. - type: str - member: - description: - - Internet Service group member. - type: list - suboptions: - id: - description: - - Internet Service ID. Source firewall.internet-service.id. - required: true - type: int - name: - description: - - Internet Service group name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure group of Internet Service. - fortios_firewall_internet_service_group: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_internet_service_group: - comment: "Comment." - member: - - - id: "5 (source firewall.internet-service.id)" - name: "default_name_6" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_internet_service_group_data(json): - option_list = ['comment', 'member', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_internet_service_group(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_internet_service_group'] and data['firewall_internet_service_group']: - state = data['firewall_internet_service_group']['state'] - else: - state = True - firewall_internet_service_group_data = data['firewall_internet_service_group'] - filtered_data = underscore_to_hyphen(filter_firewall_internet_service_group_data(firewall_internet_service_group_data)) - - if state == "present": - return fos.set('firewall', - 'internet-service-group', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'internet-service-group', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_internet_service_group']: - resp = firewall_internet_service_group(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_internet_service_group": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "comment": {"required": False, "type": "str"}, - "member": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_ip_translation.py b/lib/ansible/modules/network/fortios/fortios_firewall_ip_translation.py deleted file mode 100644 index 79fec1d5fe7..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_ip_translation.py +++ /dev/null @@ -1,359 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_ip_translation -short_description: Configure firewall IP-translation in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and ip_translation category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_ip_translation: - description: - - Configure firewall IP-translation. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - endip: - description: - - "Final IPv4 address (inclusive) in the range of the addresses to be translated (format xxx.xxx.xxx.xxx)." - type: str - map_startip: - description: - - "Address to be used as the starting point for translation in the range (format xxx.xxx.xxx.xxx)." - type: str - startip: - description: - - "First IPv4 address (inclusive) in the range of the addresses to be translated (format xxx.xxx.xxx.xxx)." - type: str - transid: - description: - - IP translation ID. - required: true - type: int - type: - description: - - "IP translation type (option: SCTP)." - type: str - choices: - - SCTP -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure firewall IP-translation. - fortios_firewall_ip_translation: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_ip_translation: - endip: "" - map_startip: "" - startip: "" - transid: "6" - type: "SCTP" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_ip_translation_data(json): - option_list = ['endip', 'map_startip', 'startip', - 'transid', 'type'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_ip_translation(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_ip_translation'] and data['firewall_ip_translation']: - state = data['firewall_ip_translation']['state'] - else: - state = True - firewall_ip_translation_data = data['firewall_ip_translation'] - filtered_data = underscore_to_hyphen(filter_firewall_ip_translation_data(firewall_ip_translation_data)) - - if state == "present": - return fos.set('firewall', - 'ip-translation', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'ip-translation', - mkey=filtered_data['transid'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_ip_translation']: - resp = firewall_ip_translation(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_ip_translation": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "endip": {"required": False, "type": "str"}, - "map_startip": {"required": False, "type": "str"}, - "startip": {"required": False, "type": "str"}, - "transid": {"required": True, "type": "int"}, - "type": {"required": False, "type": "str", - "choices": ["SCTP"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_ipmacbinding_setting.py b/lib/ansible/modules/network/fortios/fortios_firewall_ipmacbinding_setting.py deleted file mode 100644 index 658d686ad23..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_ipmacbinding_setting.py +++ /dev/null @@ -1,314 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_ipmacbinding_setting -short_description: Configure IP to MAC binding settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall_ipmacbinding feature and setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - firewall_ipmacbinding_setting: - description: - - Configure IP to MAC binding settings. - default: null - type: dict - suboptions: - bindthroughfw: - description: - - Enable/disable use of IP/MAC binding to filter packets that would normally go through the firewall. - type: str - choices: - - enable - - disable - bindtofw: - description: - - Enable/disable use of IP/MAC binding to filter packets that would normally go to the firewall. - type: str - choices: - - enable - - disable - undefinedhost: - description: - - Select action to take on packets with IP/MAC addresses not in the binding list . - type: str - choices: - - allow - - block -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IP to MAC binding settings. - fortios_firewall_ipmacbinding_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - firewall_ipmacbinding_setting: - bindthroughfw: "enable" - bindtofw: "enable" - undefinedhost: "allow" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_ipmacbinding_setting_data(json): - option_list = ['bindthroughfw', 'bindtofw', 'undefinedhost'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_ipmacbinding_setting(data, fos): - vdom = data['vdom'] - firewall_ipmacbinding_setting_data = data['firewall_ipmacbinding_setting'] - filtered_data = underscore_to_hyphen(filter_firewall_ipmacbinding_setting_data(firewall_ipmacbinding_setting_data)) - - return fos.set('firewall.ipmacbinding', - 'setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall_ipmacbinding(data, fos): - - if data['firewall_ipmacbinding_setting']: - resp = firewall_ipmacbinding_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "firewall_ipmacbinding_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "bindthroughfw": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "bindtofw": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "undefinedhost": {"required": False, "type": "str", - "choices": ["allow", "block"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall_ipmacbinding(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall_ipmacbinding(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_ipmacbinding_table.py b/lib/ansible/modules/network/fortios/fortios_firewall_ipmacbinding_table.py deleted file mode 100644 index 5f1a468f31c..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_ipmacbinding_table.py +++ /dev/null @@ -1,359 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_ipmacbinding_table -short_description: Configure IP to MAC address pairs in the IP/MAC binding table in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall_ipmacbinding feature and table category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_ipmacbinding_table: - description: - - Configure IP to MAC address pairs in the IP/MAC binding table. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - ip: - description: - - "IPv4 address portion of the pair (format: xxx.xxx.xxx.xxx)." - type: str - mac: - description: - - "MAC address portion of the pair (format: xx:xx:xx:xx:xx:xx in hexidecimal)." - type: str - name: - description: - - Name of the pair (optional). - type: str - seq_num: - description: - - Entry number. - type: int - status: - description: - - Enable/disable this IP-mac binding pair. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IP to MAC address pairs in the IP/MAC binding table. - fortios_firewall_ipmacbinding_table: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_ipmacbinding_table: - ip: "" - mac: "" - name: "default_name_5" - seq_num: "6" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_ipmacbinding_table_data(json): - option_list = ['ip', 'mac', 'name', - 'seq_num', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_ipmacbinding_table(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_ipmacbinding_table'] and data['firewall_ipmacbinding_table']: - state = data['firewall_ipmacbinding_table']['state'] - else: - state = True - firewall_ipmacbinding_table_data = data['firewall_ipmacbinding_table'] - filtered_data = underscore_to_hyphen(filter_firewall_ipmacbinding_table_data(firewall_ipmacbinding_table_data)) - - if state == "present": - return fos.set('firewall.ipmacbinding', - 'table', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall.ipmacbinding', - 'table', - mkey=filtered_data['seq-num'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall_ipmacbinding(data, fos): - - if data['firewall_ipmacbinding_table']: - resp = firewall_ipmacbinding_table(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_ipmacbinding_table": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "ip": {"required": False, "type": "str"}, - "mac": {"required": False, "type": "str"}, - "name": {"required": False, "type": "str"}, - "seq_num": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall_ipmacbinding(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall_ipmacbinding(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_ippool.py b/lib/ansible/modules/network/fortios/fortios_firewall_ippool.py deleted file mode 100644 index 67def2f4d02..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_ippool.py +++ /dev/null @@ -1,428 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_ippool -short_description: Configure IPv4 IP pools in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and ippool category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_ippool: - description: - - Configure IPv4 IP pools. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - arp_intf: - description: - - Select an interface from available options that will reply to ARP requests. (If blank, any is selected). Source system.interface.name. - type: str - arp_reply: - description: - - Enable/disable replying to ARP requests when an IP Pool is added to a policy . - type: str - choices: - - disable - - enable - associated_interface: - description: - - Associated interface name. Source system.interface.name. - type: str - block_size: - description: - - Number of addresses in a block (64 to 4096). - type: int - comments: - description: - - Comment. - type: str - endip: - description: - - "Final IPv4 address (inclusive) in the range for the address pool (format xxx.xxx.xxx.xxx)." - type: str - name: - description: - - IP pool name. - required: true - type: str - num_blocks_per_user: - description: - - Number of addresses blocks that can be used by a user (1 to 128). - type: int - pba_timeout: - description: - - Port block allocation timeout (seconds). - type: int - permit_any_host: - description: - - Enable/disable full cone NAT. - type: str - choices: - - disable - - enable - source_endip: - description: - - "Final IPv4 address (inclusive) in the range of the source addresses to be translated (format xxx.xxx.xxx.xxx)." - type: str - source_startip: - description: - - " First IPv4 address (inclusive) in the range of the source addresses to be translated (format xxx.xxx.xxx.xxx)." - type: str - startip: - description: - - "First IPv4 address (inclusive) in the range for the address pool (format xxx.xxx.xxx.xxx)." - type: str - type: - description: - - IP pool type (overload, one-to-one, fixed port range, or port block allocation). - type: str - choices: - - overload - - one-to-one - - fixed-port-range - - port-block-allocation -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv4 IP pools. - fortios_firewall_ippool: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_ippool: - arp_intf: " (source system.interface.name)" - arp_reply: "disable" - associated_interface: " (source system.interface.name)" - block_size: "6" - comments: "" - endip: "" - name: "default_name_9" - num_blocks_per_user: "10" - pba_timeout: "11" - permit_any_host: "disable" - source_endip: "" - source_startip: "" - startip: "" - type: "overload" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_ippool_data(json): - option_list = ['arp_intf', 'arp_reply', 'associated_interface', - 'block_size', 'comments', 'endip', - 'name', 'num_blocks_per_user', 'pba_timeout', - 'permit_any_host', 'source_endip', 'source_startip', - 'startip', 'type'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_ippool(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_ippool'] and data['firewall_ippool']: - state = data['firewall_ippool']['state'] - else: - state = True - firewall_ippool_data = data['firewall_ippool'] - filtered_data = underscore_to_hyphen(filter_firewall_ippool_data(firewall_ippool_data)) - - if state == "present": - return fos.set('firewall', - 'ippool', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'ippool', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_ippool']: - resp = firewall_ippool(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_ippool": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "arp_intf": {"required": False, "type": "str"}, - "arp_reply": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "associated_interface": {"required": False, "type": "str"}, - "block_size": {"required": False, "type": "int"}, - "comments": {"required": False, "type": "str"}, - "endip": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "num_blocks_per_user": {"required": False, "type": "int"}, - "pba_timeout": {"required": False, "type": "int"}, - "permit_any_host": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "source_endip": {"required": False, "type": "str"}, - "source_startip": {"required": False, "type": "str"}, - "startip": {"required": False, "type": "str"}, - "type": {"required": False, "type": "str", - "choices": ["overload", "one-to-one", "fixed-port-range", - "port-block-allocation"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_ippool6.py b/lib/ansible/modules/network/fortios/fortios_firewall_ippool6.py deleted file mode 100644 index 0dbd9b0413a..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_ippool6.py +++ /dev/null @@ -1,350 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_ippool6 -short_description: Configure IPv6 IP pools in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and ippool6 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_ippool6: - description: - - Configure IPv6 IP pools. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - comments: - description: - - Comment. - type: str - endip: - description: - - "Final IPv6 address (inclusive) in the range for the address pool (format xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx)." - type: str - name: - description: - - IPv6 IP pool name. - required: true - type: str - startip: - description: - - "First IPv6 address (inclusive) in the range for the address pool (format xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx)." - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv6 IP pools. - fortios_firewall_ippool6: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_ippool6: - comments: "" - endip: "" - name: "default_name_5" - startip: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_ippool6_data(json): - option_list = ['comments', 'endip', 'name', - 'startip'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_ippool6(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_ippool6'] and data['firewall_ippool6']: - state = data['firewall_ippool6']['state'] - else: - state = True - firewall_ippool6_data = data['firewall_ippool6'] - filtered_data = underscore_to_hyphen(filter_firewall_ippool6_data(firewall_ippool6_data)) - - if state == "present": - return fos.set('firewall', - 'ippool6', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'ippool6', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_ippool6']: - resp = firewall_ippool6(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_ippool6": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "comments": {"required": False, "type": "str"}, - "endip": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "startip": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_ipv6_eh_filter.py b/lib/ansible/modules/network/fortios/fortios_firewall_ipv6_eh_filter.py deleted file mode 100644 index 49631b2851f..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_ipv6_eh_filter.py +++ /dev/null @@ -1,358 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_ipv6_eh_filter -short_description: Configure IPv6 extension header filter in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and ipv6_eh_filter category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - firewall_ipv6_eh_filter: - description: - - Configure IPv6 extension header filter. - default: null - type: dict - suboptions: - auth: - description: - - Enable/disable blocking packets with the Authentication header . - type: str - choices: - - enable - - disable - dest_opt: - description: - - Enable/disable blocking packets with Destination Options headers . - type: str - choices: - - enable - - disable - fragment: - description: - - Enable/disable blocking packets with the Fragment header . - type: str - choices: - - enable - - disable - hdopt_type: - description: - - Block specific Hop-by-Hop and/or Destination Option types (max. 7 types, each between 0 and 255). - type: int - hop_opt: - description: - - Enable/disable blocking packets with the Hop-by-Hop Options header . - type: str - choices: - - enable - - disable - no_next: - description: - - Enable/disable blocking packets with the No Next header - type: str - choices: - - enable - - disable - routing: - description: - - Enable/disable blocking packets with Routing headers . - type: str - choices: - - enable - - disable - routing_type: - description: - - Block specific Routing header types (max. 7 types, each between 0 and 255). - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv6 extension header filter. - fortios_firewall_ipv6_eh_filter: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - firewall_ipv6_eh_filter: - auth: "enable" - dest_opt: "enable" - fragment: "enable" - hdopt_type: "6" - hop_opt: "enable" - no_next: "enable" - routing: "enable" - routing_type: "10" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_ipv6_eh_filter_data(json): - option_list = ['auth', 'dest_opt', 'fragment', - 'hdopt_type', 'hop_opt', 'no_next', - 'routing', 'routing_type'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_ipv6_eh_filter(data, fos): - vdom = data['vdom'] - firewall_ipv6_eh_filter_data = data['firewall_ipv6_eh_filter'] - filtered_data = underscore_to_hyphen(filter_firewall_ipv6_eh_filter_data(firewall_ipv6_eh_filter_data)) - - return fos.set('firewall', - 'ipv6-eh-filter', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_ipv6_eh_filter']: - resp = firewall_ipv6_eh_filter(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "firewall_ipv6_eh_filter": { - "required": False, "type": "dict", "default": None, - "options": { - "auth": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dest_opt": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "fragment": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "hdopt_type": {"required": False, "type": "int"}, - "hop_opt": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "no_next": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "routing": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "routing_type": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_ldb_monitor.py b/lib/ansible/modules/network/fortios/fortios_firewall_ldb_monitor.py deleted file mode 100644 index 489dca5b06a..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_ldb_monitor.py +++ /dev/null @@ -1,388 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_ldb_monitor -short_description: Configure server load balancing health monitors in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and ldb_monitor category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_ldb_monitor: - description: - - Configure server load balancing health monitors. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - http_get: - description: - - URL used to send a GET request to check the health of an HTTP server. - type: str - http_match: - description: - - String to match the value expected in response to an HTTP-GET request. - type: str - http_max_redirects: - description: - - The maximum number of HTTP redirects to be allowed (0 - 5). - type: int - interval: - description: - - Time between health checks (5 - 65635 sec). - type: int - name: - description: - - Monitor name. - required: true - type: str - port: - description: - - Service port used to perform the health check. If 0, health check monitor inherits port configured for the server (0 - 65635). - type: int - retry: - description: - - Number health check attempts before the server is considered down (1 - 255). - type: int - timeout: - description: - - Time to wait to receive response to a health check from a server. Reaching the timeout means the health check failed (1 - 255 sec). - type: int - type: - description: - - Select the Monitor type used by the health check monitor to check the health of the server (PING | TCP | HTTP). - type: str - choices: - - ping - - tcp - - http - - passive-sip -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure server load balancing health monitors. - fortios_firewall_ldb_monitor: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_ldb_monitor: - http_get: "" - http_match: "" - http_max_redirects: "5" - interval: "6" - name: "default_name_7" - port: "8" - retry: "9" - timeout: "10" - type: "ping" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_ldb_monitor_data(json): - option_list = ['http_get', 'http_match', 'http_max_redirects', - 'interval', 'name', 'port', - 'retry', 'timeout', 'type'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_ldb_monitor(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_ldb_monitor'] and data['firewall_ldb_monitor']: - state = data['firewall_ldb_monitor']['state'] - else: - state = True - firewall_ldb_monitor_data = data['firewall_ldb_monitor'] - filtered_data = underscore_to_hyphen(filter_firewall_ldb_monitor_data(firewall_ldb_monitor_data)) - - if state == "present": - return fos.set('firewall', - 'ldb-monitor', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'ldb-monitor', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_ldb_monitor']: - resp = firewall_ldb_monitor(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_ldb_monitor": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "http_get": {"required": False, "type": "str"}, - "http_match": {"required": False, "type": "str"}, - "http_max_redirects": {"required": False, "type": "int"}, - "interval": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "port": {"required": False, "type": "int"}, - "retry": {"required": False, "type": "int"}, - "timeout": {"required": False, "type": "int"}, - "type": {"required": False, "type": "str", - "choices": ["ping", "tcp", "http", - "passive-sip"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_local_in_policy.py b/lib/ansible/modules/network/fortios/fortios_firewall_local_in_policy.py deleted file mode 100644 index 702552be6a6..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_local_in_policy.py +++ /dev/null @@ -1,434 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_local_in_policy -short_description: Configure user defined IPv4 local-in policies in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and local_in_policy category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_local_in_policy: - description: - - Configure user defined IPv4 local-in policies. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - action: - description: - - Action performed on traffic matching the policy . - type: str - choices: - - accept - - deny - comments: - description: - - Comment. - type: str - dstaddr: - description: - - Destination address object from available options. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - ha_mgmt_intf_only: - description: - - Enable/disable dedicating the HA management interface only for local-in policy. - type: str - choices: - - enable - - disable - intf: - description: - - Incoming interface name from available options. Source system.zone.name system.interface.name. - type: str - policyid: - description: - - User defined local in policy ID. - required: true - type: int - schedule: - description: - - Schedule object from available options. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group - .name. - type: str - service: - description: - - Service object from available options. - type: list - suboptions: - name: - description: - - Service name. Source firewall.service.custom.name firewall.service.group.name. - required: true - type: str - srcaddr: - description: - - Source address object from available options. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - status: - description: - - Enable/disable this local-in policy. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure user defined IPv4 local-in policies. - fortios_firewall_local_in_policy: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_local_in_policy: - action: "accept" - comments: "" - dstaddr: - - - name: "default_name_6 (source firewall.address.name firewall.addrgrp.name)" - ha_mgmt_intf_only: "enable" - intf: " (source system.zone.name system.interface.name)" - policyid: "9" - schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" - service: - - - name: "default_name_12 (source firewall.service.custom.name firewall.service.group.name)" - srcaddr: - - - name: "default_name_14 (source firewall.address.name firewall.addrgrp.name)" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_local_in_policy_data(json): - option_list = ['action', 'comments', 'dstaddr', - 'ha_mgmt_intf_only', 'intf', 'policyid', - 'schedule', 'service', 'srcaddr', - 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_local_in_policy(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_local_in_policy'] and data['firewall_local_in_policy']: - state = data['firewall_local_in_policy']['state'] - else: - state = True - firewall_local_in_policy_data = data['firewall_local_in_policy'] - filtered_data = underscore_to_hyphen(filter_firewall_local_in_policy_data(firewall_local_in_policy_data)) - - if state == "present": - return fos.set('firewall', - 'local-in-policy', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'local-in-policy', - mkey=filtered_data['policyid'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_local_in_policy']: - resp = firewall_local_in_policy(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_local_in_policy": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "action": {"required": False, "type": "str", - "choices": ["accept", "deny"]}, - "comments": {"required": False, "type": "str"}, - "dstaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "ha_mgmt_intf_only": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "intf": {"required": False, "type": "str"}, - "policyid": {"required": True, "type": "int"}, - "schedule": {"required": False, "type": "str"}, - "service": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "srcaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_local_in_policy6.py b/lib/ansible/modules/network/fortios/fortios_firewall_local_in_policy6.py deleted file mode 100644 index d5f7207335c..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_local_in_policy6.py +++ /dev/null @@ -1,423 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_local_in_policy6 -short_description: Configure user defined IPv6 local-in policies in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and local_in_policy6 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_local_in_policy6: - description: - - Configure user defined IPv6 local-in policies. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - action: - description: - - Action performed on traffic matching the policy . - type: str - choices: - - accept - - deny - comments: - description: - - Comment. - type: str - dstaddr: - description: - - Destination address object from available options. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address6.name firewall.addrgrp6.name. - required: true - type: str - intf: - description: - - Incoming interface name from available options. Source system.zone.name system.interface.name. - type: str - policyid: - description: - - User defined local in policy ID. - required: true - type: int - schedule: - description: - - Schedule object from available options. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group - .name. - type: str - service: - description: - - Service object from available options. Separate names with a space. - type: list - suboptions: - name: - description: - - Service name. Source firewall.service.custom.name firewall.service.group.name. - required: true - type: str - srcaddr: - description: - - Source address object from available options. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address6.name firewall.addrgrp6.name. - required: true - type: str - status: - description: - - Enable/disable this local-in policy. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure user defined IPv6 local-in policies. - fortios_firewall_local_in_policy6: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_local_in_policy6: - action: "accept" - comments: "" - dstaddr: - - - name: "default_name_6 (source firewall.address6.name firewall.addrgrp6.name)" - intf: " (source system.zone.name system.interface.name)" - policyid: "8" - schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" - service: - - - name: "default_name_11 (source firewall.service.custom.name firewall.service.group.name)" - srcaddr: - - - name: "default_name_13 (source firewall.address6.name firewall.addrgrp6.name)" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_local_in_policy6_data(json): - option_list = ['action', 'comments', 'dstaddr', - 'intf', 'policyid', 'schedule', - 'service', 'srcaddr', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_local_in_policy6(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_local_in_policy6'] and data['firewall_local_in_policy6']: - state = data['firewall_local_in_policy6']['state'] - else: - state = True - firewall_local_in_policy6_data = data['firewall_local_in_policy6'] - filtered_data = underscore_to_hyphen(filter_firewall_local_in_policy6_data(firewall_local_in_policy6_data)) - - if state == "present": - return fos.set('firewall', - 'local-in-policy6', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'local-in-policy6', - mkey=filtered_data['policyid'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_local_in_policy6']: - resp = firewall_local_in_policy6(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_local_in_policy6": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "action": {"required": False, "type": "str", - "choices": ["accept", "deny"]}, - "comments": {"required": False, "type": "str"}, - "dstaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "intf": {"required": False, "type": "str"}, - "policyid": {"required": True, "type": "int"}, - "schedule": {"required": False, "type": "str"}, - "service": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "srcaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_multicast_address.py b/lib/ansible/modules/network/fortios/fortios_firewall_multicast_address.py deleted file mode 100644 index 6f4056e2b1d..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_multicast_address.py +++ /dev/null @@ -1,431 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_multicast_address -short_description: Configure multicast addresses in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and multicast_address category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_multicast_address: - description: - - Configure multicast addresses. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - associated_interface: - description: - - Interface associated with the address object. When setting up a policy, only addresses associated with this interface are available. - Source system.interface.name. - type: str - color: - description: - - Integer value to determine the color of the icon in the GUI (1 - 32). - type: int - comment: - description: - - Comment. - type: str - end_ip: - description: - - Final IPv4 address (inclusive) in the range for the address. - type: str - name: - description: - - Multicast address name. - required: true - type: str - start_ip: - description: - - First IPv4 address (inclusive) in the range for the address. - type: str - subnet: - description: - - Broadcast address and subnet. - type: str - tagging: - description: - - Config object tagging. - type: list - suboptions: - category: - description: - - Tag category. Source system.object-tagging.category. - type: str - name: - description: - - Tagging entry name. - required: true - type: str - tags: - description: - - Tags. - type: list - suboptions: - name: - description: - - Tag name. Source system.object-tagging.tags.name. - required: true - type: str - type: - description: - - "Type of address object: multicast IP address range or broadcast IP/mask to be treated as a multicast address." - type: str - choices: - - multicastrange - - broadcastmask - visibility: - description: - - Enable/disable visibility of the multicast address on the GUI. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure multicast addresses. - fortios_firewall_multicast_address: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_multicast_address: - associated_interface: " (source system.interface.name)" - color: "4" - comment: "Comment." - end_ip: "" - name: "default_name_7" - start_ip: "" - subnet: "" - tagging: - - - category: " (source system.object-tagging.category)" - name: "default_name_12" - tags: - - - name: "default_name_14 (source system.object-tagging.tags.name)" - type: "multicastrange" - visibility: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_multicast_address_data(json): - option_list = ['associated_interface', 'color', 'comment', - 'end_ip', 'name', 'start_ip', - 'subnet', 'tagging', 'type', - 'visibility'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_multicast_address(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_multicast_address'] and data['firewall_multicast_address']: - state = data['firewall_multicast_address']['state'] - else: - state = True - firewall_multicast_address_data = data['firewall_multicast_address'] - filtered_data = underscore_to_hyphen(filter_firewall_multicast_address_data(firewall_multicast_address_data)) - - if state == "present": - return fos.set('firewall', - 'multicast-address', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'multicast-address', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_multicast_address']: - resp = firewall_multicast_address(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_multicast_address": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "associated_interface": {"required": False, "type": "str"}, - "color": {"required": False, "type": "int"}, - "comment": {"required": False, "type": "str"}, - "end_ip": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "start_ip": {"required": False, "type": "str"}, - "subnet": {"required": False, "type": "str"}, - "tagging": {"required": False, "type": "list", - "options": { - "category": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "tags": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }} - }}, - "type": {"required": False, "type": "str", - "choices": ["multicastrange", "broadcastmask"]}, - "visibility": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_multicast_address6.py b/lib/ansible/modules/network/fortios/fortios_firewall_multicast_address6.py deleted file mode 100644 index ee9c588c68d..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_multicast_address6.py +++ /dev/null @@ -1,400 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_multicast_address6 -short_description: Configure IPv6 multicast address in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and multicast_address6 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_multicast_address6: - description: - - Configure IPv6 multicast address. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - color: - description: - - Color of icon on the GUI. - type: int - comment: - description: - - Comment. - type: str - ip6: - description: - - "IPv6 address prefix (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx)." - type: str - name: - description: - - IPv6 multicast address name. - required: true - type: str - tagging: - description: - - Config object tagging. - type: list - suboptions: - category: - description: - - Tag category. Source system.object-tagging.category. - type: str - name: - description: - - Tagging entry name. - required: true - type: str - tags: - description: - - Tags. - type: list - suboptions: - name: - description: - - Tag name. Source system.object-tagging.tags.name. - required: true - type: str - visibility: - description: - - Enable/disable visibility of the IPv6 multicast address on the GUI. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv6 multicast address. - fortios_firewall_multicast_address6: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_multicast_address6: - color: "3" - comment: "Comment." - ip6: "" - name: "default_name_6" - tagging: - - - category: " (source system.object-tagging.category)" - name: "default_name_9" - tags: - - - name: "default_name_11 (source system.object-tagging.tags.name)" - visibility: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_multicast_address6_data(json): - option_list = ['color', 'comment', 'ip6', - 'name', 'tagging', 'visibility'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_multicast_address6(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_multicast_address6'] and data['firewall_multicast_address6']: - state = data['firewall_multicast_address6']['state'] - else: - state = True - firewall_multicast_address6_data = data['firewall_multicast_address6'] - filtered_data = underscore_to_hyphen(filter_firewall_multicast_address6_data(firewall_multicast_address6_data)) - - if state == "present": - return fos.set('firewall', - 'multicast-address6', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'multicast-address6', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_multicast_address6']: - resp = firewall_multicast_address6(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_multicast_address6": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "color": {"required": False, "type": "int"}, - "comment": {"required": False, "type": "str"}, - "ip6": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "tagging": {"required": False, "type": "list", - "options": { - "category": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "tags": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }} - }}, - "visibility": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_multicast_policy.py b/lib/ansible/modules/network/fortios/fortios_firewall_multicast_policy.py deleted file mode 100644 index fc106c03617..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_multicast_policy.py +++ /dev/null @@ -1,451 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_multicast_policy -short_description: Configure multicast NAT policies in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and multicast_policy category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_multicast_policy: - description: - - Configure multicast NAT policies. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - action: - description: - - Accept or deny traffic matching the policy. - type: str - choices: - - accept - - deny - dnat: - description: - - IPv4 DNAT address used for multicast destination addresses. - type: str - dstaddr: - description: - - Destination address objects. - type: list - suboptions: - name: - description: - - Destination address objects. Source firewall.multicast-address.name. - required: true - type: str - dstintf: - description: - - Destination interface name. Source system.interface.name system.zone.name. - type: str - end_port: - description: - - Integer value for ending TCP/UDP/SCTP destination port in range (1 - 65535). - type: int - id: - description: - - Policy ID. - required: true - type: int - logtraffic: - description: - - Enable/disable logging traffic accepted by this policy. - type: str - choices: - - enable - - disable - protocol: - description: - - Integer value for the protocol type as defined by IANA (0 - 255). - type: int - snat: - description: - - Enable/disable substitution of the outgoing interface IP address for the original source IP address (called source NAT or SNAT). - type: str - choices: - - enable - - disable - snat_ip: - description: - - IPv4 address to be used as the source address for NATed traffic. - type: str - srcaddr: - description: - - Source address objects. - type: list - suboptions: - name: - description: - - Source address objects. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - srcintf: - description: - - Source interface name. Source system.interface.name system.zone.name. - type: str - start_port: - description: - - Integer value for starting TCP/UDP/SCTP destination port in range (1 - 65535). - type: int - status: - description: - - Enable/disable this policy. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure multicast NAT policies. - fortios_firewall_multicast_policy: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_multicast_policy: - action: "accept" - dnat: "" - dstaddr: - - - name: "default_name_6 (source firewall.multicast-address.name)" - dstintf: " (source system.interface.name system.zone.name)" - end_port: "8" - id: "9" - logtraffic: "enable" - protocol: "11" - snat: "enable" - snat_ip: "" - srcaddr: - - - name: "default_name_15 (source firewall.address.name firewall.addrgrp.name)" - srcintf: " (source system.interface.name system.zone.name)" - start_port: "17" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_multicast_policy_data(json): - option_list = ['action', 'dnat', 'dstaddr', - 'dstintf', 'end_port', 'id', - 'logtraffic', 'protocol', 'snat', - 'snat_ip', 'srcaddr', 'srcintf', - 'start_port', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_multicast_policy(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_multicast_policy'] and data['firewall_multicast_policy']: - state = data['firewall_multicast_policy']['state'] - else: - state = True - firewall_multicast_policy_data = data['firewall_multicast_policy'] - filtered_data = underscore_to_hyphen(filter_firewall_multicast_policy_data(firewall_multicast_policy_data)) - - if state == "present": - return fos.set('firewall', - 'multicast-policy', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'multicast-policy', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_multicast_policy']: - resp = firewall_multicast_policy(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_multicast_policy": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "action": {"required": False, "type": "str", - "choices": ["accept", "deny"]}, - "dnat": {"required": False, "type": "str"}, - "dstaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "dstintf": {"required": False, "type": "str"}, - "end_port": {"required": False, "type": "int"}, - "id": {"required": True, "type": "int"}, - "logtraffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "protocol": {"required": False, "type": "int"}, - "snat": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "snat_ip": {"required": False, "type": "str"}, - "srcaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "srcintf": {"required": False, "type": "str"}, - "start_port": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_multicast_policy6.py b/lib/ansible/modules/network/fortios/fortios_firewall_multicast_policy6.py deleted file mode 100644 index 0a2b09ac863..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_multicast_policy6.py +++ /dev/null @@ -1,428 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_multicast_policy6 -short_description: Configure IPv6 multicast NAT policies in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and multicast_policy6 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_multicast_policy6: - description: - - Configure IPv6 multicast NAT policies. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - action: - description: - - Accept or deny traffic matching the policy. - type: str - choices: - - accept - - deny - dstaddr: - description: - - IPv6 destination address name. - type: list - suboptions: - name: - description: - - Address name. Source firewall.multicast-address6.name. - required: true - type: str - dstintf: - description: - - IPv6 destination interface name. Source system.interface.name system.zone.name. - type: str - end_port: - description: - - Integer value for ending TCP/UDP/SCTP destination port in range (1 - 65535). - type: int - id: - description: - - Policy ID. - required: true - type: int - logtraffic: - description: - - Enable/disable logging traffic accepted by this policy. - type: str - choices: - - enable - - disable - protocol: - description: - - Integer value for the protocol type as defined by IANA (0 - 255). - type: int - srcaddr: - description: - - IPv6 source address name. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address6.name firewall.addrgrp6.name. - required: true - type: str - srcintf: - description: - - IPv6 source interface name. Source system.interface.name system.zone.name. - type: str - start_port: - description: - - Integer value for starting TCP/UDP/SCTP destination port in range (1 - 65535). - type: int - status: - description: - - Enable/disable this policy. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv6 multicast NAT policies. - fortios_firewall_multicast_policy6: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_multicast_policy6: - action: "accept" - dstaddr: - - - name: "default_name_5 (source firewall.multicast-address6.name)" - dstintf: " (source system.interface.name system.zone.name)" - end_port: "7" - id: "8" - logtraffic: "enable" - protocol: "10" - srcaddr: - - - name: "default_name_12 (source firewall.address6.name firewall.addrgrp6.name)" - srcintf: " (source system.interface.name system.zone.name)" - start_port: "14" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_multicast_policy6_data(json): - option_list = ['action', 'dstaddr', 'dstintf', - 'end_port', 'id', 'logtraffic', - 'protocol', 'srcaddr', 'srcintf', - 'start_port', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_multicast_policy6(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_multicast_policy6'] and data['firewall_multicast_policy6']: - state = data['firewall_multicast_policy6']['state'] - else: - state = True - firewall_multicast_policy6_data = data['firewall_multicast_policy6'] - filtered_data = underscore_to_hyphen(filter_firewall_multicast_policy6_data(firewall_multicast_policy6_data)) - - if state == "present": - return fos.set('firewall', - 'multicast-policy6', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'multicast-policy6', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_multicast_policy6']: - resp = firewall_multicast_policy6(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_multicast_policy6": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "action": {"required": False, "type": "str", - "choices": ["accept", "deny"]}, - "dstaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "dstintf": {"required": False, "type": "str"}, - "end_port": {"required": False, "type": "int"}, - "id": {"required": True, "type": "int"}, - "logtraffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "protocol": {"required": False, "type": "int"}, - "srcaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "srcintf": {"required": False, "type": "str"}, - "start_port": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_policy.py b/lib/ansible/modules/network/fortios/fortios_firewall_policy.py deleted file mode 100644 index 537acc3015c..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_policy.py +++ /dev/null @@ -1,1533 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_policy -short_description: Configure IPv4 policies in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and policy category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_policy: - description: - - Configure IPv4 policies. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - action: - description: - - Policy action (allow/deny/ipsec). - type: str - choices: - - accept - - deny - - ipsec - app_category: - description: - - Application category ID list. - type: list - suboptions: - id: - description: - - Category IDs. - required: true - type: int - app_group: - description: - - Application group names. - type: list - suboptions: - name: - description: - - Application group names. Source application.group.name. - required: true - type: str - application: - description: - - Application ID list. - type: list - suboptions: - id: - description: - - Application IDs. - required: true - type: int - application_list: - description: - - Name of an existing Application list. Source application.list.name. - type: str - auth_cert: - description: - - HTTPS server certificate for policy authentication. Source vpn.certificate.local.name. - type: str - auth_path: - description: - - Enable/disable authentication-based routing. - type: str - choices: - - enable - - disable - auth_redirect_addr: - description: - - HTTP-to-HTTPS redirect address for firewall authentication. - type: str - av_profile: - description: - - Name of an existing Antivirus profile. Source antivirus.profile.name. - type: str - block_notification: - description: - - Enable/disable block notification. - type: str - choices: - - enable - - disable - captive_portal_exempt: - description: - - Enable to exempt some users from the captive portal. - type: str - choices: - - enable - - disable - capture_packet: - description: - - Enable/disable capture packets. - type: str - choices: - - enable - - disable - comments: - description: - - Comment. - type: str - custom_log_fields: - description: - - Custom fields to append to log messages for this policy. - type: list - suboptions: - field_id: - description: - - Custom log field. Source log.custom-field.id. - type: str - delay_tcp_npu_session: - description: - - Enable TCP NPU session delay to guarantee packet order of 3-way handshake. - type: str - choices: - - enable - - disable - devices: - description: - - Names of devices or device groups that can be matched by the policy. - type: list - suboptions: - name: - description: - - Device or group name. Source user.device.alias user.device-group.name user.device-category.name. - required: true - type: str - diffserv_forward: - description: - - Enable to change packet's DiffServ values to the specified diffservcode-forward value. - type: str - choices: - - enable - - disable - diffserv_reverse: - description: - - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. - type: str - choices: - - enable - - disable - diffservcode_forward: - description: - - Change packet's DiffServ to this value. - type: str - diffservcode_rev: - description: - - Change packet's reverse (reply) DiffServ to this value. - type: str - disclaimer: - description: - - Enable/disable user authentication disclaimer. - type: str - choices: - - enable - - disable - dlp_sensor: - description: - - Name of an existing DLP sensor. Source dlp.sensor.name. - type: str - dnsfilter_profile: - description: - - Name of an existing DNS filter profile. Source dnsfilter.profile.name. - type: str - dscp_match: - description: - - Enable DSCP check. - type: str - choices: - - enable - - disable - dscp_negate: - description: - - Enable negated DSCP match. - type: str - choices: - - enable - - disable - dscp_value: - description: - - DSCP value. - type: str - dsri: - description: - - Enable DSRI to ignore HTTP server responses. - type: str - choices: - - enable - - disable - dstaddr: - description: - - Destination address and address group names. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name firewall.vip.name firewall.vipgrp.name. - required: true - type: str - dstaddr_negate: - description: - - When enabled dstaddr specifies what the destination address must NOT be. - type: str - choices: - - enable - - disable - dstintf: - description: - - Outgoing (egress) interface. - type: list - suboptions: - name: - description: - - Interface name. Source system.interface.name system.zone.name. - required: true - type: str - firewall_session_dirty: - description: - - How to handle sessions if the configuration of this firewall policy changes. - type: str - choices: - - check-all - - check-new - fixedport: - description: - - Enable to prevent source NAT from changing a session's source port. - type: str - choices: - - enable - - disable - fsso: - description: - - Enable/disable Fortinet Single Sign-On. - type: str - choices: - - enable - - disable - fsso_agent_for_ntlm: - description: - - FSSO agent to use for NTLM authentication. Source user.fsso.name. - type: str - global_label: - description: - - Label for the policy that appears when the GUI is in Global View mode. - type: str - groups: - description: - - Names of user groups that can authenticate with this policy. - type: list - suboptions: - name: - description: - - Group name. Source user.group.name. - required: true - type: str - icap_profile: - description: - - Name of an existing ICAP profile. Source icap.profile.name. - type: str - identity_based_route: - description: - - Name of identity-based routing rule. Source firewall.identity-based-route.name. - type: str - inbound: - description: - - "Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN." - type: str - choices: - - enable - - disable - internet_service: - description: - - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. - type: str - choices: - - enable - - disable - internet_service_custom: - description: - - Custom Internet Service name. - type: list - suboptions: - name: - description: - - Custom Internet Service name. Source firewall.internet-service-custom.name. - required: true - type: str - internet_service_id: - description: - - Internet Service ID. - type: list - suboptions: - id: - description: - - Internet Service ID. Source firewall.internet-service.id. - required: true - type: int - internet_service_negate: - description: - - When enabled internet-service specifies what the service must NOT be. - type: str - choices: - - enable - - disable - internet_service_src: - description: - - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. - type: str - choices: - - enable - - disable - internet_service_src_custom: - description: - - Custom Internet Service source name. - type: list - suboptions: - name: - description: - - Custom Internet Service name. Source firewall.internet-service-custom.name. - required: true - type: str - internet_service_src_id: - description: - - Internet Service source ID. - type: list - suboptions: - id: - description: - - Internet Service ID. Source firewall.internet-service.id. - required: true - type: int - internet_service_src_negate: - description: - - When enabled internet-service-src specifies what the service must NOT be. - type: str - choices: - - enable - - disable - ippool: - description: - - Enable to use IP Pools for source NAT. - type: str - choices: - - enable - - disable - ips_sensor: - description: - - Name of an existing IPS sensor. Source ips.sensor.name. - type: str - label: - description: - - Label for the policy that appears when the GUI is in Section View mode. - type: str - learning_mode: - description: - - Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. - type: str - choices: - - enable - - disable - logtraffic: - description: - - Enable or disable logging. Log all sessions or security profile sessions. - type: str - choices: - - all - - utm - - disable - logtraffic_start: - description: - - Record logs when a session starts and ends. - type: str - choices: - - enable - - disable - match_vip: - description: - - Enable to match packets that have had their destination addresses changed by a VIP. - type: str - choices: - - enable - - disable - name: - description: - - Policy name. - type: str - nat: - description: - - Enable/disable source NAT. - type: str - choices: - - enable - - disable - natinbound: - description: - - "Policy-based IPsec VPN: apply destination NAT to inbound traffic." - type: str - choices: - - enable - - disable - natip: - description: - - "Policy-based IPsec VPN: source NAT IP address for outgoing traffic." - type: str - natoutbound: - description: - - "Policy-based IPsec VPN: apply source NAT to outbound traffic." - type: str - choices: - - enable - - disable - ntlm: - description: - - Enable/disable NTLM authentication. - type: str - choices: - - enable - - disable - ntlm_enabled_browsers: - description: - - HTTP-User-Agent value of supported browsers. - type: list - suboptions: - user_agent_string: - description: - - User agent string. - type: str - ntlm_guest: - description: - - Enable/disable NTLM guest user access. - type: str - choices: - - enable - - disable - outbound: - description: - - "Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN." - type: str - choices: - - enable - - disable - per_ip_shaper: - description: - - Per-IP traffic shaper. Source firewall.shaper.per-ip-shaper.name. - type: str - permit_any_host: - description: - - Accept UDP packets from any host. - type: str - choices: - - enable - - disable - permit_stun_host: - description: - - Accept UDP packets from any Session Traversal Utilities for NAT (STUN) host. - type: str - choices: - - enable - - disable - policyid: - description: - - Policy ID. - required: true - type: int - poolname: - description: - - IP Pool names. - type: list - suboptions: - name: - description: - - IP pool name. Source firewall.ippool.name. - required: true - type: str - profile_group: - description: - - Name of profile group. Source firewall.profile-group.name. - type: str - profile_protocol_options: - description: - - Name of an existing Protocol options profile. Source firewall.profile-protocol-options.name. - type: str - profile_type: - description: - - Determine whether the firewall policy allows security profile groups or single profiles only. - type: str - choices: - - single - - group - radius_mac_auth_bypass: - description: - - Enable MAC authentication bypass. The bypassed MAC address must be received from RADIUS server. - type: str - choices: - - enable - - disable - redirect_url: - description: - - URL users are directed to after seeing and accepting the disclaimer or authenticating. - type: str - replacemsg_override_group: - description: - - Override the default replacement message group for this policy. Source system.replacemsg-group.name. - type: str - rsso: - description: - - Enable/disable RADIUS single sign-on (RSSO). - type: str - choices: - - enable - - disable - rtp_addr: - description: - - Address names if this is an RTP NAT policy. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - rtp_nat: - description: - - Enable Real Time Protocol (RTP) NAT. - type: str - choices: - - disable - - enable - scan_botnet_connections: - description: - - Block or monitor connections to Botnet servers or disable Botnet scanning. - type: str - choices: - - disable - - block - - monitor - schedule: - description: - - Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name. - type: str - schedule_timeout: - description: - - Enable to force current sessions to end when the schedule object times out. Disable allows them to end from inactivity. - type: str - choices: - - enable - - disable - send_deny_packet: - description: - - Enable to send a reply when a session is denied or blocked by a firewall policy. - type: str - choices: - - disable - - enable - service: - description: - - Service and service group names. - type: list - suboptions: - name: - description: - - Service and service group names. Source firewall.service.custom.name firewall.service.group.name. - required: true - type: str - service_negate: - description: - - When enabled service specifies what the service must NOT be. - type: str - choices: - - enable - - disable - session_ttl: - description: - - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL). - type: int - spamfilter_profile: - description: - - Name of an existing Spam filter profile. Source spamfilter.profile.name. - type: str - srcaddr: - description: - - Source address and address group names. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - srcaddr_negate: - description: - - When enabled srcaddr specifies what the source address must NOT be. - type: str - choices: - - enable - - disable - srcintf: - description: - - Incoming (ingress) interface. - type: list - suboptions: - name: - description: - - Interface name. Source system.interface.name system.zone.name. - required: true - type: str - ssh_filter_profile: - description: - - Name of an existing SSH filter profile. Source ssh-filter.profile.name. - type: str - ssl_mirror: - description: - - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). - type: str - choices: - - enable - - disable - ssl_mirror_intf: - description: - - SSL mirror interface name. - type: list - suboptions: - name: - description: - - Mirror Interface name. Source system.interface.name system.zone.name. - required: true - type: str - ssl_ssh_profile: - description: - - Name of an existing SSL SSH profile. Source firewall.ssl-ssh-profile.name. - type: str - status: - description: - - Enable or disable this policy. - type: str - choices: - - enable - - disable - tcp_mss_receiver: - description: - - Receiver TCP maximum segment size (MSS). - type: int - tcp_mss_sender: - description: - - Sender TCP maximum segment size (MSS). - type: int - tcp_session_without_syn: - description: - - Enable/disable creation of TCP session without SYN flag. - type: str - choices: - - all - - data-only - - disable - timeout_send_rst: - description: - - Enable/disable sending RST packets when TCP sessions expire. - type: str - choices: - - enable - - disable - traffic_shaper: - description: - - Traffic shaper. Source firewall.shaper.traffic-shaper.name. - type: str - traffic_shaper_reverse: - description: - - Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name. - type: str - url_category: - description: - - URL category ID list. - type: list - suboptions: - id: - description: - - URL category ID. - required: true - type: int - users: - description: - - Names of individual users that can authenticate with this policy. - type: list - suboptions: - name: - description: - - Names of individual users that can authenticate with this policy. Source user.local.name. - required: true - type: str - utm_status: - description: - - Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. - type: str - choices: - - enable - - disable - uuid: - description: - - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). - type: str - vlan_cos_fwd: - description: - - "VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest." - type: int - vlan_cos_rev: - description: - - "VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest.." - type: int - vlan_filter: - description: - - Set VLAN filters. - type: str - voip_profile: - description: - - Name of an existing VoIP profile. Source voip.profile.name. - type: str - vpntunnel: - description: - - "Policy-based IPsec VPN: name of the IPsec VPN Phase 1. Source vpn.ipsec.phase1.name vpn.ipsec.manualkey.name." - type: str - waf_profile: - description: - - Name of an existing Web application firewall profile. Source waf.profile.name. - type: str - wanopt: - description: - - Enable/disable WAN optimization. - type: str - choices: - - enable - - disable - wanopt_detection: - description: - - WAN optimization auto-detection mode. - type: str - choices: - - active - - passive - - off - wanopt_passive_opt: - description: - - WAN optimization passive mode options. This option decides what IP address will be used to connect server. - type: str - choices: - - default - - transparent - - non-transparent - wanopt_peer: - description: - - WAN optimization peer. Source wanopt.peer.peer-host-id. - type: str - wanopt_profile: - description: - - WAN optimization profile. Source wanopt.profile.name. - type: str - wccp: - description: - - Enable/disable forwarding traffic matching this policy to a configured WCCP server. - type: str - choices: - - enable - - disable - webcache: - description: - - Enable/disable web cache. - type: str - choices: - - enable - - disable - webcache_https: - description: - - Enable/disable web cache for HTTPS. - type: str - choices: - - disable - - enable - webfilter_profile: - description: - - Name of an existing Web filter profile. Source webfilter.profile.name. - type: str - wsso: - description: - - Enable/disable WiFi Single Sign On (WSSO). - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv4 policies. - fortios_firewall_policy: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_policy: - action: "accept" - app_category: - - - id: "5" - app_group: - - - name: "default_name_7 (source application.group.name)" - application: - - - id: "9" - application_list: " (source application.list.name)" - auth_cert: " (source vpn.certificate.local.name)" - auth_path: "enable" - auth_redirect_addr: "" - av_profile: " (source antivirus.profile.name)" - block_notification: "enable" - captive_portal_exempt: "enable" - capture_packet: "enable" - comments: "" - custom_log_fields: - - - field_id: " (source log.custom-field.id)" - delay_tcp_npu_session: "enable" - devices: - - - name: "default_name_23 (source user.device.alias user.device-group.name user.device-category.name)" - diffserv_forward: "enable" - diffserv_reverse: "enable" - diffservcode_forward: "" - diffservcode_rev: "" - disclaimer: "enable" - dlp_sensor: " (source dlp.sensor.name)" - dnsfilter_profile: " (source dnsfilter.profile.name)" - dscp_match: "enable" - dscp_negate: "enable" - dscp_value: "" - dsri: "enable" - dstaddr: - - - name: "default_name_36 (source firewall.address.name firewall.addrgrp.name firewall.vip.name firewall.vipgrp.name)" - dstaddr_negate: "enable" - dstintf: - - - name: "default_name_39 (source system.interface.name system.zone.name)" - firewall_session_dirty: "check-all" - fixedport: "enable" - fsso: "enable" - fsso_agent_for_ntlm: " (source user.fsso.name)" - global_label: "" - groups: - - - name: "default_name_46 (source user.group.name)" - icap_profile: " (source icap.profile.name)" - identity_based_route: " (source firewall.identity-based-route.name)" - inbound: "enable" - internet_service: "enable" - internet_service_custom: - - - name: "default_name_52 (source firewall.internet-service-custom.name)" - internet_service_id: - - - id: "54 (source firewall.internet-service.id)" - internet_service_negate: "enable" - internet_service_src: "enable" - internet_service_src_custom: - - - name: "default_name_58 (source firewall.internet-service-custom.name)" - internet_service_src_id: - - - id: "60 (source firewall.internet-service.id)" - internet_service_src_negate: "enable" - ippool: "enable" - ips_sensor: " (source ips.sensor.name)" - label: "" - learning_mode: "enable" - logtraffic: "all" - logtraffic_start: "enable" - match_vip: "enable" - name: "default_name_69" - nat: "enable" - natinbound: "enable" - natip: "" - natoutbound: "enable" - ntlm: "enable" - ntlm_enabled_browsers: - - - user_agent_string: "" - ntlm_guest: "enable" - outbound: "enable" - per_ip_shaper: " (source firewall.shaper.per-ip-shaper.name)" - permit_any_host: "enable" - permit_stun_host: "enable" - policyid: "82" - poolname: - - - name: "default_name_84 (source firewall.ippool.name)" - profile_group: " (source firewall.profile-group.name)" - profile_protocol_options: " (source firewall.profile-protocol-options.name)" - profile_type: "single" - radius_mac_auth_bypass: "enable" - redirect_url: "" - replacemsg_override_group: " (source system.replacemsg-group.name)" - rsso: "enable" - rtp_addr: - - - name: "default_name_93 (source firewall.address.name firewall.addrgrp.name)" - rtp_nat: "disable" - scan_botnet_connections: "disable" - schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" - schedule_timeout: "enable" - send_deny_packet: "disable" - service: - - - name: "default_name_100 (source firewall.service.custom.name firewall.service.group.name)" - service_negate: "enable" - session_ttl: "102" - spamfilter_profile: " (source spamfilter.profile.name)" - srcaddr: - - - name: "default_name_105 (source firewall.address.name firewall.addrgrp.name)" - srcaddr_negate: "enable" - srcintf: - - - name: "default_name_108 (source system.interface.name system.zone.name)" - ssh_filter_profile: " (source ssh-filter.profile.name)" - ssl_mirror: "enable" - ssl_mirror_intf: - - - name: "default_name_112 (source system.interface.name system.zone.name)" - ssl_ssh_profile: " (source firewall.ssl-ssh-profile.name)" - status: "enable" - tcp_mss_receiver: "115" - tcp_mss_sender: "116" - tcp_session_without_syn: "all" - timeout_send_rst: "enable" - traffic_shaper: " (source firewall.shaper.traffic-shaper.name)" - traffic_shaper_reverse: " (source firewall.shaper.traffic-shaper.name)" - url_category: - - - id: "122" - users: - - - name: "default_name_124 (source user.local.name)" - utm_status: "enable" - uuid: "" - vlan_cos_fwd: "127" - vlan_cos_rev: "128" - vlan_filter: "" - voip_profile: " (source voip.profile.name)" - vpntunnel: " (source vpn.ipsec.phase1.name vpn.ipsec.manualkey.name)" - waf_profile: " (source waf.profile.name)" - wanopt: "enable" - wanopt_detection: "active" - wanopt_passive_opt: "default" - wanopt_peer: " (source wanopt.peer.peer-host-id)" - wanopt_profile: " (source wanopt.profile.name)" - wccp: "enable" - webcache: "enable" - webcache_https: "disable" - webfilter_profile: " (source webfilter.profile.name)" - wsso: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_policy_data(json): - option_list = ['action', 'app_category', 'app_group', - 'application', 'application_list', 'auth_cert', - 'auth_path', 'auth_redirect_addr', 'av_profile', - 'block_notification', 'captive_portal_exempt', 'capture_packet', - 'comments', 'custom_log_fields', 'delay_tcp_npu_session', - 'devices', 'diffserv_forward', 'diffserv_reverse', - 'diffservcode_forward', 'diffservcode_rev', 'disclaimer', - 'dlp_sensor', 'dnsfilter_profile', 'dscp_match', - 'dscp_negate', 'dscp_value', 'dsri', - 'dstaddr', 'dstaddr_negate', 'dstintf', - 'firewall_session_dirty', 'fixedport', 'fsso', - 'fsso_agent_for_ntlm', 'global_label', 'groups', - 'icap_profile', 'identity_based_route', 'inbound', - 'internet_service', 'internet_service_custom', 'internet_service_id', - 'internet_service_negate', 'internet_service_src', 'internet_service_src_custom', - 'internet_service_src_id', 'internet_service_src_negate', 'ippool', - 'ips_sensor', 'label', 'learning_mode', - 'logtraffic', 'logtraffic_start', 'match_vip', - 'name', 'nat', 'natinbound', - 'natip', 'natoutbound', 'ntlm', - 'ntlm_enabled_browsers', 'ntlm_guest', 'outbound', - 'per_ip_shaper', 'permit_any_host', 'permit_stun_host', - 'policyid', 'poolname', 'profile_group', - 'profile_protocol_options', 'profile_type', 'radius_mac_auth_bypass', - 'redirect_url', 'replacemsg_override_group', 'rsso', - 'rtp_addr', 'rtp_nat', 'scan_botnet_connections', - 'schedule', 'schedule_timeout', 'send_deny_packet', - 'service', 'service_negate', 'session_ttl', - 'spamfilter_profile', 'srcaddr', 'srcaddr_negate', - 'srcintf', 'ssh_filter_profile', 'ssl_mirror', - 'ssl_mirror_intf', 'ssl_ssh_profile', 'status', - 'tcp_mss_receiver', 'tcp_mss_sender', 'tcp_session_without_syn', - 'timeout_send_rst', 'traffic_shaper', 'traffic_shaper_reverse', - 'url_category', 'users', 'utm_status', - 'uuid', 'vlan_cos_fwd', 'vlan_cos_rev', - 'vlan_filter', 'voip_profile', 'vpntunnel', - 'waf_profile', 'wanopt', 'wanopt_detection', - 'wanopt_passive_opt', 'wanopt_peer', 'wanopt_profile', - 'wccp', 'webcache', 'webcache_https', - 'webfilter_profile', 'wsso'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_policy(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_policy'] and data['firewall_policy']: - state = data['firewall_policy']['state'] - else: - state = True - firewall_policy_data = data['firewall_policy'] - filtered_data = underscore_to_hyphen(filter_firewall_policy_data(firewall_policy_data)) - - if state == "present": - return fos.set('firewall', - 'policy', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'policy', - mkey=filtered_data['policyid'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_policy']: - resp = firewall_policy(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_policy": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "action": {"required": False, "type": "str", - "choices": ["accept", "deny", "ipsec"]}, - "app_category": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "app_group": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "application": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "application_list": {"required": False, "type": "str"}, - "auth_cert": {"required": False, "type": "str"}, - "auth_path": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "auth_redirect_addr": {"required": False, "type": "str"}, - "av_profile": {"required": False, "type": "str"}, - "block_notification": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "captive_portal_exempt": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "capture_packet": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "comments": {"required": False, "type": "str"}, - "custom_log_fields": {"required": False, "type": "list", - "options": { - "field_id": {"required": False, "type": "str"} - }}, - "delay_tcp_npu_session": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "devices": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "diffserv_forward": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "diffserv_reverse": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "diffservcode_forward": {"required": False, "type": "str"}, - "diffservcode_rev": {"required": False, "type": "str"}, - "disclaimer": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dlp_sensor": {"required": False, "type": "str"}, - "dnsfilter_profile": {"required": False, "type": "str"}, - "dscp_match": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dscp_negate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dscp_value": {"required": False, "type": "str"}, - "dsri": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dstaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "dstaddr_negate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dstintf": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "firewall_session_dirty": {"required": False, "type": "str", - "choices": ["check-all", "check-new"]}, - "fixedport": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "fsso": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "fsso_agent_for_ntlm": {"required": False, "type": "str"}, - "global_label": {"required": False, "type": "str"}, - "groups": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "icap_profile": {"required": False, "type": "str"}, - "identity_based_route": {"required": False, "type": "str"}, - "inbound": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "internet_service": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "internet_service_custom": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "internet_service_id": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "internet_service_negate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "internet_service_src": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "internet_service_src_custom": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "internet_service_src_id": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "internet_service_src_negate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ippool": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ips_sensor": {"required": False, "type": "str"}, - "label": {"required": False, "type": "str"}, - "learning_mode": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "logtraffic": {"required": False, "type": "str", - "choices": ["all", "utm", "disable"]}, - "logtraffic_start": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "match_vip": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "name": {"required": False, "type": "str"}, - "nat": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "natinbound": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "natip": {"required": False, "type": "str"}, - "natoutbound": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ntlm": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ntlm_enabled_browsers": {"required": False, "type": "list", - "options": { - "user_agent_string": {"required": False, "type": "str"} - }}, - "ntlm_guest": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "outbound": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "per_ip_shaper": {"required": False, "type": "str"}, - "permit_any_host": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "permit_stun_host": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "policyid": {"required": True, "type": "int"}, - "poolname": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "profile_group": {"required": False, "type": "str"}, - "profile_protocol_options": {"required": False, "type": "str"}, - "profile_type": {"required": False, "type": "str", - "choices": ["single", "group"]}, - "radius_mac_auth_bypass": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "redirect_url": {"required": False, "type": "str"}, - "replacemsg_override_group": {"required": False, "type": "str"}, - "rsso": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "rtp_addr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "rtp_nat": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "scan_botnet_connections": {"required": False, "type": "str", - "choices": ["disable", "block", "monitor"]}, - "schedule": {"required": False, "type": "str"}, - "schedule_timeout": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "send_deny_packet": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "service": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "service_negate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "session_ttl": {"required": False, "type": "int"}, - "spamfilter_profile": {"required": False, "type": "str"}, - "srcaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "srcaddr_negate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "srcintf": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "ssh_filter_profile": {"required": False, "type": "str"}, - "ssl_mirror": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssl_mirror_intf": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "ssl_ssh_profile": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "tcp_mss_receiver": {"required": False, "type": "int"}, - "tcp_mss_sender": {"required": False, "type": "int"}, - "tcp_session_without_syn": {"required": False, "type": "str", - "choices": ["all", "data-only", "disable"]}, - "timeout_send_rst": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "traffic_shaper": {"required": False, "type": "str"}, - "traffic_shaper_reverse": {"required": False, "type": "str"}, - "url_category": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "users": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "utm_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "uuid": {"required": False, "type": "str"}, - "vlan_cos_fwd": {"required": False, "type": "int"}, - "vlan_cos_rev": {"required": False, "type": "int"}, - "vlan_filter": {"required": False, "type": "str"}, - "voip_profile": {"required": False, "type": "str"}, - "vpntunnel": {"required": False, "type": "str"}, - "waf_profile": {"required": False, "type": "str"}, - "wanopt": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "wanopt_detection": {"required": False, "type": "str", - "choices": ["active", "passive", "off"]}, - "wanopt_passive_opt": {"required": False, "type": "str", - "choices": ["default", "transparent", "non-transparent"]}, - "wanopt_peer": {"required": False, "type": "str"}, - "wanopt_profile": {"required": False, "type": "str"}, - "wccp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "webcache": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "webcache_https": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "webfilter_profile": {"required": False, "type": "str"}, - "wsso": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_policy46.py b/lib/ansible/modules/network/fortios/fortios_firewall_policy46.py deleted file mode 100644 index f752d5762dd..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_policy46.py +++ /dev/null @@ -1,525 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_policy46 -short_description: Configure IPv4 to IPv6 policies in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and policy46 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_policy46: - description: - - Configure IPv4 to IPv6 policies. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - action: - description: - - Accept or deny traffic matching the policy. - type: str - choices: - - accept - - deny - comments: - description: - - Comment. - type: str - dstaddr: - description: - - Destination address objects. - type: list - suboptions: - name: - description: - - Address name. Source firewall.vip46.name firewall.vipgrp46.name. - required: true - type: str - dstintf: - description: - - Destination interface name. Source system.interface.name system.zone.name. - type: str - fixedport: - description: - - Enable/disable fixed port for this policy. - type: str - choices: - - enable - - disable - ippool: - description: - - Enable/disable use of IP Pools for source NAT. - type: str - choices: - - enable - - disable - logtraffic: - description: - - Enable/disable traffic logging for this policy. - type: str - choices: - - enable - - disable - per_ip_shaper: - description: - - Per IP traffic shaper. Source firewall.shaper.per-ip-shaper.name. - type: str - permit_any_host: - description: - - Enable/disable allowing any host. - type: str - choices: - - enable - - disable - policyid: - description: - - Policy ID. - required: true - type: int - poolname: - description: - - IP Pool names. - type: list - suboptions: - name: - description: - - IP pool name. Source firewall.ippool6.name. - required: true - type: str - schedule: - description: - - Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name. - type: str - service: - description: - - Service name. - type: list - suboptions: - name: - description: - - Service name. Source firewall.service.custom.name firewall.service.group.name. - required: true - type: str - srcaddr: - description: - - Source address objects. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - srcintf: - description: - - Source interface name. Source system.zone.name system.interface.name. - type: str - status: - description: - - Enable/disable this policy. - type: str - choices: - - enable - - disable - tcp_mss_receiver: - description: - - TCP Maximum Segment Size value of receiver (0 - 65535) - type: int - tcp_mss_sender: - description: - - TCP Maximum Segment Size value of sender (0 - 65535). - type: int - traffic_shaper: - description: - - Traffic shaper. Source firewall.shaper.traffic-shaper.name. - type: str - traffic_shaper_reverse: - description: - - Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name. - type: str - uuid: - description: - - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv4 to IPv6 policies. - fortios_firewall_policy46: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_policy46: - action: "accept" - comments: "" - dstaddr: - - - name: "default_name_6 (source firewall.vip46.name firewall.vipgrp46.name)" - dstintf: " (source system.interface.name system.zone.name)" - fixedport: "enable" - ippool: "enable" - logtraffic: "enable" - per_ip_shaper: " (source firewall.shaper.per-ip-shaper.name)" - permit_any_host: "enable" - policyid: "13" - poolname: - - - name: "default_name_15 (source firewall.ippool6.name)" - schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" - service: - - - name: "default_name_18 (source firewall.service.custom.name firewall.service.group.name)" - srcaddr: - - - name: "default_name_20 (source firewall.address.name firewall.addrgrp.name)" - srcintf: " (source system.zone.name system.interface.name)" - status: "enable" - tcp_mss_receiver: "23" - tcp_mss_sender: "24" - traffic_shaper: " (source firewall.shaper.traffic-shaper.name)" - traffic_shaper_reverse: " (source firewall.shaper.traffic-shaper.name)" - uuid: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_policy46_data(json): - option_list = ['action', 'comments', 'dstaddr', - 'dstintf', 'fixedport', 'ippool', - 'logtraffic', 'per_ip_shaper', 'permit_any_host', - 'policyid', 'poolname', 'schedule', - 'service', 'srcaddr', 'srcintf', - 'status', 'tcp_mss_receiver', 'tcp_mss_sender', - 'traffic_shaper', 'traffic_shaper_reverse', 'uuid'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_policy46(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_policy46'] and data['firewall_policy46']: - state = data['firewall_policy46']['state'] - else: - state = True - firewall_policy46_data = data['firewall_policy46'] - filtered_data = underscore_to_hyphen(filter_firewall_policy46_data(firewall_policy46_data)) - - if state == "present": - return fos.set('firewall', - 'policy46', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'policy46', - mkey=filtered_data['policyid'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_policy46']: - resp = firewall_policy46(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_policy46": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "action": {"required": False, "type": "str", - "choices": ["accept", "deny"]}, - "comments": {"required": False, "type": "str"}, - "dstaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "dstintf": {"required": False, "type": "str"}, - "fixedport": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ippool": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "logtraffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "per_ip_shaper": {"required": False, "type": "str"}, - "permit_any_host": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "policyid": {"required": True, "type": "int"}, - "poolname": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "schedule": {"required": False, "type": "str"}, - "service": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "srcaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "srcintf": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "tcp_mss_receiver": {"required": False, "type": "int"}, - "tcp_mss_sender": {"required": False, "type": "int"}, - "traffic_shaper": {"required": False, "type": "str"}, - "traffic_shaper_reverse": {"required": False, "type": "str"}, - "uuid": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_policy6.py b/lib/ansible/modules/network/fortios/fortios_firewall_policy6.py deleted file mode 100644 index c397cd9a731..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_policy6.py +++ /dev/null @@ -1,1074 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_policy6 -short_description: Configure IPv6 policies in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and policy6 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_policy6: - description: - - Configure IPv6 policies. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - action: - description: - - Policy action (allow/deny/ipsec). - type: str - choices: - - accept - - deny - - ipsec - app_category: - description: - - Application category ID list. - type: list - suboptions: - id: - description: - - Category IDs. - required: true - type: int - app_group: - description: - - Application group names. - type: list - suboptions: - name: - description: - - Application group names. Source application.group.name. - required: true - type: str - application: - description: - - Application ID list. - type: list - suboptions: - id: - description: - - Application IDs. - required: true - type: int - application_list: - description: - - Name of an existing Application list. Source application.list.name. - type: str - av_profile: - description: - - Name of an existing Antivirus profile. Source antivirus.profile.name. - type: str - comments: - description: - - Comment. - type: str - custom_log_fields: - description: - - Log field index numbers to append custom log fields to log messages for this policy. - type: list - suboptions: - field_id: - description: - - Custom log field. Source log.custom-field.id. - type: str - devices: - description: - - Names of devices or device groups that can be matched by the policy. - type: list - suboptions: - name: - description: - - Device or group name. Source user.device.alias user.device-group.name user.device-category.name. - required: true - type: str - diffserv_forward: - description: - - Enable to change packet's DiffServ values to the specified diffservcode-forward value. - type: str - choices: - - enable - - disable - diffserv_reverse: - description: - - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. - type: str - choices: - - enable - - disable - diffservcode_forward: - description: - - Change packet's DiffServ to this value. - type: str - diffservcode_rev: - description: - - Change packet's reverse (reply) DiffServ to this value. - type: str - dlp_sensor: - description: - - Name of an existing DLP sensor. Source dlp.sensor.name. - type: str - dscp_match: - description: - - Enable DSCP check. - type: str - choices: - - enable - - disable - dscp_negate: - description: - - Enable negated DSCP match. - type: str - choices: - - enable - - disable - dscp_value: - description: - - DSCP value. - type: str - dsri: - description: - - Enable DSRI to ignore HTTP server responses. - type: str - choices: - - enable - - disable - dstaddr: - description: - - Destination address and address group names. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address6.name firewall.addrgrp6.name firewall.vip6.name firewall.vipgrp6.name. - required: true - type: str - dstaddr_negate: - description: - - When enabled dstaddr specifies what the destination address must NOT be. - type: str - choices: - - enable - - disable - dstintf: - description: - - Outgoing (egress) interface. - type: list - suboptions: - name: - description: - - Interface name. Source system.interface.name system.zone.name. - required: true - type: str - firewall_session_dirty: - description: - - How to handle sessions if the configuration of this firewall policy changes. - type: str - choices: - - check-all - - check-new - fixedport: - description: - - Enable to prevent source NAT from changing a session's source port. - type: str - choices: - - enable - - disable - global_label: - description: - - Label for the policy that appears when the GUI is in Global View mode. - type: str - groups: - description: - - Names of user groups that can authenticate with this policy. - type: list - suboptions: - name: - description: - - Group name. Source user.group.name. - required: true - type: str - icap_profile: - description: - - Name of an existing ICAP profile. Source icap.profile.name. - type: str - inbound: - description: - - "Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN." - type: str - choices: - - enable - - disable - ippool: - description: - - Enable to use IP Pools for source NAT. - type: str - choices: - - enable - - disable - ips_sensor: - description: - - Name of an existing IPS sensor. Source ips.sensor.name. - type: str - label: - description: - - Label for the policy that appears when the GUI is in Section View mode. - type: str - logtraffic: - description: - - Enable or disable logging. Log all sessions or security profile sessions. - type: str - choices: - - all - - utm - - disable - logtraffic_start: - description: - - Record logs when a session starts and ends. - type: str - choices: - - enable - - disable - name: - description: - - Policy name. - type: str - nat: - description: - - Enable/disable source NAT. - type: str - choices: - - enable - - disable - natinbound: - description: - - "Policy-based IPsec VPN: apply destination NAT to inbound traffic." - type: str - choices: - - enable - - disable - natoutbound: - description: - - "Policy-based IPsec VPN: apply source NAT to outbound traffic." - type: str - choices: - - enable - - disable - outbound: - description: - - "Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN." - type: str - choices: - - enable - - disable - per_ip_shaper: - description: - - Per-IP traffic shaper. Source firewall.shaper.per-ip-shaper.name. - type: str - policyid: - description: - - Policy ID. - required: true - type: int - poolname: - description: - - IP Pool names. - type: list - suboptions: - name: - description: - - IP pool name. Source firewall.ippool6.name. - required: true - type: str - profile_group: - description: - - Name of profile group. Source firewall.profile-group.name. - type: str - profile_protocol_options: - description: - - Name of an existing Protocol options profile. Source firewall.profile-protocol-options.name. - type: str - profile_type: - description: - - Determine whether the firewall policy allows security profile groups or single profiles only. - type: str - choices: - - single - - group - replacemsg_override_group: - description: - - Override the default replacement message group for this policy. Source system.replacemsg-group.name. - type: str - rsso: - description: - - Enable/disable RADIUS single sign-on (RSSO). - type: str - choices: - - enable - - disable - schedule: - description: - - Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name. - type: str - send_deny_packet: - description: - - Enable/disable return of deny-packet. - type: str - choices: - - enable - - disable - service: - description: - - Service and service group names. - type: list - suboptions: - name: - description: - - Address name. Source firewall.service.custom.name firewall.service.group.name. - required: true - type: str - service_negate: - description: - - When enabled service specifies what the service must NOT be. - type: str - choices: - - enable - - disable - session_ttl: - description: - - Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL. - type: int - spamfilter_profile: - description: - - Name of an existing Spam filter profile. Source spamfilter.profile.name. - type: str - srcaddr: - description: - - Source address and address group names. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address6.name firewall.addrgrp6.name. - required: true - type: str - srcaddr_negate: - description: - - When enabled srcaddr specifies what the source address must NOT be. - type: str - choices: - - enable - - disable - srcintf: - description: - - Incoming (ingress) interface. - type: list - suboptions: - name: - description: - - Interface name. Source system.zone.name system.interface.name. - required: true - type: str - ssh_filter_profile: - description: - - Name of an existing SSH filter profile. Source ssh-filter.profile.name. - type: str - ssl_mirror: - description: - - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). - type: str - choices: - - enable - - disable - ssl_mirror_intf: - description: - - SSL mirror interface name. - type: list - suboptions: - name: - description: - - Interface name. Source system.zone.name system.interface.name. - required: true - type: str - ssl_ssh_profile: - description: - - Name of an existing SSL SSH profile. Source firewall.ssl-ssh-profile.name. - type: str - status: - description: - - Enable or disable this policy. - type: str - choices: - - enable - - disable - tcp_mss_receiver: - description: - - Receiver TCP maximum segment size (MSS). - type: int - tcp_mss_sender: - description: - - Sender TCP maximum segment size (MSS). - type: int - tcp_session_without_syn: - description: - - Enable/disable creation of TCP session without SYN flag. - type: str - choices: - - all - - data-only - - disable - timeout_send_rst: - description: - - Enable/disable sending RST packets when TCP sessions expire. - type: str - choices: - - enable - - disable - traffic_shaper: - description: - - Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name. - type: str - traffic_shaper_reverse: - description: - - Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name. - type: str - url_category: - description: - - URL category ID list. - type: list - suboptions: - id: - description: - - URL category ID. - required: true - type: int - users: - description: - - Names of individual users that can authenticate with this policy. - type: list - suboptions: - name: - description: - - Names of individual users that can authenticate with this policy. Source user.local.name. - required: true - type: str - utm_status: - description: - - Enable AV/web/ips protection profile. - type: str - choices: - - enable - - disable - uuid: - description: - - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). - type: str - vlan_cos_fwd: - description: - - "VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest" - type: int - vlan_cos_rev: - description: - - "VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest" - type: int - vlan_filter: - description: - - Set VLAN filters. - type: str - voip_profile: - description: - - Name of an existing VoIP profile. Source voip.profile.name. - type: str - vpntunnel: - description: - - "Policy-based IPsec VPN: name of the IPsec VPN Phase 1. Source vpn.ipsec.phase1.name vpn.ipsec.manualkey.name." - type: str - webfilter_profile: - description: - - Name of an existing Web filter profile. Source webfilter.profile.name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv6 policies. - fortios_firewall_policy6: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_policy6: - action: "accept" - app_category: - - - id: "5" - app_group: - - - name: "default_name_7 (source application.group.name)" - application: - - - id: "9" - application_list: " (source application.list.name)" - av_profile: " (source antivirus.profile.name)" - comments: "" - custom_log_fields: - - - field_id: " (source log.custom-field.id)" - devices: - - - name: "default_name_16 (source user.device.alias user.device-group.name user.device-category.name)" - diffserv_forward: "enable" - diffserv_reverse: "enable" - diffservcode_forward: "" - diffservcode_rev: "" - dlp_sensor: " (source dlp.sensor.name)" - dscp_match: "enable" - dscp_negate: "enable" - dscp_value: "" - dsri: "enable" - dstaddr: - - - name: "default_name_27 (source firewall.address6.name firewall.addrgrp6.name firewall.vip6.name firewall.vipgrp6.name)" - dstaddr_negate: "enable" - dstintf: - - - name: "default_name_30 (source system.interface.name system.zone.name)" - firewall_session_dirty: "check-all" - fixedport: "enable" - global_label: "" - groups: - - - name: "default_name_35 (source user.group.name)" - icap_profile: " (source icap.profile.name)" - inbound: "enable" - ippool: "enable" - ips_sensor: " (source ips.sensor.name)" - label: "" - logtraffic: "all" - logtraffic_start: "enable" - name: "default_name_43" - nat: "enable" - natinbound: "enable" - natoutbound: "enable" - outbound: "enable" - per_ip_shaper: " (source firewall.shaper.per-ip-shaper.name)" - policyid: "49" - poolname: - - - name: "default_name_51 (source firewall.ippool6.name)" - profile_group: " (source firewall.profile-group.name)" - profile_protocol_options: " (source firewall.profile-protocol-options.name)" - profile_type: "single" - replacemsg_override_group: " (source system.replacemsg-group.name)" - rsso: "enable" - schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" - send_deny_packet: "enable" - service: - - - name: "default_name_60 (source firewall.service.custom.name firewall.service.group.name)" - service_negate: "enable" - session_ttl: "62" - spamfilter_profile: " (source spamfilter.profile.name)" - srcaddr: - - - name: "default_name_65 (source firewall.address6.name firewall.addrgrp6.name)" - srcaddr_negate: "enable" - srcintf: - - - name: "default_name_68 (source system.zone.name system.interface.name)" - ssh_filter_profile: " (source ssh-filter.profile.name)" - ssl_mirror: "enable" - ssl_mirror_intf: - - - name: "default_name_72 (source system.zone.name system.interface.name)" - ssl_ssh_profile: " (source firewall.ssl-ssh-profile.name)" - status: "enable" - tcp_mss_receiver: "75" - tcp_mss_sender: "76" - tcp_session_without_syn: "all" - timeout_send_rst: "enable" - traffic_shaper: " (source firewall.shaper.traffic-shaper.name)" - traffic_shaper_reverse: " (source firewall.shaper.traffic-shaper.name)" - url_category: - - - id: "82" - users: - - - name: "default_name_84 (source user.local.name)" - utm_status: "enable" - uuid: "" - vlan_cos_fwd: "87" - vlan_cos_rev: "88" - vlan_filter: "" - voip_profile: " (source voip.profile.name)" - vpntunnel: " (source vpn.ipsec.phase1.name vpn.ipsec.manualkey.name)" - webfilter_profile: " (source webfilter.profile.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_policy6_data(json): - option_list = ['action', 'app_category', 'app_group', - 'application', 'application_list', 'av_profile', - 'comments', 'custom_log_fields', 'devices', - 'diffserv_forward', 'diffserv_reverse', 'diffservcode_forward', - 'diffservcode_rev', 'dlp_sensor', 'dscp_match', - 'dscp_negate', 'dscp_value', 'dsri', - 'dstaddr', 'dstaddr_negate', 'dstintf', - 'firewall_session_dirty', 'fixedport', 'global_label', - 'groups', 'icap_profile', 'inbound', - 'ippool', 'ips_sensor', 'label', - 'logtraffic', 'logtraffic_start', 'name', - 'nat', 'natinbound', 'natoutbound', - 'outbound', 'per_ip_shaper', 'policyid', - 'poolname', 'profile_group', 'profile_protocol_options', - 'profile_type', 'replacemsg_override_group', 'rsso', - 'schedule', 'send_deny_packet', 'service', - 'service_negate', 'session_ttl', 'spamfilter_profile', - 'srcaddr', 'srcaddr_negate', 'srcintf', - 'ssh_filter_profile', 'ssl_mirror', 'ssl_mirror_intf', - 'ssl_ssh_profile', 'status', 'tcp_mss_receiver', - 'tcp_mss_sender', 'tcp_session_without_syn', 'timeout_send_rst', - 'traffic_shaper', 'traffic_shaper_reverse', 'url_category', - 'users', 'utm_status', 'uuid', - 'vlan_cos_fwd', 'vlan_cos_rev', 'vlan_filter', - 'voip_profile', 'vpntunnel', 'webfilter_profile'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_policy6(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_policy6'] and data['firewall_policy6']: - state = data['firewall_policy6']['state'] - else: - state = True - firewall_policy6_data = data['firewall_policy6'] - filtered_data = underscore_to_hyphen(filter_firewall_policy6_data(firewall_policy6_data)) - - if state == "present": - return fos.set('firewall', - 'policy6', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'policy6', - mkey=filtered_data['policyid'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_policy6']: - resp = firewall_policy6(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_policy6": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "action": {"required": False, "type": "str", - "choices": ["accept", "deny", "ipsec"]}, - "app_category": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "app_group": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "application": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "application_list": {"required": False, "type": "str"}, - "av_profile": {"required": False, "type": "str"}, - "comments": {"required": False, "type": "str"}, - "custom_log_fields": {"required": False, "type": "list", - "options": { - "field_id": {"required": False, "type": "str"} - }}, - "devices": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "diffserv_forward": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "diffserv_reverse": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "diffservcode_forward": {"required": False, "type": "str"}, - "diffservcode_rev": {"required": False, "type": "str"}, - "dlp_sensor": {"required": False, "type": "str"}, - "dscp_match": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dscp_negate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dscp_value": {"required": False, "type": "str"}, - "dsri": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dstaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "dstaddr_negate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dstintf": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "firewall_session_dirty": {"required": False, "type": "str", - "choices": ["check-all", "check-new"]}, - "fixedport": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "global_label": {"required": False, "type": "str"}, - "groups": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "icap_profile": {"required": False, "type": "str"}, - "inbound": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ippool": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ips_sensor": {"required": False, "type": "str"}, - "label": {"required": False, "type": "str"}, - "logtraffic": {"required": False, "type": "str", - "choices": ["all", "utm", "disable"]}, - "logtraffic_start": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "name": {"required": False, "type": "str"}, - "nat": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "natinbound": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "natoutbound": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "outbound": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "per_ip_shaper": {"required": False, "type": "str"}, - "policyid": {"required": True, "type": "int"}, - "poolname": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "profile_group": {"required": False, "type": "str"}, - "profile_protocol_options": {"required": False, "type": "str"}, - "profile_type": {"required": False, "type": "str", - "choices": ["single", "group"]}, - "replacemsg_override_group": {"required": False, "type": "str"}, - "rsso": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "schedule": {"required": False, "type": "str"}, - "send_deny_packet": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "service": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "service_negate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "session_ttl": {"required": False, "type": "int"}, - "spamfilter_profile": {"required": False, "type": "str"}, - "srcaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "srcaddr_negate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "srcintf": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "ssh_filter_profile": {"required": False, "type": "str"}, - "ssl_mirror": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssl_mirror_intf": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "ssl_ssh_profile": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "tcp_mss_receiver": {"required": False, "type": "int"}, - "tcp_mss_sender": {"required": False, "type": "int"}, - "tcp_session_without_syn": {"required": False, "type": "str", - "choices": ["all", "data-only", "disable"]}, - "timeout_send_rst": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "traffic_shaper": {"required": False, "type": "str"}, - "traffic_shaper_reverse": {"required": False, "type": "str"}, - "url_category": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "users": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "utm_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "uuid": {"required": False, "type": "str"}, - "vlan_cos_fwd": {"required": False, "type": "int"}, - "vlan_cos_rev": {"required": False, "type": "int"}, - "vlan_filter": {"required": False, "type": "str"}, - "voip_profile": {"required": False, "type": "str"}, - "vpntunnel": {"required": False, "type": "str"}, - "webfilter_profile": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_policy64.py b/lib/ansible/modules/network/fortios/fortios_firewall_policy64.py deleted file mode 100644 index d003fa3c674..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_policy64.py +++ /dev/null @@ -1,525 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_policy64 -short_description: Configure IPv6 to IPv4 policies in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and policy64 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_policy64: - description: - - Configure IPv6 to IPv4 policies. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - action: - description: - - Policy action. - type: str - choices: - - accept - - deny - comments: - description: - - Comment. - type: str - dstaddr: - description: - - Destination address name. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name firewall.vip64.name firewall.vipgrp64.name. - required: true - type: str - dstintf: - description: - - Destination interface name. Source system.interface.name system.zone.name. - type: str - fixedport: - description: - - Enable/disable policy fixed port. - type: str - choices: - - enable - - disable - ippool: - description: - - Enable/disable policy64 IP pool. - type: str - choices: - - enable - - disable - logtraffic: - description: - - Enable/disable policy log traffic. - type: str - choices: - - enable - - disable - per_ip_shaper: - description: - - Per-IP traffic shaper. Source firewall.shaper.per-ip-shaper.name. - type: str - permit_any_host: - description: - - Enable/disable permit any host in. - type: str - choices: - - enable - - disable - policyid: - description: - - Policy ID. - required: true - type: int - poolname: - description: - - Policy IP pool names. - type: list - suboptions: - name: - description: - - IP pool name. Source firewall.ippool.name. - required: true - type: str - schedule: - description: - - Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name. - type: str - service: - description: - - Service name. - type: list - suboptions: - name: - description: - - Address name. Source firewall.service.custom.name firewall.service.group.name. - required: true - type: str - srcaddr: - description: - - Source address name. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address6.name firewall.addrgrp6.name. - required: true - type: str - srcintf: - description: - - Source interface name. Source system.zone.name system.interface.name. - type: str - status: - description: - - Enable/disable policy status. - type: str - choices: - - enable - - disable - tcp_mss_receiver: - description: - - TCP MSS value of receiver. - type: int - tcp_mss_sender: - description: - - TCP MSS value of sender. - type: int - traffic_shaper: - description: - - Traffic shaper. Source firewall.shaper.traffic-shaper.name. - type: str - traffic_shaper_reverse: - description: - - Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name. - type: str - uuid: - description: - - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv6 to IPv4 policies. - fortios_firewall_policy64: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_policy64: - action: "accept" - comments: "" - dstaddr: - - - name: "default_name_6 (source firewall.address.name firewall.addrgrp.name firewall.vip64.name firewall.vipgrp64.name)" - dstintf: " (source system.interface.name system.zone.name)" - fixedport: "enable" - ippool: "enable" - logtraffic: "enable" - per_ip_shaper: " (source firewall.shaper.per-ip-shaper.name)" - permit_any_host: "enable" - policyid: "13" - poolname: - - - name: "default_name_15 (source firewall.ippool.name)" - schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" - service: - - - name: "default_name_18 (source firewall.service.custom.name firewall.service.group.name)" - srcaddr: - - - name: "default_name_20 (source firewall.address6.name firewall.addrgrp6.name)" - srcintf: " (source system.zone.name system.interface.name)" - status: "enable" - tcp_mss_receiver: "23" - tcp_mss_sender: "24" - traffic_shaper: " (source firewall.shaper.traffic-shaper.name)" - traffic_shaper_reverse: " (source firewall.shaper.traffic-shaper.name)" - uuid: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_policy64_data(json): - option_list = ['action', 'comments', 'dstaddr', - 'dstintf', 'fixedport', 'ippool', - 'logtraffic', 'per_ip_shaper', 'permit_any_host', - 'policyid', 'poolname', 'schedule', - 'service', 'srcaddr', 'srcintf', - 'status', 'tcp_mss_receiver', 'tcp_mss_sender', - 'traffic_shaper', 'traffic_shaper_reverse', 'uuid'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_policy64(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_policy64'] and data['firewall_policy64']: - state = data['firewall_policy64']['state'] - else: - state = True - firewall_policy64_data = data['firewall_policy64'] - filtered_data = underscore_to_hyphen(filter_firewall_policy64_data(firewall_policy64_data)) - - if state == "present": - return fos.set('firewall', - 'policy64', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'policy64', - mkey=filtered_data['policyid'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_policy64']: - resp = firewall_policy64(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_policy64": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "action": {"required": False, "type": "str", - "choices": ["accept", "deny"]}, - "comments": {"required": False, "type": "str"}, - "dstaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "dstintf": {"required": False, "type": "str"}, - "fixedport": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ippool": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "logtraffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "per_ip_shaper": {"required": False, "type": "str"}, - "permit_any_host": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "policyid": {"required": True, "type": "int"}, - "poolname": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "schedule": {"required": False, "type": "str"}, - "service": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "srcaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "srcintf": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "tcp_mss_receiver": {"required": False, "type": "int"}, - "tcp_mss_sender": {"required": False, "type": "int"}, - "traffic_shaper": {"required": False, "type": "str"}, - "traffic_shaper_reverse": {"required": False, "type": "str"}, - "uuid": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_profile_group.py b/lib/ansible/modules/network/fortios/fortios_firewall_profile_group.py deleted file mode 100644 index 76c2b070ea8..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_profile_group.py +++ /dev/null @@ -1,413 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_profile_group -short_description: Configure profile groups in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and profile_group category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_profile_group: - description: - - Configure profile groups. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - application_list: - description: - - Name of an existing Application list. Source application.list.name. - type: str - av_profile: - description: - - Name of an existing Antivirus profile. Source antivirus.profile.name. - type: str - dlp_sensor: - description: - - Name of an existing DLP sensor. Source dlp.sensor.name. - type: str - dnsfilter_profile: - description: - - Name of an existing DNS filter profile. Source dnsfilter.profile.name. - type: str - icap_profile: - description: - - Name of an existing ICAP profile. Source icap.profile.name. - type: str - ips_sensor: - description: - - Name of an existing IPS sensor. Source ips.sensor.name. - type: str - name: - description: - - Profile group name. - required: true - type: str - profile_protocol_options: - description: - - Name of an existing Protocol options profile. Source firewall.profile-protocol-options.name. - type: str - spamfilter_profile: - description: - - Name of an existing Spam filter profile. Source spamfilter.profile.name. - type: str - ssh_filter_profile: - description: - - Name of an existing SSH filter profile. Source ssh-filter.profile.name. - type: str - ssl_ssh_profile: - description: - - Name of an existing SSL SSH profile. Source firewall.ssl-ssh-profile.name. - type: str - voip_profile: - description: - - Name of an existing VoIP profile. Source voip.profile.name. - type: str - waf_profile: - description: - - Name of an existing Web application firewall profile. Source waf.profile.name. - type: str - webfilter_profile: - description: - - Name of an existing Web filter profile. Source webfilter.profile.name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure profile groups. - fortios_firewall_profile_group: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_profile_group: - application_list: " (source application.list.name)" - av_profile: " (source antivirus.profile.name)" - dlp_sensor: " (source dlp.sensor.name)" - dnsfilter_profile: " (source dnsfilter.profile.name)" - icap_profile: " (source icap.profile.name)" - ips_sensor: " (source ips.sensor.name)" - name: "default_name_9" - profile_protocol_options: " (source firewall.profile-protocol-options.name)" - spamfilter_profile: " (source spamfilter.profile.name)" - ssh_filter_profile: " (source ssh-filter.profile.name)" - ssl_ssh_profile: " (source firewall.ssl-ssh-profile.name)" - voip_profile: " (source voip.profile.name)" - waf_profile: " (source waf.profile.name)" - webfilter_profile: " (source webfilter.profile.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_profile_group_data(json): - option_list = ['application_list', 'av_profile', 'dlp_sensor', - 'dnsfilter_profile', 'icap_profile', 'ips_sensor', - 'name', 'profile_protocol_options', 'spamfilter_profile', - 'ssh_filter_profile', 'ssl_ssh_profile', 'voip_profile', - 'waf_profile', 'webfilter_profile'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_profile_group(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_profile_group'] and data['firewall_profile_group']: - state = data['firewall_profile_group']['state'] - else: - state = True - firewall_profile_group_data = data['firewall_profile_group'] - filtered_data = underscore_to_hyphen(filter_firewall_profile_group_data(firewall_profile_group_data)) - - if state == "present": - return fos.set('firewall', - 'profile-group', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'profile-group', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_profile_group']: - resp = firewall_profile_group(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_profile_group": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "application_list": {"required": False, "type": "str"}, - "av_profile": {"required": False, "type": "str"}, - "dlp_sensor": {"required": False, "type": "str"}, - "dnsfilter_profile": {"required": False, "type": "str"}, - "icap_profile": {"required": False, "type": "str"}, - "ips_sensor": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "profile_protocol_options": {"required": False, "type": "str"}, - "spamfilter_profile": {"required": False, "type": "str"}, - "ssh_filter_profile": {"required": False, "type": "str"}, - "ssl_ssh_profile": {"required": False, "type": "str"}, - "voip_profile": {"required": False, "type": "str"}, - "waf_profile": {"required": False, "type": "str"}, - "webfilter_profile": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_profile_protocol_options.py b/lib/ansible/modules/network/fortios/fortios_firewall_profile_protocol_options.py deleted file mode 100644 index 5937acf8871..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_profile_protocol_options.py +++ /dev/null @@ -1,1083 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_profile_protocol_options -short_description: Configure protocol options in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and profile_protocol_options category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_profile_protocol_options: - description: - - Configure protocol options. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - comment: - description: - - Optional comments. - type: str - dns: - description: - - Configure DNS protocol options. - type: dict - suboptions: - ports: - description: - - Ports to scan for content (1 - 65535). - type: int - status: - description: - - Enable/disable the active status of scanning for this protocol. - type: str - choices: - - enable - - disable - ftp: - description: - - Configure FTP protocol options. - type: dict - suboptions: - comfort_amount: - description: - - Amount of data to send in a transmission for client comforting (1 - 10240 bytes). - type: int - comfort_interval: - description: - - Period of time between start, or last transmission, and the next client comfort transmission of data (1 - 900 sec). - type: int - inspect_all: - description: - - Enable/disable the inspection of all ports for the protocol. - type: str - choices: - - enable - - disable - options: - description: - - One or more options that can be applied to the session. - type: str - choices: - - clientcomfort - - oversize - - splice - - bypass-rest-command - - bypass-mode-command - oversize_limit: - description: - - Maximum in-memory file size that can be scanned (1 - 383 MB). - type: int - ports: - description: - - Ports to scan for content (1 - 65535). - type: int - scan_bzip2: - description: - - Enable/disable scanning of BZip2 compressed files. - type: str - choices: - - enable - - disable - status: - description: - - Enable/disable the active status of scanning for this protocol. - type: str - choices: - - enable - - disable - uncompressed_nest_limit: - description: - - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). - type: int - uncompressed_oversize_limit: - description: - - Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited). - type: int - http: - description: - - Configure HTTP protocol options. - type: dict - suboptions: - block_page_status_code: - description: - - Code number returned for blocked HTTP pages (non-FortiGuard only) (100 - 599). - type: int - comfort_amount: - description: - - Amount of data to send in a transmission for client comforting (1 - 10240 bytes). - type: int - comfort_interval: - description: - - Period of time between start, or last transmission, and the next client comfort transmission of data (1 - 900 sec). - type: int - fortinet_bar: - description: - - Enable/disable Fortinet bar on HTML content. - type: str - choices: - - enable - - disable - fortinet_bar_port: - description: - - Port for use by Fortinet Bar (1 - 65535). - type: int - http_policy: - description: - - Enable/disable HTTP policy check. - type: str - choices: - - disable - - enable - inspect_all: - description: - - Enable/disable the inspection of all ports for the protocol. - type: str - choices: - - enable - - disable - options: - description: - - One or more options that can be applied to the session. - type: str - choices: - - clientcomfort - - servercomfort - - oversize - - chunkedbypass - oversize_limit: - description: - - Maximum in-memory file size that can be scanned (1 - 383 MB). - type: int - ports: - description: - - Ports to scan for content (1 - 65535). - type: int - post_lang: - description: - - ID codes for character sets to be used to convert to UTF-8 for banned words and DLP on HTTP posts (maximum of 5 character sets). - type: str - choices: - - jisx0201 - - jisx0208 - - jisx0212 - - gb2312 - - ksc5601-ex - - euc-jp - - sjis - - iso2022-jp - - iso2022-jp-1 - - iso2022-jp-2 - - euc-cn - - ces-gbk - - hz - - ces-big5 - - euc-kr - - iso2022-jp-3 - - iso8859-1 - - tis620 - - cp874 - - cp1252 - - cp1251 - range_block: - description: - - Enable/disable blocking of partial downloads. - type: str - choices: - - disable - - enable - retry_count: - description: - - Number of attempts to retry HTTP connection (0 - 100). - type: int - scan_bzip2: - description: - - Enable/disable scanning of BZip2 compressed files. - type: str - choices: - - enable - - disable - status: - description: - - Enable/disable the active status of scanning for this protocol. - type: str - choices: - - enable - - disable - streaming_content_bypass: - description: - - Enable/disable bypassing of streaming content from buffering. - type: str - choices: - - enable - - disable - strip_x_forwarded_for: - description: - - Enable/disable stripping of HTTP X-Forwarded-For header. - type: str - choices: - - disable - - enable - switching_protocols: - description: - - Bypass from scanning, or block a connection that attempts to switch protocol. - type: str - choices: - - bypass - - block - uncompressed_nest_limit: - description: - - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). - type: int - uncompressed_oversize_limit: - description: - - Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited). - type: int - imap: - description: - - Configure IMAP protocol options. - type: dict - suboptions: - inspect_all: - description: - - Enable/disable the inspection of all ports for the protocol. - type: str - choices: - - enable - - disable - options: - description: - - One or more options that can be applied to the session. - type: str - choices: - - fragmail - - oversize - oversize_limit: - description: - - Maximum in-memory file size that can be scanned (1 - 383 MB). - type: int - ports: - description: - - Ports to scan for content (1 - 65535). - type: int - scan_bzip2: - description: - - Enable/disable scanning of BZip2 compressed files. - type: str - choices: - - enable - - disable - status: - description: - - Enable/disable the active status of scanning for this protocol. - type: str - choices: - - enable - - disable - uncompressed_nest_limit: - description: - - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). - type: int - uncompressed_oversize_limit: - description: - - Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited). - type: int - mail_signature: - description: - - Configure Mail signature. - type: dict - suboptions: - signature: - description: - - Email signature to be added to outgoing email (if the signature contains spaces, enclose with quotation marks). - type: str - status: - description: - - Enable/disable adding an email signature to SMTP email messages as they pass through the FortiGate. - type: str - choices: - - disable - - enable - mapi: - description: - - Configure MAPI protocol options. - type: dict - suboptions: - options: - description: - - One or more options that can be applied to the session. - type: str - choices: - - fragmail - - oversize - oversize_limit: - description: - - Maximum in-memory file size that can be scanned (1 - 383 MB). - type: int - ports: - description: - - Ports to scan for content (1 - 65535). - type: int - scan_bzip2: - description: - - Enable/disable scanning of BZip2 compressed files. - type: str - choices: - - enable - - disable - status: - description: - - Enable/disable the active status of scanning for this protocol. - type: str - choices: - - enable - - disable - uncompressed_nest_limit: - description: - - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). - type: int - uncompressed_oversize_limit: - description: - - Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited). - type: int - name: - description: - - Name. - required: true - type: str - nntp: - description: - - Configure NNTP protocol options. - type: dict - suboptions: - inspect_all: - description: - - Enable/disable the inspection of all ports for the protocol. - type: str - choices: - - enable - - disable - options: - description: - - One or more options that can be applied to the session. - type: str - choices: - - oversize - - splice - oversize_limit: - description: - - Maximum in-memory file size that can be scanned (1 - 383 MB). - type: int - ports: - description: - - Ports to scan for content (1 - 65535). - type: int - scan_bzip2: - description: - - Enable/disable scanning of BZip2 compressed files. - type: str - choices: - - enable - - disable - status: - description: - - Enable/disable the active status of scanning for this protocol. - type: str - choices: - - enable - - disable - uncompressed_nest_limit: - description: - - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). - type: int - uncompressed_oversize_limit: - description: - - Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited). - type: int - oversize_log: - description: - - Enable/disable logging for antivirus oversize file blocking. - type: str - choices: - - disable - - enable - pop3: - description: - - Configure POP3 protocol options. - type: dict - suboptions: - inspect_all: - description: - - Enable/disable the inspection of all ports for the protocol. - type: str - choices: - - enable - - disable - options: - description: - - One or more options that can be applied to the session. - type: str - choices: - - fragmail - - oversize - oversize_limit: - description: - - Maximum in-memory file size that can be scanned (1 - 383 MB). - type: int - ports: - description: - - Ports to scan for content (1 - 65535). - type: int - scan_bzip2: - description: - - Enable/disable scanning of BZip2 compressed files. - type: str - choices: - - enable - - disable - status: - description: - - Enable/disable the active status of scanning for this protocol. - type: str - choices: - - enable - - disable - uncompressed_nest_limit: - description: - - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). - type: int - uncompressed_oversize_limit: - description: - - Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited). - type: int - replacemsg_group: - description: - - Name of the replacement message group to be used Source system.replacemsg-group.name. - type: str - rpc_over_http: - description: - - Enable/disable inspection of RPC over HTTP. - type: str - choices: - - enable - - disable - smtp: - description: - - Configure SMTP protocol options. - type: dict - suboptions: - inspect_all: - description: - - Enable/disable the inspection of all ports for the protocol. - type: str - choices: - - enable - - disable - options: - description: - - One or more options that can be applied to the session. - type: str - choices: - - fragmail - - oversize - - splice - oversize_limit: - description: - - Maximum in-memory file size that can be scanned (1 - 383 MB). - type: int - ports: - description: - - Ports to scan for content (1 - 65535). - type: int - scan_bzip2: - description: - - Enable/disable scanning of BZip2 compressed files. - type: str - choices: - - enable - - disable - server_busy: - description: - - Enable/disable SMTP server busy when server not available. - type: str - choices: - - enable - - disable - status: - description: - - Enable/disable the active status of scanning for this protocol. - type: str - choices: - - enable - - disable - uncompressed_nest_limit: - description: - - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). - type: int - uncompressed_oversize_limit: - description: - - Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited). - type: int - switching_protocols_log: - description: - - Enable/disable logging for HTTP/HTTPS switching protocols. - type: str - choices: - - disable - - enable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure protocol options. - fortios_firewall_profile_protocol_options: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_profile_protocol_options: - comment: "Optional comments." - dns: - ports: "5" - status: "enable" - ftp: - comfort_amount: "8" - comfort_interval: "9" - inspect_all: "enable" - options: "clientcomfort" - oversize_limit: "12" - ports: "13" - scan_bzip2: "enable" - status: "enable" - uncompressed_nest_limit: "16" - uncompressed_oversize_limit: "17" - http: - block_page_status_code: "19" - comfort_amount: "20" - comfort_interval: "21" - fortinet_bar: "enable" - fortinet_bar_port: "23" - http_policy: "disable" - inspect_all: "enable" - options: "clientcomfort" - oversize_limit: "27" - ports: "28" - post_lang: "jisx0201" - range_block: "disable" - retry_count: "31" - scan_bzip2: "enable" - status: "enable" - streaming_content_bypass: "enable" - strip_x_forwarded_for: "disable" - switching_protocols: "bypass" - uncompressed_nest_limit: "37" - uncompressed_oversize_limit: "38" - imap: - inspect_all: "enable" - options: "fragmail" - oversize_limit: "42" - ports: "43" - scan_bzip2: "enable" - status: "enable" - uncompressed_nest_limit: "46" - uncompressed_oversize_limit: "47" - mail_signature: - signature: "" - status: "disable" - mapi: - options: "fragmail" - oversize_limit: "53" - ports: "54" - scan_bzip2: "enable" - status: "enable" - uncompressed_nest_limit: "57" - uncompressed_oversize_limit: "58" - name: "default_name_59" - nntp: - inspect_all: "enable" - options: "oversize" - oversize_limit: "63" - ports: "64" - scan_bzip2: "enable" - status: "enable" - uncompressed_nest_limit: "67" - uncompressed_oversize_limit: "68" - oversize_log: "disable" - pop3: - inspect_all: "enable" - options: "fragmail" - oversize_limit: "73" - ports: "74" - scan_bzip2: "enable" - status: "enable" - uncompressed_nest_limit: "77" - uncompressed_oversize_limit: "78" - replacemsg_group: " (source system.replacemsg-group.name)" - rpc_over_http: "enable" - smtp: - inspect_all: "enable" - options: "fragmail" - oversize_limit: "84" - ports: "85" - scan_bzip2: "enable" - server_busy: "enable" - status: "enable" - uncompressed_nest_limit: "89" - uncompressed_oversize_limit: "90" - switching_protocols_log: "disable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_profile_protocol_options_data(json): - option_list = ['comment', 'dns', 'ftp', - 'http', 'imap', 'mail_signature', - 'mapi', 'name', 'nntp', - 'oversize_log', 'pop3', 'replacemsg_group', - 'rpc_over_http', 'smtp', 'switching_protocols_log'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_profile_protocol_options(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_profile_protocol_options'] and data['firewall_profile_protocol_options']: - state = data['firewall_profile_protocol_options']['state'] - else: - state = True - firewall_profile_protocol_options_data = data['firewall_profile_protocol_options'] - filtered_data = underscore_to_hyphen(filter_firewall_profile_protocol_options_data(firewall_profile_protocol_options_data)) - - if state == "present": - return fos.set('firewall', - 'profile-protocol-options', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'profile-protocol-options', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_profile_protocol_options']: - resp = firewall_profile_protocol_options(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_profile_protocol_options": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "comment": {"required": False, "type": "str"}, - "dns": {"required": False, "type": "dict", - "options": { - "ports": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "ftp": {"required": False, "type": "dict", - "options": { - "comfort_amount": {"required": False, "type": "int"}, - "comfort_interval": {"required": False, "type": "int"}, - "inspect_all": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "options": {"required": False, "type": "str", - "choices": ["clientcomfort", "oversize", "splice", - "bypass-rest-command", "bypass-mode-command"]}, - "oversize_limit": {"required": False, "type": "int"}, - "ports": {"required": False, "type": "int"}, - "scan_bzip2": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "uncompressed_nest_limit": {"required": False, "type": "int"}, - "uncompressed_oversize_limit": {"required": False, "type": "int"} - }}, - "http": {"required": False, "type": "dict", - "options": { - "block_page_status_code": {"required": False, "type": "int"}, - "comfort_amount": {"required": False, "type": "int"}, - "comfort_interval": {"required": False, "type": "int"}, - "fortinet_bar": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "fortinet_bar_port": {"required": False, "type": "int"}, - "http_policy": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "inspect_all": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "options": {"required": False, "type": "str", - "choices": ["clientcomfort", "servercomfort", "oversize", - "chunkedbypass"]}, - "oversize_limit": {"required": False, "type": "int"}, - "ports": {"required": False, "type": "int"}, - "post_lang": {"required": False, "type": "str", - "choices": ["jisx0201", "jisx0208", "jisx0212", - "gb2312", "ksc5601-ex", "euc-jp", - "sjis", "iso2022-jp", "iso2022-jp-1", - "iso2022-jp-2", "euc-cn", "ces-gbk", - "hz", "ces-big5", "euc-kr", - "iso2022-jp-3", "iso8859-1", "tis620", - "cp874", "cp1252", "cp1251"]}, - "range_block": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "retry_count": {"required": False, "type": "int"}, - "scan_bzip2": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "streaming_content_bypass": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "strip_x_forwarded_for": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "switching_protocols": {"required": False, "type": "str", - "choices": ["bypass", "block"]}, - "uncompressed_nest_limit": {"required": False, "type": "int"}, - "uncompressed_oversize_limit": {"required": False, "type": "int"} - }}, - "imap": {"required": False, "type": "dict", - "options": { - "inspect_all": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "options": {"required": False, "type": "str", - "choices": ["fragmail", "oversize"]}, - "oversize_limit": {"required": False, "type": "int"}, - "ports": {"required": False, "type": "int"}, - "scan_bzip2": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "uncompressed_nest_limit": {"required": False, "type": "int"}, - "uncompressed_oversize_limit": {"required": False, "type": "int"} - }}, - "mail_signature": {"required": False, "type": "dict", - "options": { - "signature": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["disable", "enable"]} - }}, - "mapi": {"required": False, "type": "dict", - "options": { - "options": {"required": False, "type": "str", - "choices": ["fragmail", "oversize"]}, - "oversize_limit": {"required": False, "type": "int"}, - "ports": {"required": False, "type": "int"}, - "scan_bzip2": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "uncompressed_nest_limit": {"required": False, "type": "int"}, - "uncompressed_oversize_limit": {"required": False, "type": "int"} - }}, - "name": {"required": True, "type": "str"}, - "nntp": {"required": False, "type": "dict", - "options": { - "inspect_all": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "options": {"required": False, "type": "str", - "choices": ["oversize", "splice"]}, - "oversize_limit": {"required": False, "type": "int"}, - "ports": {"required": False, "type": "int"}, - "scan_bzip2": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "uncompressed_nest_limit": {"required": False, "type": "int"}, - "uncompressed_oversize_limit": {"required": False, "type": "int"} - }}, - "oversize_log": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "pop3": {"required": False, "type": "dict", - "options": { - "inspect_all": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "options": {"required": False, "type": "str", - "choices": ["fragmail", "oversize"]}, - "oversize_limit": {"required": False, "type": "int"}, - "ports": {"required": False, "type": "int"}, - "scan_bzip2": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "uncompressed_nest_limit": {"required": False, "type": "int"}, - "uncompressed_oversize_limit": {"required": False, "type": "int"} - }}, - "replacemsg_group": {"required": False, "type": "str"}, - "rpc_over_http": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "smtp": {"required": False, "type": "dict", - "options": { - "inspect_all": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "options": {"required": False, "type": "str", - "choices": ["fragmail", "oversize", "splice"]}, - "oversize_limit": {"required": False, "type": "int"}, - "ports": {"required": False, "type": "int"}, - "scan_bzip2": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "server_busy": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "uncompressed_nest_limit": {"required": False, "type": "int"}, - "uncompressed_oversize_limit": {"required": False, "type": "int"} - }}, - "switching_protocols_log": {"required": False, "type": "str", - "choices": ["disable", "enable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_proxy_address.py b/lib/ansible/modules/network/fortios/fortios_firewall_proxy_address.py deleted file mode 100644 index 7d82a513040..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_proxy_address.py +++ /dev/null @@ -1,567 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_proxy_address -short_description: Web proxy address configuration in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and proxy_address category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_proxy_address: - description: - - Web proxy address configuration. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - case_sensitivity: - description: - - Enable to make the pattern case sensitive. - type: str - choices: - - disable - - enable - category: - description: - - FortiGuard category ID. - type: list - suboptions: - id: - description: - - Fortiguard category id. - required: true - type: int - color: - description: - - Integer value to determine the color of the icon in the GUI (1 - 32). - type: int - comment: - description: - - Optional comments. - type: str - header: - description: - - HTTP header name as a regular expression. - type: str - header_group: - description: - - HTTP header group. - type: list - suboptions: - case_sensitivity: - description: - - Case sensitivity in pattern. - type: str - choices: - - disable - - enable - header: - description: - - HTTP header regular expression. - type: str - header_name: - description: - - HTTP header. - type: str - id: - description: - - ID. - required: true - type: int - header_name: - description: - - Name of HTTP header. - type: str - host: - description: - - Address object for the host. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name. - type: str - host_regex: - description: - - Host name as a regular expression. - type: str - method: - description: - - HTTP request methods to be used. - type: str - choices: - - get - - post - - put - - head - - connect - - trace - - options - - delete - name: - description: - - Address name. - required: true - type: str - path: - description: - - URL path as a regular expression. - type: str - query: - description: - - Match the query part of the URL as a regular expression. - type: str - referrer: - description: - - Enable/disable use of referrer field in the HTTP header to match the address. - type: str - choices: - - enable - - disable - tagging: - description: - - Config object tagging. - type: list - suboptions: - category: - description: - - Tag category. Source system.object-tagging.category. - type: str - name: - description: - - Tagging entry name. - required: true - type: str - tags: - description: - - Tags. - type: list - suboptions: - name: - description: - - Tag name. Source system.object-tagging.tags.name. - required: true - type: str - type: - description: - - Proxy address type. - type: str - choices: - - host-regex - - url - - category - - method - - ua - - header - - src-advanced - - dst-advanced - ua: - description: - - Names of browsers to be used as user agent. - type: str - choices: - - chrome - - ms - - firefox - - safari - - other - uuid: - description: - - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). - type: str - visibility: - description: - - Enable/disable visibility of the object in the GUI. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Web proxy address configuration. - fortios_firewall_proxy_address: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_proxy_address: - case_sensitivity: "disable" - category: - - - id: "5" - color: "6" - comment: "Optional comments." - header: "" - header_group: - - - case_sensitivity: "disable" - header: "" - header_name: "" - id: "13" - header_name: "" - host: "myhostname (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name)" - host_regex: "myhostname" - method: "get" - name: "default_name_18" - path: "" - query: "" - referrer: "enable" - tagging: - - - category: " (source system.object-tagging.category)" - name: "default_name_24" - tags: - - - name: "default_name_26 (source system.object-tagging.tags.name)" - type: "host-regex" - ua: "chrome" - uuid: "" - visibility: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_proxy_address_data(json): - option_list = ['case_sensitivity', 'category', 'color', - 'comment', 'header', 'header_group', - 'header_name', 'host', 'host_regex', - 'method', 'name', 'path', - 'query', 'referrer', 'tagging', - 'type', 'ua', 'uuid', - 'visibility'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_proxy_address(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_proxy_address'] and data['firewall_proxy_address']: - state = data['firewall_proxy_address']['state'] - else: - state = True - firewall_proxy_address_data = data['firewall_proxy_address'] - filtered_data = underscore_to_hyphen(filter_firewall_proxy_address_data(firewall_proxy_address_data)) - - if state == "present": - return fos.set('firewall', - 'proxy-address', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'proxy-address', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_proxy_address']: - resp = firewall_proxy_address(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_proxy_address": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "case_sensitivity": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "category": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "color": {"required": False, "type": "int"}, - "comment": {"required": False, "type": "str"}, - "header": {"required": False, "type": "str"}, - "header_group": {"required": False, "type": "list", - "options": { - "case_sensitivity": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "header": {"required": False, "type": "str"}, - "header_name": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"} - }}, - "header_name": {"required": False, "type": "str"}, - "host": {"required": False, "type": "str"}, - "host_regex": {"required": False, "type": "str"}, - "method": {"required": False, "type": "str", - "choices": ["get", "post", "put", - "head", "connect", "trace", - "options", "delete"]}, - "name": {"required": True, "type": "str"}, - "path": {"required": False, "type": "str"}, - "query": {"required": False, "type": "str"}, - "referrer": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "tagging": {"required": False, "type": "list", - "options": { - "category": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "tags": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }} - }}, - "type": {"required": False, "type": "str", - "choices": ["host-regex", "url", "category", - "method", "ua", "header", - "src-advanced", "dst-advanced"]}, - "ua": {"required": False, "type": "str", - "choices": ["chrome", "ms", "firefox", - "safari", "other"]}, - "uuid": {"required": False, "type": "str"}, - "visibility": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_proxy_addrgrp.py b/lib/ansible/modules/network/fortios/fortios_firewall_proxy_addrgrp.py deleted file mode 100644 index e9fbcf82d0d..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_proxy_addrgrp.py +++ /dev/null @@ -1,428 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_proxy_addrgrp -short_description: Web proxy address group configuration in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and proxy_addrgrp category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_proxy_addrgrp: - description: - - Web proxy address group configuration. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - color: - description: - - Integer value to determine the color of the icon in the GUI (1 - 32). - type: int - comment: - description: - - Optional comments. - type: str - member: - description: - - Members of address group. - type: list - suboptions: - name: - description: - - Address name. Source firewall.proxy-address.name firewall.proxy-addrgrp.name. - required: true - type: str - name: - description: - - Address group name. - required: true - type: str - tagging: - description: - - Config object tagging. - type: list - suboptions: - category: - description: - - Tag category. Source system.object-tagging.category. - type: str - name: - description: - - Tagging entry name. - required: true - type: str - tags: - description: - - Tags. - type: list - suboptions: - name: - description: - - Tag name. Source system.object-tagging.tags.name. - required: true - type: str - type: - description: - - Source or destination address group type. - type: str - choices: - - src - - dst - uuid: - description: - - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). - type: str - visibility: - description: - - Enable/disable visibility of the object in the GUI. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Web proxy address group configuration. - fortios_firewall_proxy_addrgrp: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_proxy_addrgrp: - color: "3" - comment: "Optional comments." - member: - - - name: "default_name_6 (source firewall.proxy-address.name firewall.proxy-addrgrp.name)" - name: "default_name_7" - tagging: - - - category: " (source system.object-tagging.category)" - name: "default_name_10" - tags: - - - name: "default_name_12 (source system.object-tagging.tags.name)" - type: "src" - uuid: "" - visibility: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_proxy_addrgrp_data(json): - option_list = ['color', 'comment', 'member', - 'name', 'tagging', 'type', - 'uuid', 'visibility'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_proxy_addrgrp(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_proxy_addrgrp'] and data['firewall_proxy_addrgrp']: - state = data['firewall_proxy_addrgrp']['state'] - else: - state = True - firewall_proxy_addrgrp_data = data['firewall_proxy_addrgrp'] - filtered_data = underscore_to_hyphen(filter_firewall_proxy_addrgrp_data(firewall_proxy_addrgrp_data)) - - if state == "present": - return fos.set('firewall', - 'proxy-addrgrp', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'proxy-addrgrp', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_proxy_addrgrp']: - resp = firewall_proxy_addrgrp(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_proxy_addrgrp": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "color": {"required": False, "type": "int"}, - "comment": {"required": False, "type": "str"}, - "member": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "name": {"required": True, "type": "str"}, - "tagging": {"required": False, "type": "list", - "options": { - "category": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "tags": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }} - }}, - "type": {"required": False, "type": "str", - "choices": ["src", "dst"]}, - "uuid": {"required": False, "type": "str"}, - "visibility": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_proxy_policy.py b/lib/ansible/modules/network/fortios/fortios_firewall_proxy_policy.py deleted file mode 100644 index 5a921e785c2..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_proxy_policy.py +++ /dev/null @@ -1,881 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_proxy_policy -short_description: Configure proxy policies in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and proxy_policy category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_proxy_policy: - description: - - Configure proxy policies. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - action: - description: - - Accept or deny traffic matching the policy parameters. - type: str - choices: - - accept - - deny - - redirect - application_list: - description: - - Name of an existing Application list. Source application.list.name. - type: str - av_profile: - description: - - Name of an existing Antivirus profile. Source antivirus.profile.name. - type: str - comments: - description: - - Optional comments. - type: str - disclaimer: - description: - - "Web proxy disclaimer setting: by domain, policy, or user." - type: str - choices: - - disable - - domain - - policy - - user - dlp_sensor: - description: - - Name of an existing DLP sensor. Source dlp.sensor.name. - type: str - dstaddr: - description: - - Destination address objects. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name - firewall.vip.name firewall.vipgrp.name firewall.vip46.name firewall.vipgrp46.name system.external-resource.name. - required: true - type: str - dstaddr_negate: - description: - - When enabled, destination addresses match against any address EXCEPT the specified destination addresses. - type: str - choices: - - enable - - disable - dstaddr6: - description: - - IPv6 destination address objects. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address6.name firewall.addrgrp6.name firewall.vip6.name firewall.vipgrp6.name firewall.vip64.name - firewall.vipgrp64.name system.external-resource.name. - required: true - type: str - dstintf: - description: - - Destination interface names. - type: list - suboptions: - name: - description: - - Interface name. Source system.interface.name system.zone.name. - required: true - type: str - global_label: - description: - - Global web-based manager visible label. - type: str - groups: - description: - - Names of group objects. - type: list - suboptions: - name: - description: - - Group name. Source user.group.name. - required: true - type: str - http_tunnel_auth: - description: - - Enable/disable HTTP tunnel authentication. - type: str - choices: - - enable - - disable - icap_profile: - description: - - Name of an existing ICAP profile. Source icap.profile.name. - type: str - internet_service: - description: - - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. - type: str - choices: - - enable - - disable - internet_service_custom: - description: - - Custom Internet Service name. - type: list - suboptions: - name: - description: - - Custom name. Source firewall.internet-service-custom.name. - required: true - type: str - internet_service_id: - description: - - Internet Service ID. - type: list - suboptions: - id: - description: - - Internet Service ID. Source firewall.internet-service.id. - required: true - type: int - internet_service_negate: - description: - - When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. - type: str - choices: - - enable - - disable - ips_sensor: - description: - - Name of an existing IPS sensor. Source ips.sensor.name. - type: str - label: - description: - - VDOM-specific GUI visible label. - type: str - logtraffic: - description: - - Enable/disable logging traffic through the policy. - type: str - choices: - - all - - utm - - disable - logtraffic_start: - description: - - Enable/disable policy log traffic start. - type: str - choices: - - enable - - disable - policyid: - description: - - Policy ID. - required: true - type: int - poolname: - description: - - Name of IP pool object. - type: list - suboptions: - name: - description: - - IP pool name. Source firewall.ippool.name. - required: true - type: str - profile_group: - description: - - Name of profile group. Source firewall.profile-group.name. - type: str - profile_protocol_options: - description: - - Name of an existing Protocol options profile. Source firewall.profile-protocol-options.name. - type: str - profile_type: - description: - - Determine whether the firewall policy allows security profile groups or single profiles only. - type: str - choices: - - single - - group - proxy: - description: - - Type of explicit proxy. - type: str - choices: - - explicit-web - - transparent-web - - ftp - - ssh - - ssh-tunnel - - wanopt - redirect_url: - description: - - Redirect URL for further explicit web proxy processing. - type: str - replacemsg_override_group: - description: - - Authentication replacement message override group. Source system.replacemsg-group.name. - type: str - scan_botnet_connections: - description: - - Enable/disable scanning of connections to Botnet servers. - type: str - choices: - - disable - - block - - monitor - schedule: - description: - - Name of schedule object. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name. - type: str - service: - description: - - Name of service objects. - type: list - suboptions: - name: - description: - - Service name. Source firewall.service.custom.name firewall.service.group.name. - required: true - type: str - service_negate: - description: - - When enabled, services match against any service EXCEPT the specified destination services. - type: str - choices: - - enable - - disable - session_ttl: - description: - - TTL in seconds for sessions accepted by this policy (0 means use the system ). - type: int - spamfilter_profile: - description: - - Name of an existing Spam filter profile. Source spamfilter.profile.name. - type: str - srcaddr: - description: - - Source address objects. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name system - .external-resource.name. - required: true - type: str - srcaddr_negate: - description: - - When enabled, source addresses match against any address EXCEPT the specified source addresses. - type: str - choices: - - enable - - disable - srcaddr6: - description: - - IPv6 source address objects. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address6.name firewall.addrgrp6.name system.external-resource.name. - required: true - type: str - srcintf: - description: - - Source interface names. - type: list - suboptions: - name: - description: - - Interface name. Source system.interface.name system.zone.name. - required: true - type: str - ssh_filter_profile: - description: - - Name of an existing SSH filter profile. Source ssh-filter.profile.name. - type: str - ssl_ssh_profile: - description: - - Name of an existing SSL SSH profile. Source firewall.ssl-ssh-profile.name. - type: str - status: - description: - - Enable/disable the active status of the policy. - type: str - choices: - - enable - - disable - transparent: - description: - - Enable to use the IP address of the client to connect to the server. - type: str - choices: - - enable - - disable - users: - description: - - Names of user objects. - type: list - suboptions: - name: - description: - - Group name. Source user.local.name. - required: true - type: str - utm_status: - description: - - Enable the use of UTM profiles/sensors/lists. - type: str - choices: - - enable - - disable - uuid: - description: - - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). - type: str - waf_profile: - description: - - Name of an existing Web application firewall profile. Source waf.profile.name. - type: str - webcache: - description: - - Enable/disable web caching. - type: str - choices: - - enable - - disable - webcache_https: - description: - - Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). - type: str - choices: - - disable - - enable - webfilter_profile: - description: - - Name of an existing Web filter profile. Source webfilter.profile.name. - type: str - webproxy_forward_server: - description: - - Name of web proxy forward server. Source web-proxy.forward-server.name web-proxy.forward-server-group.name. - type: str - webproxy_profile: - description: - - Name of web proxy profile. Source web-proxy.profile.name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure proxy policies. - fortios_firewall_proxy_policy: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_proxy_policy: - action: "accept" - application_list: " (source application.list.name)" - av_profile: " (source antivirus.profile.name)" - comments: "" - disclaimer: "disable" - dlp_sensor: " (source dlp.sensor.name)" - dstaddr: - - - name: "default_name_10 (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name firewall.vip - .name firewall.vipgrp.name firewall.vip46.name firewall.vipgrp46.name system.external-resource.name)" - dstaddr_negate: "enable" - dstaddr6: - - - name: "default_name_13 (source firewall.address6.name firewall.addrgrp6.name firewall.vip6.name firewall.vipgrp6.name firewall.vip64.name firewall - .vipgrp64.name system.external-resource.name)" - dstintf: - - - name: "default_name_15 (source system.interface.name system.zone.name)" - global_label: "" - groups: - - - name: "default_name_18 (source user.group.name)" - http_tunnel_auth: "enable" - icap_profile: " (source icap.profile.name)" - internet_service: "enable" - internet_service_custom: - - - name: "default_name_23 (source firewall.internet-service-custom.name)" - internet_service_id: - - - id: "25 (source firewall.internet-service.id)" - internet_service_negate: "enable" - ips_sensor: " (source ips.sensor.name)" - label: "" - logtraffic: "all" - logtraffic_start: "enable" - policyid: "31" - poolname: - - - name: "default_name_33 (source firewall.ippool.name)" - profile_group: " (source firewall.profile-group.name)" - profile_protocol_options: " (source firewall.profile-protocol-options.name)" - profile_type: "single" - proxy: "explicit-web" - redirect_url: "" - replacemsg_override_group: " (source system.replacemsg-group.name)" - scan_botnet_connections: "disable" - schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" - service: - - - name: "default_name_43 (source firewall.service.custom.name firewall.service.group.name)" - service_negate: "enable" - session_ttl: "45" - spamfilter_profile: " (source spamfilter.profile.name)" - srcaddr: - - - name: "default_name_48 (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name system - .external-resource.name)" - srcaddr_negate: "enable" - srcaddr6: - - - name: "default_name_51 (source firewall.address6.name firewall.addrgrp6.name system.external-resource.name)" - srcintf: - - - name: "default_name_53 (source system.interface.name system.zone.name)" - ssh_filter_profile: " (source ssh-filter.profile.name)" - ssl_ssh_profile: " (source firewall.ssl-ssh-profile.name)" - status: "enable" - transparent: "enable" - users: - - - name: "default_name_59 (source user.local.name)" - utm_status: "enable" - uuid: "" - waf_profile: " (source waf.profile.name)" - webcache: "enable" - webcache_https: "disable" - webfilter_profile: " (source webfilter.profile.name)" - webproxy_forward_server: " (source web-proxy.forward-server.name web-proxy.forward-server-group.name)" - webproxy_profile: " (source web-proxy.profile.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_proxy_policy_data(json): - option_list = ['action', 'application_list', 'av_profile', - 'comments', 'disclaimer', 'dlp_sensor', - 'dstaddr', 'dstaddr_negate', 'dstaddr6', - 'dstintf', 'global_label', 'groups', - 'http_tunnel_auth', 'icap_profile', 'internet_service', - 'internet_service_custom', 'internet_service_id', 'internet_service_negate', - 'ips_sensor', 'label', 'logtraffic', - 'logtraffic_start', 'policyid', 'poolname', - 'profile_group', 'profile_protocol_options', 'profile_type', - 'proxy', 'redirect_url', 'replacemsg_override_group', - 'scan_botnet_connections', 'schedule', 'service', - 'service_negate', 'session_ttl', 'spamfilter_profile', - 'srcaddr', 'srcaddr_negate', 'srcaddr6', - 'srcintf', 'ssh_filter_profile', 'ssl_ssh_profile', - 'status', 'transparent', 'users', - 'utm_status', 'uuid', 'waf_profile', - 'webcache', 'webcache_https', 'webfilter_profile', - 'webproxy_forward_server', 'webproxy_profile'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_proxy_policy(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_proxy_policy'] and data['firewall_proxy_policy']: - state = data['firewall_proxy_policy']['state'] - else: - state = True - firewall_proxy_policy_data = data['firewall_proxy_policy'] - filtered_data = underscore_to_hyphen(filter_firewall_proxy_policy_data(firewall_proxy_policy_data)) - - if state == "present": - return fos.set('firewall', - 'proxy-policy', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'proxy-policy', - mkey=filtered_data['policyid'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_proxy_policy']: - resp = firewall_proxy_policy(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_proxy_policy": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "action": {"required": False, "type": "str", - "choices": ["accept", "deny", "redirect"]}, - "application_list": {"required": False, "type": "str"}, - "av_profile": {"required": False, "type": "str"}, - "comments": {"required": False, "type": "str"}, - "disclaimer": {"required": False, "type": "str", - "choices": ["disable", "domain", "policy", - "user"]}, - "dlp_sensor": {"required": False, "type": "str"}, - "dstaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "dstaddr_negate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dstaddr6": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "dstintf": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "global_label": {"required": False, "type": "str"}, - "groups": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "http_tunnel_auth": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "icap_profile": {"required": False, "type": "str"}, - "internet_service": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "internet_service_custom": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "internet_service_id": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "internet_service_negate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ips_sensor": {"required": False, "type": "str"}, - "label": {"required": False, "type": "str"}, - "logtraffic": {"required": False, "type": "str", - "choices": ["all", "utm", "disable"]}, - "logtraffic_start": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "policyid": {"required": True, "type": "int"}, - "poolname": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "profile_group": {"required": False, "type": "str"}, - "profile_protocol_options": {"required": False, "type": "str"}, - "profile_type": {"required": False, "type": "str", - "choices": ["single", "group"]}, - "proxy": {"required": False, "type": "str", - "choices": ["explicit-web", "transparent-web", "ftp", - "ssh", "ssh-tunnel", "wanopt"]}, - "redirect_url": {"required": False, "type": "str"}, - "replacemsg_override_group": {"required": False, "type": "str"}, - "scan_botnet_connections": {"required": False, "type": "str", - "choices": ["disable", "block", "monitor"]}, - "schedule": {"required": False, "type": "str"}, - "service": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "service_negate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "session_ttl": {"required": False, "type": "int"}, - "spamfilter_profile": {"required": False, "type": "str"}, - "srcaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "srcaddr_negate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "srcaddr6": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "srcintf": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "ssh_filter_profile": {"required": False, "type": "str"}, - "ssl_ssh_profile": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "transparent": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "users": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "utm_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "uuid": {"required": False, "type": "str"}, - "waf_profile": {"required": False, "type": "str"}, - "webcache": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "webcache_https": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "webfilter_profile": {"required": False, "type": "str"}, - "webproxy_forward_server": {"required": False, "type": "str"}, - "webproxy_profile": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_schedule_group.py b/lib/ansible/modules/network/fortios/fortios_firewall_schedule_group.py deleted file mode 100644 index 78175e05ab1..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_schedule_group.py +++ /dev/null @@ -1,354 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_schedule_group -short_description: Schedule group configuration in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall_schedule feature and group category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_schedule_group: - description: - - Schedule group configuration. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - color: - description: - - Color of icon on the GUI. - type: int - member: - description: - - Schedules added to the schedule group. - type: list - suboptions: - name: - description: - - Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name. - required: true - type: str - name: - description: - - Schedule group name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Schedule group configuration. - fortios_firewall_schedule_group: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_schedule_group: - color: "3" - member: - - - name: "default_name_5 (source firewall.schedule.onetime.name firewall.schedule.recurring.name)" - name: "default_name_6" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_schedule_group_data(json): - option_list = ['color', 'member', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_schedule_group(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_schedule_group'] and data['firewall_schedule_group']: - state = data['firewall_schedule_group']['state'] - else: - state = True - firewall_schedule_group_data = data['firewall_schedule_group'] - filtered_data = underscore_to_hyphen(filter_firewall_schedule_group_data(firewall_schedule_group_data)) - - if state == "present": - return fos.set('firewall.schedule', - 'group', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall.schedule', - 'group', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall_schedule(data, fos): - - if data['firewall_schedule_group']: - resp = firewall_schedule_group(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_schedule_group": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "color": {"required": False, "type": "int"}, - "member": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall_schedule(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall_schedule(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_schedule_onetime.py b/lib/ansible/modules/network/fortios/fortios_firewall_schedule_onetime.py deleted file mode 100644 index d8f83f6b5dc..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_schedule_onetime.py +++ /dev/null @@ -1,356 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_schedule_onetime -short_description: Onetime schedule configuration in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall_schedule feature and onetime category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_schedule_onetime: - description: - - Onetime schedule configuration. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - color: - description: - - Color of icon on the GUI. - type: int - end: - description: - - "Schedule end date and time, format hh:mm yyyy/mm/dd." - type: str - expiration_days: - description: - - Write an event log message this many days before the schedule expires. - type: int - name: - description: - - Onetime schedule name. - required: true - type: str - start: - description: - - "Schedule start date and time, format hh:mm yyyy/mm/dd." - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Onetime schedule configuration. - fortios_firewall_schedule_onetime: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_schedule_onetime: - color: "3" - end: "" - expiration_days: "5" - name: "default_name_6" - start: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_schedule_onetime_data(json): - option_list = ['color', 'end', 'expiration_days', - 'name', 'start'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_schedule_onetime(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_schedule_onetime'] and data['firewall_schedule_onetime']: - state = data['firewall_schedule_onetime']['state'] - else: - state = True - firewall_schedule_onetime_data = data['firewall_schedule_onetime'] - filtered_data = underscore_to_hyphen(filter_firewall_schedule_onetime_data(firewall_schedule_onetime_data)) - - if state == "present": - return fos.set('firewall.schedule', - 'onetime', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall.schedule', - 'onetime', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall_schedule(data, fos): - - if data['firewall_schedule_onetime']: - resp = firewall_schedule_onetime(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_schedule_onetime": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "color": {"required": False, "type": "int"}, - "end": {"required": False, "type": "str"}, - "expiration_days": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "start": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall_schedule(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall_schedule(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_schedule_recurring.py b/lib/ansible/modules/network/fortios/fortios_firewall_schedule_recurring.py deleted file mode 100644 index 432f4cef0fb..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_schedule_recurring.py +++ /dev/null @@ -1,368 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_schedule_recurring -short_description: Recurring schedule configuration in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall_schedule feature and recurring category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_schedule_recurring: - description: - - Recurring schedule configuration. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - color: - description: - - Color of icon on the GUI. - type: int - day: - description: - - One or more days of the week on which the schedule is valid. Separate the names of the days with a space. - type: str - choices: - - sunday - - monday - - tuesday - - wednesday - - thursday - - friday - - saturday - - none - end: - description: - - "Time of day to end the schedule, format hh:mm." - type: str - name: - description: - - Recurring schedule name. - required: true - type: str - start: - description: - - "Time of day to start the schedule, format hh:mm." - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Recurring schedule configuration. - fortios_firewall_schedule_recurring: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_schedule_recurring: - color: "3" - day: "sunday" - end: "" - name: "default_name_6" - start: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_schedule_recurring_data(json): - option_list = ['color', 'day', 'end', - 'name', 'start'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_schedule_recurring(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_schedule_recurring'] and data['firewall_schedule_recurring']: - state = data['firewall_schedule_recurring']['state'] - else: - state = True - firewall_schedule_recurring_data = data['firewall_schedule_recurring'] - filtered_data = underscore_to_hyphen(filter_firewall_schedule_recurring_data(firewall_schedule_recurring_data)) - - if state == "present": - return fos.set('firewall.schedule', - 'recurring', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall.schedule', - 'recurring', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall_schedule(data, fos): - - if data['firewall_schedule_recurring']: - resp = firewall_schedule_recurring(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_schedule_recurring": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "color": {"required": False, "type": "int"}, - "day": {"required": False, "type": "str", - "choices": ["sunday", "monday", "tuesday", - "wednesday", "thursday", "friday", - "saturday", "none"]}, - "end": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "start": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall_schedule(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall_schedule(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_service_category.py b/lib/ansible/modules/network/fortios/fortios_firewall_service_category.py deleted file mode 100644 index 91ad30d5dd5..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_service_category.py +++ /dev/null @@ -1,337 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_service_category -short_description: Configure service categories in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall_service feature and category category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_service_category: - description: - - Configure service categories. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - comment: - description: - - Comment. - type: str - name: - description: - - Service category name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure service categories. - fortios_firewall_service_category: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_service_category: - comment: "Comment." - name: "default_name_4" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_service_category_data(json): - option_list = ['comment', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_service_category(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_service_category'] and data['firewall_service_category']: - state = data['firewall_service_category']['state'] - else: - state = True - firewall_service_category_data = data['firewall_service_category'] - filtered_data = underscore_to_hyphen(filter_firewall_service_category_data(firewall_service_category_data)) - - if state == "present": - return fos.set('firewall.service', - 'category', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall.service', - 'category', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall_service(data, fos): - - if data['firewall_service_category']: - resp = firewall_service_category(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_service_category": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "comment": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall_service(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall_service(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_service_custom.py b/lib/ansible/modules/network/fortios/fortios_firewall_service_custom.py deleted file mode 100644 index b04b9b8df43..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_service_custom.py +++ /dev/null @@ -1,566 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_service_custom -short_description: Configure custom services in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall_service feature and custom category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_service_custom: - description: - - Configure custom services. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - app_category: - description: - - Application category ID. - type: list - suboptions: - id: - description: - - Application category id. - required: true - type: int - app_service_type: - description: - - Application service type. - type: str - choices: - - disable - - app-id - - app-category - application: - description: - - Application ID. - type: list - suboptions: - id: - description: - - Application id. - required: true - type: int - category: - description: - - Service category. Source firewall.service.category.name. - type: str - check_reset_range: - description: - - Configure the type of ICMP error message verification. - type: str - choices: - - disable - - strict - - default - color: - description: - - Color of icon on the GUI. - type: int - comment: - description: - - Comment. - type: str - fqdn: - description: - - Fully qualified domain name. - type: str - helper: - description: - - Helper name. - type: str - choices: - - auto - - disable - - ftp - - tftp - - ras - - h323 - - tns - - mms - - sip - - pptp - - rtsp - - dns-udp - - dns-tcp - - pmap - - rsh - - dcerpc - - mgcp - - gtp-c - - gtp-u - - gtp-b - icmpcode: - description: - - ICMP code. - type: int - icmptype: - description: - - ICMP type. - type: int - iprange: - description: - - Start and end of the IP range associated with service. - type: str - name: - description: - - Custom service name. - required: true - type: str - protocol: - description: - - Protocol type based on IANA numbers. - type: str - choices: - - TCP/UDP/SCTP - - ICMP - - ICMP6 - - IP - - HTTP - - FTP - - CONNECT - - SOCKS-TCP - - SOCKS-UDP - - ALL - protocol_number: - description: - - IP protocol number. - type: int - proxy: - description: - - Enable/disable web proxy service. - type: str - choices: - - enable - - disable - sctp_portrange: - description: - - Multiple SCTP port ranges. - type: str - session_ttl: - description: - - Session TTL (300 - 604800, 0 = default). - type: int - tcp_halfclose_timer: - description: - - Wait time to close a TCP session waiting for an unanswered FIN packet (1 - 86400 sec, 0 = default). - type: int - tcp_halfopen_timer: - description: - - Wait time to close a TCP session waiting for an unanswered open session packet (1 - 86400 sec, 0 = default). - type: int - tcp_portrange: - description: - - Multiple TCP port ranges. - type: str - tcp_timewait_timer: - description: - - Set the length of the TCP TIME-WAIT state in seconds (1 - 300 sec, 0 = default). - type: int - udp_idle_timer: - description: - - UDP half close timeout (0 - 86400 sec, 0 = default). - type: int - udp_portrange: - description: - - Multiple UDP port ranges. - type: str - visibility: - description: - - Enable/disable the visibility of the service on the GUI. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure custom services. - fortios_firewall_service_custom: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_service_custom: - app_category: - - - id: "4" - app_service_type: "disable" - application: - - - id: "7" - category: " (source firewall.service.category.name)" - check_reset_range: "disable" - color: "10" - comment: "Comment." - fqdn: "" - helper: "auto" - icmpcode: "14" - icmptype: "15" - iprange: "" - name: "default_name_17" - protocol: "TCP/UDP/SCTP" - protocol_number: "19" - proxy: "enable" - sctp_portrange: "" - session_ttl: "22" - tcp_halfclose_timer: "23" - tcp_halfopen_timer: "24" - tcp_portrange: "" - tcp_timewait_timer: "26" - udp_idle_timer: "27" - udp_portrange: "" - visibility: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_service_custom_data(json): - option_list = ['app_category', 'app_service_type', 'application', - 'category', 'check_reset_range', 'color', - 'comment', 'fqdn', 'helper', - 'icmpcode', 'icmptype', 'iprange', - 'name', 'protocol', 'protocol_number', - 'proxy', 'sctp_portrange', 'session_ttl', - 'tcp_halfclose_timer', 'tcp_halfopen_timer', 'tcp_portrange', - 'tcp_timewait_timer', 'udp_idle_timer', 'udp_portrange', - 'visibility'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_service_custom(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_service_custom'] and data['firewall_service_custom']: - state = data['firewall_service_custom']['state'] - else: - state = True - firewall_service_custom_data = data['firewall_service_custom'] - filtered_data = underscore_to_hyphen(filter_firewall_service_custom_data(firewall_service_custom_data)) - - if state == "present": - return fos.set('firewall.service', - 'custom', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall.service', - 'custom', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall_service(data, fos): - - if data['firewall_service_custom']: - resp = firewall_service_custom(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_service_custom": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "app_category": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "app_service_type": {"required": False, "type": "str", - "choices": ["disable", "app-id", "app-category"]}, - "application": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "category": {"required": False, "type": "str"}, - "check_reset_range": {"required": False, "type": "str", - "choices": ["disable", "strict", "default"]}, - "color": {"required": False, "type": "int"}, - "comment": {"required": False, "type": "str"}, - "fqdn": {"required": False, "type": "str"}, - "helper": {"required": False, "type": "str", - "choices": ["auto", "disable", "ftp", - "tftp", "ras", "h323", - "tns", "mms", "sip", - "pptp", "rtsp", "dns-udp", - "dns-tcp", "pmap", "rsh", - "dcerpc", "mgcp", "gtp-c", - "gtp-u", "gtp-b"]}, - "icmpcode": {"required": False, "type": "int"}, - "icmptype": {"required": False, "type": "int"}, - "iprange": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "protocol": {"required": False, "type": "str", - "choices": ["TCP/UDP/SCTP", "ICMP", "ICMP6", - "IP", "HTTP", "FTP", - "CONNECT", "SOCKS-TCP", "SOCKS-UDP", - "ALL"]}, - "protocol_number": {"required": False, "type": "int"}, - "proxy": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sctp_portrange": {"required": False, "type": "str"}, - "session_ttl": {"required": False, "type": "int"}, - "tcp_halfclose_timer": {"required": False, "type": "int"}, - "tcp_halfopen_timer": {"required": False, "type": "int"}, - "tcp_portrange": {"required": False, "type": "str"}, - "tcp_timewait_timer": {"required": False, "type": "int"}, - "udp_idle_timer": {"required": False, "type": "int"}, - "udp_portrange": {"required": False, "type": "str"}, - "visibility": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall_service(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall_service(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_service_group.py b/lib/ansible/modules/network/fortios/fortios_firewall_service_group.py deleted file mode 100644 index 1e0276e1ff3..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_service_group.py +++ /dev/null @@ -1,371 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_service_group -short_description: Configure service groups in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall_service feature and group category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_service_group: - description: - - Configure service groups. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - color: - description: - - Color of icon on the GUI. - type: int - comment: - description: - - Comment. - type: str - member: - description: - - Service objects contained within the group. - type: list - suboptions: - name: - description: - - Address name. Source firewall.service.custom.name firewall.service.group.name. - required: true - type: str - name: - description: - - Address group name. - required: true - type: str - proxy: - description: - - Enable/disable web proxy service group. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure service groups. - fortios_firewall_service_group: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_service_group: - color: "3" - comment: "Comment." - member: - - - name: "default_name_6 (source firewall.service.custom.name firewall.service.group.name)" - name: "default_name_7" - proxy: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_service_group_data(json): - option_list = ['color', 'comment', 'member', - 'name', 'proxy'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_service_group(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_service_group'] and data['firewall_service_group']: - state = data['firewall_service_group']['state'] - else: - state = True - firewall_service_group_data = data['firewall_service_group'] - filtered_data = underscore_to_hyphen(filter_firewall_service_group_data(firewall_service_group_data)) - - if state == "present": - return fos.set('firewall.service', - 'group', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall.service', - 'group', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall_service(data, fos): - - if data['firewall_service_group']: - resp = firewall_service_group(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_service_group": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "color": {"required": False, "type": "int"}, - "comment": {"required": False, "type": "str"}, - "member": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "name": {"required": True, "type": "str"}, - "proxy": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall_service(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall_service(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_shaper_per_ip_shaper.py b/lib/ansible/modules/network/fortios/fortios_firewall_shaper_per_ip_shaper.py deleted file mode 100644 index 290fa59bb18..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_shaper_per_ip_shaper.py +++ /dev/null @@ -1,388 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_shaper_per_ip_shaper -short_description: Configure per-IP traffic shaper in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall_shaper feature and per_ip_shaper category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_shaper_per_ip_shaper: - description: - - Configure per-IP traffic shaper. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - bandwidth_unit: - description: - - Unit of measurement for maximum bandwidth for this shaper (Kbps, Mbps or Gbps). - type: str - choices: - - kbps - - mbps - - gbps - diffserv_forward: - description: - - Enable/disable changing the Forward (original) DiffServ setting applied to traffic accepted by this shaper. - type: str - choices: - - enable - - disable - diffserv_reverse: - description: - - Enable/disable changing the Reverse (reply) DiffServ setting applied to traffic accepted by this shaper. - type: str - choices: - - enable - - disable - diffservcode_forward: - description: - - Forward (original) DiffServ setting to be applied to traffic accepted by this shaper. - type: str - diffservcode_rev: - description: - - Reverse (reply) DiffServ setting to be applied to traffic accepted by this shaper. - type: str - max_bandwidth: - description: - - Upper bandwidth limit enforced by this shaper (0 - 16776000). 0 means no limit. Units depend on the bandwidth-unit setting. - type: int - max_concurrent_session: - description: - - Maximum number of concurrent sessions allowed by this shaper (0 - 2097000). 0 means no limit. - type: int - name: - description: - - Traffic shaper name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure per-IP traffic shaper. - fortios_firewall_shaper_per_ip_shaper: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_shaper_per_ip_shaper: - bandwidth_unit: "kbps" - diffserv_forward: "enable" - diffserv_reverse: "enable" - diffservcode_forward: "" - diffservcode_rev: "" - max_bandwidth: "8" - max_concurrent_session: "9" - name: "default_name_10" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_shaper_per_ip_shaper_data(json): - option_list = ['bandwidth_unit', 'diffserv_forward', 'diffserv_reverse', - 'diffservcode_forward', 'diffservcode_rev', 'max_bandwidth', - 'max_concurrent_session', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_shaper_per_ip_shaper(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_shaper_per_ip_shaper'] and data['firewall_shaper_per_ip_shaper']: - state = data['firewall_shaper_per_ip_shaper']['state'] - else: - state = True - firewall_shaper_per_ip_shaper_data = data['firewall_shaper_per_ip_shaper'] - filtered_data = underscore_to_hyphen(filter_firewall_shaper_per_ip_shaper_data(firewall_shaper_per_ip_shaper_data)) - - if state == "present": - return fos.set('firewall.shaper', - 'per-ip-shaper', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall.shaper', - 'per-ip-shaper', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall_shaper(data, fos): - - if data['firewall_shaper_per_ip_shaper']: - resp = firewall_shaper_per_ip_shaper(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_shaper_per_ip_shaper": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "bandwidth_unit": {"required": False, "type": "str", - "choices": ["kbps", "mbps", "gbps"]}, - "diffserv_forward": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "diffserv_reverse": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "diffservcode_forward": {"required": False, "type": "str"}, - "diffservcode_rev": {"required": False, "type": "str"}, - "max_bandwidth": {"required": False, "type": "int"}, - "max_concurrent_session": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall_shaper(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall_shaper(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_shaper_traffic_shaper.py b/lib/ansible/modules/network/fortios/fortios_firewall_shaper_traffic_shaper.py deleted file mode 100644 index da338ca4ff8..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_shaper_traffic_shaper.py +++ /dev/null @@ -1,394 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_shaper_traffic_shaper -short_description: Configure shared traffic shaper in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall_shaper feature and traffic_shaper category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_shaper_traffic_shaper: - description: - - Configure shared traffic shaper. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - bandwidth_unit: - description: - - Unit of measurement for guaranteed and maximum bandwidth for this shaper (Kbps, Mbps or Gbps). - type: str - choices: - - kbps - - mbps - - gbps - diffserv: - description: - - Enable/disable changing the DiffServ setting applied to traffic accepted by this shaper. - type: str - choices: - - enable - - disable - diffservcode: - description: - - DiffServ setting to be applied to traffic accepted by this shaper. - type: str - guaranteed_bandwidth: - description: - - Amount of bandwidth guaranteed for this shaper (0 - 16776000). Units depend on the bandwidth-unit setting. - type: int - maximum_bandwidth: - description: - - Upper bandwidth limit enforced by this shaper (0 - 16776000). 0 means no limit. Units depend on the bandwidth-unit setting. - type: int - name: - description: - - Traffic shaper name. - required: true - type: str - per_policy: - description: - - Enable/disable applying a separate shaper for each policy. For example, if enabled the guaranteed bandwidth is applied separately for - each policy. - type: str - choices: - - disable - - enable - priority: - description: - - Higher priority traffic is more likely to be forwarded without delays and without compromising the guaranteed bandwidth. - type: str - choices: - - low - - medium - - high -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure shared traffic shaper. - fortios_firewall_shaper_traffic_shaper: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_shaper_traffic_shaper: - bandwidth_unit: "kbps" - diffserv: "enable" - diffservcode: "" - guaranteed_bandwidth: "6" - maximum_bandwidth: "7" - name: "default_name_8" - per_policy: "disable" - priority: "low" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_shaper_traffic_shaper_data(json): - option_list = ['bandwidth_unit', 'diffserv', 'diffservcode', - 'guaranteed_bandwidth', 'maximum_bandwidth', 'name', - 'per_policy', 'priority'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_shaper_traffic_shaper(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_shaper_traffic_shaper'] and data['firewall_shaper_traffic_shaper']: - state = data['firewall_shaper_traffic_shaper']['state'] - else: - state = True - firewall_shaper_traffic_shaper_data = data['firewall_shaper_traffic_shaper'] - filtered_data = underscore_to_hyphen(filter_firewall_shaper_traffic_shaper_data(firewall_shaper_traffic_shaper_data)) - - if state == "present": - return fos.set('firewall.shaper', - 'traffic-shaper', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall.shaper', - 'traffic-shaper', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall_shaper(data, fos): - - if data['firewall_shaper_traffic_shaper']: - resp = firewall_shaper_traffic_shaper(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_shaper_traffic_shaper": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "bandwidth_unit": {"required": False, "type": "str", - "choices": ["kbps", "mbps", "gbps"]}, - "diffserv": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "diffservcode": {"required": False, "type": "str"}, - "guaranteed_bandwidth": {"required": False, "type": "int"}, - "maximum_bandwidth": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "per_policy": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "priority": {"required": False, "type": "str", - "choices": ["low", "medium", "high"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall_shaper(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall_shaper(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_shaping_policy.py b/lib/ansible/modules/network/fortios/fortios_firewall_shaping_policy.py deleted file mode 100644 index 08f988b3d48..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_shaping_policy.py +++ /dev/null @@ -1,670 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_shaping_policy -short_description: Configure shaping policies in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and shaping_policy category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_shaping_policy: - description: - - Configure shaping policies. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - app_category: - description: - - IDs of one or more application categories that this shaper applies application control traffic shaping to. - type: list - suboptions: - id: - description: - - Category IDs. - required: true - type: int - application: - description: - - IDs of one or more applications that this shaper applies application control traffic shaping to. - type: list - suboptions: - id: - description: - - Application IDs. - required: true - type: int - class_id: - description: - - Traffic class ID. - type: int - comment: - description: - - Comments. - type: str - dstaddr: - description: - - IPv4 destination address and address group names. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - dstaddr6: - description: - - IPv6 destination address and address group names. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address6.name firewall.addrgrp6.name. - required: true - type: str - dstintf: - description: - - One or more outgoing (egress) interfaces. - type: list - suboptions: - name: - description: - - Interface name. Source system.interface.name system.zone.name. - required: true - type: str - groups: - description: - - Apply this traffic shaping policy to user groups that have authenticated with the FortiGate. - type: list - suboptions: - name: - description: - - Group name. Source user.group.name. - required: true - type: str - id: - description: - - Shaping policy ID. - required: true - type: int - internet_service: - description: - - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. - type: str - choices: - - enable - - disable - internet_service_custom: - description: - - Custom Internet Service name. - type: list - suboptions: - name: - description: - - Custom Internet Service name. Source firewall.internet-service-custom.name. - required: true - type: str - internet_service_id: - description: - - Internet Service ID. - type: list - suboptions: - id: - description: - - Internet Service ID. Source firewall.internet-service.id. - required: true - type: int - internet_service_src: - description: - - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. - type: str - choices: - - enable - - disable - internet_service_src_custom: - description: - - Custom Internet Service source name. - type: list - suboptions: - name: - description: - - Custom Internet Service name. Source firewall.internet-service-custom.name. - required: true - type: str - internet_service_src_id: - description: - - Internet Service source ID. - type: list - suboptions: - id: - description: - - Internet Service ID. Source firewall.internet-service.id. - required: true - type: int - ip_version: - description: - - Apply this traffic shaping policy to IPv4 or IPv6 traffic. - type: str - choices: - - 4 - - 6 - per_ip_shaper: - description: - - Per-IP traffic shaper to apply with this policy. Source firewall.shaper.per-ip-shaper.name. - type: str - schedule: - description: - - Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name. - type: str - service: - description: - - Service and service group names. - type: list - suboptions: - name: - description: - - Service name. Source firewall.service.custom.name firewall.service.group.name. - required: true - type: str - srcaddr: - description: - - IPv4 source address and address group names. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - srcaddr6: - description: - - IPv6 source address and address group names. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address6.name firewall.addrgrp6.name. - required: true - type: str - status: - description: - - Enable/disable this traffic shaping policy. - type: str - choices: - - enable - - disable - traffic_shaper: - description: - - Traffic shaper to apply to traffic forwarded by the firewall policy. Source firewall.shaper.traffic-shaper.name. - type: str - traffic_shaper_reverse: - description: - - Traffic shaper to apply to response traffic received by the firewall policy. Source firewall.shaper.traffic-shaper.name. - type: str - url_category: - description: - - IDs of one or more FortiGuard Web Filtering categories that this shaper applies traffic shaping to. - type: list - suboptions: - id: - description: - - URL category ID. - required: true - type: int - users: - description: - - Apply this traffic shaping policy to individual users that have authenticated with the FortiGate. - type: list - suboptions: - name: - description: - - User name. Source user.local.name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure shaping policies. - fortios_firewall_shaping_policy: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_shaping_policy: - app_category: - - - id: "4" - application: - - - id: "6" - class_id: "7" - comment: "Comments." - dstaddr: - - - name: "default_name_10 (source firewall.address.name firewall.addrgrp.name)" - dstaddr6: - - - name: "default_name_12 (source firewall.address6.name firewall.addrgrp6.name)" - dstintf: - - - name: "default_name_14 (source system.interface.name system.zone.name)" - groups: - - - name: "default_name_16 (source user.group.name)" - id: "17" - internet_service: "enable" - internet_service_custom: - - - name: "default_name_20 (source firewall.internet-service-custom.name)" - internet_service_id: - - - id: "22 (source firewall.internet-service.id)" - internet_service_src: "enable" - internet_service_src_custom: - - - name: "default_name_25 (source firewall.internet-service-custom.name)" - internet_service_src_id: - - - id: "27 (source firewall.internet-service.id)" - ip_version: "4" - per_ip_shaper: " (source firewall.shaper.per-ip-shaper.name)" - schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" - service: - - - name: "default_name_32 (source firewall.service.custom.name firewall.service.group.name)" - srcaddr: - - - name: "default_name_34 (source firewall.address.name firewall.addrgrp.name)" - srcaddr6: - - - name: "default_name_36 (source firewall.address6.name firewall.addrgrp6.name)" - status: "enable" - traffic_shaper: " (source firewall.shaper.traffic-shaper.name)" - traffic_shaper_reverse: " (source firewall.shaper.traffic-shaper.name)" - url_category: - - - id: "41" - users: - - - name: "default_name_43 (source user.local.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_shaping_policy_data(json): - option_list = ['app_category', 'application', 'class_id', - 'comment', 'dstaddr', 'dstaddr6', - 'dstintf', 'groups', 'id', - 'internet_service', 'internet_service_custom', 'internet_service_id', - 'internet_service_src', 'internet_service_src_custom', 'internet_service_src_id', - 'ip_version', 'per_ip_shaper', 'schedule', - 'service', 'srcaddr', 'srcaddr6', - 'status', 'traffic_shaper', 'traffic_shaper_reverse', - 'url_category', 'users'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_shaping_policy(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_shaping_policy'] and data['firewall_shaping_policy']: - state = data['firewall_shaping_policy']['state'] - else: - state = True - firewall_shaping_policy_data = data['firewall_shaping_policy'] - filtered_data = underscore_to_hyphen(filter_firewall_shaping_policy_data(firewall_shaping_policy_data)) - - if state == "present": - return fos.set('firewall', - 'shaping-policy', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'shaping-policy', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_shaping_policy']: - resp = firewall_shaping_policy(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_shaping_policy": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "app_category": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "application": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "class_id": {"required": False, "type": "int"}, - "comment": {"required": False, "type": "str"}, - "dstaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "dstaddr6": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "dstintf": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "groups": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "id": {"required": True, "type": "int"}, - "internet_service": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "internet_service_custom": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "internet_service_id": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "internet_service_src": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "internet_service_src_custom": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "internet_service_src_id": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "ip_version": {"required": False, "type": "str", - "choices": ["4", "6"]}, - "per_ip_shaper": {"required": False, "type": "str"}, - "schedule": {"required": False, "type": "str"}, - "service": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "srcaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "srcaddr6": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "traffic_shaper": {"required": False, "type": "str"}, - "traffic_shaper_reverse": {"required": False, "type": "str"}, - "url_category": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "users": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_shaping_profile.py b/lib/ansible/modules/network/fortios/fortios_firewall_shaping_profile.py deleted file mode 100644 index 93aca65bf68..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_shaping_profile.py +++ /dev/null @@ -1,389 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_shaping_profile -short_description: Configure shaping profiles in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and shaping_profile category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_shaping_profile: - description: - - Configure shaping profiles. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - comment: - description: - - Comment. - type: str - default_class_id: - description: - - Default class ID to handle unclassified packets (including all local traffic). - type: int - profile_name: - description: - - Shaping profile name. - type: str - shaping_entries: - description: - - Define shaping entries of this shaping profile. - type: list - suboptions: - class_id: - description: - - Class ID. - type: int - guaranteed_bandwidth_percentage: - description: - - Guaranteed bandwith in percentage. - type: int - id: - description: - - ID number. - required: true - type: int - maximum_bandwidth_percentage: - description: - - Maximum bandwith in percentage. - type: int - priority: - description: - - Priority. - type: str - choices: - - high - - medium - - low -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure shaping profiles. - fortios_firewall_shaping_profile: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_shaping_profile: - comment: "Comment." - default_class_id: "4" - profile_name: "" - shaping_entries: - - - class_id: "7" - guaranteed_bandwidth_percentage: "8" - id: "9" - maximum_bandwidth_percentage: "10" - priority: "high" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_shaping_profile_data(json): - option_list = ['comment', 'default_class_id', 'profile_name', - 'shaping_entries'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_shaping_profile(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_shaping_profile'] and data['firewall_shaping_profile']: - state = data['firewall_shaping_profile']['state'] - else: - state = True - firewall_shaping_profile_data = data['firewall_shaping_profile'] - filtered_data = underscore_to_hyphen(filter_firewall_shaping_profile_data(firewall_shaping_profile_data)) - - if state == "present": - return fos.set('firewall', - 'shaping-profile', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'shaping-profile', - mkey=filtered_data['profile-name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_shaping_profile']: - resp = firewall_shaping_profile(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_shaping_profile": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "comment": {"required": False, "type": "str"}, - "default_class_id": {"required": False, "type": "int"}, - "profile_name": {"required": False, "type": "str"}, - "shaping_entries": {"required": False, "type": "list", - "options": { - "class_id": {"required": False, "type": "int"}, - "guaranteed_bandwidth_percentage": {"required": False, "type": "int"}, - "id": {"required": True, "type": "int"}, - "maximum_bandwidth_percentage": {"required": False, "type": "int"}, - "priority": {"required": False, "type": "str", - "choices": ["high", "medium", "low"]} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_sniffer.py b/lib/ansible/modules/network/fortios/fortios_firewall_sniffer.py deleted file mode 100644 index 3c20ecd80d5..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_sniffer.py +++ /dev/null @@ -1,629 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_sniffer -short_description: Configure sniffer in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and sniffer category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_sniffer: - description: - - Configure sniffer. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - anomaly: - description: - - Configuration method to edit Denial of Service (DoS) anomaly settings. - type: list - suboptions: - action: - description: - - Action taken when the threshold is reached. - type: str - choices: - - pass - - block - log: - description: - - Enable/disable anomaly logging. - type: str - choices: - - enable - - disable - name: - description: - - Anomaly name. - required: true - type: str - quarantine: - description: - - Quarantine method. - type: str - choices: - - none - - attacker - quarantine_expiry: - description: - - Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m). Requires quarantine set to attacker. - type: str - quarantine_log: - description: - - Enable/disable quarantine logging. - type: str - choices: - - disable - - enable - status: - description: - - Enable/disable this anomaly. - type: str - choices: - - disable - - enable - threshold: - description: - - Anomaly threshold. Number of detected instances per minute that triggers the anomaly action. - type: int - threshold(default): - description: - - Number of detected instances per minute which triggers action (1 - 2147483647). Note that each anomaly has a different threshold - value assigned to it. - type: int - application_list: - description: - - Name of an existing application list. Source application.list.name. - type: str - application_list_status: - description: - - Enable/disable application control profile. - type: str - choices: - - enable - - disable - av_profile: - description: - - Name of an existing antivirus profile. Source antivirus.profile.name. - type: str - av_profile_status: - description: - - Enable/disable antivirus profile. - type: str - choices: - - enable - - disable - dlp_sensor: - description: - - Name of an existing DLP sensor. Source dlp.sensor.name. - type: str - dlp_sensor_status: - description: - - Enable/disable DLP sensor. - type: str - choices: - - enable - - disable - dsri: - description: - - Enable/disable DSRI. - type: str - choices: - - enable - - disable - host: - description: - - "Hosts to filter for in sniffer traffic (Format examples: 1.1.1.1, 2.2.2.0/24, 3.3.3.3/255.255.255.0, 4.4.4.0-4.4.4.240)." - type: str - id: - description: - - Sniffer ID. - required: true - type: int - interface: - description: - - Interface name that traffic sniffing will take place on. Source system.interface.name. - type: str - ips_dos_status: - description: - - Enable/disable IPS DoS anomaly detection. - type: str - choices: - - enable - - disable - ips_sensor: - description: - - Name of an existing IPS sensor. Source ips.sensor.name. - type: str - ips_sensor_status: - description: - - Enable/disable IPS sensor. - type: str - choices: - - enable - - disable - ipv6: - description: - - Enable/disable sniffing IPv6 packets. - type: str - choices: - - enable - - disable - logtraffic: - description: - - Either log all sessions, only sessions that have a security profile applied, or disable all logging for this policy. - type: str - choices: - - all - - utm - - disable - max_packet_count: - description: - - Maximum packet count (1 - 1000000). - type: int - non_ip: - description: - - Enable/disable sniffing non-IP packets. - type: str - choices: - - enable - - disable - port: - description: - - "Ports to sniff (Format examples: 10, :20, 30:40, 50-, 100-200)." - type: str - protocol: - description: - - Integer value for the protocol type as defined by IANA (0 - 255). - type: str - scan_botnet_connections: - description: - - Enable/disable scanning of connections to Botnet servers. - type: str - choices: - - disable - - block - - monitor - spamfilter_profile: - description: - - Name of an existing spam filter profile. Source spamfilter.profile.name. - type: str - spamfilter_profile_status: - description: - - Enable/disable spam filter. - type: str - choices: - - enable - - disable - status: - description: - - Enable/disable the active status of the sniffer. - type: str - choices: - - enable - - disable - vlan: - description: - - List of VLANs to sniff. - type: str - webfilter_profile: - description: - - Name of an existing web filter profile. Source webfilter.profile.name. - type: str - webfilter_profile_status: - description: - - Enable/disable web filter profile. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure sniffer. - fortios_firewall_sniffer: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_sniffer: - anomaly: - - - action: "pass" - log: "enable" - name: "default_name_6" - quarantine: "none" - quarantine_expiry: "" - quarantine_log: "disable" - status: "disable" - threshold: "11" - threshold(default): "12" - application_list: " (source application.list.name)" - application_list_status: "enable" - av_profile: " (source antivirus.profile.name)" - av_profile_status: "enable" - dlp_sensor: " (source dlp.sensor.name)" - dlp_sensor_status: "enable" - dsri: "enable" - host: "myhostname" - id: "21" - interface: " (source system.interface.name)" - ips_dos_status: "enable" - ips_sensor: " (source ips.sensor.name)" - ips_sensor_status: "enable" - ipv6: "enable" - logtraffic: "all" - max_packet_count: "28" - non_ip: "enable" - port: "" - protocol: "" - scan_botnet_connections: "disable" - spamfilter_profile: " (source spamfilter.profile.name)" - spamfilter_profile_status: "enable" - status: "enable" - vlan: "" - webfilter_profile: " (source webfilter.profile.name)" - webfilter_profile_status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_sniffer_data(json): - option_list = ['anomaly', 'application_list', 'application_list_status', - 'av_profile', 'av_profile_status', 'dlp_sensor', - 'dlp_sensor_status', 'dsri', 'host', - 'id', 'interface', 'ips_dos_status', - 'ips_sensor', 'ips_sensor_status', 'ipv6', - 'logtraffic', 'max_packet_count', 'non_ip', - 'port', 'protocol', 'scan_botnet_connections', - 'spamfilter_profile', 'spamfilter_profile_status', 'status', - 'vlan', 'webfilter_profile', 'webfilter_profile_status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_sniffer(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_sniffer'] and data['firewall_sniffer']: - state = data['firewall_sniffer']['state'] - else: - state = True - firewall_sniffer_data = data['firewall_sniffer'] - filtered_data = underscore_to_hyphen(filter_firewall_sniffer_data(firewall_sniffer_data)) - - if state == "present": - return fos.set('firewall', - 'sniffer', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'sniffer', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_sniffer']: - resp = firewall_sniffer(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_sniffer": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "anomaly": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["pass", "block"]}, - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "name": {"required": True, "type": "str"}, - "quarantine": {"required": False, "type": "str", - "choices": ["none", "attacker"]}, - "quarantine_expiry": {"required": False, "type": "str"}, - "quarantine_log": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "status": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "threshold": {"required": False, "type": "int"}, - "threshold(default)": {"required": False, "type": "int"} - }}, - "application_list": {"required": False, "type": "str"}, - "application_list_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "av_profile": {"required": False, "type": "str"}, - "av_profile_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dlp_sensor": {"required": False, "type": "str"}, - "dlp_sensor_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dsri": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "host": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "interface": {"required": False, "type": "str"}, - "ips_dos_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ips_sensor": {"required": False, "type": "str"}, - "ips_sensor_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ipv6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "logtraffic": {"required": False, "type": "str", - "choices": ["all", "utm", "disable"]}, - "max_packet_count": {"required": False, "type": "int"}, - "non_ip": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "port": {"required": False, "type": "str"}, - "protocol": {"required": False, "type": "str"}, - "scan_botnet_connections": {"required": False, "type": "str", - "choices": ["disable", "block", "monitor"]}, - "spamfilter_profile": {"required": False, "type": "str"}, - "spamfilter_profile_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "vlan": {"required": False, "type": "str"}, - "webfilter_profile": {"required": False, "type": "str"}, - "webfilter_profile_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_ssh_host_key.py b/lib/ansible/modules/network/fortios/fortios_firewall_ssh_host_key.py deleted file mode 100644 index 7f4d1a1d839..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_ssh_host_key.py +++ /dev/null @@ -1,396 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_ssh_host_key -short_description: SSH proxy host public keys in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall_ssh feature and host_key category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_ssh_host_key: - description: - - SSH proxy host public keys. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - hostname: - description: - - Hostname of the SSH server. - type: str - ip: - description: - - IP address of the SSH server. - type: str - name: - description: - - SSH public key name. - required: true - type: str - nid: - description: - - Set the nid of the ECDSA key. - type: str - choices: - - 256 - - 384 - - 521 - port: - description: - - Port of the SSH server. - type: int - public_key: - description: - - SSH public key. - type: str - status: - description: - - Set the trust status of the public key. - type: str - choices: - - trusted - - revoked - type: - description: - - Set the type of the public key. - type: str - choices: - - RSA - - DSA - - ECDSA - - ED25519 - - RSA-CA - - DSA-CA - - ECDSA-CA - - ED25519-CA -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: SSH proxy host public keys. - fortios_firewall_ssh_host_key: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_ssh_host_key: - hostname: "myhostname" - ip: "" - name: "default_name_5" - nid: "256" - port: "7" - public_key: "" - status: "trusted" - type: "RSA" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_ssh_host_key_data(json): - option_list = ['hostname', 'ip', 'name', - 'nid', 'port', 'public_key', - 'status', 'type'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_ssh_host_key(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_ssh_host_key'] and data['firewall_ssh_host_key']: - state = data['firewall_ssh_host_key']['state'] - else: - state = True - firewall_ssh_host_key_data = data['firewall_ssh_host_key'] - filtered_data = underscore_to_hyphen(filter_firewall_ssh_host_key_data(firewall_ssh_host_key_data)) - - if state == "present": - return fos.set('firewall.ssh', - 'host-key', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall.ssh', - 'host-key', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall_ssh(data, fos): - - if data['firewall_ssh_host_key']: - resp = firewall_ssh_host_key(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_ssh_host_key": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "hostname": {"required": False, "type": "str"}, - "ip": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "nid": {"required": False, "type": "str", - "choices": ["256", "384", "521"]}, - "port": {"required": False, "type": "int"}, - "public_key": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["trusted", "revoked"]}, - "type": {"required": False, "type": "str", - "choices": ["RSA", "DSA", "ECDSA", - "ED25519", "RSA-CA", "DSA-CA", - "ECDSA-CA", "ED25519-CA"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall_ssh(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall_ssh(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_ssh_local_ca.py b/lib/ansible/modules/network/fortios/fortios_firewall_ssh_local_ca.py deleted file mode 100644 index 36eefd6f018..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_ssh_local_ca.py +++ /dev/null @@ -1,360 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_ssh_local_ca -short_description: SSH proxy local CA in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall_ssh feature and local_ca category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_ssh_local_ca: - description: - - SSH proxy local CA. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - name: - description: - - SSH proxy local CA name. - required: true - type: str - password: - description: - - Password for SSH private key. - type: str - private_key: - description: - - SSH proxy private key, encrypted with a password. - type: str - public_key: - description: - - SSH proxy public key. - type: str - source: - description: - - SSH proxy local CA source type. - type: str - choices: - - built-in - - user -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: SSH proxy local CA. - fortios_firewall_ssh_local_ca: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_ssh_local_ca: - name: "default_name_3" - password: "" - private_key: "" - public_key: "" - source: "built-in" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_ssh_local_ca_data(json): - option_list = ['name', 'password', 'private_key', - 'public_key', 'source'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_ssh_local_ca(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_ssh_local_ca'] and data['firewall_ssh_local_ca']: - state = data['firewall_ssh_local_ca']['state'] - else: - state = True - firewall_ssh_local_ca_data = data['firewall_ssh_local_ca'] - filtered_data = underscore_to_hyphen(filter_firewall_ssh_local_ca_data(firewall_ssh_local_ca_data)) - - if state == "present": - return fos.set('firewall.ssh', - 'local-ca', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall.ssh', - 'local-ca', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall_ssh(data, fos): - - if data['firewall_ssh_local_ca']: - resp = firewall_ssh_local_ca(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_ssh_local_ca": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "name": {"required": True, "type": "str"}, - "password": {"required": False, "type": "str"}, - "private_key": {"required": False, "type": "str"}, - "public_key": {"required": False, "type": "str"}, - "source": {"required": False, "type": "str", - "choices": ["built-in", "user"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall_ssh(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall_ssh(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_ssh_local_key.py b/lib/ansible/modules/network/fortios/fortios_firewall_ssh_local_key.py deleted file mode 100644 index 91af0144c44..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_ssh_local_key.py +++ /dev/null @@ -1,360 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_ssh_local_key -short_description: SSH proxy local keys in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall_ssh feature and local_key category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_ssh_local_key: - description: - - SSH proxy local keys. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - name: - description: - - SSH proxy local key name. - required: true - type: str - password: - description: - - Password for SSH private key. - type: str - private_key: - description: - - SSH proxy private key, encrypted with a password. - type: str - public_key: - description: - - SSH proxy public key. - type: str - source: - description: - - SSH proxy local key source type. - type: str - choices: - - built-in - - user -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: SSH proxy local keys. - fortios_firewall_ssh_local_key: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_ssh_local_key: - name: "default_name_3" - password: "" - private_key: "" - public_key: "" - source: "built-in" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_ssh_local_key_data(json): - option_list = ['name', 'password', 'private_key', - 'public_key', 'source'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_ssh_local_key(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_ssh_local_key'] and data['firewall_ssh_local_key']: - state = data['firewall_ssh_local_key']['state'] - else: - state = True - firewall_ssh_local_key_data = data['firewall_ssh_local_key'] - filtered_data = underscore_to_hyphen(filter_firewall_ssh_local_key_data(firewall_ssh_local_key_data)) - - if state == "present": - return fos.set('firewall.ssh', - 'local-key', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall.ssh', - 'local-key', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall_ssh(data, fos): - - if data['firewall_ssh_local_key']: - resp = firewall_ssh_local_key(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_ssh_local_key": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "name": {"required": True, "type": "str"}, - "password": {"required": False, "type": "str"}, - "private_key": {"required": False, "type": "str"}, - "public_key": {"required": False, "type": "str"}, - "source": {"required": False, "type": "str", - "choices": ["built-in", "user"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall_ssh(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall_ssh(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_ssh_setting.py b/lib/ansible/modules/network/fortios/fortios_firewall_ssh_setting.py deleted file mode 100644 index 19611161dfe..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_ssh_setting.py +++ /dev/null @@ -1,344 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_ssh_setting -short_description: SSH proxy settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall_ssh feature and setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - firewall_ssh_setting: - description: - - SSH proxy settings. - default: null - type: dict - suboptions: - caname: - description: - - CA certificate used by SSH Inspection. Source firewall.ssh.local-ca.name. - type: str - host_trusted_checking: - description: - - Enable/disable host trusted checking. - type: str - choices: - - enable - - disable - hostkey_dsa1024: - description: - - DSA certificate used by SSH proxy. Source firewall.ssh.local-key.name. - type: str - hostkey_ecdsa256: - description: - - ECDSA nid256 certificate used by SSH proxy. Source firewall.ssh.local-key.name. - type: str - hostkey_ecdsa384: - description: - - ECDSA nid384 certificate used by SSH proxy. Source firewall.ssh.local-key.name. - type: str - hostkey_ecdsa521: - description: - - ECDSA nid384 certificate used by SSH proxy. Source firewall.ssh.local-key.name. - type: str - hostkey_ed25519: - description: - - ED25519 hostkey used by SSH proxy. Source firewall.ssh.local-key.name. - type: str - hostkey_rsa2048: - description: - - RSA certificate used by SSH proxy. Source firewall.ssh.local-key.name. - type: str - untrusted_caname: - description: - - Untrusted CA certificate used by SSH Inspection. Source firewall.ssh.local-ca.name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: SSH proxy settings. - fortios_firewall_ssh_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - firewall_ssh_setting: - caname: " (source firewall.ssh.local-ca.name)" - host_trusted_checking: "enable" - hostkey_dsa1024: "myhostname (source firewall.ssh.local-key.name)" - hostkey_ecdsa256: "myhostname (source firewall.ssh.local-key.name)" - hostkey_ecdsa384: "myhostname (source firewall.ssh.local-key.name)" - hostkey_ecdsa521: "myhostname (source firewall.ssh.local-key.name)" - hostkey_ed25519: "myhostname (source firewall.ssh.local-key.name)" - hostkey_rsa2048: "myhostname (source firewall.ssh.local-key.name)" - untrusted_caname: " (source firewall.ssh.local-ca.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_ssh_setting_data(json): - option_list = ['caname', 'host_trusted_checking', 'hostkey_dsa1024', - 'hostkey_ecdsa256', 'hostkey_ecdsa384', 'hostkey_ecdsa521', - 'hostkey_ed25519', 'hostkey_rsa2048', 'untrusted_caname'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_ssh_setting(data, fos): - vdom = data['vdom'] - firewall_ssh_setting_data = data['firewall_ssh_setting'] - filtered_data = underscore_to_hyphen(filter_firewall_ssh_setting_data(firewall_ssh_setting_data)) - - return fos.set('firewall.ssh', - 'setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall_ssh(data, fos): - - if data['firewall_ssh_setting']: - resp = firewall_ssh_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "firewall_ssh_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "caname": {"required": False, "type": "str"}, - "host_trusted_checking": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "hostkey_dsa1024": {"required": False, "type": "str"}, - "hostkey_ecdsa256": {"required": False, "type": "str"}, - "hostkey_ecdsa384": {"required": False, "type": "str"}, - "hostkey_ecdsa521": {"required": False, "type": "str"}, - "hostkey_ed25519": {"required": False, "type": "str"}, - "hostkey_rsa2048": {"required": False, "type": "str"}, - "untrusted_caname": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall_ssh(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall_ssh(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_ssl_server.py b/lib/ansible/modules/network/fortios/fortios_firewall_ssl_server.py deleted file mode 100644 index 8defa1df7d5..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_ssl_server.py +++ /dev/null @@ -1,456 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_ssl_server -short_description: Configure SSL servers in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and ssl_server category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_ssl_server: - description: - - Configure SSL servers. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - add_header_x_forwarded_proto: - description: - - Enable/disable adding an X-Forwarded-Proto header to forwarded requests. - type: str - choices: - - enable - - disable - ip: - description: - - IPv4 address of the SSL server. - type: str - mapped_port: - description: - - Mapped server service port (1 - 65535). - type: int - name: - description: - - Server name. - required: true - type: str - port: - description: - - Server service port (1 - 65535). - type: int - ssl_algorithm: - description: - - Relative strength of encryption algorithms accepted in negotiation. - type: str - choices: - - high - - medium - - low - ssl_cert: - description: - - Name of certificate for SSL connections to this server. Source vpn.certificate.local.name. - type: str - ssl_client_renegotiation: - description: - - Allow or block client renegotiation by server. - type: str - choices: - - allow - - deny - - secure - ssl_dh_bits: - description: - - Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation. - type: str - choices: - - 768 - - 1024 - - 1536 - - 2048 - ssl_max_version: - description: - - Highest SSL/TLS version to negotiate. - type: str - choices: - - tls-1.0 - - tls-1.1 - - tls-1.2 - ssl_min_version: - description: - - Lowest SSL/TLS version to negotiate. - type: str - choices: - - tls-1.0 - - tls-1.1 - - tls-1.2 - ssl_mode: - description: - - SSL/TLS mode for encryption and decryption of traffic. - type: str - choices: - - half - - full - ssl_send_empty_frags: - description: - - Enable/disable sending empty fragments to avoid attack on CBC IV. - type: str - choices: - - enable - - disable - url_rewrite: - description: - - Enable/disable rewriting the URL. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure SSL servers. - fortios_firewall_ssl_server: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_ssl_server: - add_header_x_forwarded_proto: "enable" - ip: "" - mapped_port: "5" - name: "default_name_6" - port: "7" - ssl_algorithm: "high" - ssl_cert: " (source vpn.certificate.local.name)" - ssl_client_renegotiation: "allow" - ssl_dh_bits: "768" - ssl_max_version: "tls-1.0" - ssl_min_version: "tls-1.0" - ssl_mode: "half" - ssl_send_empty_frags: "enable" - url_rewrite: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_ssl_server_data(json): - option_list = ['add_header_x_forwarded_proto', 'ip', 'mapped_port', - 'name', 'port', 'ssl_algorithm', - 'ssl_cert', 'ssl_client_renegotiation', 'ssl_dh_bits', - 'ssl_max_version', 'ssl_min_version', 'ssl_mode', - 'ssl_send_empty_frags', 'url_rewrite'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_ssl_server(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_ssl_server'] and data['firewall_ssl_server']: - state = data['firewall_ssl_server']['state'] - else: - state = True - firewall_ssl_server_data = data['firewall_ssl_server'] - filtered_data = underscore_to_hyphen(filter_firewall_ssl_server_data(firewall_ssl_server_data)) - - if state == "present": - return fos.set('firewall', - 'ssl-server', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'ssl-server', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_ssl_server']: - resp = firewall_ssl_server(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_ssl_server": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "add_header_x_forwarded_proto": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ip": {"required": False, "type": "str"}, - "mapped_port": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "port": {"required": False, "type": "int"}, - "ssl_algorithm": {"required": False, "type": "str", - "choices": ["high", "medium", "low"]}, - "ssl_cert": {"required": False, "type": "str"}, - "ssl_client_renegotiation": {"required": False, "type": "str", - "choices": ["allow", "deny", "secure"]}, - "ssl_dh_bits": {"required": False, "type": "str", - "choices": ["768", "1024", "1536", - "2048"]}, - "ssl_max_version": {"required": False, "type": "str", - "choices": ["tls-1.0", "tls-1.1", "tls-1.2"]}, - "ssl_min_version": {"required": False, "type": "str", - "choices": ["tls-1.0", "tls-1.1", "tls-1.2"]}, - "ssl_mode": {"required": False, "type": "str", - "choices": ["half", "full"]}, - "ssl_send_empty_frags": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "url_rewrite": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_ssl_setting.py b/lib/ansible/modules/network/fortios/fortios_firewall_ssl_setting.py deleted file mode 100644 index b4f3f260ca2..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_ssl_setting.py +++ /dev/null @@ -1,372 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_ssl_setting -short_description: SSL proxy settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall_ssl feature and setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - firewall_ssl_setting: - description: - - SSL proxy settings. - default: null - type: dict - suboptions: - abbreviate_handshake: - description: - - Enable/disable use of SSL abbreviated handshake. - type: str - choices: - - enable - - disable - cert_cache_capacity: - description: - - Maximum capacity of the host certificate cache (0 - 500). - type: int - cert_cache_timeout: - description: - - Time limit to keep certificate cache (1 - 120 min). - type: int - kxp_queue_threshold: - description: - - Maximum length of the CP KXP queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512). - type: int - no_matching_cipher_action: - description: - - Bypass or drop the connection when no matching cipher is found. - type: str - choices: - - bypass - - drop - proxy_connect_timeout: - description: - - Time limit to make an internal connection to the appropriate proxy process (1 - 60 sec). - type: int - session_cache_capacity: - description: - - Capacity of the SSL session cache (--Obsolete--) (1 - 1000). - type: int - session_cache_timeout: - description: - - Time limit to keep SSL session state (1 - 60 min). - type: int - ssl_dh_bits: - description: - - Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation. - type: str - choices: - - 768 - - 1024 - - 1536 - - 2048 - ssl_queue_threshold: - description: - - Maximum length of the CP SSL queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512). - type: int - ssl_send_empty_frags: - description: - - Enable/disable sending empty fragments to avoid attack on CBC IV (for SSL 3.0 and TLS 1.0 only). - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: SSL proxy settings. - fortios_firewall_ssl_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - firewall_ssl_setting: - abbreviate_handshake: "enable" - cert_cache_capacity: "4" - cert_cache_timeout: "5" - kxp_queue_threshold: "6" - no_matching_cipher_action: "bypass" - proxy_connect_timeout: "8" - session_cache_capacity: "9" - session_cache_timeout: "10" - ssl_dh_bits: "768" - ssl_queue_threshold: "12" - ssl_send_empty_frags: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_ssl_setting_data(json): - option_list = ['abbreviate_handshake', 'cert_cache_capacity', 'cert_cache_timeout', - 'kxp_queue_threshold', 'no_matching_cipher_action', 'proxy_connect_timeout', - 'session_cache_capacity', 'session_cache_timeout', 'ssl_dh_bits', - 'ssl_queue_threshold', 'ssl_send_empty_frags'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_ssl_setting(data, fos): - vdom = data['vdom'] - firewall_ssl_setting_data = data['firewall_ssl_setting'] - filtered_data = underscore_to_hyphen(filter_firewall_ssl_setting_data(firewall_ssl_setting_data)) - - return fos.set('firewall.ssl', - 'setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall_ssl(data, fos): - - if data['firewall_ssl_setting']: - resp = firewall_ssl_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "firewall_ssl_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "abbreviate_handshake": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "cert_cache_capacity": {"required": False, "type": "int"}, - "cert_cache_timeout": {"required": False, "type": "int"}, - "kxp_queue_threshold": {"required": False, "type": "int"}, - "no_matching_cipher_action": {"required": False, "type": "str", - "choices": ["bypass", "drop"]}, - "proxy_connect_timeout": {"required": False, "type": "int"}, - "session_cache_capacity": {"required": False, "type": "int"}, - "session_cache_timeout": {"required": False, "type": "int"}, - "ssl_dh_bits": {"required": False, "type": "str", - "choices": ["768", "1024", "1536", - "2048"]}, - "ssl_queue_threshold": {"required": False, "type": "int"}, - "ssl_send_empty_frags": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall_ssl(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall_ssl(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_ssl_ssh_profile.py b/lib/ansible/modules/network/fortios/fortios_firewall_ssl_ssh_profile.py deleted file mode 100644 index 3bd5e02d325..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_ssl_ssh_profile.py +++ /dev/null @@ -1,1060 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_ssl_ssh_profile -short_description: Configure SSL/SSH protocol options in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and ssl_ssh_profile category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_ssl_ssh_profile: - description: - - Configure SSL/SSH protocol options. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - caname: - description: - - CA certificate used by SSL Inspection. Source vpn.certificate.local.name. - type: str - comment: - description: - - Optional comments. - type: str - ftps: - description: - - Configure FTPS options. - type: dict - suboptions: - allow_invalid_server_cert: - description: - - When enabled, allows SSL sessions whose server certificate validation failed. - type: str - choices: - - enable - - disable - client_cert_request: - description: - - Action based on client certificate request. - type: str - choices: - - bypass - - inspect - - block - ports: - description: - - Ports to use for scanning (1 - 65535). - type: int - status: - description: - - Configure protocol inspection status. - type: str - choices: - - disable - - deep-inspection - unsupported_ssl: - description: - - Action based on the SSL encryption used being unsupported. - type: str - choices: - - bypass - - inspect - - block - untrusted_cert: - description: - - Allow, ignore, or block the untrusted SSL session server certificate. - type: str - choices: - - allow - - block - - ignore - https: - description: - - Configure HTTPS options. - type: dict - suboptions: - allow_invalid_server_cert: - description: - - When enabled, allows SSL sessions whose server certificate validation failed. - type: str - choices: - - enable - - disable - client_cert_request: - description: - - Action based on client certificate request. - type: str - choices: - - bypass - - inspect - - block - ports: - description: - - Ports to use for scanning (1 - 65535). - type: int - status: - description: - - Configure protocol inspection status. - type: str - choices: - - disable - - certificate-inspection - - deep-inspection - unsupported_ssl: - description: - - Action based on the SSL encryption used being unsupported. - type: str - choices: - - bypass - - inspect - - block - untrusted_cert: - description: - - Allow, ignore, or block the untrusted SSL session server certificate. - type: str - choices: - - allow - - block - - ignore - imaps: - description: - - Configure IMAPS options. - type: dict - suboptions: - allow_invalid_server_cert: - description: - - When enabled, allows SSL sessions whose server certificate validation failed. - type: str - choices: - - enable - - disable - client_cert_request: - description: - - Action based on client certificate request. - type: str - choices: - - bypass - - inspect - - block - ports: - description: - - Ports to use for scanning (1 - 65535). - type: int - status: - description: - - Configure protocol inspection status. - type: str - choices: - - disable - - deep-inspection - unsupported_ssl: - description: - - Action based on the SSL encryption used being unsupported. - type: str - choices: - - bypass - - inspect - - block - untrusted_cert: - description: - - Allow, ignore, or block the untrusted SSL session server certificate. - type: str - choices: - - allow - - block - - ignore - mapi_over_https: - description: - - Enable/disable inspection of MAPI over HTTPS. - type: str - choices: - - enable - - disable - name: - description: - - Name. - required: true - type: str - pop3s: - description: - - Configure POP3S options. - type: dict - suboptions: - allow_invalid_server_cert: - description: - - When enabled, allows SSL sessions whose server certificate validation failed. - type: str - choices: - - enable - - disable - client_cert_request: - description: - - Action based on client certificate request. - type: str - choices: - - bypass - - inspect - - block - ports: - description: - - Ports to use for scanning (1 - 65535). - type: int - status: - description: - - Configure protocol inspection status. - type: str - choices: - - disable - - deep-inspection - unsupported_ssl: - description: - - Action based on the SSL encryption used being unsupported. - type: str - choices: - - bypass - - inspect - - block - untrusted_cert: - description: - - Allow, ignore, or block the untrusted SSL session server certificate. - type: str - choices: - - allow - - block - - ignore - rpc_over_https: - description: - - Enable/disable inspection of RPC over HTTPS. - type: str - choices: - - enable - - disable - server_cert: - description: - - Certificate used by SSL Inspection to replace server certificate. Source vpn.certificate.local.name. - type: str - server_cert_mode: - description: - - Re-sign or replace the server's certificate. - type: str - choices: - - re-sign - - replace - smtps: - description: - - Configure SMTPS options. - type: dict - suboptions: - allow_invalid_server_cert: - description: - - When enabled, allows SSL sessions whose server certificate validation failed. - type: str - choices: - - enable - - disable - client_cert_request: - description: - - Action based on client certificate request. - type: str - choices: - - bypass - - inspect - - block - ports: - description: - - Ports to use for scanning (1 - 65535). - type: int - status: - description: - - Configure protocol inspection status. - type: str - choices: - - disable - - deep-inspection - unsupported_ssl: - description: - - Action based on the SSL encryption used being unsupported. - type: str - choices: - - bypass - - inspect - - block - untrusted_cert: - description: - - Allow, ignore, or block the untrusted SSL session server certificate. - type: str - choices: - - allow - - block - - ignore - ssh: - description: - - Configure SSH options. - type: dict - suboptions: - inspect_all: - description: - - Level of SSL inspection. - type: str - choices: - - disable - - deep-inspection - ports: - description: - - Ports to use for scanning (1 - 65535). - type: int - ssh_algorithm: - description: - - Relative strength of encryption algorithms accepted during negotiation. - type: str - choices: - - compatible - - high-encryption - ssh_policy_check: - description: - - Enable/disable SSH policy check. - type: str - choices: - - disable - - enable - ssh_tun_policy_check: - description: - - Enable/disable SSH tunnel policy check. - type: str - choices: - - disable - - enable - status: - description: - - Configure protocol inspection status. - type: str - choices: - - disable - - deep-inspection - unsupported_version: - description: - - Action based on SSH version being unsupported. - type: str - choices: - - bypass - - block - ssl: - description: - - Configure SSL options. - type: dict - suboptions: - allow_invalid_server_cert: - description: - - When enabled, allows SSL sessions whose server certificate validation failed. - type: str - choices: - - enable - - disable - client_cert_request: - description: - - Action based on client certificate request. - type: str - choices: - - bypass - - inspect - - block - inspect_all: - description: - - Level of SSL inspection. - type: str - choices: - - disable - - certificate-inspection - - deep-inspection - unsupported_ssl: - description: - - Action based on the SSL encryption used being unsupported. - type: str - choices: - - bypass - - inspect - - block - untrusted_cert: - description: - - Allow, ignore, or block the untrusted SSL session server certificate. - type: str - choices: - - allow - - block - - ignore - ssl_anomalies_log: - description: - - Enable/disable logging SSL anomalies. - type: str - choices: - - disable - - enable - ssl_exempt: - description: - - Servers to exempt from SSL inspection. - type: list - suboptions: - address: - description: - - IPv4 address object. Source firewall.address.name firewall.addrgrp.name. - type: str - address6: - description: - - IPv6 address object. Source firewall.address6.name firewall.addrgrp6.name. - type: str - fortiguard_category: - description: - - FortiGuard category ID. - type: int - id: - description: - - ID number. - required: true - type: int - regex: - description: - - Exempt servers by regular expression. - type: str - type: - description: - - Type of address object (IPv4 or IPv6) or FortiGuard category. - type: str - choices: - - fortiguard-category - - address - - address6 - - wildcard-fqdn - - regex - wildcard_fqdn: - description: - - Exempt servers by wildcard FQDN. Source firewall.wildcard-fqdn.custom.name firewall.wildcard-fqdn.group.name. - type: str - ssl_exemptions_log: - description: - - Enable/disable logging SSL exemptions. - type: str - choices: - - disable - - enable - ssl_server: - description: - - SSL servers. - type: list - suboptions: - ftps_client_cert_request: - description: - - Action based on client certificate request during the FTPS handshake. - type: str - choices: - - bypass - - inspect - - block - https_client_cert_request: - description: - - Action based on client certificate request during the HTTPS handshake. - type: str - choices: - - bypass - - inspect - - block - id: - description: - - SSL server ID. - required: true - type: int - imaps_client_cert_request: - description: - - Action based on client certificate request during the IMAPS handshake. - type: str - choices: - - bypass - - inspect - - block - ip: - description: - - IPv4 address of the SSL server. - type: str - pop3s_client_cert_request: - description: - - Action based on client certificate request during the POP3S handshake. - type: str - choices: - - bypass - - inspect - - block - smtps_client_cert_request: - description: - - Action based on client certificate request during the SMTPS handshake. - type: str - choices: - - bypass - - inspect - - block - ssl_other_client_cert_request: - description: - - Action based on client certificate request during an SSL protocol handshake. - type: str - choices: - - bypass - - inspect - - block - untrusted_caname: - description: - - Untrusted CA certificate used by SSL Inspection. Source vpn.certificate.local.name. - type: str - use_ssl_server: - description: - - Enable/disable the use of SSL server table for SSL offloading. - type: str - choices: - - disable - - enable - whitelist: - description: - - Enable/disable exempting servers by FortiGuard whitelist. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure SSL/SSH protocol options. - fortios_firewall_ssl_ssh_profile: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_ssl_ssh_profile: - caname: " (source vpn.certificate.local.name)" - comment: "Optional comments." - ftps: - allow_invalid_server_cert: "enable" - client_cert_request: "bypass" - ports: "8" - status: "disable" - unsupported_ssl: "bypass" - untrusted_cert: "allow" - https: - allow_invalid_server_cert: "enable" - client_cert_request: "bypass" - ports: "15" - status: "disable" - unsupported_ssl: "bypass" - untrusted_cert: "allow" - imaps: - allow_invalid_server_cert: "enable" - client_cert_request: "bypass" - ports: "22" - status: "disable" - unsupported_ssl: "bypass" - untrusted_cert: "allow" - mapi_over_https: "enable" - name: "default_name_27" - pop3s: - allow_invalid_server_cert: "enable" - client_cert_request: "bypass" - ports: "31" - status: "disable" - unsupported_ssl: "bypass" - untrusted_cert: "allow" - rpc_over_https: "enable" - server_cert: " (source vpn.certificate.local.name)" - server_cert_mode: "re-sign" - smtps: - allow_invalid_server_cert: "enable" - client_cert_request: "bypass" - ports: "41" - status: "disable" - unsupported_ssl: "bypass" - untrusted_cert: "allow" - ssh: - inspect_all: "disable" - ports: "47" - ssh_algorithm: "compatible" - ssh_policy_check: "disable" - ssh_tun_policy_check: "disable" - status: "disable" - unsupported_version: "bypass" - ssl: - allow_invalid_server_cert: "enable" - client_cert_request: "bypass" - inspect_all: "disable" - unsupported_ssl: "bypass" - untrusted_cert: "allow" - ssl_anomalies_log: "disable" - ssl_exempt: - - - address: " (source firewall.address.name firewall.addrgrp.name)" - address6: " (source firewall.address6.name firewall.addrgrp6.name)" - fortiguard_category: "63" - id: "64" - regex: "" - type: "fortiguard-category" - wildcard_fqdn: " (source firewall.wildcard-fqdn.custom.name firewall.wildcard-fqdn.group.name)" - ssl_exemptions_log: "disable" - ssl_server: - - - ftps_client_cert_request: "bypass" - https_client_cert_request: "bypass" - id: "72" - imaps_client_cert_request: "bypass" - ip: "" - pop3s_client_cert_request: "bypass" - smtps_client_cert_request: "bypass" - ssl_other_client_cert_request: "bypass" - untrusted_caname: " (source vpn.certificate.local.name)" - use_ssl_server: "disable" - whitelist: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_ssl_ssh_profile_data(json): - option_list = ['caname', 'comment', 'ftps', - 'https', 'imaps', 'mapi_over_https', - 'name', 'pop3s', 'rpc_over_https', - 'server_cert', 'server_cert_mode', 'smtps', - 'ssh', 'ssl', 'ssl_anomalies_log', - 'ssl_exempt', 'ssl_exemptions_log', 'ssl_server', - 'untrusted_caname', 'use_ssl_server', 'whitelist'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_ssl_ssh_profile(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_ssl_ssh_profile'] and data['firewall_ssl_ssh_profile']: - state = data['firewall_ssl_ssh_profile']['state'] - else: - state = True - firewall_ssl_ssh_profile_data = data['firewall_ssl_ssh_profile'] - filtered_data = underscore_to_hyphen(filter_firewall_ssl_ssh_profile_data(firewall_ssl_ssh_profile_data)) - - if state == "present": - return fos.set('firewall', - 'ssl-ssh-profile', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'ssl-ssh-profile', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_ssl_ssh_profile']: - resp = firewall_ssl_ssh_profile(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_ssl_ssh_profile": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "caname": {"required": False, "type": "str"}, - "comment": {"required": False, "type": "str"}, - "ftps": {"required": False, "type": "dict", - "options": { - "allow_invalid_server_cert": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "client_cert_request": {"required": False, "type": "str", - "choices": ["bypass", "inspect", "block"]}, - "ports": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["disable", "deep-inspection"]}, - "unsupported_ssl": {"required": False, "type": "str", - "choices": ["bypass", "inspect", "block"]}, - "untrusted_cert": {"required": False, "type": "str", - "choices": ["allow", "block", "ignore"]} - }}, - "https": {"required": False, "type": "dict", - "options": { - "allow_invalid_server_cert": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "client_cert_request": {"required": False, "type": "str", - "choices": ["bypass", "inspect", "block"]}, - "ports": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["disable", "certificate-inspection", "deep-inspection"]}, - "unsupported_ssl": {"required": False, "type": "str", - "choices": ["bypass", "inspect", "block"]}, - "untrusted_cert": {"required": False, "type": "str", - "choices": ["allow", "block", "ignore"]} - }}, - "imaps": {"required": False, "type": "dict", - "options": { - "allow_invalid_server_cert": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "client_cert_request": {"required": False, "type": "str", - "choices": ["bypass", "inspect", "block"]}, - "ports": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["disable", "deep-inspection"]}, - "unsupported_ssl": {"required": False, "type": "str", - "choices": ["bypass", "inspect", "block"]}, - "untrusted_cert": {"required": False, "type": "str", - "choices": ["allow", "block", "ignore"]} - }}, - "mapi_over_https": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "name": {"required": True, "type": "str"}, - "pop3s": {"required": False, "type": "dict", - "options": { - "allow_invalid_server_cert": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "client_cert_request": {"required": False, "type": "str", - "choices": ["bypass", "inspect", "block"]}, - "ports": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["disable", "deep-inspection"]}, - "unsupported_ssl": {"required": False, "type": "str", - "choices": ["bypass", "inspect", "block"]}, - "untrusted_cert": {"required": False, "type": "str", - "choices": ["allow", "block", "ignore"]} - }}, - "rpc_over_https": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "server_cert": {"required": False, "type": "str"}, - "server_cert_mode": {"required": False, "type": "str", - "choices": ["re-sign", "replace"]}, - "smtps": {"required": False, "type": "dict", - "options": { - "allow_invalid_server_cert": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "client_cert_request": {"required": False, "type": "str", - "choices": ["bypass", "inspect", "block"]}, - "ports": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["disable", "deep-inspection"]}, - "unsupported_ssl": {"required": False, "type": "str", - "choices": ["bypass", "inspect", "block"]}, - "untrusted_cert": {"required": False, "type": "str", - "choices": ["allow", "block", "ignore"]} - }}, - "ssh": {"required": False, "type": "dict", - "options": { - "inspect_all": {"required": False, "type": "str", - "choices": ["disable", "deep-inspection"]}, - "ports": {"required": False, "type": "int"}, - "ssh_algorithm": {"required": False, "type": "str", - "choices": ["compatible", "high-encryption"]}, - "ssh_policy_check": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "ssh_tun_policy_check": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "status": {"required": False, "type": "str", - "choices": ["disable", "deep-inspection"]}, - "unsupported_version": {"required": False, "type": "str", - "choices": ["bypass", "block"]} - }}, - "ssl": {"required": False, "type": "dict", - "options": { - "allow_invalid_server_cert": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "client_cert_request": {"required": False, "type": "str", - "choices": ["bypass", "inspect", "block"]}, - "inspect_all": {"required": False, "type": "str", - "choices": ["disable", "certificate-inspection", "deep-inspection"]}, - "unsupported_ssl": {"required": False, "type": "str", - "choices": ["bypass", "inspect", "block"]}, - "untrusted_cert": {"required": False, "type": "str", - "choices": ["allow", "block", "ignore"]} - }}, - "ssl_anomalies_log": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "ssl_exempt": {"required": False, "type": "list", - "options": { - "address": {"required": False, "type": "str"}, - "address6": {"required": False, "type": "str"}, - "fortiguard_category": {"required": False, "type": "int"}, - "id": {"required": True, "type": "int"}, - "regex": {"required": False, "type": "str"}, - "type": {"required": False, "type": "str", - "choices": ["fortiguard-category", "address", "address6", - "wildcard-fqdn", "regex"]}, - "wildcard_fqdn": {"required": False, "type": "str"} - }}, - "ssl_exemptions_log": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "ssl_server": {"required": False, "type": "list", - "options": { - "ftps_client_cert_request": {"required": False, "type": "str", - "choices": ["bypass", "inspect", "block"]}, - "https_client_cert_request": {"required": False, "type": "str", - "choices": ["bypass", "inspect", "block"]}, - "id": {"required": True, "type": "int"}, - "imaps_client_cert_request": {"required": False, "type": "str", - "choices": ["bypass", "inspect", "block"]}, - "ip": {"required": False, "type": "str"}, - "pop3s_client_cert_request": {"required": False, "type": "str", - "choices": ["bypass", "inspect", "block"]}, - "smtps_client_cert_request": {"required": False, "type": "str", - "choices": ["bypass", "inspect", "block"]}, - "ssl_other_client_cert_request": {"required": False, "type": "str", - "choices": ["bypass", "inspect", "block"]} - }}, - "untrusted_caname": {"required": False, "type": "str"}, - "use_ssl_server": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "whitelist": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_ttl_policy.py b/lib/ansible/modules/network/fortios/fortios_firewall_ttl_policy.py deleted file mode 100644 index 1674411f8fd..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_ttl_policy.py +++ /dev/null @@ -1,406 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_ttl_policy -short_description: Configure TTL policies in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and ttl_policy category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_ttl_policy: - description: - - Configure TTL policies. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - action: - description: - - Action to be performed on traffic matching this policy . - type: str - choices: - - accept - - deny - id: - description: - - ID. - required: true - type: int - schedule: - description: - - Schedule object from available options. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group - .name. - type: str - service: - description: - - Service object(s) from available options. Separate multiple names with a space. - type: list - suboptions: - name: - description: - - Service name. Source firewall.service.custom.name firewall.service.group.name. - required: true - type: str - srcaddr: - description: - - Source address object(s) from available options. Separate multiple names with a space. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - srcintf: - description: - - Source interface name from available interfaces. Source system.zone.name system.interface.name. - type: str - status: - description: - - Enable/disable this TTL policy. - type: str - choices: - - enable - - disable - ttl: - description: - - "Value/range to match against the packet's Time to Live value (format: ttl[ - ttl_high], 1 - 255)." - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure TTL policies. - fortios_firewall_ttl_policy: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_ttl_policy: - action: "accept" - id: "4" - schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" - service: - - - name: "default_name_7 (source firewall.service.custom.name firewall.service.group.name)" - srcaddr: - - - name: "default_name_9 (source firewall.address.name firewall.addrgrp.name)" - srcintf: " (source system.zone.name system.interface.name)" - status: "enable" - ttl: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_ttl_policy_data(json): - option_list = ['action', 'id', 'schedule', - 'service', 'srcaddr', 'srcintf', - 'status', 'ttl'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_ttl_policy(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_ttl_policy'] and data['firewall_ttl_policy']: - state = data['firewall_ttl_policy']['state'] - else: - state = True - firewall_ttl_policy_data = data['firewall_ttl_policy'] - filtered_data = underscore_to_hyphen(filter_firewall_ttl_policy_data(firewall_ttl_policy_data)) - - if state == "present": - return fos.set('firewall', - 'ttl-policy', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'ttl-policy', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_ttl_policy']: - resp = firewall_ttl_policy(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_ttl_policy": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "action": {"required": False, "type": "str", - "choices": ["accept", "deny"]}, - "id": {"required": True, "type": "int"}, - "schedule": {"required": False, "type": "str"}, - "service": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "srcaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "srcintf": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ttl": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_vip.py b/lib/ansible/modules/network/fortios/fortios_firewall_vip.py deleted file mode 100644 index 1e6e6c5aabd..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_vip.py +++ /dev/null @@ -1,1224 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_vip -short_description: Configure virtual IP for IPv4 in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and vip category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_vip: - description: - - Configure virtual IP for IPv4. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - arp_reply: - description: - - Enable to respond to ARP requests for this virtual IP address. Enabled by default. - type: str - choices: - - disable - - enable - color: - description: - - Color of icon on the GUI. - type: int - comment: - description: - - Comment. - type: str - dns_mapping_ttl: - description: - - DNS mapping TTL (Set to zero to use TTL in DNS response). - type: int - extaddr: - description: - - External FQDN address name. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - extintf: - description: - - Interface connected to the source network that receives the packets that will be forwarded to the destination network. Source system - .interface.name. - type: str - extip: - description: - - IP address or address range on the external interface that you want to map to an address or address range on the destination network. - type: str - extport: - description: - - Incoming port number range that you want to map to a port number range on the destination network. - type: str - gratuitous_arp_interval: - description: - - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable. - type: int - http_cookie_age: - description: - - Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit. - type: int - http_cookie_domain: - description: - - Domain that HTTP cookie persistence should apply to. - type: str - http_cookie_domain_from_host: - description: - - Enable/disable use of HTTP cookie domain from host field in HTTP. - type: str - choices: - - disable - - enable - http_cookie_generation: - description: - - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. - type: int - http_cookie_path: - description: - - Limit HTTP cookie persistence to the specified path. - type: str - http_cookie_share: - description: - - Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops - cookie sharing. - type: str - choices: - - disable - - same-ip - http_ip_header: - description: - - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. - type: str - choices: - - enable - - disable - http_ip_header_name: - description: - - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, - X-Forwarded-For is used. - type: str - http_multiplex: - description: - - Enable/disable HTTP multiplexing. - type: str - choices: - - enable - - disable - https_cookie_secure: - description: - - Enable/disable verification that inserted HTTPS cookies are secure. - type: str - choices: - - disable - - enable - id: - description: - - Custom defined ID. - type: int - ldb_method: - description: - - Method used to distribute sessions to real servers. - type: str - choices: - - static - - round-robin - - weighted - - least-session - - least-rtt - - first-alive - - http-host - mapped_addr: - description: - - Mapped FQDN address name. Source firewall.address.name. - type: str - mappedip: - description: - - IP address or address range on the destination network to which the external IP address is mapped. - type: list - suboptions: - range: - description: - - Mapped IP range. - required: true - type: str - mappedport: - description: - - Port number range on the destination network to which the external port number range is mapped. - type: str - max_embryonic_connections: - description: - - Maximum number of incomplete connections. - type: int - monitor: - description: - - Name of the health check monitor to use when polling to determine a virtual server's connectivity status. - type: list - suboptions: - name: - description: - - Health monitor name. Source firewall.ldb-monitor.name. - required: true - type: str - name: - description: - - Virtual IP name. - required: true - type: str - nat_source_vip: - description: - - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. - type: str - choices: - - disable - - enable - outlook_web_access: - description: - - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. - type: str - choices: - - disable - - enable - persistence: - description: - - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. - type: str - choices: - - none - - http-cookie - - ssl-session-id - portforward: - description: - - Enable/disable port forwarding. - type: str - choices: - - disable - - enable - portmapping_type: - description: - - Port mapping type. - type: str - choices: - - 1-to-1 - - m-to-n - protocol: - description: - - Protocol to use when forwarding packets. - type: str - choices: - - tcp - - udp - - sctp - - icmp - realservers: - description: - - Select the real servers that this server load balancing VIP will distribute traffic to. - type: list - suboptions: - client_ip: - description: - - Only clients in this IP range can connect to this real server. - type: str - healthcheck: - description: - - Enable to check the responsiveness of the real server before forwarding traffic. - type: str - choices: - - disable - - enable - - vip - holddown_interval: - description: - - Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active. - type: int - http_host: - description: - - HTTP server domain name in HTTP header. - type: str - id: - description: - - Real server ID. - required: true - type: int - ip: - description: - - IP address of the real server. - type: str - max_connections: - description: - - Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers. - type: int - monitor: - description: - - Name of the health check monitor to use when polling to determine a virtual server's connectivity status. Source firewall - .ldb-monitor.name. - type: str - port: - description: - - Port for communicating with the real server. Required if port forwarding is enabled. - type: int - status: - description: - - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. - type: str - choices: - - active - - standby - - disable - weight: - description: - - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. - type: int - server_type: - description: - - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). - type: str - choices: - - http - - https - - imaps - - pop3s - - smtps - - ssl - - tcp - - udp - - ip - service: - description: - - Service name. - type: list - suboptions: - name: - description: - - Service name. Source firewall.service.custom.name firewall.service.group.name. - required: true - type: str - src_filter: - description: - - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. - type: list - suboptions: - range: - description: - - Source-filter range. - required: true - type: str - srcintf_filter: - description: - - Interfaces to which the VIP applies. Separate the names with spaces. - type: list - suboptions: - interface_name: - description: - - Interface name. Source system.interface.name. - type: str - ssl_algorithm: - description: - - Permitted encryption algorithms for SSL sessions according to encryption strength. - type: str - choices: - - high - - medium - - low - - custom - ssl_certificate: - description: - - The name of the SSL certificate to use for SSL acceleration. Source vpn.certificate.local.name. - type: str - ssl_cipher_suites: - description: - - SSL/TLS cipher suites acceptable from a client, ordered by priority. - type: list - suboptions: - cipher: - description: - - Cipher suite name. - type: str - choices: - - TLS-RSA-WITH-3DES-EDE-CBC-SHA - - TLS-DHE-RSA-WITH-DES-CBC-SHA - - TLS-DHE-DSS-WITH-DES-CBC-SHA - priority: - description: - - SSL/TLS cipher suites priority. - required: true - type: int - versions: - description: - - SSL/TLS versions that the cipher suite can be used with. - type: str - choices: - - ssl-3.0 - - tls-1.0 - - tls-1.1 - - tls-1.2 - ssl_client_fallback: - description: - - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). - type: str - choices: - - disable - - enable - ssl_client_renegotiation: - description: - - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. - type: str - choices: - - allow - - deny - - secure - ssl_client_session_state_max: - description: - - Maximum number of client to FortiGate SSL session states to keep. - type: int - ssl_client_session_state_timeout: - description: - - Number of minutes to keep client to FortiGate SSL session state. - type: int - ssl_client_session_state_type: - description: - - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. - type: str - choices: - - disable - - time - - count - - both - ssl_dh_bits: - description: - - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. - type: str - choices: - - 768 - - 1024 - - 1536 - - 2048 - - 3072 - - 4096 - ssl_hpkp: - description: - - Enable/disable including HPKP header in response. - type: str - choices: - - disable - - enable - - report-only - ssl_hpkp_age: - description: - - Number of seconds the client should honour the HPKP setting. - type: int - ssl_hpkp_backup: - description: - - Certificate to generate backup HPKP pin from. Source vpn.certificate.local.name vpn.certificate.ca.name. - type: str - ssl_hpkp_include_subdomains: - description: - - Indicate that HPKP header applies to all subdomains. - type: str - choices: - - disable - - enable - ssl_hpkp_primary: - description: - - Certificate to generate primary HPKP pin from. Source vpn.certificate.local.name vpn.certificate.ca.name. - type: str - ssl_hpkp_report_uri: - description: - - URL to report HPKP violations to. - type: str - ssl_hsts: - description: - - Enable/disable including HSTS header in response. - type: str - choices: - - disable - - enable - ssl_hsts_age: - description: - - Number of seconds the client should honour the HSTS setting. - type: int - ssl_hsts_include_subdomains: - description: - - Indicate that HSTS header applies to all subdomains. - type: str - choices: - - disable - - enable - ssl_http_location_conversion: - description: - - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. - type: str - choices: - - enable - - disable - ssl_http_match_host: - description: - - Enable/disable HTTP host matching for location conversion. - type: str - choices: - - enable - - disable - ssl_max_version: - description: - - Highest SSL/TLS version acceptable from a client. - type: str - choices: - - ssl-3.0 - - tls-1.0 - - tls-1.1 - - tls-1.2 - ssl_min_version: - description: - - Lowest SSL/TLS version acceptable from a client. - type: str - choices: - - ssl-3.0 - - tls-1.0 - - tls-1.1 - - tls-1.2 - ssl_mode: - description: - - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the - server (full). - type: str - choices: - - half - - full - ssl_pfs: - description: - - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. - type: str - choices: - - require - - deny - - allow - ssl_send_empty_frags: - description: - - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with - older systems. - type: str - choices: - - enable - - disable - ssl_server_algorithm: - description: - - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. - type: str - choices: - - high - - medium - - low - - custom - - client - ssl_server_cipher_suites: - description: - - SSL/TLS cipher suites to offer to a server, ordered by priority. - type: list - suboptions: - cipher: - description: - - Cipher suite name. - type: str - choices: - - TLS-RSA-WITH-3DES-EDE-CBC-SHA - - TLS-DHE-RSA-WITH-DES-CBC-SHA - - TLS-DHE-DSS-WITH-DES-CBC-SHA - priority: - description: - - SSL/TLS cipher suites priority. - required: true - type: int - versions: - description: - - SSL/TLS versions that the cipher suite can be used with. - type: str - choices: - - ssl-3.0 - - tls-1.0 - - tls-1.1 - - tls-1.2 - ssl_server_max_version: - description: - - Highest SSL/TLS version acceptable from a server. Use the client setting by default. - type: str - choices: - - ssl-3.0 - - tls-1.0 - - tls-1.1 - - tls-1.2 - - client - ssl_server_min_version: - description: - - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. - type: str - choices: - - ssl-3.0 - - tls-1.0 - - tls-1.1 - - tls-1.2 - - client - ssl_server_session_state_max: - description: - - Maximum number of FortiGate to Server SSL session states to keep. - type: int - ssl_server_session_state_timeout: - description: - - Number of minutes to keep FortiGate to Server SSL session state. - type: int - ssl_server_session_state_type: - description: - - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. - type: str - choices: - - disable - - time - - count - - both - type: - description: - - Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. - type: str - choices: - - static-nat - - load-balance - - server-load-balance - - dns-translation - - fqdn - uuid: - description: - - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). - type: str - weblogic_server: - description: - - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. - type: str - choices: - - disable - - enable - websphere_server: - description: - - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. - type: str - choices: - - disable - - enable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure virtual IP for IPv4. - fortios_firewall_vip: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_vip: - arp_reply: "disable" - color: "4" - comment: "Comment." - dns_mapping_ttl: "6" - extaddr: - - - name: "default_name_8 (source firewall.address.name firewall.addrgrp.name)" - extintf: " (source system.interface.name)" - extip: "" - extport: "" - gratuitous_arp_interval: "12" - http_cookie_age: "13" - http_cookie_domain: "" - http_cookie_domain_from_host: "disable" - http_cookie_generation: "16" - http_cookie_path: "" - http_cookie_share: "disable" - http_ip_header: "enable" - http_ip_header_name: "" - http_multiplex: "enable" - https_cookie_secure: "disable" - id: "23" - ldb_method: "static" - mapped_addr: " (source firewall.address.name)" - mappedip: - - - range: "" - mappedport: "" - max_embryonic_connections: "29" - monitor: - - - name: "default_name_31 (source firewall.ldb-monitor.name)" - name: "default_name_32" - nat_source_vip: "disable" - outlook_web_access: "disable" - persistence: "none" - portforward: "disable" - portmapping_type: "1-to-1" - protocol: "tcp" - realservers: - - - client_ip: "" - healthcheck: "disable" - holddown_interval: "42" - http_host: "myhostname" - id: "44" - ip: "" - max_connections: "46" - monitor: " (source firewall.ldb-monitor.name)" - port: "48" - status: "active" - weight: "50" - server_type: "http" - service: - - - name: "default_name_53 (source firewall.service.custom.name firewall.service.group.name)" - src_filter: - - - range: "" - srcintf_filter: - - - interface_name: " (source system.interface.name)" - ssl_algorithm: "high" - ssl_certificate: " (source vpn.certificate.local.name)" - ssl_cipher_suites: - - - cipher: "TLS-RSA-WITH-3DES-EDE-CBC-SHA" - priority: "62" - versions: "ssl-3.0" - ssl_client_fallback: "disable" - ssl_client_renegotiation: "allow" - ssl_client_session_state_max: "66" - ssl_client_session_state_timeout: "67" - ssl_client_session_state_type: "disable" - ssl_dh_bits: "768" - ssl_hpkp: "disable" - ssl_hpkp_age: "71" - ssl_hpkp_backup: " (source vpn.certificate.local.name vpn.certificate.ca.name)" - ssl_hpkp_include_subdomains: "disable" - ssl_hpkp_primary: " (source vpn.certificate.local.name vpn.certificate.ca.name)" - ssl_hpkp_report_uri: "" - ssl_hsts: "disable" - ssl_hsts_age: "77" - ssl_hsts_include_subdomains: "disable" - ssl_http_location_conversion: "enable" - ssl_http_match_host: "enable" - ssl_max_version: "ssl-3.0" - ssl_min_version: "ssl-3.0" - ssl_mode: "half" - ssl_pfs: "require" - ssl_send_empty_frags: "enable" - ssl_server_algorithm: "high" - ssl_server_cipher_suites: - - - cipher: "TLS-RSA-WITH-3DES-EDE-CBC-SHA" - priority: "89" - versions: "ssl-3.0" - ssl_server_max_version: "ssl-3.0" - ssl_server_min_version: "ssl-3.0" - ssl_server_session_state_max: "93" - ssl_server_session_state_timeout: "94" - ssl_server_session_state_type: "disable" - type: "static-nat" - uuid: "" - weblogic_server: "disable" - websphere_server: "disable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_vip_data(json): - option_list = ['arp_reply', 'color', 'comment', - 'dns_mapping_ttl', 'extaddr', 'extintf', - 'extip', 'extport', 'gratuitous_arp_interval', - 'http_cookie_age', 'http_cookie_domain', 'http_cookie_domain_from_host', - 'http_cookie_generation', 'http_cookie_path', 'http_cookie_share', - 'http_ip_header', 'http_ip_header_name', 'http_multiplex', - 'https_cookie_secure', 'id', 'ldb_method', - 'mapped_addr', 'mappedip', 'mappedport', - 'max_embryonic_connections', 'monitor', 'name', - 'nat_source_vip', 'outlook_web_access', 'persistence', - 'portforward', 'portmapping_type', 'protocol', - 'realservers', 'server_type', 'service', - 'src_filter', 'srcintf_filter', 'ssl_algorithm', - 'ssl_certificate', 'ssl_cipher_suites', 'ssl_client_fallback', - 'ssl_client_renegotiation', 'ssl_client_session_state_max', 'ssl_client_session_state_timeout', - 'ssl_client_session_state_type', 'ssl_dh_bits', 'ssl_hpkp', - 'ssl_hpkp_age', 'ssl_hpkp_backup', 'ssl_hpkp_include_subdomains', - 'ssl_hpkp_primary', 'ssl_hpkp_report_uri', 'ssl_hsts', - 'ssl_hsts_age', 'ssl_hsts_include_subdomains', 'ssl_http_location_conversion', - 'ssl_http_match_host', 'ssl_max_version', 'ssl_min_version', - 'ssl_mode', 'ssl_pfs', 'ssl_send_empty_frags', - 'ssl_server_algorithm', 'ssl_server_cipher_suites', 'ssl_server_max_version', - 'ssl_server_min_version', 'ssl_server_session_state_max', 'ssl_server_session_state_timeout', - 'ssl_server_session_state_type', 'type', 'uuid', - 'weblogic_server', 'websphere_server'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_vip(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_vip'] and data['firewall_vip']: - state = data['firewall_vip']['state'] - else: - state = True - firewall_vip_data = data['firewall_vip'] - filtered_data = underscore_to_hyphen(filter_firewall_vip_data(firewall_vip_data)) - - if state == "present": - return fos.set('firewall', - 'vip', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'vip', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_vip']: - resp = firewall_vip(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_vip": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "arp_reply": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "color": {"required": False, "type": "int"}, - "comment": {"required": False, "type": "str"}, - "dns_mapping_ttl": {"required": False, "type": "int"}, - "extaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "extintf": {"required": False, "type": "str"}, - "extip": {"required": False, "type": "str"}, - "extport": {"required": False, "type": "str"}, - "gratuitous_arp_interval": {"required": False, "type": "int"}, - "http_cookie_age": {"required": False, "type": "int"}, - "http_cookie_domain": {"required": False, "type": "str"}, - "http_cookie_domain_from_host": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "http_cookie_generation": {"required": False, "type": "int"}, - "http_cookie_path": {"required": False, "type": "str"}, - "http_cookie_share": {"required": False, "type": "str", - "choices": ["disable", "same-ip"]}, - "http_ip_header": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "http_ip_header_name": {"required": False, "type": "str"}, - "http_multiplex": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "https_cookie_secure": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "id": {"required": False, "type": "int"}, - "ldb_method": {"required": False, "type": "str", - "choices": ["static", "round-robin", "weighted", - "least-session", "least-rtt", "first-alive", - "http-host"]}, - "mapped_addr": {"required": False, "type": "str"}, - "mappedip": {"required": False, "type": "list", - "options": { - "range": {"required": True, "type": "str"} - }}, - "mappedport": {"required": False, "type": "str"}, - "max_embryonic_connections": {"required": False, "type": "int"}, - "monitor": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "name": {"required": True, "type": "str"}, - "nat_source_vip": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "outlook_web_access": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "persistence": {"required": False, "type": "str", - "choices": ["none", "http-cookie", "ssl-session-id"]}, - "portforward": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "portmapping_type": {"required": False, "type": "str", - "choices": ["1-to-1", "m-to-n"]}, - "protocol": {"required": False, "type": "str", - "choices": ["tcp", "udp", "sctp", - "icmp"]}, - "realservers": {"required": False, "type": "list", - "options": { - "client_ip": {"required": False, "type": "str"}, - "healthcheck": {"required": False, "type": "str", - "choices": ["disable", "enable", "vip"]}, - "holddown_interval": {"required": False, "type": "int"}, - "http_host": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "ip": {"required": False, "type": "str"}, - "max_connections": {"required": False, "type": "int"}, - "monitor": {"required": False, "type": "str"}, - "port": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["active", "standby", "disable"]}, - "weight": {"required": False, "type": "int"} - }}, - "server_type": {"required": False, "type": "str", - "choices": ["http", "https", "imaps", - "pop3s", "smtps", "ssl", - "tcp", "udp", "ip"]}, - "service": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "src_filter": {"required": False, "type": "list", - "options": { - "range": {"required": True, "type": "str"} - }}, - "srcintf_filter": {"required": False, "type": "list", - "options": { - "interface_name": {"required": False, "type": "str"} - }}, - "ssl_algorithm": {"required": False, "type": "str", - "choices": ["high", "medium", "low", - "custom"]}, - "ssl_certificate": {"required": False, "type": "str"}, - "ssl_cipher_suites": {"required": False, "type": "list", - "options": { - "cipher": {"required": False, "type": "str", - "choices": ["TLS-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-DHE-RSA-WITH-DES-CBC-SHA", - "TLS-DHE-DSS-WITH-DES-CBC-SHA"]}, - "priority": {"required": True, "type": "int"}, - "versions": {"required": False, "type": "str", - "choices": ["ssl-3.0", "tls-1.0", "tls-1.1", - "tls-1.2"]} - }}, - "ssl_client_fallback": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "ssl_client_renegotiation": {"required": False, "type": "str", - "choices": ["allow", "deny", "secure"]}, - "ssl_client_session_state_max": {"required": False, "type": "int"}, - "ssl_client_session_state_timeout": {"required": False, "type": "int"}, - "ssl_client_session_state_type": {"required": False, "type": "str", - "choices": ["disable", "time", "count", - "both"]}, - "ssl_dh_bits": {"required": False, "type": "str", - "choices": ["768", "1024", "1536", - "2048", "3072", "4096"]}, - "ssl_hpkp": {"required": False, "type": "str", - "choices": ["disable", "enable", "report-only"]}, - "ssl_hpkp_age": {"required": False, "type": "int"}, - "ssl_hpkp_backup": {"required": False, "type": "str"}, - "ssl_hpkp_include_subdomains": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "ssl_hpkp_primary": {"required": False, "type": "str"}, - "ssl_hpkp_report_uri": {"required": False, "type": "str"}, - "ssl_hsts": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "ssl_hsts_age": {"required": False, "type": "int"}, - "ssl_hsts_include_subdomains": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "ssl_http_location_conversion": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssl_http_match_host": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssl_max_version": {"required": False, "type": "str", - "choices": ["ssl-3.0", "tls-1.0", "tls-1.1", - "tls-1.2"]}, - "ssl_min_version": {"required": False, "type": "str", - "choices": ["ssl-3.0", "tls-1.0", "tls-1.1", - "tls-1.2"]}, - "ssl_mode": {"required": False, "type": "str", - "choices": ["half", "full"]}, - "ssl_pfs": {"required": False, "type": "str", - "choices": ["require", "deny", "allow"]}, - "ssl_send_empty_frags": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssl_server_algorithm": {"required": False, "type": "str", - "choices": ["high", "medium", "low", - "custom", "client"]}, - "ssl_server_cipher_suites": {"required": False, "type": "list", - "options": { - "cipher": {"required": False, "type": "str", - "choices": ["TLS-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-DHE-RSA-WITH-DES-CBC-SHA", - "TLS-DHE-DSS-WITH-DES-CBC-SHA"]}, - "priority": {"required": True, "type": "int"}, - "versions": {"required": False, "type": "str", - "choices": ["ssl-3.0", "tls-1.0", "tls-1.1", - "tls-1.2"]} - }}, - "ssl_server_max_version": {"required": False, "type": "str", - "choices": ["ssl-3.0", "tls-1.0", "tls-1.1", - "tls-1.2", "client"]}, - "ssl_server_min_version": {"required": False, "type": "str", - "choices": ["ssl-3.0", "tls-1.0", "tls-1.1", - "tls-1.2", "client"]}, - "ssl_server_session_state_max": {"required": False, "type": "int"}, - "ssl_server_session_state_timeout": {"required": False, "type": "int"}, - "ssl_server_session_state_type": {"required": False, "type": "str", - "choices": ["disable", "time", "count", - "both"]}, - "type": {"required": False, "type": "str", - "choices": ["static-nat", "load-balance", "server-load-balance", - "dns-translation", "fqdn"]}, - "uuid": {"required": False, "type": "str"}, - "weblogic_server": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "websphere_server": {"required": False, "type": "str", - "choices": ["disable", "enable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_vip46.py b/lib/ansible/modules/network/fortios/fortios_firewall_vip46.py deleted file mode 100644 index e155f6fe042..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_vip46.py +++ /dev/null @@ -1,567 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_vip46 -short_description: Configure IPv4 to IPv6 virtual IPs in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and vip46 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_vip46: - description: - - Configure IPv4 to IPv6 virtual IPs. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - arp_reply: - description: - - Enable ARP reply. - type: str - choices: - - disable - - enable - color: - description: - - Color of icon on the GUI. - type: int - comment: - description: - - Comment. - type: str - extip: - description: - - Start-external-IP [-end-external-IP]. - type: str - extport: - description: - - External service port. - type: str - id: - description: - - Custom defined id. - type: int - ldb_method: - description: - - Load balance method. - type: str - choices: - - static - - round-robin - - weighted - - least-session - - least-rtt - - first-alive - mappedip: - description: - - Start-mapped-IP [-end mapped-IP]. - type: str - mappedport: - description: - - Mapped service port. - type: str - monitor: - description: - - Health monitors. - type: list - suboptions: - name: - description: - - Health monitor name. Source firewall.ldb-monitor.name. - required: true - type: str - name: - description: - - VIP46 name. - required: true - type: str - portforward: - description: - - Enable port forwarding. - type: str - choices: - - disable - - enable - protocol: - description: - - Mapped port protocol. - type: str - choices: - - tcp - - udp - realservers: - description: - - Real servers. - type: list - suboptions: - client_ip: - description: - - Restrict server to a client IP in this range. - type: str - healthcheck: - description: - - Per server health check. - type: str - choices: - - disable - - enable - - vip - holddown_interval: - description: - - Hold down interval. - type: int - id: - description: - - Real server ID. - required: true - type: int - ip: - description: - - Mapped server IPv6. - type: str - max_connections: - description: - - Maximum number of connections allowed to server. - type: int - monitor: - description: - - Health monitors. Source firewall.ldb-monitor.name. - type: str - port: - description: - - Mapped server port. - type: int - status: - description: - - Server administrative status. - type: str - choices: - - active - - standby - - disable - weight: - description: - - weight - type: int - server_type: - description: - - Server type. - type: str - choices: - - http - - tcp - - udp - - ip - src_filter: - description: - - Source IP filter (x.x.x.x/x). - type: list - suboptions: - range: - description: - - Src-filter range. - required: true - type: str - type: - description: - - "VIP type: static NAT or server load balance." - type: str - choices: - - static-nat - - server-load-balance - uuid: - description: - - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv4 to IPv6 virtual IPs. - fortios_firewall_vip46: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_vip46: - arp_reply: "disable" - color: "4" - comment: "Comment." - extip: "" - extport: "" - id: "8" - ldb_method: "static" - mappedip: "" - mappedport: "" - monitor: - - - name: "default_name_13 (source firewall.ldb-monitor.name)" - name: "default_name_14" - portforward: "disable" - protocol: "tcp" - realservers: - - - client_ip: "" - healthcheck: "disable" - holddown_interval: "20" - id: "21" - ip: "" - max_connections: "23" - monitor: " (source firewall.ldb-monitor.name)" - port: "25" - status: "active" - weight: "27" - server_type: "http" - src_filter: - - - range: "" - type: "static-nat" - uuid: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_vip46_data(json): - option_list = ['arp_reply', 'color', 'comment', - 'extip', 'extport', 'id', - 'ldb_method', 'mappedip', 'mappedport', - 'monitor', 'name', 'portforward', - 'protocol', 'realservers', 'server_type', - 'src_filter', 'type', 'uuid'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_vip46(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_vip46'] and data['firewall_vip46']: - state = data['firewall_vip46']['state'] - else: - state = True - firewall_vip46_data = data['firewall_vip46'] - filtered_data = underscore_to_hyphen(filter_firewall_vip46_data(firewall_vip46_data)) - - if state == "present": - return fos.set('firewall', - 'vip46', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'vip46', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_vip46']: - resp = firewall_vip46(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_vip46": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "arp_reply": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "color": {"required": False, "type": "int"}, - "comment": {"required": False, "type": "str"}, - "extip": {"required": False, "type": "str"}, - "extport": {"required": False, "type": "str"}, - "id": {"required": False, "type": "int"}, - "ldb_method": {"required": False, "type": "str", - "choices": ["static", "round-robin", "weighted", - "least-session", "least-rtt", "first-alive"]}, - "mappedip": {"required": False, "type": "str"}, - "mappedport": {"required": False, "type": "str"}, - "monitor": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "name": {"required": True, "type": "str"}, - "portforward": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "protocol": {"required": False, "type": "str", - "choices": ["tcp", "udp"]}, - "realservers": {"required": False, "type": "list", - "options": { - "client_ip": {"required": False, "type": "str"}, - "healthcheck": {"required": False, "type": "str", - "choices": ["disable", "enable", "vip"]}, - "holddown_interval": {"required": False, "type": "int"}, - "id": {"required": True, "type": "int"}, - "ip": {"required": False, "type": "str"}, - "max_connections": {"required": False, "type": "int"}, - "monitor": {"required": False, "type": "str"}, - "port": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["active", "standby", "disable"]}, - "weight": {"required": False, "type": "int"} - }}, - "server_type": {"required": False, "type": "str", - "choices": ["http", "tcp", "udp", - "ip"]}, - "src_filter": {"required": False, "type": "list", - "options": { - "range": {"required": True, "type": "str"} - }}, - "type": {"required": False, "type": "str", - "choices": ["static-nat", "server-load-balance"]}, - "uuid": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_vip6.py b/lib/ansible/modules/network/fortios/fortios_firewall_vip6.py deleted file mode 100644 index c233355f052..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_vip6.py +++ /dev/null @@ -1,1109 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_vip6 -short_description: Configure virtual IP for IPv6 in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and vip6 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_vip6: - description: - - Configure virtual IP for IPv6. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - arp_reply: - description: - - Enable to respond to ARP requests for this virtual IP address. Enabled by default. - type: str - choices: - - disable - - enable - color: - description: - - Color of icon on the GUI. - type: int - comment: - description: - - Comment. - type: str - extip: - description: - - IP address or address range on the external interface that you want to map to an address or address range on the destination network. - type: str - extport: - description: - - Incoming port number range that you want to map to a port number range on the destination network. - type: str - http_cookie_age: - description: - - Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit. - type: int - http_cookie_domain: - description: - - Domain that HTTP cookie persistence should apply to. - type: str - http_cookie_domain_from_host: - description: - - Enable/disable use of HTTP cookie domain from host field in HTTP. - type: str - choices: - - disable - - enable - http_cookie_generation: - description: - - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. - type: int - http_cookie_path: - description: - - Limit HTTP cookie persistence to the specified path. - type: str - http_cookie_share: - description: - - Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops - cookie sharing. - type: str - choices: - - disable - - same-ip - http_ip_header: - description: - - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. - type: str - choices: - - enable - - disable - http_ip_header_name: - description: - - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, - X-Forwarded-For is used. - type: str - http_multiplex: - description: - - Enable/disable HTTP multiplexing. - type: str - choices: - - enable - - disable - https_cookie_secure: - description: - - Enable/disable verification that inserted HTTPS cookies are secure. - type: str - choices: - - disable - - enable - id: - description: - - Custom defined ID. - type: int - ldb_method: - description: - - Method used to distribute sessions to real servers. - type: str - choices: - - static - - round-robin - - weighted - - least-session - - least-rtt - - first-alive - - http-host - mappedip: - description: - - Mapped IP address range in the format startIP-endIP. - type: str - mappedport: - description: - - Port number range on the destination network to which the external port number range is mapped. - type: str - max_embryonic_connections: - description: - - Maximum number of incomplete connections. - type: int - monitor: - description: - - Name of the health check monitor to use when polling to determine a virtual server's connectivity status. - type: list - suboptions: - name: - description: - - Health monitor name. Source firewall.ldb-monitor.name. - required: true - type: str - name: - description: - - Virtual ip6 name. - required: true - type: str - outlook_web_access: - description: - - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. - type: str - choices: - - disable - - enable - persistence: - description: - - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. - type: str - choices: - - none - - http-cookie - - ssl-session-id - portforward: - description: - - Enable port forwarding. - type: str - choices: - - disable - - enable - protocol: - description: - - Protocol to use when forwarding packets. - type: str - choices: - - tcp - - udp - - sctp - realservers: - description: - - Select the real servers that this server load balancing VIP will distribute traffic to. - type: list - suboptions: - client_ip: - description: - - Only clients in this IP range can connect to this real server. - type: str - healthcheck: - description: - - Enable to check the responsiveness of the real server before forwarding traffic. - type: str - choices: - - disable - - enable - - vip - holddown_interval: - description: - - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active. - type: int - http_host: - description: - - HTTP server domain name in HTTP header. - type: str - id: - description: - - Real server ID. - required: true - type: int - ip: - description: - - IPv6 address of the real server. - type: str - max_connections: - description: - - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers. - type: int - monitor: - description: - - Name of the health check monitor to use when polling to determine a virtual server's connectivity status. Source firewall - .ldb-monitor.name. - type: str - port: - description: - - Port for communicating with the real server. Required if port forwarding is enabled. - type: int - status: - description: - - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. - type: str - choices: - - active - - standby - - disable - weight: - description: - - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. - type: int - server_type: - description: - - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). - type: str - choices: - - http - - https - - imaps - - pop3s - - smtps - - ssl - - tcp - - udp - - ip - src_filter: - description: - - "Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces." - type: list - suboptions: - range: - description: - - Source-filter range. - required: true - type: str - ssl_algorithm: - description: - - Permitted encryption algorithms for SSL sessions according to encryption strength. - type: str - choices: - - high - - medium - - low - - custom - ssl_certificate: - description: - - The name of the SSL certificate to use for SSL acceleration. Source vpn.certificate.local.name. - type: str - ssl_cipher_suites: - description: - - SSL/TLS cipher suites acceptable from a client, ordered by priority. - type: list - suboptions: - cipher: - description: - - Cipher suite name. - type: str - choices: - - TLS-RSA-WITH-3DES-EDE-CBC-SHA - - TLS-DHE-RSA-WITH-DES-CBC-SHA - - TLS-DHE-DSS-WITH-DES-CBC-SHA - priority: - description: - - SSL/TLS cipher suites priority. - required: true - type: int - versions: - description: - - SSL/TLS versions that the cipher suite can be used with. - type: str - choices: - - ssl-3.0 - - tls-1.0 - - tls-1.1 - - tls-1.2 - ssl_client_fallback: - description: - - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). - type: str - choices: - - disable - - enable - ssl_client_renegotiation: - description: - - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. - type: str - choices: - - allow - - deny - - secure - ssl_client_session_state_max: - description: - - Maximum number of client to FortiGate SSL session states to keep. - type: int - ssl_client_session_state_timeout: - description: - - Number of minutes to keep client to FortiGate SSL session state. - type: int - ssl_client_session_state_type: - description: - - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. - type: str - choices: - - disable - - time - - count - - both - ssl_dh_bits: - description: - - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. - type: str - choices: - - 768 - - 1024 - - 1536 - - 2048 - - 3072 - - 4096 - ssl_hpkp: - description: - - Enable/disable including HPKP header in response. - type: str - choices: - - disable - - enable - - report-only - ssl_hpkp_age: - description: - - Number of minutes the web browser should keep HPKP. - type: int - ssl_hpkp_backup: - description: - - Certificate to generate backup HPKP pin from. Source vpn.certificate.local.name vpn.certificate.ca.name. - type: str - ssl_hpkp_include_subdomains: - description: - - Indicate that HPKP header applies to all subdomains. - type: str - choices: - - disable - - enable - ssl_hpkp_primary: - description: - - Certificate to generate primary HPKP pin from. Source vpn.certificate.local.name vpn.certificate.ca.name. - type: str - ssl_hpkp_report_uri: - description: - - URL to report HPKP violations to. - type: str - ssl_hsts: - description: - - Enable/disable including HSTS header in response. - type: str - choices: - - disable - - enable - ssl_hsts_age: - description: - - Number of seconds the client should honour the HSTS setting. - type: int - ssl_hsts_include_subdomains: - description: - - Indicate that HSTS header applies to all subdomains. - type: str - choices: - - disable - - enable - ssl_http_location_conversion: - description: - - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. - type: str - choices: - - enable - - disable - ssl_http_match_host: - description: - - Enable/disable HTTP host matching for location conversion. - type: str - choices: - - enable - - disable - ssl_max_version: - description: - - Highest SSL/TLS version acceptable from a client. - type: str - choices: - - ssl-3.0 - - tls-1.0 - - tls-1.1 - - tls-1.2 - ssl_min_version: - description: - - Lowest SSL/TLS version acceptable from a client. - type: str - choices: - - ssl-3.0 - - tls-1.0 - - tls-1.1 - - tls-1.2 - ssl_mode: - description: - - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the - server (full). - type: str - choices: - - half - - full - ssl_pfs: - description: - - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. - type: str - choices: - - require - - deny - - allow - ssl_send_empty_frags: - description: - - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with - older systems. - type: str - choices: - - enable - - disable - ssl_server_algorithm: - description: - - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. - type: str - choices: - - high - - medium - - low - - custom - - client - ssl_server_cipher_suites: - description: - - SSL/TLS cipher suites to offer to a server, ordered by priority. - type: list - suboptions: - cipher: - description: - - Cipher suite name. - type: str - choices: - - TLS-RSA-WITH-3DES-EDE-CBC-SHA - - TLS-DHE-RSA-WITH-DES-CBC-SHA - - TLS-DHE-DSS-WITH-DES-CBC-SHA - priority: - description: - - SSL/TLS cipher suites priority. - required: true - type: int - versions: - description: - - SSL/TLS versions that the cipher suite can be used with. - type: str - choices: - - ssl-3.0 - - tls-1.0 - - tls-1.1 - - tls-1.2 - ssl_server_max_version: - description: - - Highest SSL/TLS version acceptable from a server. Use the client setting by default. - type: str - choices: - - ssl-3.0 - - tls-1.0 - - tls-1.1 - - tls-1.2 - - client - ssl_server_min_version: - description: - - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. - type: str - choices: - - ssl-3.0 - - tls-1.0 - - tls-1.1 - - tls-1.2 - - client - ssl_server_session_state_max: - description: - - Maximum number of FortiGate to Server SSL session states to keep. - type: int - ssl_server_session_state_timeout: - description: - - Number of minutes to keep FortiGate to Server SSL session state. - type: int - ssl_server_session_state_type: - description: - - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. - type: str - choices: - - disable - - time - - count - - both - type: - description: - - Configure a static NAT or server load balance VIP. - type: str - choices: - - static-nat - - server-load-balance - uuid: - description: - - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). - type: str - weblogic_server: - description: - - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. - type: str - choices: - - disable - - enable - websphere_server: - description: - - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. - type: str - choices: - - disable - - enable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure virtual IP for IPv6. - fortios_firewall_vip6: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_vip6: - arp_reply: "disable" - color: "4" - comment: "Comment." - extip: "" - extport: "" - http_cookie_age: "8" - http_cookie_domain: "" - http_cookie_domain_from_host: "disable" - http_cookie_generation: "11" - http_cookie_path: "" - http_cookie_share: "disable" - http_ip_header: "enable" - http_ip_header_name: "" - http_multiplex: "enable" - https_cookie_secure: "disable" - id: "18" - ldb_method: "static" - mappedip: "" - mappedport: "" - max_embryonic_connections: "22" - monitor: - - - name: "default_name_24 (source firewall.ldb-monitor.name)" - name: "default_name_25" - outlook_web_access: "disable" - persistence: "none" - portforward: "disable" - protocol: "tcp" - realservers: - - - client_ip: "" - healthcheck: "disable" - holddown_interval: "33" - http_host: "myhostname" - id: "35" - ip: "" - max_connections: "37" - monitor: " (source firewall.ldb-monitor.name)" - port: "39" - status: "active" - weight: "41" - server_type: "http" - src_filter: - - - range: "" - ssl_algorithm: "high" - ssl_certificate: " (source vpn.certificate.local.name)" - ssl_cipher_suites: - - - cipher: "TLS-RSA-WITH-3DES-EDE-CBC-SHA" - priority: "49" - versions: "ssl-3.0" - ssl_client_fallback: "disable" - ssl_client_renegotiation: "allow" - ssl_client_session_state_max: "53" - ssl_client_session_state_timeout: "54" - ssl_client_session_state_type: "disable" - ssl_dh_bits: "768" - ssl_hpkp: "disable" - ssl_hpkp_age: "58" - ssl_hpkp_backup: " (source vpn.certificate.local.name vpn.certificate.ca.name)" - ssl_hpkp_include_subdomains: "disable" - ssl_hpkp_primary: " (source vpn.certificate.local.name vpn.certificate.ca.name)" - ssl_hpkp_report_uri: "" - ssl_hsts: "disable" - ssl_hsts_age: "64" - ssl_hsts_include_subdomains: "disable" - ssl_http_location_conversion: "enable" - ssl_http_match_host: "enable" - ssl_max_version: "ssl-3.0" - ssl_min_version: "ssl-3.0" - ssl_mode: "half" - ssl_pfs: "require" - ssl_send_empty_frags: "enable" - ssl_server_algorithm: "high" - ssl_server_cipher_suites: - - - cipher: "TLS-RSA-WITH-3DES-EDE-CBC-SHA" - priority: "76" - versions: "ssl-3.0" - ssl_server_max_version: "ssl-3.0" - ssl_server_min_version: "ssl-3.0" - ssl_server_session_state_max: "80" - ssl_server_session_state_timeout: "81" - ssl_server_session_state_type: "disable" - type: "static-nat" - uuid: "" - weblogic_server: "disable" - websphere_server: "disable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_vip6_data(json): - option_list = ['arp_reply', 'color', 'comment', - 'extip', 'extport', 'http_cookie_age', - 'http_cookie_domain', 'http_cookie_domain_from_host', 'http_cookie_generation', - 'http_cookie_path', 'http_cookie_share', 'http_ip_header', - 'http_ip_header_name', 'http_multiplex', 'https_cookie_secure', - 'id', 'ldb_method', 'mappedip', - 'mappedport', 'max_embryonic_connections', 'monitor', - 'name', 'outlook_web_access', 'persistence', - 'portforward', 'protocol', 'realservers', - 'server_type', 'src_filter', 'ssl_algorithm', - 'ssl_certificate', 'ssl_cipher_suites', 'ssl_client_fallback', - 'ssl_client_renegotiation', 'ssl_client_session_state_max', 'ssl_client_session_state_timeout', - 'ssl_client_session_state_type', 'ssl_dh_bits', 'ssl_hpkp', - 'ssl_hpkp_age', 'ssl_hpkp_backup', 'ssl_hpkp_include_subdomains', - 'ssl_hpkp_primary', 'ssl_hpkp_report_uri', 'ssl_hsts', - 'ssl_hsts_age', 'ssl_hsts_include_subdomains', 'ssl_http_location_conversion', - 'ssl_http_match_host', 'ssl_max_version', 'ssl_min_version', - 'ssl_mode', 'ssl_pfs', 'ssl_send_empty_frags', - 'ssl_server_algorithm', 'ssl_server_cipher_suites', 'ssl_server_max_version', - 'ssl_server_min_version', 'ssl_server_session_state_max', 'ssl_server_session_state_timeout', - 'ssl_server_session_state_type', 'type', 'uuid', - 'weblogic_server', 'websphere_server'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_vip6(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_vip6'] and data['firewall_vip6']: - state = data['firewall_vip6']['state'] - else: - state = True - firewall_vip6_data = data['firewall_vip6'] - filtered_data = underscore_to_hyphen(filter_firewall_vip6_data(firewall_vip6_data)) - - if state == "present": - return fos.set('firewall', - 'vip6', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'vip6', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_vip6']: - resp = firewall_vip6(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_vip6": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "arp_reply": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "color": {"required": False, "type": "int"}, - "comment": {"required": False, "type": "str"}, - "extip": {"required": False, "type": "str"}, - "extport": {"required": False, "type": "str"}, - "http_cookie_age": {"required": False, "type": "int"}, - "http_cookie_domain": {"required": False, "type": "str"}, - "http_cookie_domain_from_host": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "http_cookie_generation": {"required": False, "type": "int"}, - "http_cookie_path": {"required": False, "type": "str"}, - "http_cookie_share": {"required": False, "type": "str", - "choices": ["disable", "same-ip"]}, - "http_ip_header": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "http_ip_header_name": {"required": False, "type": "str"}, - "http_multiplex": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "https_cookie_secure": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "id": {"required": False, "type": "int"}, - "ldb_method": {"required": False, "type": "str", - "choices": ["static", "round-robin", "weighted", - "least-session", "least-rtt", "first-alive", - "http-host"]}, - "mappedip": {"required": False, "type": "str"}, - "mappedport": {"required": False, "type": "str"}, - "max_embryonic_connections": {"required": False, "type": "int"}, - "monitor": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "name": {"required": True, "type": "str"}, - "outlook_web_access": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "persistence": {"required": False, "type": "str", - "choices": ["none", "http-cookie", "ssl-session-id"]}, - "portforward": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "protocol": {"required": False, "type": "str", - "choices": ["tcp", "udp", "sctp"]}, - "realservers": {"required": False, "type": "list", - "options": { - "client_ip": {"required": False, "type": "str"}, - "healthcheck": {"required": False, "type": "str", - "choices": ["disable", "enable", "vip"]}, - "holddown_interval": {"required": False, "type": "int"}, - "http_host": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "ip": {"required": False, "type": "str"}, - "max_connections": {"required": False, "type": "int"}, - "monitor": {"required": False, "type": "str"}, - "port": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["active", "standby", "disable"]}, - "weight": {"required": False, "type": "int"} - }}, - "server_type": {"required": False, "type": "str", - "choices": ["http", "https", "imaps", - "pop3s", "smtps", "ssl", - "tcp", "udp", "ip"]}, - "src_filter": {"required": False, "type": "list", - "options": { - "range": {"required": True, "type": "str"} - }}, - "ssl_algorithm": {"required": False, "type": "str", - "choices": ["high", "medium", "low", - "custom"]}, - "ssl_certificate": {"required": False, "type": "str"}, - "ssl_cipher_suites": {"required": False, "type": "list", - "options": { - "cipher": {"required": False, "type": "str", - "choices": ["TLS-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-DHE-RSA-WITH-DES-CBC-SHA", - "TLS-DHE-DSS-WITH-DES-CBC-SHA"]}, - "priority": {"required": True, "type": "int"}, - "versions": {"required": False, "type": "str", - "choices": ["ssl-3.0", "tls-1.0", "tls-1.1", - "tls-1.2"]} - }}, - "ssl_client_fallback": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "ssl_client_renegotiation": {"required": False, "type": "str", - "choices": ["allow", "deny", "secure"]}, - "ssl_client_session_state_max": {"required": False, "type": "int"}, - "ssl_client_session_state_timeout": {"required": False, "type": "int"}, - "ssl_client_session_state_type": {"required": False, "type": "str", - "choices": ["disable", "time", "count", - "both"]}, - "ssl_dh_bits": {"required": False, "type": "str", - "choices": ["768", "1024", "1536", - "2048", "3072", "4096"]}, - "ssl_hpkp": {"required": False, "type": "str", - "choices": ["disable", "enable", "report-only"]}, - "ssl_hpkp_age": {"required": False, "type": "int"}, - "ssl_hpkp_backup": {"required": False, "type": "str"}, - "ssl_hpkp_include_subdomains": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "ssl_hpkp_primary": {"required": False, "type": "str"}, - "ssl_hpkp_report_uri": {"required": False, "type": "str"}, - "ssl_hsts": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "ssl_hsts_age": {"required": False, "type": "int"}, - "ssl_hsts_include_subdomains": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "ssl_http_location_conversion": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssl_http_match_host": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssl_max_version": {"required": False, "type": "str", - "choices": ["ssl-3.0", "tls-1.0", "tls-1.1", - "tls-1.2"]}, - "ssl_min_version": {"required": False, "type": "str", - "choices": ["ssl-3.0", "tls-1.0", "tls-1.1", - "tls-1.2"]}, - "ssl_mode": {"required": False, "type": "str", - "choices": ["half", "full"]}, - "ssl_pfs": {"required": False, "type": "str", - "choices": ["require", "deny", "allow"]}, - "ssl_send_empty_frags": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssl_server_algorithm": {"required": False, "type": "str", - "choices": ["high", "medium", "low", - "custom", "client"]}, - "ssl_server_cipher_suites": {"required": False, "type": "list", - "options": { - "cipher": {"required": False, "type": "str", - "choices": ["TLS-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-DHE-RSA-WITH-DES-CBC-SHA", - "TLS-DHE-DSS-WITH-DES-CBC-SHA"]}, - "priority": {"required": True, "type": "int"}, - "versions": {"required": False, "type": "str", - "choices": ["ssl-3.0", "tls-1.0", "tls-1.1", - "tls-1.2"]} - }}, - "ssl_server_max_version": {"required": False, "type": "str", - "choices": ["ssl-3.0", "tls-1.0", "tls-1.1", - "tls-1.2", "client"]}, - "ssl_server_min_version": {"required": False, "type": "str", - "choices": ["ssl-3.0", "tls-1.0", "tls-1.1", - "tls-1.2", "client"]}, - "ssl_server_session_state_max": {"required": False, "type": "int"}, - "ssl_server_session_state_timeout": {"required": False, "type": "int"}, - "ssl_server_session_state_type": {"required": False, "type": "str", - "choices": ["disable", "time", "count", - "both"]}, - "type": {"required": False, "type": "str", - "choices": ["static-nat", "server-load-balance"]}, - "uuid": {"required": False, "type": "str"}, - "weblogic_server": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "websphere_server": {"required": False, "type": "str", - "choices": ["disable", "enable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_vip64.py b/lib/ansible/modules/network/fortios/fortios_firewall_vip64.py deleted file mode 100644 index 3fd1e61273b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_vip64.py +++ /dev/null @@ -1,567 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_vip64 -short_description: Configure IPv6 to IPv4 virtual IPs in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and vip64 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_vip64: - description: - - Configure IPv6 to IPv4 virtual IPs. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - arp_reply: - description: - - Enable ARP reply. - type: str - choices: - - disable - - enable - color: - description: - - Color of icon on the GUI. - type: int - comment: - description: - - Comment. - type: str - extip: - description: - - Start-external-IP [-end-external-IP]. - type: str - extport: - description: - - External service port. - type: str - id: - description: - - Custom defined id. - type: int - ldb_method: - description: - - Load balance method. - type: str - choices: - - static - - round-robin - - weighted - - least-session - - least-rtt - - first-alive - mappedip: - description: - - Start-mapped-IP [-end-mapped-IP]. - type: str - mappedport: - description: - - Mapped service port. - type: str - monitor: - description: - - Health monitors. - type: list - suboptions: - name: - description: - - Health monitor name. Source firewall.ldb-monitor.name. - required: true - type: str - name: - description: - - VIP64 name. - required: true - type: str - portforward: - description: - - Enable port forwarding. - type: str - choices: - - disable - - enable - protocol: - description: - - Mapped port protocol. - type: str - choices: - - tcp - - udp - realservers: - description: - - Real servers. - type: list - suboptions: - client_ip: - description: - - Restrict server to a client IP in this range. - type: str - healthcheck: - description: - - Per server health check. - type: str - choices: - - disable - - enable - - vip - holddown_interval: - description: - - Hold down interval. - type: int - id: - description: - - Real server ID. - required: true - type: int - ip: - description: - - Mapped server IP. - type: str - max_connections: - description: - - Maximum number of connections allowed to server. - type: int - monitor: - description: - - Health monitors. Source firewall.ldb-monitor.name. - type: str - port: - description: - - Mapped server port. - type: int - status: - description: - - Server administrative status. - type: str - choices: - - active - - standby - - disable - weight: - description: - - weight - type: int - server_type: - description: - - Server type. - type: str - choices: - - http - - tcp - - udp - - ip - src_filter: - description: - - "Source IP6 filter (x:x:x:x:x:x:x:x/x)." - type: list - suboptions: - range: - description: - - Src-filter range. - required: true - type: str - type: - description: - - "VIP type: static NAT or server load balance." - type: str - choices: - - static-nat - - server-load-balance - uuid: - description: - - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv6 to IPv4 virtual IPs. - fortios_firewall_vip64: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_vip64: - arp_reply: "disable" - color: "4" - comment: "Comment." - extip: "" - extport: "" - id: "8" - ldb_method: "static" - mappedip: "" - mappedport: "" - monitor: - - - name: "default_name_13 (source firewall.ldb-monitor.name)" - name: "default_name_14" - portforward: "disable" - protocol: "tcp" - realservers: - - - client_ip: "" - healthcheck: "disable" - holddown_interval: "20" - id: "21" - ip: "" - max_connections: "23" - monitor: " (source firewall.ldb-monitor.name)" - port: "25" - status: "active" - weight: "27" - server_type: "http" - src_filter: - - - range: "" - type: "static-nat" - uuid: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_vip64_data(json): - option_list = ['arp_reply', 'color', 'comment', - 'extip', 'extport', 'id', - 'ldb_method', 'mappedip', 'mappedport', - 'monitor', 'name', 'portforward', - 'protocol', 'realservers', 'server_type', - 'src_filter', 'type', 'uuid'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_vip64(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_vip64'] and data['firewall_vip64']: - state = data['firewall_vip64']['state'] - else: - state = True - firewall_vip64_data = data['firewall_vip64'] - filtered_data = underscore_to_hyphen(filter_firewall_vip64_data(firewall_vip64_data)) - - if state == "present": - return fos.set('firewall', - 'vip64', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'vip64', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_vip64']: - resp = firewall_vip64(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_vip64": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "arp_reply": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "color": {"required": False, "type": "int"}, - "comment": {"required": False, "type": "str"}, - "extip": {"required": False, "type": "str"}, - "extport": {"required": False, "type": "str"}, - "id": {"required": False, "type": "int"}, - "ldb_method": {"required": False, "type": "str", - "choices": ["static", "round-robin", "weighted", - "least-session", "least-rtt", "first-alive"]}, - "mappedip": {"required": False, "type": "str"}, - "mappedport": {"required": False, "type": "str"}, - "monitor": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "name": {"required": True, "type": "str"}, - "portforward": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "protocol": {"required": False, "type": "str", - "choices": ["tcp", "udp"]}, - "realservers": {"required": False, "type": "list", - "options": { - "client_ip": {"required": False, "type": "str"}, - "healthcheck": {"required": False, "type": "str", - "choices": ["disable", "enable", "vip"]}, - "holddown_interval": {"required": False, "type": "int"}, - "id": {"required": True, "type": "int"}, - "ip": {"required": False, "type": "str"}, - "max_connections": {"required": False, "type": "int"}, - "monitor": {"required": False, "type": "str"}, - "port": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["active", "standby", "disable"]}, - "weight": {"required": False, "type": "int"} - }}, - "server_type": {"required": False, "type": "str", - "choices": ["http", "tcp", "udp", - "ip"]}, - "src_filter": {"required": False, "type": "list", - "options": { - "range": {"required": True, "type": "str"} - }}, - "type": {"required": False, "type": "str", - "choices": ["static-nat", "server-load-balance"]}, - "uuid": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_vipgrp.py b/lib/ansible/modules/network/fortios/fortios_firewall_vipgrp.py deleted file mode 100644 index 70d919403df..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_vipgrp.py +++ /dev/null @@ -1,373 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_vipgrp -short_description: Configure IPv4 virtual IP groups in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and vipgrp category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_vipgrp: - description: - - Configure IPv4 virtual IP groups. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - color: - description: - - Integer value to determine the color of the icon in the GUI (range 1 to 32). - type: int - comments: - description: - - Comment. - type: str - interface: - description: - - interface Source system.interface.name. - type: str - member: - description: - - Member VIP objects of the group (Separate multiple objects with a space). - type: list - suboptions: - name: - description: - - VIP name. Source firewall.vip.name. - required: true - type: str - name: - description: - - VIP group name. - required: true - type: str - uuid: - description: - - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv4 virtual IP groups. - fortios_firewall_vipgrp: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_vipgrp: - color: "3" - comments: "" - interface: " (source system.interface.name)" - member: - - - name: "default_name_7 (source firewall.vip.name)" - name: "default_name_8" - uuid: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_vipgrp_data(json): - option_list = ['color', 'comments', 'interface', - 'member', 'name', 'uuid'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_vipgrp(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_vipgrp'] and data['firewall_vipgrp']: - state = data['firewall_vipgrp']['state'] - else: - state = True - firewall_vipgrp_data = data['firewall_vipgrp'] - filtered_data = underscore_to_hyphen(filter_firewall_vipgrp_data(firewall_vipgrp_data)) - - if state == "present": - return fos.set('firewall', - 'vipgrp', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'vipgrp', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_vipgrp']: - resp = firewall_vipgrp(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_vipgrp": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "color": {"required": False, "type": "int"}, - "comments": {"required": False, "type": "str"}, - "interface": {"required": False, "type": "str"}, - "member": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "name": {"required": True, "type": "str"}, - "uuid": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_vipgrp46.py b/lib/ansible/modules/network/fortios/fortios_firewall_vipgrp46.py deleted file mode 100644 index 7dbb7ea5ee9..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_vipgrp46.py +++ /dev/null @@ -1,367 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_vipgrp46 -short_description: Configure IPv4 to IPv6 virtual IP groups in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and vipgrp46 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_vipgrp46: - description: - - Configure IPv4 to IPv6 virtual IP groups. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - color: - description: - - Integer value to determine the color of the icon in the GUI (range 1 to 32). - type: int - comments: - description: - - Comment. - type: str - member: - description: - - Member VIP objects of the group (Separate multiple objects with a space). - type: list - suboptions: - name: - description: - - VIP46 name. Source firewall.vip46.name. - required: true - type: str - name: - description: - - VIP46 group name. - required: true - type: str - uuid: - description: - - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv4 to IPv6 virtual IP groups. - fortios_firewall_vipgrp46: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_vipgrp46: - color: "3" - comments: "" - member: - - - name: "default_name_6 (source firewall.vip46.name)" - name: "default_name_7" - uuid: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_vipgrp46_data(json): - option_list = ['color', 'comments', 'member', - 'name', 'uuid'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_vipgrp46(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_vipgrp46'] and data['firewall_vipgrp46']: - state = data['firewall_vipgrp46']['state'] - else: - state = True - firewall_vipgrp46_data = data['firewall_vipgrp46'] - filtered_data = underscore_to_hyphen(filter_firewall_vipgrp46_data(firewall_vipgrp46_data)) - - if state == "present": - return fos.set('firewall', - 'vipgrp46', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'vipgrp46', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_vipgrp46']: - resp = firewall_vipgrp46(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_vipgrp46": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "color": {"required": False, "type": "int"}, - "comments": {"required": False, "type": "str"}, - "member": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "name": {"required": True, "type": "str"}, - "uuid": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_vipgrp6.py b/lib/ansible/modules/network/fortios/fortios_firewall_vipgrp6.py deleted file mode 100644 index 47981466620..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_vipgrp6.py +++ /dev/null @@ -1,367 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_vipgrp6 -short_description: Configure IPv6 virtual IP groups in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and vipgrp6 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_vipgrp6: - description: - - Configure IPv6 virtual IP groups. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - color: - description: - - Integer value to determine the color of the icon in the GUI (range 1 to 32). - type: int - comments: - description: - - Comment. - type: str - member: - description: - - Member VIP objects of the group (Separate multiple objects with a space). - type: list - suboptions: - name: - description: - - IPv6 VIP name. Source firewall.vip6.name. - required: true - type: str - name: - description: - - IPv6 VIP group name. - required: true - type: str - uuid: - description: - - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv6 virtual IP groups. - fortios_firewall_vipgrp6: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_vipgrp6: - color: "3" - comments: "" - member: - - - name: "default_name_6 (source firewall.vip6.name)" - name: "default_name_7" - uuid: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_vipgrp6_data(json): - option_list = ['color', 'comments', 'member', - 'name', 'uuid'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_vipgrp6(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_vipgrp6'] and data['firewall_vipgrp6']: - state = data['firewall_vipgrp6']['state'] - else: - state = True - firewall_vipgrp6_data = data['firewall_vipgrp6'] - filtered_data = underscore_to_hyphen(filter_firewall_vipgrp6_data(firewall_vipgrp6_data)) - - if state == "present": - return fos.set('firewall', - 'vipgrp6', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'vipgrp6', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_vipgrp6']: - resp = firewall_vipgrp6(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_vipgrp6": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "color": {"required": False, "type": "int"}, - "comments": {"required": False, "type": "str"}, - "member": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "name": {"required": True, "type": "str"}, - "uuid": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_vipgrp64.py b/lib/ansible/modules/network/fortios/fortios_firewall_vipgrp64.py deleted file mode 100644 index 09dc4c88eb2..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_vipgrp64.py +++ /dev/null @@ -1,367 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_vipgrp64 -short_description: Configure IPv6 to IPv4 virtual IP groups in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall feature and vipgrp64 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_vipgrp64: - description: - - Configure IPv6 to IPv4 virtual IP groups. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - color: - description: - - Integer value to determine the color of the icon in the GUI (range 1 to 32). - type: int - comments: - description: - - Comment. - type: str - member: - description: - - Member VIP objects of the group (Separate multiple objects with a space). - type: list - suboptions: - name: - description: - - VIP64 name. Source firewall.vip64.name. - required: true - type: str - name: - description: - - VIP64 group name. - required: true - type: str - uuid: - description: - - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv6 to IPv4 virtual IP groups. - fortios_firewall_vipgrp64: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_vipgrp64: - color: "3" - comments: "" - member: - - - name: "default_name_6 (source firewall.vip64.name)" - name: "default_name_7" - uuid: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_vipgrp64_data(json): - option_list = ['color', 'comments', 'member', - 'name', 'uuid'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_vipgrp64(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_vipgrp64'] and data['firewall_vipgrp64']: - state = data['firewall_vipgrp64']['state'] - else: - state = True - firewall_vipgrp64_data = data['firewall_vipgrp64'] - filtered_data = underscore_to_hyphen(filter_firewall_vipgrp64_data(firewall_vipgrp64_data)) - - if state == "present": - return fos.set('firewall', - 'vipgrp64', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall', - 'vipgrp64', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall(data, fos): - - if data['firewall_vipgrp64']: - resp = firewall_vipgrp64(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_vipgrp64": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "color": {"required": False, "type": "int"}, - "comments": {"required": False, "type": "str"}, - "member": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "name": {"required": True, "type": "str"}, - "uuid": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_wildcard_fqdn_custom.py b/lib/ansible/modules/network/fortios/fortios_firewall_wildcard_fqdn_custom.py deleted file mode 100644 index 975ce480540..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_wildcard_fqdn_custom.py +++ /dev/null @@ -1,366 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_wildcard_fqdn_custom -short_description: Config global/VDOM Wildcard FQDN address in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall_wildcard_fqdn feature and custom category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_wildcard_fqdn_custom: - description: - - Config global/VDOM Wildcard FQDN address. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - color: - description: - - GUI icon color. - type: int - comment: - description: - - Comment. - type: str - name: - description: - - Address name. - required: true - type: str - uuid: - description: - - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). - type: str - visibility: - description: - - Enable/disable address visibility. - type: str - choices: - - enable - - disable - wildcard_fqdn: - description: - - Wildcard FQDN. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Config global/VDOM Wildcard FQDN address. - fortios_firewall_wildcard_fqdn_custom: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_wildcard_fqdn_custom: - color: "3" - comment: "Comment." - name: "default_name_5" - uuid: "" - visibility: "enable" - wildcard_fqdn: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_wildcard_fqdn_custom_data(json): - option_list = ['color', 'comment', 'name', - 'uuid', 'visibility', 'wildcard_fqdn'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_wildcard_fqdn_custom(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_wildcard_fqdn_custom'] and data['firewall_wildcard_fqdn_custom']: - state = data['firewall_wildcard_fqdn_custom']['state'] - else: - state = True - firewall_wildcard_fqdn_custom_data = data['firewall_wildcard_fqdn_custom'] - filtered_data = underscore_to_hyphen(filter_firewall_wildcard_fqdn_custom_data(firewall_wildcard_fqdn_custom_data)) - - if state == "present": - return fos.set('firewall.wildcard-fqdn', - 'custom', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall.wildcard-fqdn', - 'custom', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall_wildcard_fqdn(data, fos): - - if data['firewall_wildcard_fqdn_custom']: - resp = firewall_wildcard_fqdn_custom(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_wildcard_fqdn_custom": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "color": {"required": False, "type": "int"}, - "comment": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "uuid": {"required": False, "type": "str"}, - "visibility": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "wildcard_fqdn": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall_wildcard_fqdn(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall_wildcard_fqdn(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_firewall_wildcard_fqdn_group.py b/lib/ansible/modules/network/fortios/fortios_firewall_wildcard_fqdn_group.py deleted file mode 100644 index 0f34d5cb254..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_firewall_wildcard_fqdn_group.py +++ /dev/null @@ -1,377 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_firewall_wildcard_fqdn_group -short_description: Config global Wildcard FQDN address groups in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify firewall_wildcard_fqdn feature and group category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - firewall_wildcard_fqdn_group: - description: - - Config global Wildcard FQDN address groups. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - color: - description: - - GUI icon color. - type: int - comment: - description: - - Comment. - type: str - member: - description: - - Address group members. - type: list - suboptions: - name: - description: - - Address name. Source firewall.wildcard-fqdn.custom.name. - required: true - type: str - name: - description: - - Address group name. - required: true - type: str - uuid: - description: - - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). - type: str - visibility: - description: - - Enable/disable address visibility. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Config global Wildcard FQDN address groups. - fortios_firewall_wildcard_fqdn_group: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - firewall_wildcard_fqdn_group: - color: "3" - comment: "Comment." - member: - - - name: "default_name_6 (source firewall.wildcard-fqdn.custom.name)" - name: "default_name_7" - uuid: "" - visibility: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_firewall_wildcard_fqdn_group_data(json): - option_list = ['color', 'comment', 'member', - 'name', 'uuid', 'visibility'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def firewall_wildcard_fqdn_group(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['firewall_wildcard_fqdn_group'] and data['firewall_wildcard_fqdn_group']: - state = data['firewall_wildcard_fqdn_group']['state'] - else: - state = True - firewall_wildcard_fqdn_group_data = data['firewall_wildcard_fqdn_group'] - filtered_data = underscore_to_hyphen(filter_firewall_wildcard_fqdn_group_data(firewall_wildcard_fqdn_group_data)) - - if state == "present": - return fos.set('firewall.wildcard-fqdn', - 'group', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('firewall.wildcard-fqdn', - 'group', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_firewall_wildcard_fqdn(data, fos): - - if data['firewall_wildcard_fqdn_group']: - resp = firewall_wildcard_fqdn_group(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "firewall_wildcard_fqdn_group": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "color": {"required": False, "type": "int"}, - "comment": {"required": False, "type": "str"}, - "member": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "name": {"required": True, "type": "str"}, - "uuid": {"required": False, "type": "str"}, - "visibility": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_firewall_wildcard_fqdn(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_firewall_wildcard_fqdn(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_ftp_proxy_explicit.py b/lib/ansible/modules/network/fortios/fortios_ftp_proxy_explicit.py deleted file mode 100644 index 4d943d40622..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_ftp_proxy_explicit.py +++ /dev/null @@ -1,323 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_ftp_proxy_explicit -short_description: Configure explicit FTP proxy settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify ftp_proxy feature and explicit category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - ftp_proxy_explicit: - description: - - Configure explicit FTP proxy settings. - default: null - type: dict - suboptions: - incoming_ip: - description: - - Accept incoming FTP requests from this IP address. An interface must have this IP address. - type: str - incoming_port: - description: - - Accept incoming FTP requests on one or more ports. - type: str - outgoing_ip: - description: - - Outgoing FTP requests will leave from this IP address. An interface must have this IP address. - type: str - sec_default_action: - description: - - Accept or deny explicit FTP proxy sessions when no FTP proxy firewall policy exists. - type: str - choices: - - accept - - deny - status: - description: - - Enable/disable the explicit FTP proxy. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure explicit FTP proxy settings. - fortios_ftp_proxy_explicit: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - ftp_proxy_explicit: - incoming_ip: "" - incoming_port: "" - outgoing_ip: "" - sec_default_action: "accept" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_ftp_proxy_explicit_data(json): - option_list = ['incoming_ip', 'incoming_port', 'outgoing_ip', - 'sec_default_action', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def ftp_proxy_explicit(data, fos): - vdom = data['vdom'] - ftp_proxy_explicit_data = data['ftp_proxy_explicit'] - filtered_data = underscore_to_hyphen(filter_ftp_proxy_explicit_data(ftp_proxy_explicit_data)) - - return fos.set('ftp-proxy', - 'explicit', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_ftp_proxy(data, fos): - - if data['ftp_proxy_explicit']: - resp = ftp_proxy_explicit(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "ftp_proxy_explicit": { - "required": False, "type": "dict", "default": None, - "options": { - "incoming_ip": {"required": False, "type": "str"}, - "incoming_port": {"required": False, "type": "str"}, - "outgoing_ip": {"required": False, "type": "str"}, - "sec_default_action": {"required": False, "type": "str", - "choices": ["accept", "deny"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_ftp_proxy(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_ftp_proxy(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_icap_profile.py b/lib/ansible/modules/network/fortios/fortios_icap_profile.py deleted file mode 100644 index baf464b924f..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_icap_profile.py +++ /dev/null @@ -1,432 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_icap_profile -short_description: Configure ICAP profiles in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify icap feature and profile category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - icap_profile: - description: - - Configure ICAP profiles. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - methods: - description: - - The allowed HTTP methods that will be sent to ICAP server for further processing. - type: str - choices: - - delete - - get - - head - - options - - post - - put - - trace - - other - name: - description: - - ICAP profile name. - required: true - type: str - replacemsg_group: - description: - - Replacement message group. Source system.replacemsg-group.name. - type: str - request: - description: - - Enable/disable whether an HTTP request is passed to an ICAP server. - type: str - choices: - - disable - - enable - request_failure: - description: - - Action to take if the ICAP server cannot be contacted when processing an HTTP request. - type: str - choices: - - error - - bypass - request_path: - description: - - Path component of the ICAP URI that identifies the HTTP request processing service. - type: str - request_server: - description: - - ICAP server to use for an HTTP request. Source icap.server.name. - type: str - response: - description: - - Enable/disable whether an HTTP response is passed to an ICAP server. - type: str - choices: - - disable - - enable - response_failure: - description: - - Action to take if the ICAP server cannot be contacted when processing an HTTP response. - type: str - choices: - - error - - bypass - response_path: - description: - - Path component of the ICAP URI that identifies the HTTP response processing service. - type: str - response_server: - description: - - ICAP server to use for an HTTP response. Source icap.server.name. - type: str - streaming_content_bypass: - description: - - Enable/disable bypassing of ICAP server for streaming content. - type: str - choices: - - disable - - enable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure ICAP profiles. - fortios_icap_profile: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - icap_profile: - methods: "delete" - name: "default_name_4" - replacemsg_group: " (source system.replacemsg-group.name)" - request: "disable" - request_failure: "error" - request_path: "" - request_server: " (source icap.server.name)" - response: "disable" - response_failure: "error" - response_path: "" - response_server: " (source icap.server.name)" - streaming_content_bypass: "disable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_icap_profile_data(json): - option_list = ['methods', 'name', 'replacemsg_group', - 'request', 'request_failure', 'request_path', - 'request_server', 'response', 'response_failure', - 'response_path', 'response_server', 'streaming_content_bypass'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def icap_profile(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['icap_profile'] and data['icap_profile']: - state = data['icap_profile']['state'] - else: - state = True - icap_profile_data = data['icap_profile'] - filtered_data = underscore_to_hyphen(filter_icap_profile_data(icap_profile_data)) - - if state == "present": - return fos.set('icap', - 'profile', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('icap', - 'profile', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_icap(data, fos): - - if data['icap_profile']: - resp = icap_profile(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "icap_profile": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "methods": {"required": False, "type": "str", - "choices": ["delete", "get", "head", - "options", "post", "put", - "trace", "other"]}, - "name": {"required": True, "type": "str"}, - "replacemsg_group": {"required": False, "type": "str"}, - "request": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "request_failure": {"required": False, "type": "str", - "choices": ["error", "bypass"]}, - "request_path": {"required": False, "type": "str"}, - "request_server": {"required": False, "type": "str"}, - "response": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "response_failure": {"required": False, "type": "str", - "choices": ["error", "bypass"]}, - "response_path": {"required": False, "type": "str"}, - "response_server": {"required": False, "type": "str"}, - "streaming_content_bypass": {"required": False, "type": "str", - "choices": ["disable", "enable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_icap(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_icap(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_icap_server.py b/lib/ansible/modules/network/fortios/fortios_icap_server.py deleted file mode 100644 index 45a849c4d3a..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_icap_server.py +++ /dev/null @@ -1,366 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_icap_server -short_description: Configure ICAP servers in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify icap feature and server category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - icap_server: - description: - - Configure ICAP servers. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - ip_address: - description: - - IPv4 address of the ICAP server. - type: str - ip_version: - description: - - IP version. - type: str - choices: - - 4 - - 6 - ip6_address: - description: - - IPv6 address of the ICAP server. - type: str - max_connections: - description: - - Maximum number of concurrent connections to ICAP server. - type: int - name: - description: - - Server name. - required: true - type: str - port: - description: - - ICAP server port. - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure ICAP servers. - fortios_icap_server: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - icap_server: - ip_address: "" - ip_version: "4" - ip6_address: "" - max_connections: "6" - name: "default_name_7" - port: "8" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_icap_server_data(json): - option_list = ['ip_address', 'ip_version', 'ip6_address', - 'max_connections', 'name', 'port'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def icap_server(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['icap_server'] and data['icap_server']: - state = data['icap_server']['state'] - else: - state = True - icap_server_data = data['icap_server'] - filtered_data = underscore_to_hyphen(filter_icap_server_data(icap_server_data)) - - if state == "present": - return fos.set('icap', - 'server', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('icap', - 'server', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_icap(data, fos): - - if data['icap_server']: - resp = icap_server(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "icap_server": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "ip_address": {"required": False, "type": "str"}, - "ip_version": {"required": False, "type": "str", - "choices": ["4", "6"]}, - "ip6_address": {"required": False, "type": "str"}, - "max_connections": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "port": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_icap(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_icap(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_ips_custom.py b/lib/ansible/modules/network/fortios/fortios_ips_custom.py deleted file mode 100644 index 2bfe751c5e4..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_ips_custom.py +++ /dev/null @@ -1,429 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_ips_custom -short_description: Configure IPS custom signature in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify ips feature and custom category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - ips_custom: - description: - - Configure IPS custom signature. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - action: - description: - - Default action (pass or block) for this signature. - type: str - choices: - - pass - - block - application: - description: - - Applications to be protected. Blank for all applications. - type: str - comment: - description: - - Comment. - type: str - location: - description: - - Protect client or server traffic. - type: str - log: - description: - - Enable/disable logging. - type: str - choices: - - disable - - enable - log_packet: - description: - - Enable/disable packet logging. - type: str - choices: - - disable - - enable - os: - description: - - Operating system(s) that the signature protects. Blank for all operating systems. - type: str - protocol: - description: - - Protocol(s) that the signature scans. Blank for all protocols. - type: str - rule_id: - description: - - Signature ID. - type: int - severity: - description: - - Relative severity of the signature, from info to critical. Log messages generated by the signature include the severity. - type: str - sig_name: - description: - - Signature name. - type: str - signature: - description: - - Custom signature enclosed in single quotes. - type: str - status: - description: - - Enable/disable this signature. - type: str - choices: - - disable - - enable - tag: - description: - - Signature tag. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPS custom signature. - fortios_ips_custom: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - ips_custom: - action: "pass" - application: "" - comment: "Comment." - location: "" - log: "disable" - log_packet: "disable" - os: "" - protocol: "" - rule_id: "11" - severity: "" - sig_name: "" - signature: "" - status: "disable" - tag: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_ips_custom_data(json): - option_list = ['action', 'application', 'comment', - 'location', 'log', 'log_packet', - 'os', 'protocol', 'rule_id', - 'severity', 'sig_name', 'signature', - 'status', 'tag'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def ips_custom(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['ips_custom'] and data['ips_custom']: - state = data['ips_custom']['state'] - else: - state = True - ips_custom_data = data['ips_custom'] - filtered_data = underscore_to_hyphen(filter_ips_custom_data(ips_custom_data)) - - if state == "present": - return fos.set('ips', - 'custom', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('ips', - 'custom', - mkey=filtered_data['tag'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_ips(data, fos): - - if data['ips_custom']: - resp = ips_custom(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "ips_custom": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "action": {"required": False, "type": "str", - "choices": ["pass", "block"]}, - "application": {"required": False, "type": "str"}, - "comment": {"required": False, "type": "str"}, - "location": {"required": False, "type": "str"}, - "log": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "log_packet": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "os": {"required": False, "type": "str"}, - "protocol": {"required": False, "type": "str"}, - "rule_id": {"required": False, "type": "int"}, - "severity": {"required": False, "type": "str"}, - "sig_name": {"required": False, "type": "str"}, - "signature": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "tag": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_ips(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_ips(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_ips_decoder.py b/lib/ansible/modules/network/fortios/fortios_ips_decoder.py deleted file mode 100644 index 15627e97ab9..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_ips_decoder.py +++ /dev/null @@ -1,354 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_ips_decoder -short_description: Configure IPS decoder in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify ips feature and decoder category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - ips_decoder: - description: - - Configure IPS decoder. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - name: - description: - - Decoder name. - required: true - type: str - parameter: - description: - - IPS group parameters. - type: list - suboptions: - name: - description: - - Parameter name. - required: true - type: str - value: - description: - - Parameter value. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPS decoder. - fortios_ips_decoder: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - ips_decoder: - name: "default_name_3" - parameter: - - - name: "default_name_5" - value: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_ips_decoder_data(json): - option_list = ['name', 'parameter'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def ips_decoder(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['ips_decoder'] and data['ips_decoder']: - state = data['ips_decoder']['state'] - else: - state = True - ips_decoder_data = data['ips_decoder'] - filtered_data = underscore_to_hyphen(filter_ips_decoder_data(ips_decoder_data)) - - if state == "present": - return fos.set('ips', - 'decoder', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('ips', - 'decoder', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_ips(data, fos): - - if data['ips_decoder']: - resp = ips_decoder(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "ips_decoder": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "name": {"required": True, "type": "str"}, - "parameter": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"}, - "value": {"required": False, "type": "str"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_ips(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_ips(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_ips_global.py b/lib/ansible/modules/network/fortios/fortios_ips_global.py deleted file mode 100644 index f33231051f3..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_ips_global.py +++ /dev/null @@ -1,401 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_ips_global -short_description: Configure IPS global parameter in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify ips feature and global category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - ips_global: - description: - - Configure IPS global parameter. - default: null - type: dict - suboptions: - anomaly_mode: - description: - - Global blocking mode for rate-based anomalies. - type: str - choices: - - periodical - - continuous - database: - description: - - Regular or extended IPS database. Regular protects against the latest common and in-the-wild attacks. Extended includes protection from - legacy attacks. - type: str - choices: - - regular - - extended - deep_app_insp_db_limit: - description: - - Limit on number of entries in deep application inspection database (1 - 2147483647, 0 = use recommended setting) - type: int - deep_app_insp_timeout: - description: - - Timeout for Deep application inspection (1 - 2147483647 sec., 0 = use recommended setting). - type: int - engine_count: - description: - - Number of IPS engines running. If set to the default value of 0, FortiOS sets the number to optimize performance depending on the number - of CPU cores. - type: int - exclude_signatures: - description: - - Excluded signatures. - type: str - choices: - - none - - industrial - fail_open: - description: - - Enable to allow traffic if the IPS process crashes. Default is disable and IPS traffic is blocked when the IPS process crashes. - type: str - choices: - - enable - - disable - intelligent_mode: - description: - - Enable/disable IPS adaptive scanning (intelligent mode). Intelligent mode optimizes the scanning method for the type of traffic. - type: str - choices: - - enable - - disable - session_limit_mode: - description: - - Method of counting concurrent sessions used by session limit anomalies. Choose between greater accuracy (accurate) or improved - performance (heuristics). - type: str - choices: - - accurate - - heuristic - skype_client_public_ipaddr: - description: - - Public IP addresses of your network that receive Skype sessions. Helps identify Skype sessions. Separate IP addresses with commas. - type: str - socket_size: - description: - - IPS socket buffer size (0 - 256 MB). Default depends on available memory. Can be changed to tune performance. - type: int - sync_session_ttl: - description: - - Enable/disable use of kernel session TTL for IPS sessions. - type: str - choices: - - enable - - disable - traffic_submit: - description: - - Enable/disable submitting attack data found by this FortiGate to FortiGuard. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPS global parameter. - fortios_ips_global: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - ips_global: - anomaly_mode: "periodical" - database: "regular" - deep_app_insp_db_limit: "5" - deep_app_insp_timeout: "6" - engine_count: "7" - exclude_signatures: "none" - fail_open: "enable" - intelligent_mode: "enable" - session_limit_mode: "accurate" - skype_client_public_ipaddr: "" - socket_size: "13" - sync_session_ttl: "enable" - traffic_submit: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_ips_global_data(json): - option_list = ['anomaly_mode', 'database', 'deep_app_insp_db_limit', - 'deep_app_insp_timeout', 'engine_count', 'exclude_signatures', - 'fail_open', 'intelligent_mode', 'session_limit_mode', - 'skype_client_public_ipaddr', 'socket_size', 'sync_session_ttl', - 'traffic_submit'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def ips_global(data, fos): - vdom = data['vdom'] - ips_global_data = data['ips_global'] - filtered_data = underscore_to_hyphen(filter_ips_global_data(ips_global_data)) - - return fos.set('ips', - 'global', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_ips(data, fos): - - if data['ips_global']: - resp = ips_global(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "ips_global": { - "required": False, "type": "dict", "default": None, - "options": { - "anomaly_mode": {"required": False, "type": "str", - "choices": ["periodical", "continuous"]}, - "database": {"required": False, "type": "str", - "choices": ["regular", "extended"]}, - "deep_app_insp_db_limit": {"required": False, "type": "int"}, - "deep_app_insp_timeout": {"required": False, "type": "int"}, - "engine_count": {"required": False, "type": "int"}, - "exclude_signatures": {"required": False, "type": "str", - "choices": ["none", "industrial"]}, - "fail_open": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "intelligent_mode": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "session_limit_mode": {"required": False, "type": "str", - "choices": ["accurate", "heuristic"]}, - "skype_client_public_ipaddr": {"required": False, "type": "str"}, - "socket_size": {"required": False, "type": "int"}, - "sync_session_ttl": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "traffic_submit": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_ips(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_ips(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_ips_rule.py b/lib/ansible/modules/network/fortios/fortios_ips_rule.py deleted file mode 100644 index ff5f6f2a01d..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_ips_rule.py +++ /dev/null @@ -1,458 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_ips_rule -short_description: Configure IPS rules in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify ips feature and rule category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - ips_rule: - description: - - Configure IPS rules. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - action: - description: - - Action. - type: str - choices: - - pass - - block - application: - description: - - Vulnerable applications. - type: str - date: - description: - - Date. - type: int - group: - description: - - Group. - type: str - location: - description: - - Vulnerable location. - type: str - log: - description: - - Enable/disable logging. - type: str - choices: - - disable - - enable - log_packet: - description: - - Enable/disable packet logging. - type: str - choices: - - disable - - enable - metadata: - description: - - Meta data. - type: list - suboptions: - id: - description: - - ID. - required: true - type: int - metaid: - description: - - Meta ID. - type: int - valueid: - description: - - Value ID. - type: int - name: - description: - - Rule name. - required: true - type: str - os: - description: - - Vulnerable operation systems. - type: str - rev: - description: - - Revision. - type: int - rule_id: - description: - - Rule ID. - type: int - service: - description: - - Vulnerable service. - type: str - severity: - description: - - Severity. - type: str - status: - description: - - Enable/disable status. - type: str - choices: - - disable - - enable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPS rules. - fortios_ips_rule: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - ips_rule: - action: "pass" - application: "" - date: "5" - group: "" - location: "" - log: "disable" - log_packet: "disable" - metadata: - - - id: "11" - metaid: "12" - valueid: "13" - name: "default_name_14" - os: "" - rev: "16" - rule_id: "17" - service: "" - severity: "" - status: "disable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_ips_rule_data(json): - option_list = ['action', 'application', 'date', - 'group', 'location', 'log', - 'log_packet', 'metadata', 'name', - 'os', 'rev', 'rule_id', - 'service', 'severity', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def ips_rule(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['ips_rule'] and data['ips_rule']: - state = data['ips_rule']['state'] - else: - state = True - ips_rule_data = data['ips_rule'] - filtered_data = underscore_to_hyphen(filter_ips_rule_data(ips_rule_data)) - - if state == "present": - return fos.set('ips', - 'rule', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('ips', - 'rule', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_ips(data, fos): - - if data['ips_rule']: - resp = ips_rule(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "ips_rule": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "action": {"required": False, "type": "str", - "choices": ["pass", "block"]}, - "application": {"required": False, "type": "str"}, - "date": {"required": False, "type": "int"}, - "group": {"required": False, "type": "str"}, - "location": {"required": False, "type": "str"}, - "log": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "log_packet": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "metadata": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "metaid": {"required": False, "type": "int"}, - "valueid": {"required": False, "type": "int"} - }}, - "name": {"required": True, "type": "str"}, - "os": {"required": False, "type": "str"}, - "rev": {"required": False, "type": "int"}, - "rule_id": {"required": False, "type": "int"}, - "service": {"required": False, "type": "str"}, - "severity": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["disable", "enable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_ips(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_ips(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_ips_rule_settings.py b/lib/ansible/modules/network/fortios/fortios_ips_rule_settings.py deleted file mode 100644 index 9d47926db80..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_ips_rule_settings.py +++ /dev/null @@ -1,331 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_ips_rule_settings -short_description: Configure IPS rule setting in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify ips feature and rule_settings category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - ips_rule_settings: - description: - - Configure IPS rule setting. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - id: - description: - - Rule ID. - required: true - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPS rule setting. - fortios_ips_rule_settings: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - ips_rule_settings: - id: "3" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_ips_rule_settings_data(json): - option_list = ['id'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def ips_rule_settings(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['ips_rule_settings'] and data['ips_rule_settings']: - state = data['ips_rule_settings']['state'] - else: - state = True - ips_rule_settings_data = data['ips_rule_settings'] - filtered_data = underscore_to_hyphen(filter_ips_rule_settings_data(ips_rule_settings_data)) - - if state == "present": - return fos.set('ips', - 'rule-settings', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('ips', - 'rule-settings', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_ips(data, fos): - - if data['ips_rule_settings']: - resp = ips_rule_settings(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "ips_rule_settings": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "id": {"required": True, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_ips(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_ips(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_ips_sensor.py b/lib/ansible/modules/network/fortios/fortios_ips_sensor.py deleted file mode 100644 index be82d0351ae..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_ips_sensor.py +++ /dev/null @@ -1,807 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_ips_sensor -short_description: Configure IPS sensor in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify ips feature and sensor category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - ips_sensor: - description: - - Configure IPS sensor. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - block_malicious_url: - description: - - Enable/disable malicious URL blocking. - type: str - choices: - - disable - - enable - comment: - description: - - Comment. - type: str - entries: - description: - - IPS sensor filter. - type: list - suboptions: - action: - description: - - Action taken with traffic in which signatures are detected. - type: str - choices: - - pass - - block - - reset - - default - application: - description: - - Applications to be protected. set application ? lists available applications. all includes all applications. other includes all - unlisted applications. - type: str - exempt_ip: - description: - - Traffic from selected source or destination IP addresses is exempt from this signature. - type: list - suboptions: - dst_ip: - description: - - Destination IP address and netmask. - type: str - id: - description: - - Exempt IP ID. - required: true - type: int - src_ip: - description: - - Source IP address and netmask. - type: str - id: - description: - - Rule ID in IPS database (0 - 4294967295). - required: true - type: int - location: - description: - - Protect client or server traffic. - type: str - log: - description: - - Enable/disable logging of signatures included in filter. - type: str - choices: - - disable - - enable - log_attack_context: - description: - - "Enable/disable logging of attack context: URL buffer, header buffer, body buffer, packet buffer." - type: str - choices: - - disable - - enable - log_packet: - description: - - Enable/disable packet logging. Enable to save the packet that triggers the filter. You can download the packets in pcap format - for diagnostic use. - type: str - choices: - - disable - - enable - os: - description: - - Operating systems to be protected. all includes all operating systems. other includes all unlisted operating systems. - type: str - protocol: - description: - - Protocols to be examined. set protocol ? lists available protocols. all includes all protocols. other includes all unlisted - protocols. - type: str - quarantine: - description: - - Quarantine method. - type: str - choices: - - none - - attacker - quarantine_expiry: - description: - - Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m). Requires quarantine set to attacker. - type: str - quarantine_log: - description: - - Enable/disable quarantine logging. - type: str - choices: - - disable - - enable - rate_count: - description: - - Count of the rate. - type: int - rate_duration: - description: - - Duration (sec) of the rate. - type: int - rate_mode: - description: - - Rate limit mode. - type: str - choices: - - periodical - - continuous - rate_track: - description: - - Track the packet protocol field. - type: str - choices: - - none - - src-ip - - dest-ip - - dhcp-client-mac - - dns-domain - rule: - description: - - Identifies the predefined or custom IPS signatures to add to the sensor. - type: list - suboptions: - id: - description: - - Rule IPS. - required: true - type: int - severity: - description: - - Relative severity of the signature, from info to critical. Log messages generated by the signature include the severity. - type: str - status: - description: - - Status of the signatures included in filter. default enables the filter and only use filters with default status of enable. - Filters with default status of disable will not be used. - type: str - choices: - - disable - - enable - - default - extended_log: - description: - - Enable/disable extended logging. - type: str - choices: - - enable - - disable - filter: - description: - - IPS sensor filter. - type: list - suboptions: - action: - description: - - Action of selected rules. - type: str - choices: - - pass - - block - - reset - - default - application: - description: - - Vulnerable application filter. - type: str - location: - description: - - Vulnerability location filter. - type: str - log: - description: - - Enable/disable logging of selected rules. - type: str - choices: - - disable - - enable - log_packet: - description: - - Enable/disable packet logging of selected rules. - type: str - choices: - - disable - - enable - name: - description: - - Filter name. - required: true - type: str - os: - description: - - Vulnerable OS filter. - type: str - protocol: - description: - - Vulnerable protocol filter. - type: str - quarantine: - description: - - Quarantine IP or interface. - type: str - choices: - - none - - attacker - quarantine_expiry: - description: - - Duration of quarantine in minute. - type: int - quarantine_log: - description: - - Enable/disable logging of selected quarantine. - type: str - choices: - - disable - - enable - severity: - description: - - Vulnerability severity filter. - type: str - status: - description: - - Selected rules status. - type: str - choices: - - disable - - enable - - default - name: - description: - - Sensor name. - required: true - type: str - override: - description: - - IPS override rule. - type: list - suboptions: - action: - description: - - Action of override rule. - type: str - choices: - - pass - - block - - reset - exempt_ip: - description: - - Exempted IP. - type: list - suboptions: - dst_ip: - description: - - Destination IP address and netmask. - type: str - id: - description: - - Exempt IP ID. - required: true - type: int - src_ip: - description: - - Source IP address and netmask. - type: str - log: - description: - - Enable/disable logging. - type: str - choices: - - disable - - enable - log_packet: - description: - - Enable/disable packet logging. - type: str - choices: - - disable - - enable - quarantine: - description: - - Quarantine IP or interface. - type: str - choices: - - none - - attacker - quarantine_expiry: - description: - - Duration of quarantine in minute. - type: int - quarantine_log: - description: - - Enable/disable logging of selected quarantine. - type: str - choices: - - disable - - enable - rule_id: - description: - - Override rule ID. - type: int - status: - description: - - Enable/disable status of override rule. - type: str - choices: - - disable - - enable - replacemsg_group: - description: - - Replacement message group. Source system.replacemsg-group.name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPS sensor. - fortios_ips_sensor: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - ips_sensor: - block_malicious_url: "disable" - comment: "Comment." - entries: - - - action: "pass" - application: "" - exempt_ip: - - - dst_ip: "" - id: "10" - src_ip: "" - id: "12" - location: "" - log: "disable" - log_attack_context: "disable" - log_packet: "disable" - os: "" - protocol: "" - quarantine: "none" - quarantine_expiry: "" - quarantine_log: "disable" - rate_count: "22" - rate_duration: "23" - rate_mode: "periodical" - rate_track: "none" - rule: - - - id: "27" - severity: "" - status: "disable" - extended_log: "enable" - filter: - - - action: "pass" - application: "" - location: "" - log: "disable" - log_packet: "disable" - name: "default_name_37" - os: "" - protocol: "" - quarantine: "none" - quarantine_expiry: "41" - quarantine_log: "disable" - severity: "" - status: "disable" - name: "default_name_45" - override: - - - action: "pass" - exempt_ip: - - - dst_ip: "" - id: "50" - src_ip: "" - log: "disable" - log_packet: "disable" - quarantine: "none" - quarantine_expiry: "55" - quarantine_log: "disable" - rule_id: "57" - status: "disable" - replacemsg_group: " (source system.replacemsg-group.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_ips_sensor_data(json): - option_list = ['block_malicious_url', 'comment', 'entries', - 'extended_log', 'filter', 'name', - 'override', 'replacemsg_group'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def ips_sensor(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['ips_sensor'] and data['ips_sensor']: - state = data['ips_sensor']['state'] - else: - state = True - ips_sensor_data = data['ips_sensor'] - filtered_data = underscore_to_hyphen(filter_ips_sensor_data(ips_sensor_data)) - - if state == "present": - return fos.set('ips', - 'sensor', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('ips', - 'sensor', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_ips(data, fos): - - if data['ips_sensor']: - resp = ips_sensor(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "ips_sensor": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "block_malicious_url": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "comment": {"required": False, "type": "str"}, - "entries": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["pass", "block", "reset", - "default"]}, - "application": {"required": False, "type": "str"}, - "exempt_ip": {"required": False, "type": "list", - "options": { - "dst_ip": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "src_ip": {"required": False, "type": "str"} - }}, - "id": {"required": True, "type": "int"}, - "location": {"required": False, "type": "str"}, - "log": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "log_attack_context": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "log_packet": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "os": {"required": False, "type": "str"}, - "protocol": {"required": False, "type": "str"}, - "quarantine": {"required": False, "type": "str", - "choices": ["none", "attacker"]}, - "quarantine_expiry": {"required": False, "type": "str"}, - "quarantine_log": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "rate_count": {"required": False, "type": "int"}, - "rate_duration": {"required": False, "type": "int"}, - "rate_mode": {"required": False, "type": "str", - "choices": ["periodical", "continuous"]}, - "rate_track": {"required": False, "type": "str", - "choices": ["none", "src-ip", "dest-ip", - "dhcp-client-mac", "dns-domain"]}, - "rule": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "severity": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["disable", "enable", "default"]} - }}, - "extended_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "filter": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["pass", "block", "reset", - "default"]}, - "application": {"required": False, "type": "str"}, - "location": {"required": False, "type": "str"}, - "log": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "log_packet": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "name": {"required": True, "type": "str"}, - "os": {"required": False, "type": "str"}, - "protocol": {"required": False, "type": "str"}, - "quarantine": {"required": False, "type": "str", - "choices": ["none", "attacker"]}, - "quarantine_expiry": {"required": False, "type": "int"}, - "quarantine_log": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "severity": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["disable", "enable", "default"]} - }}, - "name": {"required": True, "type": "str"}, - "override": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["pass", "block", "reset"]}, - "exempt_ip": {"required": False, "type": "list", - "options": { - "dst_ip": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "src_ip": {"required": False, "type": "str"} - }}, - "log": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "log_packet": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "quarantine": {"required": False, "type": "str", - "choices": ["none", "attacker"]}, - "quarantine_expiry": {"required": False, "type": "int"}, - "quarantine_log": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "rule_id": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["disable", "enable"]} - }}, - "replacemsg_group": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_ips(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_ips(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_ips_settings.py b/lib/ansible/modules/network/fortios/fortios_ips_settings.py deleted file mode 100644 index 3246966c60c..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_ips_settings.py +++ /dev/null @@ -1,309 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_ips_settings -short_description: Configure IPS VDOM parameter in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify ips feature and settings category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - ips_settings: - description: - - Configure IPS VDOM parameter. - default: null - type: dict - suboptions: - ips_packet_quota: - description: - - Maximum amount of disk space in MB for logged packets when logging to disk. Range depends on disk size. - type: int - packet_log_history: - description: - - Number of packets to capture before and including the one in which the IPS signature is detected (1 - 255). - type: int - packet_log_memory: - description: - - Maximum memory can be used by packet log (64 - 8192 kB). - type: int - packet_log_post_attack: - description: - - Number of packets to log after the IPS signature is detected (0 - 255). - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPS VDOM parameter. - fortios_ips_settings: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - ips_settings: - ips_packet_quota: "3" - packet_log_history: "4" - packet_log_memory: "5" - packet_log_post_attack: "6" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_ips_settings_data(json): - option_list = ['ips_packet_quota', 'packet_log_history', 'packet_log_memory', - 'packet_log_post_attack'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def ips_settings(data, fos): - vdom = data['vdom'] - ips_settings_data = data['ips_settings'] - filtered_data = underscore_to_hyphen(filter_ips_settings_data(ips_settings_data)) - - return fos.set('ips', - 'settings', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_ips(data, fos): - - if data['ips_settings']: - resp = ips_settings(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "ips_settings": { - "required": False, "type": "dict", "default": None, - "options": { - "ips_packet_quota": {"required": False, "type": "int"}, - "packet_log_history": {"required": False, "type": "int"}, - "packet_log_memory": {"required": False, "type": "int"}, - "packet_log_post_attack": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_ips(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_ips(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_ipv4_policy.py b/lib/ansible/modules/network/fortios/fortios_ipv4_policy.py deleted file mode 100644 index 2e7cb65add5..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_ipv4_policy.py +++ /dev/null @@ -1,336 +0,0 @@ -#!/usr/bin/python -# -# Ansible module to manage IPv4 policy objects in fortigate devices -# (c) 2017, Benjamin Jolivot -# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) - -from __future__ import absolute_import, division, print_function -__metaclass__ = type - - -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} - - -DOCUMENTATION = """ ---- -module: fortios_ipv4_policy -version_added: "2.3" -author: "Benjamin Jolivot (@bjolivot)" -short_description: Manage IPv4 policy objects on Fortinet FortiOS firewall devices -description: - - This module provides management of firewall IPv4 policies on FortiOS devices. -extends_documentation_fragment: fortios -options: - id: - description: - - "Policy ID. - Warning: policy ID number is different than Policy sequence number. - The policy ID is the number assigned at policy creation. - The sequence number represents the order in which the Fortigate will evaluate the rule for policy enforcement, - and also the order in which rules are listed in the GUI and CLI. - These two numbers do not necessarily correlate: this module is based off policy ID. - TIP: policy ID can be viewed in the GUI by adding 'ID' to the display columns" - required: true - state: - description: - - Specifies if policy I(id) need to be added or deleted. - choices: ['present', 'absent'] - default: present - src_intf: - description: - - Specifies source interface name(s). - default: any - dst_intf: - description: - - Specifies destination interface name(s). - default: any - src_addr: - description: - - Specifies source address (or group) object name(s). Required when I(state=present). - src_addr_negate: - description: - - Negate source address param. - default: false - type: bool - dst_addr: - description: - - Specifies destination address (or group) object name(s). Required when I(state=present). - dst_addr_negate: - description: - - Negate destination address param. - default: false - type: bool - policy_action: - description: - - Specifies accept or deny action policy. Required when I(state=present). - choices: ['accept', 'deny'] - aliases: ['action'] - service: - description: - - "Specifies policy service(s), could be a list (ex: ['MAIL','DNS']). Required when I(state=present)." - aliases: - - services - service_negate: - description: - - Negate policy service(s) defined in service value. - default: false - type: bool - schedule: - description: - - defines policy schedule. - default: 'always' - nat: - description: - - Enable or disable Nat. - default: false - type: bool - fixedport: - description: - - Use fixed port for nat. - default: false - type: bool - poolname: - description: - - Specifies NAT pool name. - av_profile: - description: - - Specifies Antivirus profile name. - webfilter_profile: - description: - - Specifies Webfilter profile name. - ips_sensor: - description: - - Specifies IPS Sensor profile name. - application_list: - description: - - Specifies Application Control name. - logtraffic: - version_added: "2.4" - description: - - Logs sessions that matched policy. - default: utm - choices: ['disable', 'utm', 'all'] - logtraffic_start: - version_added: "2.4" - description: - - Logs beginning of session as well. - default: false - type: bool - comment: - description: - - free text to describe policy. -requirements: - - pyFG -""" - -EXAMPLES = """ -- name: Allow external DNS call - fortios_ipv4_policy: - host: 192.168.0.254 - username: admin - password: password - id: 42 - src_addr: internal_network - dst_addr: all - service: dns - nat: True - state: present - policy_action: accept - logtraffic: disable - -- name: Public Web - fortios_ipv4_policy: - host: 192.168.0.254 - username: admin - password: password - id: 42 - src_addr: all - dst_addr: webservers - services: - - http - - https - state: present - policy_action: accept - -- name: Some Policy - fortios_ipv4_policy: - host: 192.168.0.254 - username: admin - password: password - id: 42 - comment: "no comment (created by ansible)" - src_intf: vl1000 - src_addr: - - some_serverA - - some_serverB - dst_intf: - - vl2000 - - vl3000 - dst_addr: all - services: - - HTTP - - HTTPS - nat: True - state: present - policy_action: accept - logtraffic: disable - tags: - - policy -""" - -RETURN = """ -firewall_address_config: - description: full firewall addresses config string - returned: always - type: str -change_string: - description: The commands executed by the module - returned: only if config changed - type: str -msg_error_list: - description: "List of errors returned by CLI (use -vvv for better readability)." - returned: only when error - type: str -""" - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.network.fortios.fortios import fortios_argument_spec, fortios_required_if -from ansible.module_utils.network.fortios.fortios import backup, AnsibleFortios - - -def main(): - argument_spec = dict( - comment=dict(type='str'), - id=dict(type='int', required=True), - src_intf=dict(type='list', default='any'), - dst_intf=dict(type='list', default='any'), - state=dict(choices=['present', 'absent'], default='present'), - src_addr=dict(type='list'), - dst_addr=dict(type='list'), - src_addr_negate=dict(type='bool', default=False), - dst_addr_negate=dict(type='bool', default=False), - policy_action=dict(choices=['accept', 'deny'], aliases=['action']), - service=dict(aliases=['services'], type='list'), - service_negate=dict(type='bool', default=False), - schedule=dict(type='str', default='always'), - nat=dict(type='bool', default=False), - fixedport=dict(type='bool', default=False), - poolname=dict(type='str'), - av_profile=dict(type='str'), - webfilter_profile=dict(type='str'), - ips_sensor=dict(type='str'), - application_list=dict(type='str'), - logtraffic=dict(choices=['disable', 'all', 'utm'], default='utm'), - logtraffic_start=dict(type='bool', default=False), - ) - - # merge global required_if & argument_spec from module_utils/fortios.py - argument_spec.update(fortios_argument_spec) - - ipv4_policy_required_if = [ - ['state', 'present', ['src_addr', 'dst_addr', 'policy_action', 'service']], - ] - - module = AnsibleModule( - argument_spec=argument_spec, - supports_check_mode=True, - required_if=fortios_required_if + ipv4_policy_required_if, - ) - - # init forti object - fortigate = AnsibleFortios(module) - - # Security policies root path - config_path = 'firewall policy' - - # test params - # NAT related - if not module.params['nat']: - if module.params['poolname']: - module.fail_json(msg='Poolname param requires NAT to be true.') - if module.params['fixedport']: - module.fail_json(msg='Fixedport param requires NAT to be true.') - - # log options - if module.params['logtraffic_start']: - if not module.params['logtraffic'] == 'all': - module.fail_json(msg='Logtraffic_start param requires logtraffic to be set to "all".') - - # id must be str(int) for pyFG to work - policy_id = str(module.params['id']) - - # load config - fortigate.load_config(config_path) - - # Absent State - if module.params['state'] == 'absent': - fortigate.candidate_config[config_path].del_block(policy_id) - - # Present state - elif module.params['state'] == 'present': - new_policy = fortigate.get_empty_configuration_block(policy_id, 'edit') - - # src / dest / service / interfaces - new_policy.set_param('srcintf', " ".join('"' + item + '"' for item in module.params['src_intf'])) - new_policy.set_param('dstintf', " ".join('"' + item + '"' for item in module.params['dst_intf'])) - - new_policy.set_param('srcaddr', " ".join('"' + item + '"' for item in module.params['src_addr'])) - new_policy.set_param('dstaddr', " ".join('"' + item + '"' for item in module.params['dst_addr'])) - new_policy.set_param('service', " ".join('"' + item + '"' for item in module.params['service'])) - - # negate src / dest / service - if module.params['src_addr_negate']: - new_policy.set_param('srcaddr-negate', 'enable') - if module.params['dst_addr_negate']: - new_policy.set_param('dstaddr-negate', 'enable') - if module.params['service_negate']: - new_policy.set_param('service-negate', 'enable') - - # action - new_policy.set_param('action', '%s' % (module.params['policy_action'])) - - # logging - new_policy.set_param('logtraffic', '%s' % (module.params['logtraffic'])) - if module.params['logtraffic'] == 'all': - if module.params['logtraffic_start']: - new_policy.set_param('logtraffic-start', 'enable') - else: - new_policy.set_param('logtraffic-start', 'disable') - - # Schedule - new_policy.set_param('schedule', '%s' % (module.params['schedule'])) - - # NAT - if module.params['nat']: - new_policy.set_param('nat', 'enable') - if module.params['fixedport']: - new_policy.set_param('fixedport', 'enable') - if module.params['poolname'] is not None: - new_policy.set_param('ippool', 'enable') - new_policy.set_param('poolname', '"%s"' % (module.params['poolname'])) - - # security profiles: - if module.params['av_profile'] is not None: - new_policy.set_param('av-profile', '"%s"' % (module.params['av_profile'])) - if module.params['webfilter_profile'] is not None: - new_policy.set_param('webfilter-profile', '"%s"' % (module.params['webfilter_profile'])) - if module.params['ips_sensor'] is not None: - new_policy.set_param('ips-sensor', '"%s"' % (module.params['ips_sensor'])) - if module.params['application_list'] is not None: - new_policy.set_param('application-list', '"%s"' % (module.params['application_list'])) - - # comment - if module.params['comment'] is not None: - new_policy.set_param('comment', '"%s"' % (module.params['comment'])) - - # add the new policy to the device - fortigate.add_block(policy_id, new_policy) - - # Apply changes - fortigate.apply_changes() - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_custom_field.py b/lib/ansible/modules/network/fortios/fortios_log_custom_field.py deleted file mode 100644 index 10f5849b852..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_custom_field.py +++ /dev/null @@ -1,343 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_custom_field -short_description: Configure custom log fields in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log feature and custom_field category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - log_custom_field: - description: - - Configure custom log fields. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - id: - description: - - field ID . - required: true - type: str - name: - description: - - "Field name (max: 15 characters)." - type: str - value: - description: - - "Field value (max: 15 characters)." - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure custom log fields. - fortios_log_custom_field: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - log_custom_field: - id: "3" - name: "default_name_4" - value: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_custom_field_data(json): - option_list = ['id', 'name', 'value'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_custom_field(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['log_custom_field'] and data['log_custom_field']: - state = data['log_custom_field']['state'] - else: - state = True - log_custom_field_data = data['log_custom_field'] - filtered_data = underscore_to_hyphen(filter_log_custom_field_data(log_custom_field_data)) - - if state == "present": - return fos.set('log', - 'custom-field', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('log', - 'custom-field', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log(data, fos): - - if data['log_custom_field']: - resp = log_custom_field(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "log_custom_field": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "id": {"required": True, "type": "str"}, - "name": {"required": False, "type": "str"}, - "value": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_disk_filter.py b/lib/ansible/modules/network/fortios/fortios_log_disk_filter.py deleted file mode 100644 index 5c268054d91..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_disk_filter.py +++ /dev/null @@ -1,621 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_disk_filter -short_description: Configure filters for local disk logging. Use these filters to determine the log messages to record according to severity and type in - Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_disk feature and filter category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_disk_filter: - description: - - Configure filters for local disk logging. Use these filters to determine the log messages to record according to severity and type. - default: null - type: dict - suboptions: - admin: - description: - - Enable/disable admin login/logout logging. - type: str - choices: - - enable - - disable - anomaly: - description: - - Enable/disable anomaly logging. - type: str - choices: - - enable - - disable - auth: - description: - - Enable/disable firewall authentication logging. - type: str - choices: - - enable - - disable - cpu_memory_usage: - description: - - Enable/disable CPU & memory usage logging every 5 minutes. - type: str - choices: - - enable - - disable - dhcp: - description: - - Enable/disable DHCP service messages logging. - type: str - choices: - - enable - - disable - dlp_archive: - description: - - Enable/disable DLP archive logging. - type: str - choices: - - enable - - disable - dns: - description: - - Enable/disable detailed DNS event logging. - type: str - choices: - - enable - - disable - event: - description: - - Enable/disable event logging. - type: str - choices: - - enable - - disable - filter: - description: - - Disk log filter. - type: str - filter_type: - description: - - Include/exclude logs that match the filter. - type: str - choices: - - include - - exclude - forward_traffic: - description: - - Enable/disable forward traffic logging. - type: str - choices: - - enable - - disable - gtp: - description: - - Enable/disable GTP messages logging. - type: str - choices: - - enable - - disable - ha: - description: - - Enable/disable HA logging. - type: str - choices: - - enable - - disable - ipsec: - description: - - Enable/disable IPsec negotiation messages logging. - type: str - choices: - - enable - - disable - ldb_monitor: - description: - - Enable/disable VIP real server health monitoring logging. - type: str - choices: - - enable - - disable - local_traffic: - description: - - Enable/disable local in or out traffic logging. - type: str - choices: - - enable - - disable - multicast_traffic: - description: - - Enable/disable multicast traffic logging. - type: str - choices: - - enable - - disable - netscan_discovery: - description: - - Enable/disable netscan discovery event logging. - type: str - netscan_vulnerability: - description: - - Enable/disable netscan vulnerability event logging. - type: str - pattern: - description: - - Enable/disable pattern update logging. - type: str - choices: - - enable - - disable - ppp: - description: - - Enable/disable L2TP/PPTP/PPPoE logging. - type: str - choices: - - enable - - disable - radius: - description: - - Enable/disable RADIUS messages logging. - type: str - choices: - - enable - - disable - severity: - description: - - Log to disk every message above and including this severity level. - type: str - choices: - - emergency - - alert - - critical - - error - - warning - - notification - - information - - debug - sniffer_traffic: - description: - - Enable/disable sniffer traffic logging. - type: str - choices: - - enable - - disable - ssh: - description: - - Enable/disable SSH logging. - type: str - choices: - - enable - - disable - sslvpn_log_adm: - description: - - Enable/disable SSL administrator login logging. - type: str - choices: - - enable - - disable - sslvpn_log_auth: - description: - - Enable/disable SSL user authentication logging. - type: str - choices: - - enable - - disable - sslvpn_log_session: - description: - - Enable/disable SSL session logging. - type: str - choices: - - enable - - disable - system: - description: - - Enable/disable system activity logging. - type: str - choices: - - enable - - disable - vip_ssl: - description: - - Enable/disable VIP SSL logging. - type: str - choices: - - enable - - disable - voip: - description: - - Enable/disable VoIP logging. - type: str - choices: - - enable - - disable - wan_opt: - description: - - Enable/disable WAN optimization event logging. - type: str - choices: - - enable - - disable - wireless_activity: - description: - - Enable/disable wireless activity event logging. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure filters for local disk logging. Use these filters to determine the log messages to record according to severity and type. - fortios_log_disk_filter: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_disk_filter: - admin: "enable" - anomaly: "enable" - auth: "enable" - cpu_memory_usage: "enable" - dhcp: "enable" - dlp_archive: "enable" - dns: "enable" - event: "enable" - filter: "" - filter_type: "include" - forward_traffic: "enable" - gtp: "enable" - ha: "enable" - ipsec: "enable" - ldb_monitor: "enable" - local_traffic: "enable" - multicast_traffic: "enable" - netscan_discovery: "" - netscan_vulnerability: "" - pattern: "enable" - ppp: "enable" - radius: "enable" - severity: "emergency" - sniffer_traffic: "enable" - ssh: "enable" - sslvpn_log_adm: "enable" - sslvpn_log_auth: "enable" - sslvpn_log_session: "enable" - system: "enable" - vip_ssl: "enable" - voip: "enable" - wan_opt: "enable" - wireless_activity: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_disk_filter_data(json): - option_list = ['admin', 'anomaly', 'auth', - 'cpu_memory_usage', 'dhcp', 'dlp_archive', - 'dns', 'event', 'filter', - 'filter_type', 'forward_traffic', 'gtp', - 'ha', 'ipsec', 'ldb_monitor', - 'local_traffic', 'multicast_traffic', 'netscan_discovery', - 'netscan_vulnerability', 'pattern', 'ppp', - 'radius', 'severity', 'sniffer_traffic', - 'ssh', 'sslvpn_log_adm', 'sslvpn_log_auth', - 'sslvpn_log_session', 'system', 'vip_ssl', - 'voip', 'wan_opt', 'wireless_activity'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_disk_filter(data, fos): - vdom = data['vdom'] - log_disk_filter_data = data['log_disk_filter'] - filtered_data = underscore_to_hyphen(filter_log_disk_filter_data(log_disk_filter_data)) - - return fos.set('log.disk', - 'filter', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_disk(data, fos): - - if data['log_disk_filter']: - resp = log_disk_filter(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_disk_filter": { - "required": False, "type": "dict", "default": None, - "options": { - "admin": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "anomaly": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "auth": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "cpu_memory_usage": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dhcp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dlp_archive": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dns": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "event": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "filter": {"required": False, "type": "str"}, - "filter_type": {"required": False, "type": "str", - "choices": ["include", "exclude"]}, - "forward_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gtp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ha": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ipsec": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ldb_monitor": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "multicast_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "netscan_discovery": {"required": False, "type": "str"}, - "netscan_vulnerability": {"required": False, "type": "str"}, - "pattern": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ppp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "radius": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "severity": {"required": False, "type": "str", - "choices": ["emergency", "alert", "critical", - "error", "warning", "notification", - "information", "debug"]}, - "sniffer_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssh": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sslvpn_log_adm": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sslvpn_log_auth": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sslvpn_log_session": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "system": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "vip_ssl": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "voip": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "wan_opt": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "wireless_activity": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_disk(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_disk(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_disk_setting.py b/lib/ansible/modules/network/fortios/fortios_log_disk_setting.py deleted file mode 100644 index aa83eac35da..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_disk_setting.py +++ /dev/null @@ -1,531 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_disk_setting -short_description: Settings for local disk logging in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_disk feature and setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_disk_setting: - description: - - Settings for local disk logging. - default: null - type: dict - suboptions: - diskfull: - description: - - Action to take when disk is full. The system can overwrite the oldest log messages or stop logging when the disk is full . - type: str - choices: - - overwrite - - nolog - dlp_archive_quota: - description: - - DLP archive quota (MB). - type: int - full_final_warning_threshold: - description: - - Log full final warning threshold as a percent (3 - 100). - type: int - full_first_warning_threshold: - description: - - Log full first warning threshold as a percent (1 - 98). - type: int - full_second_warning_threshold: - description: - - Log full second warning threshold as a percent (2 - 99). - type: int - ips_archive: - description: - - Enable/disable IPS packet archiving to the local disk. - type: str - choices: - - enable - - disable - log_quota: - description: - - Disk log quota (MB). - type: int - max_log_file_size: - description: - - Maximum log file size before rolling (1 - 100 Mbytes). - type: int - max_policy_packet_capture_size: - description: - - Maximum size of policy sniffer in MB (0 means unlimited). - type: int - maximum_log_age: - description: - - Delete log files older than (days). - type: int - report_quota: - description: - - Report quota (MB). - type: int - roll_day: - description: - - Day of week on which to roll log file. - type: str - choices: - - sunday - - monday - - tuesday - - wednesday - - thursday - - friday - - saturday - roll_schedule: - description: - - Frequency to check log file for rolling. - type: str - choices: - - daily - - weekly - roll_time: - description: - - "Time of day to roll the log file (hh:mm)." - type: str - source_ip: - description: - - Source IP address to use for uploading disk log files. - type: str - status: - description: - - Enable/disable local disk logging. - type: str - choices: - - enable - - disable - upload: - description: - - Enable/disable uploading log files when they are rolled. - type: str - choices: - - enable - - disable - upload_delete_files: - description: - - Delete log files after uploading . - type: str - choices: - - enable - - disable - upload_destination: - description: - - The type of server to upload log files to. Only FTP is currently supported. - type: str - choices: - - ftp-server - upload_ssl_conn: - description: - - Enable/disable encrypted FTPS communication to upload log files. - type: str - choices: - - default - - high - - low - - disable - uploaddir: - description: - - The remote directory on the FTP server to upload log files to. - type: str - uploadip: - description: - - IP address of the FTP server to upload log files to. - type: str - uploadpass: - description: - - Password required to log into the FTP server to upload disk log files. - type: str - uploadport: - description: - - TCP port to use for communicating with the FTP server . - type: int - uploadsched: - description: - - Set the schedule for uploading log files to the FTP server . - type: str - choices: - - disable - - enable - uploadtime: - description: - - "Time of day at which log files are uploaded if uploadsched is enabled (hh:mm or hh)." - type: str - uploadtype: - description: - - Types of log files to upload. Separate multiple entries with a space. - type: str - choices: - - traffic - - event - - virus - - webfilter - - IPS - - spamfilter - - dlp-archive - - anomaly - - voip - - dlp - - app-ctrl - - waf - - netscan - - gtp - - dns - uploaduser: - description: - - Username required to log into the FTP server to upload disk log files. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Settings for local disk logging. - fortios_log_disk_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_disk_setting: - diskfull: "overwrite" - dlp_archive_quota: "4" - full_final_warning_threshold: "5" - full_first_warning_threshold: "6" - full_second_warning_threshold: "7" - ips_archive: "enable" - log_quota: "9" - max_log_file_size: "10" - max_policy_packet_capture_size: "11" - maximum_log_age: "12" - report_quota: "13" - roll_day: "sunday" - roll_schedule: "daily" - roll_time: "" - source_ip: "84.230.14.43" - status: "enable" - upload: "enable" - upload_delete_files: "enable" - upload_destination: "ftp-server" - upload_ssl_conn: "default" - uploaddir: "" - uploadip: "" - uploadpass: "" - uploadport: "26" - uploadsched: "disable" - uploadtime: "" - uploadtype: "traffic" - uploaduser: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_disk_setting_data(json): - option_list = ['diskfull', 'dlp_archive_quota', 'full_final_warning_threshold', - 'full_first_warning_threshold', 'full_second_warning_threshold', 'ips_archive', - 'log_quota', 'max_log_file_size', 'max_policy_packet_capture_size', - 'maximum_log_age', 'report_quota', 'roll_day', - 'roll_schedule', 'roll_time', 'source_ip', - 'status', 'upload', 'upload_delete_files', - 'upload_destination', 'upload_ssl_conn', 'uploaddir', - 'uploadip', 'uploadpass', 'uploadport', - 'uploadsched', 'uploadtime', 'uploadtype', - 'uploaduser'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_disk_setting(data, fos): - vdom = data['vdom'] - log_disk_setting_data = data['log_disk_setting'] - filtered_data = underscore_to_hyphen(filter_log_disk_setting_data(log_disk_setting_data)) - - return fos.set('log.disk', - 'setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_disk(data, fos): - - if data['log_disk_setting']: - resp = log_disk_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_disk_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "diskfull": {"required": False, "type": "str", - "choices": ["overwrite", "nolog"]}, - "dlp_archive_quota": {"required": False, "type": "int"}, - "full_final_warning_threshold": {"required": False, "type": "int"}, - "full_first_warning_threshold": {"required": False, "type": "int"}, - "full_second_warning_threshold": {"required": False, "type": "int"}, - "ips_archive": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "log_quota": {"required": False, "type": "int"}, - "max_log_file_size": {"required": False, "type": "int"}, - "max_policy_packet_capture_size": {"required": False, "type": "int"}, - "maximum_log_age": {"required": False, "type": "int"}, - "report_quota": {"required": False, "type": "int"}, - "roll_day": {"required": False, "type": "str", - "choices": ["sunday", "monday", "tuesday", - "wednesday", "thursday", "friday", - "saturday"]}, - "roll_schedule": {"required": False, "type": "str", - "choices": ["daily", "weekly"]}, - "roll_time": {"required": False, "type": "str"}, - "source_ip": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "upload": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "upload_delete_files": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "upload_destination": {"required": False, "type": "str", - "choices": ["ftp-server"]}, - "upload_ssl_conn": {"required": False, "type": "str", - "choices": ["default", "high", "low", - "disable"]}, - "uploaddir": {"required": False, "type": "str"}, - "uploadip": {"required": False, "type": "str"}, - "uploadpass": {"required": False, "type": "str"}, - "uploadport": {"required": False, "type": "int"}, - "uploadsched": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "uploadtime": {"required": False, "type": "str"}, - "uploadtype": {"required": False, "type": "str", - "choices": ["traffic", "event", "virus", - "webfilter", "IPS", "spamfilter", - "dlp-archive", "anomaly", "voip", - "dlp", "app-ctrl", "waf", - "netscan", "gtp", "dns"]}, - "uploaduser": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_disk(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_disk(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_eventfilter.py b/lib/ansible/modules/network/fortios/fortios_log_eventfilter.py deleted file mode 100644 index d637f459162..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_eventfilter.py +++ /dev/null @@ -1,397 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_eventfilter -short_description: Configure log event filters in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log feature and eventfilter category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_eventfilter: - description: - - Configure log event filters. - default: null - type: dict - suboptions: - compliance_check: - description: - - Enable/disable PCI DSS compliance check logging. - type: str - choices: - - enable - - disable - endpoint: - description: - - Enable/disable endpoint event logging. - type: str - choices: - - enable - - disable - event: - description: - - Enable/disable event logging. - type: str - choices: - - enable - - disable - ha: - description: - - Enable/disable ha event logging. - type: str - choices: - - enable - - disable - router: - description: - - Enable/disable router event logging. - type: str - choices: - - enable - - disable - security_rating: - description: - - Enable/disable Security Rating result logging. - type: str - choices: - - enable - - disable - system: - description: - - Enable/disable system event logging. - type: str - choices: - - enable - - disable - user: - description: - - Enable/disable user authentication event logging. - type: str - choices: - - enable - - disable - vpn: - description: - - Enable/disable VPN event logging. - type: str - choices: - - enable - - disable - wan_opt: - description: - - Enable/disable WAN optimization event logging. - type: str - choices: - - enable - - disable - wireless_activity: - description: - - Enable/disable wireless event logging. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure log event filters. - fortios_log_eventfilter: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_eventfilter: - compliance_check: "enable" - endpoint: "enable" - event: "enable" - ha: "enable" - router: "enable" - security_rating: "enable" - system: "enable" - user: "enable" - vpn: "enable" - wan_opt: "enable" - wireless_activity: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_eventfilter_data(json): - option_list = ['compliance_check', 'endpoint', 'event', - 'ha', 'router', 'security_rating', - 'system', 'user', 'vpn', - 'wan_opt', 'wireless_activity'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_eventfilter(data, fos): - vdom = data['vdom'] - log_eventfilter_data = data['log_eventfilter'] - filtered_data = underscore_to_hyphen(filter_log_eventfilter_data(log_eventfilter_data)) - - return fos.set('log', - 'eventfilter', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log(data, fos): - - if data['log_eventfilter']: - resp = log_eventfilter(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_eventfilter": { - "required": False, "type": "dict", "default": None, - "options": { - "compliance_check": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "endpoint": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "event": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ha": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "router": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "security_rating": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "system": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "user": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "vpn": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "wan_opt": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "wireless_activity": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer2_filter.py b/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer2_filter.py deleted file mode 100644 index c53626385ea..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer2_filter.py +++ /dev/null @@ -1,434 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_fortianalyzer2_filter -short_description: Filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_fortianalyzer2 feature and filter category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_fortianalyzer2_filter: - description: - - Filters for FortiAnalyzer. - default: null - type: dict - suboptions: - anomaly: - description: - - Enable/disable anomaly logging. - type: str - choices: - - enable - - disable - dlp_archive: - description: - - Enable/disable DLP archive logging. - type: str - choices: - - enable - - disable - dns: - description: - - Enable/disable detailed DNS event logging. - type: str - choices: - - enable - - disable - filter: - description: - - FortiAnalyzer 2 log filter. - type: str - filter_type: - description: - - Include/exclude logs that match the filter. - type: str - choices: - - include - - exclude - forward_traffic: - description: - - Enable/disable forward traffic logging. - type: str - choices: - - enable - - disable - gtp: - description: - - Enable/disable GTP messages logging. - type: str - choices: - - enable - - disable - local_traffic: - description: - - Enable/disable local in or out traffic logging. - type: str - choices: - - enable - - disable - multicast_traffic: - description: - - Enable/disable multicast traffic logging. - type: str - choices: - - enable - - disable - netscan_discovery: - description: - - Enable/disable netscan discovery event logging. - type: str - netscan_vulnerability: - description: - - Enable/disable netscan vulnerability event logging. - type: str - severity: - description: - - Log every message above and including this severity level. - type: str - choices: - - emergency - - alert - - critical - - error - - warning - - notification - - information - - debug - sniffer_traffic: - description: - - Enable/disable sniffer traffic logging. - type: str - choices: - - enable - - disable - ssh: - description: - - Enable/disable SSH logging. - type: str - choices: - - enable - - disable - voip: - description: - - Enable/disable VoIP logging. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Filters for FortiAnalyzer. - fortios_log_fortianalyzer2_filter: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_fortianalyzer2_filter: - anomaly: "enable" - dlp_archive: "enable" - dns: "enable" - filter: "" - filter_type: "include" - forward_traffic: "enable" - gtp: "enable" - local_traffic: "enable" - multicast_traffic: "enable" - netscan_discovery: "" - netscan_vulnerability: "" - severity: "emergency" - sniffer_traffic: "enable" - ssh: "enable" - voip: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_fortianalyzer2_filter_data(json): - option_list = ['anomaly', 'dlp_archive', 'dns', - 'filter', 'filter_type', 'forward_traffic', - 'gtp', 'local_traffic', 'multicast_traffic', - 'netscan_discovery', 'netscan_vulnerability', 'severity', - 'sniffer_traffic', 'ssh', 'voip'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_fortianalyzer2_filter(data, fos): - vdom = data['vdom'] - log_fortianalyzer2_filter_data = data['log_fortianalyzer2_filter'] - filtered_data = underscore_to_hyphen(filter_log_fortianalyzer2_filter_data(log_fortianalyzer2_filter_data)) - - return fos.set('log.fortianalyzer2', - 'filter', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_fortianalyzer2(data, fos): - - if data['log_fortianalyzer2_filter']: - resp = log_fortianalyzer2_filter(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_fortianalyzer2_filter": { - "required": False, "type": "dict", "default": None, - "options": { - "anomaly": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dlp_archive": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dns": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "filter": {"required": False, "type": "str"}, - "filter_type": {"required": False, "type": "str", - "choices": ["include", "exclude"]}, - "forward_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gtp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "multicast_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "netscan_discovery": {"required": False, "type": "str"}, - "netscan_vulnerability": {"required": False, "type": "str"}, - "severity": {"required": False, "type": "str", - "choices": ["emergency", "alert", "critical", - "error", "warning", "notification", - "information", "debug"]}, - "sniffer_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssh": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "voip": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_fortianalyzer2(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_fortianalyzer2(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer2_setting.py b/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer2_setting.py deleted file mode 100644 index 57b6de8c083..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer2_setting.py +++ /dev/null @@ -1,445 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_fortianalyzer2_setting -short_description: Global FortiAnalyzer settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_fortianalyzer2 feature and setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_fortianalyzer2_setting: - description: - - Global FortiAnalyzer settings. - default: null - type: dict - suboptions: - __change_ip: - description: - - Hidden attribute. - type: int - certificate: - description: - - Certificate used to communicate with FortiAnalyzer. Source certificate.local.name. - type: str - conn_timeout: - description: - - FortiAnalyzer connection time-out in seconds (for status and log buffer). - type: int - enc_algorithm: - description: - - Enable/disable sending FortiAnalyzer log data with SSL encryption. - type: str - choices: - - high-medium - - high - - low - faz_type: - description: - - Hidden setting index of FortiAnalyzer. - type: int - hmac_algorithm: - description: - - FortiAnalyzer IPsec tunnel HMAC algorithm. - type: str - choices: - - sha256 - - sha1 - ips_archive: - description: - - Enable/disable IPS packet archive logging. - type: str - choices: - - enable - - disable - mgmt_name: - description: - - Hidden management name of FortiAnalyzer. - type: str - monitor_failure_retry_period: - description: - - Time between FortiAnalyzer connection retries in seconds (for status and log buffer). - type: int - monitor_keepalive_period: - description: - - Time between OFTP keepalives in seconds (for status and log buffer). - type: int - reliable: - description: - - Enable/disable reliable logging to FortiAnalyzer. - type: str - choices: - - enable - - disable - server: - description: - - The remote FortiAnalyzer. - type: str - source_ip: - description: - - Source IPv4 or IPv6 address used to communicate with FortiAnalyzer. - type: str - ssl_min_proto_version: - description: - - Minimum supported protocol version for SSL/TLS connections . - type: str - choices: - - default - - SSLv3 - - TLSv1 - - TLSv1-1 - - TLSv1-2 - status: - description: - - Enable/disable logging to FortiAnalyzer. - type: str - choices: - - enable - - disable - upload_day: - description: - - Day of week (month) to upload logs. - type: str - upload_interval: - description: - - Frequency to upload log files to FortiAnalyzer. - type: str - choices: - - daily - - weekly - - monthly - upload_option: - description: - - Enable/disable logging to hard disk and then uploading to FortiAnalyzer. - type: str - choices: - - store-and-upload - - realtime - - 1-minute - - 5-minute - upload_time: - description: - - "Time to upload logs (hh:mm)." - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Global FortiAnalyzer settings. - fortios_log_fortianalyzer2_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_fortianalyzer2_setting: - __change_ip: "3" - certificate: " (source certificate.local.name)" - conn_timeout: "5" - enc_algorithm: "high-medium" - faz_type: "7" - hmac_algorithm: "sha256" - ips_archive: "enable" - mgmt_name: "" - monitor_failure_retry_period: "11" - monitor_keepalive_period: "12" - reliable: "enable" - server: "192.168.100.40" - source_ip: "84.230.14.43" - ssl_min_proto_version: "default" - status: "enable" - upload_day: "" - upload_interval: "daily" - upload_option: "store-and-upload" - upload_time: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_fortianalyzer2_setting_data(json): - option_list = ['__change_ip', 'certificate', 'conn_timeout', - 'enc_algorithm', 'faz_type', 'hmac_algorithm', - 'ips_archive', 'mgmt_name', 'monitor_failure_retry_period', - 'monitor_keepalive_period', 'reliable', 'server', - 'source_ip', 'ssl_min_proto_version', 'status', - 'upload_day', 'upload_interval', 'upload_option', - 'upload_time'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_fortianalyzer2_setting(data, fos): - vdom = data['vdom'] - log_fortianalyzer2_setting_data = data['log_fortianalyzer2_setting'] - filtered_data = underscore_to_hyphen(filter_log_fortianalyzer2_setting_data(log_fortianalyzer2_setting_data)) - - return fos.set('log.fortianalyzer2', - 'setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_fortianalyzer2(data, fos): - - if data['log_fortianalyzer2_setting']: - resp = log_fortianalyzer2_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_fortianalyzer2_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "__change_ip": {"required": False, "type": "int"}, - "certificate": {"required": False, "type": "str"}, - "conn_timeout": {"required": False, "type": "int"}, - "enc_algorithm": {"required": False, "type": "str", - "choices": ["high-medium", "high", "low"]}, - "faz_type": {"required": False, "type": "int"}, - "hmac_algorithm": {"required": False, "type": "str", - "choices": ["sha256", "sha1"]}, - "ips_archive": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "mgmt_name": {"required": False, "type": "str"}, - "monitor_failure_retry_period": {"required": False, "type": "int"}, - "monitor_keepalive_period": {"required": False, "type": "int"}, - "reliable": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "server": {"required": False, "type": "str"}, - "source_ip": {"required": False, "type": "str"}, - "ssl_min_proto_version": {"required": False, "type": "str", - "choices": ["default", "SSLv3", "TLSv1", - "TLSv1-1", "TLSv1-2"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "upload_day": {"required": False, "type": "str"}, - "upload_interval": {"required": False, "type": "str", - "choices": ["daily", "weekly", "monthly"]}, - "upload_option": {"required": False, "type": "str", - "choices": ["store-and-upload", "realtime", "1-minute", - "5-minute"]}, - "upload_time": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_fortianalyzer2(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_fortianalyzer2(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer3_filter.py b/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer3_filter.py deleted file mode 100644 index 6bbb04b57e5..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer3_filter.py +++ /dev/null @@ -1,434 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_fortianalyzer3_filter -short_description: Filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_fortianalyzer3 feature and filter category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_fortianalyzer3_filter: - description: - - Filters for FortiAnalyzer. - default: null - type: dict - suboptions: - anomaly: - description: - - Enable/disable anomaly logging. - type: str - choices: - - enable - - disable - dlp_archive: - description: - - Enable/disable DLP archive logging. - type: str - choices: - - enable - - disable - dns: - description: - - Enable/disable detailed DNS event logging. - type: str - choices: - - enable - - disable - filter: - description: - - FortiAnalyzer 3 log filter. - type: str - filter_type: - description: - - Include/exclude logs that match the filter. - type: str - choices: - - include - - exclude - forward_traffic: - description: - - Enable/disable forward traffic logging. - type: str - choices: - - enable - - disable - gtp: - description: - - Enable/disable GTP messages logging. - type: str - choices: - - enable - - disable - local_traffic: - description: - - Enable/disable local in or out traffic logging. - type: str - choices: - - enable - - disable - multicast_traffic: - description: - - Enable/disable multicast traffic logging. - type: str - choices: - - enable - - disable - netscan_discovery: - description: - - Enable/disable netscan discovery event logging. - type: str - netscan_vulnerability: - description: - - Enable/disable netscan vulnerability event logging. - type: str - severity: - description: - - Lowest severity level to log. - type: str - choices: - - emergency - - alert - - critical - - error - - warning - - notification - - information - - debug - sniffer_traffic: - description: - - Enable/disable sniffer traffic logging. - type: str - choices: - - enable - - disable - ssh: - description: - - Enable/disable SSH logging. - type: str - choices: - - enable - - disable - voip: - description: - - Enable/disable VoIP logging. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Filters for FortiAnalyzer. - fortios_log_fortianalyzer3_filter: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_fortianalyzer3_filter: - anomaly: "enable" - dlp_archive: "enable" - dns: "enable" - filter: "" - filter_type: "include" - forward_traffic: "enable" - gtp: "enable" - local_traffic: "enable" - multicast_traffic: "enable" - netscan_discovery: "" - netscan_vulnerability: "" - severity: "emergency" - sniffer_traffic: "enable" - ssh: "enable" - voip: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_fortianalyzer3_filter_data(json): - option_list = ['anomaly', 'dlp_archive', 'dns', - 'filter', 'filter_type', 'forward_traffic', - 'gtp', 'local_traffic', 'multicast_traffic', - 'netscan_discovery', 'netscan_vulnerability', 'severity', - 'sniffer_traffic', 'ssh', 'voip'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_fortianalyzer3_filter(data, fos): - vdom = data['vdom'] - log_fortianalyzer3_filter_data = data['log_fortianalyzer3_filter'] - filtered_data = underscore_to_hyphen(filter_log_fortianalyzer3_filter_data(log_fortianalyzer3_filter_data)) - - return fos.set('log.fortianalyzer3', - 'filter', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_fortianalyzer3(data, fos): - - if data['log_fortianalyzer3_filter']: - resp = log_fortianalyzer3_filter(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_fortianalyzer3_filter": { - "required": False, "type": "dict", "default": None, - "options": { - "anomaly": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dlp_archive": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dns": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "filter": {"required": False, "type": "str"}, - "filter_type": {"required": False, "type": "str", - "choices": ["include", "exclude"]}, - "forward_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gtp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "multicast_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "netscan_discovery": {"required": False, "type": "str"}, - "netscan_vulnerability": {"required": False, "type": "str"}, - "severity": {"required": False, "type": "str", - "choices": ["emergency", "alert", "critical", - "error", "warning", "notification", - "information", "debug"]}, - "sniffer_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssh": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "voip": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_fortianalyzer3(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_fortianalyzer3(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer3_setting.py b/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer3_setting.py deleted file mode 100644 index f5d972cb875..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer3_setting.py +++ /dev/null @@ -1,445 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_fortianalyzer3_setting -short_description: Global FortiAnalyzer settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_fortianalyzer3 feature and setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_fortianalyzer3_setting: - description: - - Global FortiAnalyzer settings. - default: null - type: dict - suboptions: - __change_ip: - description: - - Hidden attribute. - type: int - certificate: - description: - - Certificate used to communicate with FortiAnalyzer. Source certificate.local.name. - type: str - conn_timeout: - description: - - FortiAnalyzer connection time-out in seconds (for status and log buffer). - type: int - enc_algorithm: - description: - - Enable/disable sending FortiAnalyzer log data with SSL encryption. - type: str - choices: - - high-medium - - high - - low - faz_type: - description: - - Hidden setting index of FortiAnalyzer. - type: int - hmac_algorithm: - description: - - FortiAnalyzer IPsec tunnel HMAC algorithm. - type: str - choices: - - sha256 - - sha1 - ips_archive: - description: - - Enable/disable IPS packet archive logging. - type: str - choices: - - enable - - disable - mgmt_name: - description: - - Hidden management name of FortiAnalyzer. - type: str - monitor_failure_retry_period: - description: - - Time between FortiAnalyzer connection retries in seconds (for status and log buffer). - type: int - monitor_keepalive_period: - description: - - Time between OFTP keepalives in seconds (for status and log buffer). - type: int - reliable: - description: - - Enable/disable reliable logging to FortiAnalyzer. - type: str - choices: - - enable - - disable - server: - description: - - The remote FortiAnalyzer. - type: str - source_ip: - description: - - Source IPv4 or IPv6 address used to communicate with FortiAnalyzer. - type: str - ssl_min_proto_version: - description: - - Minimum supported protocol version for SSL/TLS connections . - type: str - choices: - - default - - SSLv3 - - TLSv1 - - TLSv1-1 - - TLSv1-2 - status: - description: - - Enable/disable logging to FortiAnalyzer. - type: str - choices: - - enable - - disable - upload_day: - description: - - Day of week (month) to upload logs. - type: str - upload_interval: - description: - - Frequency to upload log files to FortiAnalyzer. - type: str - choices: - - daily - - weekly - - monthly - upload_option: - description: - - Enable/disable logging to hard disk and then uploading to FortiAnalyzer. - type: str - choices: - - store-and-upload - - realtime - - 1-minute - - 5-minute - upload_time: - description: - - "Time to upload logs (hh:mm)." - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Global FortiAnalyzer settings. - fortios_log_fortianalyzer3_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_fortianalyzer3_setting: - __change_ip: "3" - certificate: " (source certificate.local.name)" - conn_timeout: "5" - enc_algorithm: "high-medium" - faz_type: "7" - hmac_algorithm: "sha256" - ips_archive: "enable" - mgmt_name: "" - monitor_failure_retry_period: "11" - monitor_keepalive_period: "12" - reliable: "enable" - server: "192.168.100.40" - source_ip: "84.230.14.43" - ssl_min_proto_version: "default" - status: "enable" - upload_day: "" - upload_interval: "daily" - upload_option: "store-and-upload" - upload_time: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_fortianalyzer3_setting_data(json): - option_list = ['__change_ip', 'certificate', 'conn_timeout', - 'enc_algorithm', 'faz_type', 'hmac_algorithm', - 'ips_archive', 'mgmt_name', 'monitor_failure_retry_period', - 'monitor_keepalive_period', 'reliable', 'server', - 'source_ip', 'ssl_min_proto_version', 'status', - 'upload_day', 'upload_interval', 'upload_option', - 'upload_time'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_fortianalyzer3_setting(data, fos): - vdom = data['vdom'] - log_fortianalyzer3_setting_data = data['log_fortianalyzer3_setting'] - filtered_data = underscore_to_hyphen(filter_log_fortianalyzer3_setting_data(log_fortianalyzer3_setting_data)) - - return fos.set('log.fortianalyzer3', - 'setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_fortianalyzer3(data, fos): - - if data['log_fortianalyzer3_setting']: - resp = log_fortianalyzer3_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_fortianalyzer3_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "__change_ip": {"required": False, "type": "int"}, - "certificate": {"required": False, "type": "str"}, - "conn_timeout": {"required": False, "type": "int"}, - "enc_algorithm": {"required": False, "type": "str", - "choices": ["high-medium", "high", "low"]}, - "faz_type": {"required": False, "type": "int"}, - "hmac_algorithm": {"required": False, "type": "str", - "choices": ["sha256", "sha1"]}, - "ips_archive": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "mgmt_name": {"required": False, "type": "str"}, - "monitor_failure_retry_period": {"required": False, "type": "int"}, - "monitor_keepalive_period": {"required": False, "type": "int"}, - "reliable": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "server": {"required": False, "type": "str"}, - "source_ip": {"required": False, "type": "str"}, - "ssl_min_proto_version": {"required": False, "type": "str", - "choices": ["default", "SSLv3", "TLSv1", - "TLSv1-1", "TLSv1-2"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "upload_day": {"required": False, "type": "str"}, - "upload_interval": {"required": False, "type": "str", - "choices": ["daily", "weekly", "monthly"]}, - "upload_option": {"required": False, "type": "str", - "choices": ["store-and-upload", "realtime", "1-minute", - "5-minute"]}, - "upload_time": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_fortianalyzer3(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_fortianalyzer3(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_filter.py b/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_filter.py deleted file mode 100644 index 6d2c75ad94a..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_filter.py +++ /dev/null @@ -1,434 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_fortianalyzer_filter -short_description: Filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_fortianalyzer feature and filter category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_fortianalyzer_filter: - description: - - Filters for FortiAnalyzer. - default: null - type: dict - suboptions: - anomaly: - description: - - Enable/disable anomaly logging. - type: str - choices: - - enable - - disable - dlp_archive: - description: - - Enable/disable DLP archive logging. - type: str - choices: - - enable - - disable - dns: - description: - - Enable/disable detailed DNS event logging. - type: str - choices: - - enable - - disable - filter: - description: - - FortiAnalyzer log filter. - type: str - filter_type: - description: - - Include/exclude logs that match the filter. - type: str - choices: - - include - - exclude - forward_traffic: - description: - - Enable/disable forward traffic logging. - type: str - choices: - - enable - - disable - gtp: - description: - - Enable/disable GTP messages logging. - type: str - choices: - - enable - - disable - local_traffic: - description: - - Enable/disable local in or out traffic logging. - type: str - choices: - - enable - - disable - multicast_traffic: - description: - - Enable/disable multicast traffic logging. - type: str - choices: - - enable - - disable - netscan_discovery: - description: - - Enable/disable netscan discovery event logging. - type: str - netscan_vulnerability: - description: - - Enable/disable netscan vulnerability event logging. - type: str - severity: - description: - - Lowest severity level to log. - type: str - choices: - - emergency - - alert - - critical - - error - - warning - - notification - - information - - debug - sniffer_traffic: - description: - - Enable/disable sniffer traffic logging. - type: str - choices: - - enable - - disable - ssh: - description: - - Enable/disable SSH logging. - type: str - choices: - - enable - - disable - voip: - description: - - Enable/disable VoIP logging. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Filters for FortiAnalyzer. - fortios_log_fortianalyzer_filter: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_fortianalyzer_filter: - anomaly: "enable" - dlp_archive: "enable" - dns: "enable" - filter: "" - filter_type: "include" - forward_traffic: "enable" - gtp: "enable" - local_traffic: "enable" - multicast_traffic: "enable" - netscan_discovery: "" - netscan_vulnerability: "" - severity: "emergency" - sniffer_traffic: "enable" - ssh: "enable" - voip: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_fortianalyzer_filter_data(json): - option_list = ['anomaly', 'dlp_archive', 'dns', - 'filter', 'filter_type', 'forward_traffic', - 'gtp', 'local_traffic', 'multicast_traffic', - 'netscan_discovery', 'netscan_vulnerability', 'severity', - 'sniffer_traffic', 'ssh', 'voip'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_fortianalyzer_filter(data, fos): - vdom = data['vdom'] - log_fortianalyzer_filter_data = data['log_fortianalyzer_filter'] - filtered_data = underscore_to_hyphen(filter_log_fortianalyzer_filter_data(log_fortianalyzer_filter_data)) - - return fos.set('log.fortianalyzer', - 'filter', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_fortianalyzer(data, fos): - - if data['log_fortianalyzer_filter']: - resp = log_fortianalyzer_filter(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_fortianalyzer_filter": { - "required": False, "type": "dict", "default": None, - "options": { - "anomaly": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dlp_archive": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dns": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "filter": {"required": False, "type": "str"}, - "filter_type": {"required": False, "type": "str", - "choices": ["include", "exclude"]}, - "forward_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gtp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "multicast_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "netscan_discovery": {"required": False, "type": "str"}, - "netscan_vulnerability": {"required": False, "type": "str"}, - "severity": {"required": False, "type": "str", - "choices": ["emergency", "alert", "critical", - "error", "warning", "notification", - "information", "debug"]}, - "sniffer_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssh": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "voip": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_override_filter.py b/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_override_filter.py deleted file mode 100644 index 41bb8665a6b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_override_filter.py +++ /dev/null @@ -1,434 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_fortianalyzer_override_filter -short_description: Override filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_fortianalyzer feature and override_filter category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_fortianalyzer_override_filter: - description: - - Override filters for FortiAnalyzer. - default: null - type: dict - suboptions: - anomaly: - description: - - Enable/disable anomaly logging. - type: str - choices: - - enable - - disable - dlp_archive: - description: - - Enable/disable DLP archive logging. - type: str - choices: - - enable - - disable - dns: - description: - - Enable/disable detailed DNS event logging. - type: str - choices: - - enable - - disable - filter: - description: - - FortiAnalyzer log filter. - type: str - filter_type: - description: - - Include/exclude logs that match the filter. - type: str - choices: - - include - - exclude - forward_traffic: - description: - - Enable/disable forward traffic logging. - type: str - choices: - - enable - - disable - gtp: - description: - - Enable/disable GTP messages logging. - type: str - choices: - - enable - - disable - local_traffic: - description: - - Enable/disable local in or out traffic logging. - type: str - choices: - - enable - - disable - multicast_traffic: - description: - - Enable/disable multicast traffic logging. - type: str - choices: - - enable - - disable - netscan_discovery: - description: - - Enable/disable netscan discovery event logging. - type: str - netscan_vulnerability: - description: - - Enable/disable netscan vulnerability event logging. - type: str - severity: - description: - - Lowest severity level to log. - type: str - choices: - - emergency - - alert - - critical - - error - - warning - - notification - - information - - debug - sniffer_traffic: - description: - - Enable/disable sniffer traffic logging. - type: str - choices: - - enable - - disable - ssh: - description: - - Enable/disable SSH logging. - type: str - choices: - - enable - - disable - voip: - description: - - Enable/disable VoIP logging. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Override filters for FortiAnalyzer. - fortios_log_fortianalyzer_override_filter: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_fortianalyzer_override_filter: - anomaly: "enable" - dlp_archive: "enable" - dns: "enable" - filter: "" - filter_type: "include" - forward_traffic: "enable" - gtp: "enable" - local_traffic: "enable" - multicast_traffic: "enable" - netscan_discovery: "" - netscan_vulnerability: "" - severity: "emergency" - sniffer_traffic: "enable" - ssh: "enable" - voip: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_fortianalyzer_override_filter_data(json): - option_list = ['anomaly', 'dlp_archive', 'dns', - 'filter', 'filter_type', 'forward_traffic', - 'gtp', 'local_traffic', 'multicast_traffic', - 'netscan_discovery', 'netscan_vulnerability', 'severity', - 'sniffer_traffic', 'ssh', 'voip'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_fortianalyzer_override_filter(data, fos): - vdom = data['vdom'] - log_fortianalyzer_override_filter_data = data['log_fortianalyzer_override_filter'] - filtered_data = underscore_to_hyphen(filter_log_fortianalyzer_override_filter_data(log_fortianalyzer_override_filter_data)) - - return fos.set('log.fortianalyzer', - 'override-filter', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_fortianalyzer(data, fos): - - if data['log_fortianalyzer_override_filter']: - resp = log_fortianalyzer_override_filter(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_fortianalyzer_override_filter": { - "required": False, "type": "dict", "default": None, - "options": { - "anomaly": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dlp_archive": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dns": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "filter": {"required": False, "type": "str"}, - "filter_type": {"required": False, "type": "str", - "choices": ["include", "exclude"]}, - "forward_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gtp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "multicast_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "netscan_discovery": {"required": False, "type": "str"}, - "netscan_vulnerability": {"required": False, "type": "str"}, - "severity": {"required": False, "type": "str", - "choices": ["emergency", "alert", "critical", - "error", "warning", "notification", - "information", "debug"]}, - "sniffer_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssh": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "voip": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_override_setting.py b/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_override_setting.py deleted file mode 100644 index 16898929656..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_override_setting.py +++ /dev/null @@ -1,465 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_fortianalyzer_override_setting -short_description: Override FortiAnalyzer settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_fortianalyzer feature and override_setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_fortianalyzer_override_setting: - description: - - Override FortiAnalyzer settings. - default: null - type: dict - suboptions: - __change_ip: - description: - - Hidden attribute. - type: int - certificate: - description: - - Certificate used to communicate with FortiAnalyzer. Source certificate.local.name. - type: str - conn_timeout: - description: - - FortiAnalyzer connection time-out in seconds (for status and log buffer). - type: int - enc_algorithm: - description: - - Enable/disable sending FortiAnalyzer log data with SSL encryption. - type: str - choices: - - high-medium - - high - - low - faz_type: - description: - - Hidden setting index of FortiAnalyzer. - type: int - hmac_algorithm: - description: - - FortiAnalyzer IPsec tunnel HMAC algorithm. - type: str - choices: - - sha256 - - sha1 - ips_archive: - description: - - Enable/disable IPS packet archive logging. - type: str - choices: - - enable - - disable - mgmt_name: - description: - - Hidden management name of FortiAnalyzer. - type: str - monitor_failure_retry_period: - description: - - Time between FortiAnalyzer connection retries in seconds (for status and log buffer). - type: int - monitor_keepalive_period: - description: - - Time between OFTP keepalives in seconds (for status and log buffer). - type: int - override: - description: - - Enable/disable overriding FortiAnalyzer settings or use global settings. - type: str - choices: - - enable - - disable - reliable: - description: - - Enable/disable reliable logging to FortiAnalyzer. - type: str - choices: - - enable - - disable - server: - description: - - The remote FortiAnalyzer. - type: str - source_ip: - description: - - Source IPv4 or IPv6 address used to communicate with FortiAnalyzer. - type: str - ssl_min_proto_version: - description: - - Minimum supported protocol version for SSL/TLS connections . - type: str - choices: - - default - - SSLv3 - - TLSv1 - - TLSv1-1 - - TLSv1-2 - status: - description: - - Enable/disable logging to FortiAnalyzer. - type: str - choices: - - enable - - disable - upload_day: - description: - - Day of week (month) to upload logs. - type: str - upload_interval: - description: - - Frequency to upload log files to FortiAnalyzer. - type: str - choices: - - daily - - weekly - - monthly - upload_option: - description: - - Enable/disable logging to hard disk and then uploading to FortiAnalyzer. - type: str - choices: - - store-and-upload - - realtime - - 1-minute - - 5-minute - upload_time: - description: - - "Time to upload logs (hh:mm)." - type: str - use_management_vdom: - description: - - Enable/disable use of management VDOM IP address as source IP for logs sent to FortiAnalyzer. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Override FortiAnalyzer settings. - fortios_log_fortianalyzer_override_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_fortianalyzer_override_setting: - __change_ip: "3" - certificate: " (source certificate.local.name)" - conn_timeout: "5" - enc_algorithm: "high-medium" - faz_type: "7" - hmac_algorithm: "sha256" - ips_archive: "enable" - mgmt_name: "" - monitor_failure_retry_period: "11" - monitor_keepalive_period: "12" - override: "enable" - reliable: "enable" - server: "192.168.100.40" - source_ip: "84.230.14.43" - ssl_min_proto_version: "default" - status: "enable" - upload_day: "" - upload_interval: "daily" - upload_option: "store-and-upload" - upload_time: "" - use_management_vdom: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_fortianalyzer_override_setting_data(json): - option_list = ['__change_ip', 'certificate', 'conn_timeout', - 'enc_algorithm', 'faz_type', 'hmac_algorithm', - 'ips_archive', 'mgmt_name', 'monitor_failure_retry_period', - 'monitor_keepalive_period', 'override', 'reliable', - 'server', 'source_ip', 'ssl_min_proto_version', - 'status', 'upload_day', 'upload_interval', - 'upload_option', 'upload_time', 'use_management_vdom'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_fortianalyzer_override_setting(data, fos): - vdom = data['vdom'] - log_fortianalyzer_override_setting_data = data['log_fortianalyzer_override_setting'] - filtered_data = underscore_to_hyphen(filter_log_fortianalyzer_override_setting_data(log_fortianalyzer_override_setting_data)) - - return fos.set('log.fortianalyzer', - 'override-setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_fortianalyzer(data, fos): - - if data['log_fortianalyzer_override_setting']: - resp = log_fortianalyzer_override_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_fortianalyzer_override_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "__change_ip": {"required": False, "type": "int"}, - "certificate": {"required": False, "type": "str"}, - "conn_timeout": {"required": False, "type": "int"}, - "enc_algorithm": {"required": False, "type": "str", - "choices": ["high-medium", "high", "low"]}, - "faz_type": {"required": False, "type": "int"}, - "hmac_algorithm": {"required": False, "type": "str", - "choices": ["sha256", "sha1"]}, - "ips_archive": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "mgmt_name": {"required": False, "type": "str"}, - "monitor_failure_retry_period": {"required": False, "type": "int"}, - "monitor_keepalive_period": {"required": False, "type": "int"}, - "override": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "reliable": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "server": {"required": False, "type": "str"}, - "source_ip": {"required": False, "type": "str"}, - "ssl_min_proto_version": {"required": False, "type": "str", - "choices": ["default", "SSLv3", "TLSv1", - "TLSv1-1", "TLSv1-2"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "upload_day": {"required": False, "type": "str"}, - "upload_interval": {"required": False, "type": "str", - "choices": ["daily", "weekly", "monthly"]}, - "upload_option": {"required": False, "type": "str", - "choices": ["store-and-upload", "realtime", "1-minute", - "5-minute"]}, - "upload_time": {"required": False, "type": "str"}, - "use_management_vdom": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_setting.py b/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_setting.py deleted file mode 100644 index 052ff59a712..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_fortianalyzer_setting.py +++ /dev/null @@ -1,445 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_fortianalyzer_setting -short_description: Global FortiAnalyzer settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_fortianalyzer feature and setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_fortianalyzer_setting: - description: - - Global FortiAnalyzer settings. - default: null - type: dict - suboptions: - __change_ip: - description: - - Hidden attribute. - type: int - certificate: - description: - - Certificate used to communicate with FortiAnalyzer. Source certificate.local.name. - type: str - conn_timeout: - description: - - FortiAnalyzer connection time-out in seconds (for status and log buffer). - type: int - enc_algorithm: - description: - - Enable/disable sending FortiAnalyzer log data with SSL encryption. - type: str - choices: - - high-medium - - high - - low - faz_type: - description: - - Hidden setting index of FortiAnalyzer. - type: int - hmac_algorithm: - description: - - FortiAnalyzer IPsec tunnel HMAC algorithm. - type: str - choices: - - sha256 - - sha1 - ips_archive: - description: - - Enable/disable IPS packet archive logging. - type: str - choices: - - enable - - disable - mgmt_name: - description: - - Hidden management name of FortiAnalyzer. - type: str - monitor_failure_retry_period: - description: - - Time between FortiAnalyzer connection retries in seconds (for status and log buffer). - type: int - monitor_keepalive_period: - description: - - Time between OFTP keepalives in seconds (for status and log buffer). - type: int - reliable: - description: - - Enable/disable reliable logging to FortiAnalyzer. - type: str - choices: - - enable - - disable - server: - description: - - The remote FortiAnalyzer. - type: str - source_ip: - description: - - Source IPv4 or IPv6 address used to communicate with FortiAnalyzer. - type: str - ssl_min_proto_version: - description: - - Minimum supported protocol version for SSL/TLS connections . - type: str - choices: - - default - - SSLv3 - - TLSv1 - - TLSv1-1 - - TLSv1-2 - status: - description: - - Enable/disable logging to FortiAnalyzer. - type: str - choices: - - enable - - disable - upload_day: - description: - - Day of week (month) to upload logs. - type: str - upload_interval: - description: - - Frequency to upload log files to FortiAnalyzer. - type: str - choices: - - daily - - weekly - - monthly - upload_option: - description: - - Enable/disable logging to hard disk and then uploading to FortiAnalyzer. - type: str - choices: - - store-and-upload - - realtime - - 1-minute - - 5-minute - upload_time: - description: - - "Time to upload logs (hh:mm)." - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Global FortiAnalyzer settings. - fortios_log_fortianalyzer_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_fortianalyzer_setting: - __change_ip: "3" - certificate: " (source certificate.local.name)" - conn_timeout: "5" - enc_algorithm: "high-medium" - faz_type: "7" - hmac_algorithm: "sha256" - ips_archive: "enable" - mgmt_name: "" - monitor_failure_retry_period: "11" - monitor_keepalive_period: "12" - reliable: "enable" - server: "192.168.100.40" - source_ip: "84.230.14.43" - ssl_min_proto_version: "default" - status: "enable" - upload_day: "" - upload_interval: "daily" - upload_option: "store-and-upload" - upload_time: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_fortianalyzer_setting_data(json): - option_list = ['__change_ip', 'certificate', 'conn_timeout', - 'enc_algorithm', 'faz_type', 'hmac_algorithm', - 'ips_archive', 'mgmt_name', 'monitor_failure_retry_period', - 'monitor_keepalive_period', 'reliable', 'server', - 'source_ip', 'ssl_min_proto_version', 'status', - 'upload_day', 'upload_interval', 'upload_option', - 'upload_time'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_fortianalyzer_setting(data, fos): - vdom = data['vdom'] - log_fortianalyzer_setting_data = data['log_fortianalyzer_setting'] - filtered_data = underscore_to_hyphen(filter_log_fortianalyzer_setting_data(log_fortianalyzer_setting_data)) - - return fos.set('log.fortianalyzer', - 'setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_fortianalyzer(data, fos): - - if data['log_fortianalyzer_setting']: - resp = log_fortianalyzer_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_fortianalyzer_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "__change_ip": {"required": False, "type": "int"}, - "certificate": {"required": False, "type": "str"}, - "conn_timeout": {"required": False, "type": "int"}, - "enc_algorithm": {"required": False, "type": "str", - "choices": ["high-medium", "high", "low"]}, - "faz_type": {"required": False, "type": "int"}, - "hmac_algorithm": {"required": False, "type": "str", - "choices": ["sha256", "sha1"]}, - "ips_archive": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "mgmt_name": {"required": False, "type": "str"}, - "monitor_failure_retry_period": {"required": False, "type": "int"}, - "monitor_keepalive_period": {"required": False, "type": "int"}, - "reliable": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "server": {"required": False, "type": "str"}, - "source_ip": {"required": False, "type": "str"}, - "ssl_min_proto_version": {"required": False, "type": "str", - "choices": ["default", "SSLv3", "TLSv1", - "TLSv1-1", "TLSv1-2"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "upload_day": {"required": False, "type": "str"}, - "upload_interval": {"required": False, "type": "str", - "choices": ["daily", "weekly", "monthly"]}, - "upload_option": {"required": False, "type": "str", - "choices": ["store-and-upload", "realtime", "1-minute", - "5-minute"]}, - "upload_time": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_fortianalyzer(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_fortiguard_filter.py b/lib/ansible/modules/network/fortios/fortios_log_fortiguard_filter.py deleted file mode 100644 index 0cc28849d50..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_fortiguard_filter.py +++ /dev/null @@ -1,434 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_fortiguard_filter -short_description: Filters for FortiCloud in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_fortiguard feature and filter category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_fortiguard_filter: - description: - - Filters for FortiCloud. - default: null - type: dict - suboptions: - anomaly: - description: - - Enable/disable anomaly logging. - type: str - choices: - - enable - - disable - dlp_archive: - description: - - Enable/disable DLP archive logging. - type: str - choices: - - enable - - disable - dns: - description: - - Enable/disable detailed DNS event logging. - type: str - choices: - - enable - - disable - filter: - description: - - FortiCloud log filter. - type: str - filter_type: - description: - - Include/exclude logs that match the filter. - type: str - choices: - - include - - exclude - forward_traffic: - description: - - Enable/disable forward traffic logging. - type: str - choices: - - enable - - disable - gtp: - description: - - Enable/disable GTP messages logging. - type: str - choices: - - enable - - disable - local_traffic: - description: - - Enable/disable local in or out traffic logging. - type: str - choices: - - enable - - disable - multicast_traffic: - description: - - Enable/disable multicast traffic logging. - type: str - choices: - - enable - - disable - netscan_discovery: - description: - - Enable/disable netscan discovery event logging. - type: str - netscan_vulnerability: - description: - - Enable/disable netscan vulnerability event logging. - type: str - severity: - description: - - Lowest severity level to log. - type: str - choices: - - emergency - - alert - - critical - - error - - warning - - notification - - information - - debug - sniffer_traffic: - description: - - Enable/disable sniffer traffic logging. - type: str - choices: - - enable - - disable - ssh: - description: - - Enable/disable SSH logging. - type: str - choices: - - enable - - disable - voip: - description: - - Enable/disable VoIP logging. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Filters for FortiCloud. - fortios_log_fortiguard_filter: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_fortiguard_filter: - anomaly: "enable" - dlp_archive: "enable" - dns: "enable" - filter: "" - filter_type: "include" - forward_traffic: "enable" - gtp: "enable" - local_traffic: "enable" - multicast_traffic: "enable" - netscan_discovery: "" - netscan_vulnerability: "" - severity: "emergency" - sniffer_traffic: "enable" - ssh: "enable" - voip: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_fortiguard_filter_data(json): - option_list = ['anomaly', 'dlp_archive', 'dns', - 'filter', 'filter_type', 'forward_traffic', - 'gtp', 'local_traffic', 'multicast_traffic', - 'netscan_discovery', 'netscan_vulnerability', 'severity', - 'sniffer_traffic', 'ssh', 'voip'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_fortiguard_filter(data, fos): - vdom = data['vdom'] - log_fortiguard_filter_data = data['log_fortiguard_filter'] - filtered_data = underscore_to_hyphen(filter_log_fortiguard_filter_data(log_fortiguard_filter_data)) - - return fos.set('log.fortiguard', - 'filter', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_fortiguard(data, fos): - - if data['log_fortiguard_filter']: - resp = log_fortiguard_filter(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_fortiguard_filter": { - "required": False, "type": "dict", "default": None, - "options": { - "anomaly": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dlp_archive": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dns": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "filter": {"required": False, "type": "str"}, - "filter_type": {"required": False, "type": "str", - "choices": ["include", "exclude"]}, - "forward_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gtp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "multicast_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "netscan_discovery": {"required": False, "type": "str"}, - "netscan_vulnerability": {"required": False, "type": "str"}, - "severity": {"required": False, "type": "str", - "choices": ["emergency", "alert", "critical", - "error", "warning", "notification", - "information", "debug"]}, - "sniffer_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssh": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "voip": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_fortiguard(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_fortiguard(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_fortiguard_override_filter.py b/lib/ansible/modules/network/fortios/fortios_log_fortiguard_override_filter.py deleted file mode 100644 index 405de1104c2..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_fortiguard_override_filter.py +++ /dev/null @@ -1,434 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_fortiguard_override_filter -short_description: Override filters for FortiCloud in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_fortiguard feature and override_filter category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_fortiguard_override_filter: - description: - - Override filters for FortiCloud. - default: null - type: dict - suboptions: - anomaly: - description: - - Enable/disable anomaly logging. - type: str - choices: - - enable - - disable - dlp_archive: - description: - - Enable/disable DLP archive logging. - type: str - choices: - - enable - - disable - dns: - description: - - Enable/disable detailed DNS event logging. - type: str - choices: - - enable - - disable - filter: - description: - - FortiCloud log filter. - type: str - filter_type: - description: - - Include/exclude logs that match the filter. - type: str - choices: - - include - - exclude - forward_traffic: - description: - - Enable/disable forward traffic logging. - type: str - choices: - - enable - - disable - gtp: - description: - - Enable/disable GTP messages logging. - type: str - choices: - - enable - - disable - local_traffic: - description: - - Enable/disable local in or out traffic logging. - type: str - choices: - - enable - - disable - multicast_traffic: - description: - - Enable/disable multicast traffic logging. - type: str - choices: - - enable - - disable - netscan_discovery: - description: - - Enable/disable netscan discovery event logging. - type: str - netscan_vulnerability: - description: - - Enable/disable netscan vulnerability event logging. - type: str - severity: - description: - - Lowest severity level to log. - type: str - choices: - - emergency - - alert - - critical - - error - - warning - - notification - - information - - debug - sniffer_traffic: - description: - - Enable/disable sniffer traffic logging. - type: str - choices: - - enable - - disable - ssh: - description: - - Enable/disable SSH logging. - type: str - choices: - - enable - - disable - voip: - description: - - Enable/disable VoIP logging. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Override filters for FortiCloud. - fortios_log_fortiguard_override_filter: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_fortiguard_override_filter: - anomaly: "enable" - dlp_archive: "enable" - dns: "enable" - filter: "" - filter_type: "include" - forward_traffic: "enable" - gtp: "enable" - local_traffic: "enable" - multicast_traffic: "enable" - netscan_discovery: "" - netscan_vulnerability: "" - severity: "emergency" - sniffer_traffic: "enable" - ssh: "enable" - voip: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_fortiguard_override_filter_data(json): - option_list = ['anomaly', 'dlp_archive', 'dns', - 'filter', 'filter_type', 'forward_traffic', - 'gtp', 'local_traffic', 'multicast_traffic', - 'netscan_discovery', 'netscan_vulnerability', 'severity', - 'sniffer_traffic', 'ssh', 'voip'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_fortiguard_override_filter(data, fos): - vdom = data['vdom'] - log_fortiguard_override_filter_data = data['log_fortiguard_override_filter'] - filtered_data = underscore_to_hyphen(filter_log_fortiguard_override_filter_data(log_fortiguard_override_filter_data)) - - return fos.set('log.fortiguard', - 'override-filter', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_fortiguard(data, fos): - - if data['log_fortiguard_override_filter']: - resp = log_fortiguard_override_filter(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_fortiguard_override_filter": { - "required": False, "type": "dict", "default": None, - "options": { - "anomaly": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dlp_archive": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dns": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "filter": {"required": False, "type": "str"}, - "filter_type": {"required": False, "type": "str", - "choices": ["include", "exclude"]}, - "forward_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gtp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "multicast_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "netscan_discovery": {"required": False, "type": "str"}, - "netscan_vulnerability": {"required": False, "type": "str"}, - "severity": {"required": False, "type": "str", - "choices": ["emergency", "alert", "critical", - "error", "warning", "notification", - "information", "debug"]}, - "sniffer_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssh": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "voip": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_fortiguard(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_fortiguard(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_fortiguard_override_setting.py b/lib/ansible/modules/network/fortios/fortios_log_fortiguard_override_setting.py deleted file mode 100644 index 4c324ec3480..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_fortiguard_override_setting.py +++ /dev/null @@ -1,341 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_fortiguard_override_setting -short_description: Override global FortiCloud logging settings for this VDOM in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_fortiguard feature and override_setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_fortiguard_override_setting: - description: - - Override global FortiCloud logging settings for this VDOM. - default: null - type: dict - suboptions: - override: - description: - - Overriding FortiCloud settings for this VDOM or use global settings. - type: str - choices: - - enable - - disable - status: - description: - - Enable/disable logging to FortiCloud. - type: str - choices: - - enable - - disable - upload_day: - description: - - Day of week to roll logs. - type: str - upload_interval: - description: - - Frequency of uploading log files to FortiCloud. - type: str - choices: - - daily - - weekly - - monthly - upload_option: - description: - - Configure how log messages are sent to FortiCloud. - type: str - choices: - - store-and-upload - - realtime - - 1-minute - - 5-minute - upload_time: - description: - - "Time of day to roll logs (hh:mm)." - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Override global FortiCloud logging settings for this VDOM. - fortios_log_fortiguard_override_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_fortiguard_override_setting: - override: "enable" - status: "enable" - upload_day: "" - upload_interval: "daily" - upload_option: "store-and-upload" - upload_time: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_fortiguard_override_setting_data(json): - option_list = ['override', 'status', 'upload_day', - 'upload_interval', 'upload_option', 'upload_time'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_fortiguard_override_setting(data, fos): - vdom = data['vdom'] - log_fortiguard_override_setting_data = data['log_fortiguard_override_setting'] - filtered_data = underscore_to_hyphen(filter_log_fortiguard_override_setting_data(log_fortiguard_override_setting_data)) - - return fos.set('log.fortiguard', - 'override-setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_fortiguard(data, fos): - - if data['log_fortiguard_override_setting']: - resp = log_fortiguard_override_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_fortiguard_override_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "override": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "upload_day": {"required": False, "type": "str"}, - "upload_interval": {"required": False, "type": "str", - "choices": ["daily", "weekly", "monthly"]}, - "upload_option": {"required": False, "type": "str", - "choices": ["store-and-upload", "realtime", "1-minute", - "5-minute"]}, - "upload_time": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_fortiguard(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_fortiguard(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_fortiguard_setting.py b/lib/ansible/modules/network/fortios/fortios_log_fortiguard_setting.py deleted file mode 100644 index 7fb52602129..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_fortiguard_setting.py +++ /dev/null @@ -1,363 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_fortiguard_setting -short_description: Configure logging to FortiCloud in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_fortiguard feature and setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_fortiguard_setting: - description: - - Configure logging to FortiCloud. - default: null - type: dict - suboptions: - enc_algorithm: - description: - - Enable and set the SSL security level for for sending encrypted logs to FortiCloud. - type: str - choices: - - high-medium - - high - - low - source_ip: - description: - - Source IP address used to connect FortiCloud. - type: str - ssl_min_proto_version: - description: - - Minimum supported protocol version for SSL/TLS connections . - type: str - choices: - - default - - SSLv3 - - TLSv1 - - TLSv1-1 - - TLSv1-2 - status: - description: - - Enable/disable logging to FortiCloud. - type: str - choices: - - enable - - disable - upload_day: - description: - - Day of week to roll logs. - type: str - upload_interval: - description: - - Frequency of uploading log files to FortiCloud. - type: str - choices: - - daily - - weekly - - monthly - upload_option: - description: - - Configure how log messages are sent to FortiCloud. - type: str - choices: - - store-and-upload - - realtime - - 1-minute - - 5-minute - upload_time: - description: - - "Time of day to roll logs (hh:mm)." - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure logging to FortiCloud. - fortios_log_fortiguard_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_fortiguard_setting: - enc_algorithm: "high-medium" - source_ip: "84.230.14.43" - ssl_min_proto_version: "default" - status: "enable" - upload_day: "" - upload_interval: "daily" - upload_option: "store-and-upload" - upload_time: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_fortiguard_setting_data(json): - option_list = ['enc_algorithm', 'source_ip', 'ssl_min_proto_version', - 'status', 'upload_day', 'upload_interval', - 'upload_option', 'upload_time'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_fortiguard_setting(data, fos): - vdom = data['vdom'] - log_fortiguard_setting_data = data['log_fortiguard_setting'] - filtered_data = underscore_to_hyphen(filter_log_fortiguard_setting_data(log_fortiguard_setting_data)) - - return fos.set('log.fortiguard', - 'setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_fortiguard(data, fos): - - if data['log_fortiguard_setting']: - resp = log_fortiguard_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_fortiguard_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "enc_algorithm": {"required": False, "type": "str", - "choices": ["high-medium", "high", "low"]}, - "source_ip": {"required": False, "type": "str"}, - "ssl_min_proto_version": {"required": False, "type": "str", - "choices": ["default", "SSLv3", "TLSv1", - "TLSv1-1", "TLSv1-2"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "upload_day": {"required": False, "type": "str"}, - "upload_interval": {"required": False, "type": "str", - "choices": ["daily", "weekly", "monthly"]}, - "upload_option": {"required": False, "type": "str", - "choices": ["store-and-upload", "realtime", "1-minute", - "5-minute"]}, - "upload_time": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_fortiguard(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_fortiguard(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_gui_display.py b/lib/ansible/modules/network/fortios/fortios_log_gui_display.py deleted file mode 100644 index 3c2c181baea..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_gui_display.py +++ /dev/null @@ -1,314 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_gui_display -short_description: Configure how log messages are displayed on the GUI in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log feature and gui_display category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_gui_display: - description: - - Configure how log messages are displayed on the GUI. - default: null - type: dict - suboptions: - fortiview_unscanned_apps: - description: - - Enable/disable showing unscanned traffic in FortiView application charts. - type: str - choices: - - enable - - disable - resolve_apps: - description: - - Resolve unknown applications on the GUI using Fortinet's remote application database. - type: str - choices: - - enable - - disable - resolve_hosts: - description: - - Enable/disable resolving IP addresses to hostname in log messages on the GUI using reverse DNS lookup - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure how log messages are displayed on the GUI. - fortios_log_gui_display: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_gui_display: - fortiview_unscanned_apps: "enable" - resolve_apps: "enable" - resolve_hosts: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_gui_display_data(json): - option_list = ['fortiview_unscanned_apps', 'resolve_apps', 'resolve_hosts'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_gui_display(data, fos): - vdom = data['vdom'] - log_gui_display_data = data['log_gui_display'] - filtered_data = underscore_to_hyphen(filter_log_gui_display_data(log_gui_display_data)) - - return fos.set('log', - 'gui-display', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log(data, fos): - - if data['log_gui_display']: - resp = log_gui_display(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_gui_display": { - "required": False, "type": "dict", "default": None, - "options": { - "fortiview_unscanned_apps": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "resolve_apps": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "resolve_hosts": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_memory_filter.py b/lib/ansible/modules/network/fortios/fortios_log_memory_filter.py deleted file mode 100644 index 63d260db4ca..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_memory_filter.py +++ /dev/null @@ -1,610 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_memory_filter -short_description: Filters for memory buffer in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_memory feature and filter category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_memory_filter: - description: - - Filters for memory buffer. - default: null - type: dict - suboptions: - admin: - description: - - Enable/disable admin login/logout logging. - type: str - choices: - - enable - - disable - anomaly: - description: - - Enable/disable anomaly logging. - type: str - choices: - - enable - - disable - auth: - description: - - Enable/disable firewall authentication logging. - type: str - choices: - - enable - - disable - cpu_memory_usage: - description: - - Enable/disable CPU & memory usage logging every 5 minutes. - type: str - choices: - - enable - - disable - dhcp: - description: - - Enable/disable DHCP service messages logging. - type: str - choices: - - enable - - disable - dns: - description: - - Enable/disable detailed DNS event logging. - type: str - choices: - - enable - - disable - event: - description: - - Enable/disable event logging. - type: str - choices: - - enable - - disable - filter: - description: - - Memory log filter. - type: str - filter_type: - description: - - Include/exclude logs that match the filter. - type: str - choices: - - include - - exclude - forward_traffic: - description: - - Enable/disable forward traffic logging. - type: str - choices: - - enable - - disable - gtp: - description: - - Enable/disable GTP messages logging. - type: str - choices: - - enable - - disable - ha: - description: - - Enable/disable HA logging. - type: str - choices: - - enable - - disable - ipsec: - description: - - Enable/disable IPsec negotiation messages logging. - type: str - choices: - - enable - - disable - ldb_monitor: - description: - - Enable/disable VIP real server health monitoring logging. - type: str - choices: - - enable - - disable - local_traffic: - description: - - Enable/disable local in or out traffic logging. - type: str - choices: - - enable - - disable - multicast_traffic: - description: - - Enable/disable multicast traffic logging. - type: str - choices: - - enable - - disable - netscan_discovery: - description: - - Enable/disable netscan discovery event logging. - type: str - netscan_vulnerability: - description: - - Enable/disable netscan vulnerability event logging. - type: str - pattern: - description: - - Enable/disable pattern update logging. - type: str - choices: - - enable - - disable - ppp: - description: - - Enable/disable L2TP/PPTP/PPPoE logging. - type: str - choices: - - enable - - disable - radius: - description: - - Enable/disable RADIUS messages logging. - type: str - choices: - - enable - - disable - severity: - description: - - Log every message above and including this severity level. - type: str - choices: - - emergency - - alert - - critical - - error - - warning - - notification - - information - - debug - sniffer_traffic: - description: - - Enable/disable sniffer traffic logging. - type: str - choices: - - enable - - disable - ssh: - description: - - Enable/disable SSH logging. - type: str - choices: - - enable - - disable - sslvpn_log_adm: - description: - - Enable/disable SSL administrator login logging. - type: str - choices: - - enable - - disable - sslvpn_log_auth: - description: - - Enable/disable SSL user authentication logging. - type: str - choices: - - enable - - disable - sslvpn_log_session: - description: - - Enable/disable SSL session logging. - type: str - choices: - - enable - - disable - system: - description: - - Enable/disable system activity logging. - type: str - choices: - - enable - - disable - vip_ssl: - description: - - Enable/disable VIP SSL logging. - type: str - choices: - - enable - - disable - voip: - description: - - Enable/disable VoIP logging. - type: str - choices: - - enable - - disable - wan_opt: - description: - - Enable/disable WAN optimization event logging. - type: str - choices: - - enable - - disable - wireless_activity: - description: - - Enable/disable wireless activity event logging. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Filters for memory buffer. - fortios_log_memory_filter: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_memory_filter: - admin: "enable" - anomaly: "enable" - auth: "enable" - cpu_memory_usage: "enable" - dhcp: "enable" - dns: "enable" - event: "enable" - filter: "" - filter_type: "include" - forward_traffic: "enable" - gtp: "enable" - ha: "enable" - ipsec: "enable" - ldb_monitor: "enable" - local_traffic: "enable" - multicast_traffic: "enable" - netscan_discovery: "" - netscan_vulnerability: "" - pattern: "enable" - ppp: "enable" - radius: "enable" - severity: "emergency" - sniffer_traffic: "enable" - ssh: "enable" - sslvpn_log_adm: "enable" - sslvpn_log_auth: "enable" - sslvpn_log_session: "enable" - system: "enable" - vip_ssl: "enable" - voip: "enable" - wan_opt: "enable" - wireless_activity: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_memory_filter_data(json): - option_list = ['admin', 'anomaly', 'auth', - 'cpu_memory_usage', 'dhcp', 'dns', - 'event', 'filter', 'filter_type', - 'forward_traffic', 'gtp', 'ha', - 'ipsec', 'ldb_monitor', 'local_traffic', - 'multicast_traffic', 'netscan_discovery', 'netscan_vulnerability', - 'pattern', 'ppp', 'radius', - 'severity', 'sniffer_traffic', 'ssh', - 'sslvpn_log_adm', 'sslvpn_log_auth', 'sslvpn_log_session', - 'system', 'vip_ssl', 'voip', - 'wan_opt', 'wireless_activity'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_memory_filter(data, fos): - vdom = data['vdom'] - log_memory_filter_data = data['log_memory_filter'] - filtered_data = underscore_to_hyphen(filter_log_memory_filter_data(log_memory_filter_data)) - - return fos.set('log.memory', - 'filter', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_memory(data, fos): - - if data['log_memory_filter']: - resp = log_memory_filter(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_memory_filter": { - "required": False, "type": "dict", "default": None, - "options": { - "admin": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "anomaly": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "auth": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "cpu_memory_usage": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dhcp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dns": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "event": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "filter": {"required": False, "type": "str"}, - "filter_type": {"required": False, "type": "str", - "choices": ["include", "exclude"]}, - "forward_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gtp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ha": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ipsec": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ldb_monitor": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "multicast_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "netscan_discovery": {"required": False, "type": "str"}, - "netscan_vulnerability": {"required": False, "type": "str"}, - "pattern": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ppp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "radius": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "severity": {"required": False, "type": "str", - "choices": ["emergency", "alert", "critical", - "error", "warning", "notification", - "information", "debug"]}, - "sniffer_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssh": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sslvpn_log_adm": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sslvpn_log_auth": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sslvpn_log_session": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "system": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "vip_ssl": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "voip": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "wan_opt": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "wireless_activity": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_memory(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_memory(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_memory_global_setting.py b/lib/ansible/modules/network/fortios/fortios_log_memory_global_setting.py deleted file mode 100644 index d8c4e87f259..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_memory_global_setting.py +++ /dev/null @@ -1,309 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_memory_global_setting -short_description: Global settings for memory logging in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_memory feature and global_setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_memory_global_setting: - description: - - Global settings for memory logging. - default: null - type: dict - suboptions: - full_final_warning_threshold: - description: - - Log full final warning threshold as a percent (3 - 100). - type: int - full_first_warning_threshold: - description: - - Log full first warning threshold as a percent (1 - 98). - type: int - full_second_warning_threshold: - description: - - Log full second warning threshold as a percent (2 - 99). - type: int - max_size: - description: - - Maximum amount of memory that can be used for memory logging in bytes. - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Global settings for memory logging. - fortios_log_memory_global_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_memory_global_setting: - full_final_warning_threshold: "3" - full_first_warning_threshold: "4" - full_second_warning_threshold: "5" - max_size: "6" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_memory_global_setting_data(json): - option_list = ['full_final_warning_threshold', 'full_first_warning_threshold', 'full_second_warning_threshold', - 'max_size'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_memory_global_setting(data, fos): - vdom = data['vdom'] - log_memory_global_setting_data = data['log_memory_global_setting'] - filtered_data = underscore_to_hyphen(filter_log_memory_global_setting_data(log_memory_global_setting_data)) - - return fos.set('log.memory', - 'global-setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_memory(data, fos): - - if data['log_memory_global_setting']: - resp = log_memory_global_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_memory_global_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "full_final_warning_threshold": {"required": False, "type": "int"}, - "full_first_warning_threshold": {"required": False, "type": "int"}, - "full_second_warning_threshold": {"required": False, "type": "int"}, - "max_size": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_memory(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_memory(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_memory_setting.py b/lib/ansible/modules/network/fortios/fortios_log_memory_setting.py deleted file mode 100644 index 398917ec2d7..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_memory_setting.py +++ /dev/null @@ -1,303 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_memory_setting -short_description: Settings for memory buffer in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_memory feature and setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_memory_setting: - description: - - Settings for memory buffer. - default: null - type: dict - suboptions: - diskfull: - description: - - Action to take when memory is full. - type: str - choices: - - overwrite - status: - description: - - Enable/disable logging to the FortiGate's memory. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Settings for memory buffer. - fortios_log_memory_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_memory_setting: - diskfull: "overwrite" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_memory_setting_data(json): - option_list = ['diskfull', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_memory_setting(data, fos): - vdom = data['vdom'] - log_memory_setting_data = data['log_memory_setting'] - filtered_data = underscore_to_hyphen(filter_log_memory_setting_data(log_memory_setting_data)) - - return fos.set('log.memory', - 'setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_memory(data, fos): - - if data['log_memory_setting']: - resp = log_memory_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_memory_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "diskfull": {"required": False, "type": "str", - "choices": ["overwrite"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_memory(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_memory(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_null_device_filter.py b/lib/ansible/modules/network/fortios/fortios_log_null_device_filter.py deleted file mode 100644 index a540bfa13c8..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_null_device_filter.py +++ /dev/null @@ -1,424 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_null_device_filter -short_description: Filters for null device logging in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_null_device feature and filter category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_null_device_filter: - description: - - Filters for null device logging. - default: null - type: dict - suboptions: - anomaly: - description: - - Enable/disable anomaly logging. - type: str - choices: - - enable - - disable - dns: - description: - - Enable/disable detailed DNS event logging. - type: str - choices: - - enable - - disable - filter: - description: - - Null-device log filter. - type: str - filter_type: - description: - - Include/exclude logs that match the filter. - type: str - choices: - - include - - exclude - forward_traffic: - description: - - Enable/disable forward traffic logging. - type: str - choices: - - enable - - disable - gtp: - description: - - Enable/disable GTP messages logging. - type: str - choices: - - enable - - disable - local_traffic: - description: - - Enable/disable local in or out traffic logging. - type: str - choices: - - enable - - disable - multicast_traffic: - description: - - Enable/disable multicast traffic logging. - type: str - choices: - - enable - - disable - netscan_discovery: - description: - - Enable/disable netscan discovery event logging. - type: str - netscan_vulnerability: - description: - - Enable/disable netscan vulnerability event logging. - type: str - severity: - description: - - Lowest severity level to log. - type: str - choices: - - emergency - - alert - - critical - - error - - warning - - notification - - information - - debug - sniffer_traffic: - description: - - Enable/disable sniffer traffic logging. - type: str - choices: - - enable - - disable - ssh: - description: - - Enable/disable SSH logging. - type: str - choices: - - enable - - disable - voip: - description: - - Enable/disable VoIP logging. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Filters for null device logging. - fortios_log_null_device_filter: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_null_device_filter: - anomaly: "enable" - dns: "enable" - filter: "" - filter_type: "include" - forward_traffic: "enable" - gtp: "enable" - local_traffic: "enable" - multicast_traffic: "enable" - netscan_discovery: "" - netscan_vulnerability: "" - severity: "emergency" - sniffer_traffic: "enable" - ssh: "enable" - voip: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_null_device_filter_data(json): - option_list = ['anomaly', 'dns', 'filter', - 'filter_type', 'forward_traffic', 'gtp', - 'local_traffic', 'multicast_traffic', 'netscan_discovery', - 'netscan_vulnerability', 'severity', 'sniffer_traffic', - 'ssh', 'voip'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_null_device_filter(data, fos): - vdom = data['vdom'] - log_null_device_filter_data = data['log_null_device_filter'] - filtered_data = underscore_to_hyphen(filter_log_null_device_filter_data(log_null_device_filter_data)) - - return fos.set('log.null-device', - 'filter', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_null_device(data, fos): - - if data['log_null_device_filter']: - resp = log_null_device_filter(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_null_device_filter": { - "required": False, "type": "dict", "default": None, - "options": { - "anomaly": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dns": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "filter": {"required": False, "type": "str"}, - "filter_type": {"required": False, "type": "str", - "choices": ["include", "exclude"]}, - "forward_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gtp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "multicast_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "netscan_discovery": {"required": False, "type": "str"}, - "netscan_vulnerability": {"required": False, "type": "str"}, - "severity": {"required": False, "type": "str", - "choices": ["emergency", "alert", "critical", - "error", "warning", "notification", - "information", "debug"]}, - "sniffer_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssh": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "voip": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_null_device(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_null_device(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_null_device_setting.py b/lib/ansible/modules/network/fortios/fortios_log_null_device_setting.py deleted file mode 100644 index 7d5c4df46c7..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_null_device_setting.py +++ /dev/null @@ -1,294 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_null_device_setting -short_description: Settings for null device logging in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_null_device feature and setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_null_device_setting: - description: - - Settings for null device logging. - default: null - type: dict - suboptions: - status: - description: - - Enable/disable statistics collection for when no external logging destination, such as FortiAnalyzer, is present (data is not saved). - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Settings for null device logging. - fortios_log_null_device_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_null_device_setting: - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_null_device_setting_data(json): - option_list = ['status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_null_device_setting(data, fos): - vdom = data['vdom'] - log_null_device_setting_data = data['log_null_device_setting'] - filtered_data = underscore_to_hyphen(filter_log_null_device_setting_data(log_null_device_setting_data)) - - return fos.set('log.null-device', - 'setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_null_device(data, fos): - - if data['log_null_device_setting']: - resp = log_null_device_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_null_device_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_null_device(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_null_device(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_setting.py b/lib/ansible/modules/network/fortios/fortios_log_setting.py deleted file mode 100644 index 8854cbf9812..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_setting.py +++ /dev/null @@ -1,475 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_setting -short_description: Configure general log settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log feature and setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_setting: - description: - - Configure general log settings. - default: null - type: dict - suboptions: - brief_traffic_format: - description: - - Enable/disable brief format traffic logging. - type: str - choices: - - enable - - disable - custom_log_fields: - description: - - Custom fields to append to all log messages. - type: list - suboptions: - field_id: - description: - - Custom log field. Source log.custom-field.id. - type: str - daemon_log: - description: - - Enable/disable daemon logging. - type: str - choices: - - enable - - disable - expolicy_implicit_log: - description: - - Enable/disable explicit proxy firewall implicit policy logging. - type: str - choices: - - enable - - disable - fwpolicy_implicit_log: - description: - - Enable/disable implicit firewall policy logging. - type: str - choices: - - enable - - disable - fwpolicy6_implicit_log: - description: - - Enable/disable implicit firewall policy6 logging. - type: str - choices: - - enable - - disable - local_in_allow: - description: - - Enable/disable local-in-allow logging. - type: str - choices: - - enable - - disable - local_in_deny_broadcast: - description: - - Enable/disable local-in-deny-broadcast logging. - type: str - choices: - - enable - - disable - local_in_deny_unicast: - description: - - Enable/disable local-in-deny-unicast logging. - type: str - choices: - - enable - - disable - local_out: - description: - - Enable/disable local-out logging. - type: str - choices: - - enable - - disable - log_invalid_packet: - description: - - Enable/disable invalid packet traffic logging. - type: str - choices: - - enable - - disable - log_policy_comment: - description: - - Enable/disable inserting policy comments into traffic logs. - type: str - choices: - - enable - - disable - log_policy_name: - description: - - Enable/disable inserting policy name into traffic logs. - type: str - choices: - - enable - - disable - log_user_in_upper: - description: - - Enable/disable logs with user-in-upper. - type: str - choices: - - enable - - disable - neighbor_event: - description: - - Enable/disable neighbor event logging. - type: str - choices: - - enable - - disable - resolve_ip: - description: - - Enable/disable adding resolved domain names to traffic logs if possible. - type: str - choices: - - enable - - disable - resolve_port: - description: - - Enable/disable adding resolved service names to traffic logs. - type: str - choices: - - enable - - disable - user_anonymize: - description: - - Enable/disable anonymizing user names in log messages. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure general log settings. - fortios_log_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_setting: - brief_traffic_format: "enable" - custom_log_fields: - - - field_id: " (source log.custom-field.id)" - daemon_log: "enable" - expolicy_implicit_log: "enable" - fwpolicy_implicit_log: "enable" - fwpolicy6_implicit_log: "enable" - local_in_allow: "enable" - local_in_deny_broadcast: "enable" - local_in_deny_unicast: "enable" - local_out: "enable" - log_invalid_packet: "enable" - log_policy_comment: "enable" - log_policy_name: "enable" - log_user_in_upper: "enable" - neighbor_event: "enable" - resolve_ip: "enable" - resolve_port: "enable" - user_anonymize: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_setting_data(json): - option_list = ['brief_traffic_format', 'custom_log_fields', 'daemon_log', - 'expolicy_implicit_log', 'fwpolicy_implicit_log', 'fwpolicy6_implicit_log', - 'local_in_allow', 'local_in_deny_broadcast', 'local_in_deny_unicast', - 'local_out', 'log_invalid_packet', 'log_policy_comment', - 'log_policy_name', 'log_user_in_upper', 'neighbor_event', - 'resolve_ip', 'resolve_port', 'user_anonymize'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_setting(data, fos): - vdom = data['vdom'] - log_setting_data = data['log_setting'] - filtered_data = underscore_to_hyphen(filter_log_setting_data(log_setting_data)) - - return fos.set('log', - 'setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log(data, fos): - - if data['log_setting']: - resp = log_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "brief_traffic_format": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "custom_log_fields": {"required": False, "type": "list", - "options": { - "field_id": {"required": False, "type": "str"} - }}, - "daemon_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "expolicy_implicit_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "fwpolicy_implicit_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "fwpolicy6_implicit_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_in_allow": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_in_deny_broadcast": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_in_deny_unicast": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_out": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "log_invalid_packet": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "log_policy_comment": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "log_policy_name": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "log_user_in_upper": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "neighbor_event": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "resolve_ip": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "resolve_port": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "user_anonymize": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_syslogd2_filter.py b/lib/ansible/modules/network/fortios/fortios_log_syslogd2_filter.py deleted file mode 100644 index 823394e2b92..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_syslogd2_filter.py +++ /dev/null @@ -1,424 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_syslogd2_filter -short_description: Filters for remote system server in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_syslogd2 feature and filter category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_syslogd2_filter: - description: - - Filters for remote system server. - default: null - type: dict - suboptions: - anomaly: - description: - - Enable/disable anomaly logging. - type: str - choices: - - enable - - disable - dns: - description: - - Enable/disable detailed DNS event logging. - type: str - choices: - - enable - - disable - filter: - description: - - Syslog 2 filter. - type: str - filter_type: - description: - - Include/exclude logs that match the filter. - type: str - choices: - - include - - exclude - forward_traffic: - description: - - Enable/disable forward traffic logging. - type: str - choices: - - enable - - disable - gtp: - description: - - Enable/disable GTP messages logging. - type: str - choices: - - enable - - disable - local_traffic: - description: - - Enable/disable local in or out traffic logging. - type: str - choices: - - enable - - disable - multicast_traffic: - description: - - Enable/disable multicast traffic logging. - type: str - choices: - - enable - - disable - netscan_discovery: - description: - - Enable/disable netscan discovery event logging. - type: str - netscan_vulnerability: - description: - - Enable/disable netscan vulnerability event logging. - type: str - severity: - description: - - Lowest severity level to log. - type: str - choices: - - emergency - - alert - - critical - - error - - warning - - notification - - information - - debug - sniffer_traffic: - description: - - Enable/disable sniffer traffic logging. - type: str - choices: - - enable - - disable - ssh: - description: - - Enable/disable SSH logging. - type: str - choices: - - enable - - disable - voip: - description: - - Enable/disable VoIP logging. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Filters for remote system server. - fortios_log_syslogd2_filter: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_syslogd2_filter: - anomaly: "enable" - dns: "enable" - filter: "" - filter_type: "include" - forward_traffic: "enable" - gtp: "enable" - local_traffic: "enable" - multicast_traffic: "enable" - netscan_discovery: "" - netscan_vulnerability: "" - severity: "emergency" - sniffer_traffic: "enable" - ssh: "enable" - voip: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_syslogd2_filter_data(json): - option_list = ['anomaly', 'dns', 'filter', - 'filter_type', 'forward_traffic', 'gtp', - 'local_traffic', 'multicast_traffic', 'netscan_discovery', - 'netscan_vulnerability', 'severity', 'sniffer_traffic', - 'ssh', 'voip'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_syslogd2_filter(data, fos): - vdom = data['vdom'] - log_syslogd2_filter_data = data['log_syslogd2_filter'] - filtered_data = underscore_to_hyphen(filter_log_syslogd2_filter_data(log_syslogd2_filter_data)) - - return fos.set('log.syslogd2', - 'filter', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_syslogd2(data, fos): - - if data['log_syslogd2_filter']: - resp = log_syslogd2_filter(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_syslogd2_filter": { - "required": False, "type": "dict", "default": None, - "options": { - "anomaly": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dns": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "filter": {"required": False, "type": "str"}, - "filter_type": {"required": False, "type": "str", - "choices": ["include", "exclude"]}, - "forward_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gtp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "multicast_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "netscan_discovery": {"required": False, "type": "str"}, - "netscan_vulnerability": {"required": False, "type": "str"}, - "severity": {"required": False, "type": "str", - "choices": ["emergency", "alert", "critical", - "error", "warning", "notification", - "information", "debug"]}, - "sniffer_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssh": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "voip": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_syslogd2(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_syslogd2(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_syslogd2_setting.py b/lib/ansible/modules/network/fortios/fortios_log_syslogd2_setting.py deleted file mode 100644 index 258442ac2f5..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_syslogd2_setting.py +++ /dev/null @@ -1,438 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_syslogd2_setting -short_description: Global settings for remote syslog server in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_syslogd2 feature and setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_syslogd2_setting: - description: - - Global settings for remote syslog server. - default: null - type: dict - suboptions: - certificate: - description: - - Certificate used to communicate with Syslog server. Source certificate.local.name. - type: str - custom_field_name: - description: - - Custom field name for CEF format logging. - type: list - suboptions: - custom: - description: - - Field custom name. - type: str - id: - description: - - Entry ID. - required: true - type: int - name: - description: - - Field name. - type: str - enc_algorithm: - description: - - Enable/disable reliable syslogging with TLS encryption. - type: str - choices: - - high-medium - - high - - low - - disable - facility: - description: - - Remote syslog facility. - type: str - choices: - - kernel - - user - - mail - - daemon - - auth - - syslog - - lpr - - news - - uucp - - cron - - authpriv - - ftp - - ntp - - audit - - alert - - clock - - local0 - - local1 - - local2 - - local3 - - local4 - - local5 - - local6 - - local7 - format: - description: - - Log format. - type: str - choices: - - default - - csv - - cef - mode: - description: - - Remote syslog logging over UDP/Reliable TCP. - type: str - choices: - - udp - - legacy-reliable - - reliable - port: - description: - - Server listen port. - type: int - server: - description: - - Address of remote syslog server. - type: str - source_ip: - description: - - Source IP address of syslog. - type: str - ssl_min_proto_version: - description: - - Minimum supported protocol version for SSL/TLS connections . - type: str - choices: - - default - - SSLv3 - - TLSv1 - - TLSv1-1 - - TLSv1-2 - status: - description: - - Enable/disable remote syslog logging. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Global settings for remote syslog server. - fortios_log_syslogd2_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_syslogd2_setting: - certificate: " (source certificate.local.name)" - custom_field_name: - - - custom: "" - id: "6" - name: "default_name_7" - enc_algorithm: "high-medium" - facility: "kernel" - format: "default" - mode: "udp" - port: "12" - server: "192.168.100.40" - source_ip: "84.230.14.43" - ssl_min_proto_version: "default" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_syslogd2_setting_data(json): - option_list = ['certificate', 'custom_field_name', 'enc_algorithm', - 'facility', 'format', 'mode', - 'port', 'server', 'source_ip', - 'ssl_min_proto_version', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_syslogd2_setting(data, fos): - vdom = data['vdom'] - log_syslogd2_setting_data = data['log_syslogd2_setting'] - filtered_data = underscore_to_hyphen(filter_log_syslogd2_setting_data(log_syslogd2_setting_data)) - - return fos.set('log.syslogd2', - 'setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_syslogd2(data, fos): - - if data['log_syslogd2_setting']: - resp = log_syslogd2_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_syslogd2_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "certificate": {"required": False, "type": "str"}, - "custom_field_name": {"required": False, "type": "list", - "options": { - "custom": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "name": {"required": False, "type": "str"} - }}, - "enc_algorithm": {"required": False, "type": "str", - "choices": ["high-medium", "high", "low", - "disable"]}, - "facility": {"required": False, "type": "str", - "choices": ["kernel", "user", "mail", - "daemon", "auth", "syslog", - "lpr", "news", "uucp", - "cron", "authpriv", "ftp", - "ntp", "audit", "alert", - "clock", "local0", "local1", - "local2", "local3", "local4", - "local5", "local6", "local7"]}, - "format": {"required": False, "type": "str", - "choices": ["default", "csv", "cef"]}, - "mode": {"required": False, "type": "str", - "choices": ["udp", "legacy-reliable", "reliable"]}, - "port": {"required": False, "type": "int"}, - "server": {"required": False, "type": "str"}, - "source_ip": {"required": False, "type": "str"}, - "ssl_min_proto_version": {"required": False, "type": "str", - "choices": ["default", "SSLv3", "TLSv1", - "TLSv1-1", "TLSv1-2"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_syslogd2(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_syslogd2(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_syslogd3_filter.py b/lib/ansible/modules/network/fortios/fortios_log_syslogd3_filter.py deleted file mode 100644 index 9aee4bc8cce..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_syslogd3_filter.py +++ /dev/null @@ -1,424 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_syslogd3_filter -short_description: Filters for remote system server in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_syslogd3 feature and filter category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_syslogd3_filter: - description: - - Filters for remote system server. - default: null - type: dict - suboptions: - anomaly: - description: - - Enable/disable anomaly logging. - type: str - choices: - - enable - - disable - dns: - description: - - Enable/disable detailed DNS event logging. - type: str - choices: - - enable - - disable - filter: - description: - - Syslog 3 filter. - type: str - filter_type: - description: - - Include/exclude logs that match the filter. - type: str - choices: - - include - - exclude - forward_traffic: - description: - - Enable/disable forward traffic logging. - type: str - choices: - - enable - - disable - gtp: - description: - - Enable/disable GTP messages logging. - type: str - choices: - - enable - - disable - local_traffic: - description: - - Enable/disable local in or out traffic logging. - type: str - choices: - - enable - - disable - multicast_traffic: - description: - - Enable/disable multicast traffic logging. - type: str - choices: - - enable - - disable - netscan_discovery: - description: - - Enable/disable netscan discovery event logging. - type: str - netscan_vulnerability: - description: - - Enable/disable netscan vulnerability event logging. - type: str - severity: - description: - - Lowest severity level to log. - type: str - choices: - - emergency - - alert - - critical - - error - - warning - - notification - - information - - debug - sniffer_traffic: - description: - - Enable/disable sniffer traffic logging. - type: str - choices: - - enable - - disable - ssh: - description: - - Enable/disable SSH logging. - type: str - choices: - - enable - - disable - voip: - description: - - Enable/disable VoIP logging. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Filters for remote system server. - fortios_log_syslogd3_filter: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_syslogd3_filter: - anomaly: "enable" - dns: "enable" - filter: "" - filter_type: "include" - forward_traffic: "enable" - gtp: "enable" - local_traffic: "enable" - multicast_traffic: "enable" - netscan_discovery: "" - netscan_vulnerability: "" - severity: "emergency" - sniffer_traffic: "enable" - ssh: "enable" - voip: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_syslogd3_filter_data(json): - option_list = ['anomaly', 'dns', 'filter', - 'filter_type', 'forward_traffic', 'gtp', - 'local_traffic', 'multicast_traffic', 'netscan_discovery', - 'netscan_vulnerability', 'severity', 'sniffer_traffic', - 'ssh', 'voip'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_syslogd3_filter(data, fos): - vdom = data['vdom'] - log_syslogd3_filter_data = data['log_syslogd3_filter'] - filtered_data = underscore_to_hyphen(filter_log_syslogd3_filter_data(log_syslogd3_filter_data)) - - return fos.set('log.syslogd3', - 'filter', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_syslogd3(data, fos): - - if data['log_syslogd3_filter']: - resp = log_syslogd3_filter(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_syslogd3_filter": { - "required": False, "type": "dict", "default": None, - "options": { - "anomaly": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dns": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "filter": {"required": False, "type": "str"}, - "filter_type": {"required": False, "type": "str", - "choices": ["include", "exclude"]}, - "forward_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gtp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "multicast_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "netscan_discovery": {"required": False, "type": "str"}, - "netscan_vulnerability": {"required": False, "type": "str"}, - "severity": {"required": False, "type": "str", - "choices": ["emergency", "alert", "critical", - "error", "warning", "notification", - "information", "debug"]}, - "sniffer_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssh": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "voip": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_syslogd3(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_syslogd3(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_syslogd3_setting.py b/lib/ansible/modules/network/fortios/fortios_log_syslogd3_setting.py deleted file mode 100644 index 7fe5120bfc2..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_syslogd3_setting.py +++ /dev/null @@ -1,438 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_syslogd3_setting -short_description: Global settings for remote syslog server in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_syslogd3 feature and setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_syslogd3_setting: - description: - - Global settings for remote syslog server. - default: null - type: dict - suboptions: - certificate: - description: - - Certificate used to communicate with Syslog server. Source certificate.local.name. - type: str - custom_field_name: - description: - - Custom field name for CEF format logging. - type: list - suboptions: - custom: - description: - - Field custom name. - type: str - id: - description: - - Entry ID. - required: true - type: int - name: - description: - - Field name. - type: str - enc_algorithm: - description: - - Enable/disable reliable syslogging with TLS encryption. - type: str - choices: - - high-medium - - high - - low - - disable - facility: - description: - - Remote syslog facility. - type: str - choices: - - kernel - - user - - mail - - daemon - - auth - - syslog - - lpr - - news - - uucp - - cron - - authpriv - - ftp - - ntp - - audit - - alert - - clock - - local0 - - local1 - - local2 - - local3 - - local4 - - local5 - - local6 - - local7 - format: - description: - - Log format. - type: str - choices: - - default - - csv - - cef - mode: - description: - - Remote syslog logging over UDP/Reliable TCP. - type: str - choices: - - udp - - legacy-reliable - - reliable - port: - description: - - Server listen port. - type: int - server: - description: - - Address of remote syslog server. - type: str - source_ip: - description: - - Source IP address of syslog. - type: str - ssl_min_proto_version: - description: - - Minimum supported protocol version for SSL/TLS connections . - type: str - choices: - - default - - SSLv3 - - TLSv1 - - TLSv1-1 - - TLSv1-2 - status: - description: - - Enable/disable remote syslog logging. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Global settings for remote syslog server. - fortios_log_syslogd3_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_syslogd3_setting: - certificate: " (source certificate.local.name)" - custom_field_name: - - - custom: "" - id: "6" - name: "default_name_7" - enc_algorithm: "high-medium" - facility: "kernel" - format: "default" - mode: "udp" - port: "12" - server: "192.168.100.40" - source_ip: "84.230.14.43" - ssl_min_proto_version: "default" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_syslogd3_setting_data(json): - option_list = ['certificate', 'custom_field_name', 'enc_algorithm', - 'facility', 'format', 'mode', - 'port', 'server', 'source_ip', - 'ssl_min_proto_version', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_syslogd3_setting(data, fos): - vdom = data['vdom'] - log_syslogd3_setting_data = data['log_syslogd3_setting'] - filtered_data = underscore_to_hyphen(filter_log_syslogd3_setting_data(log_syslogd3_setting_data)) - - return fos.set('log.syslogd3', - 'setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_syslogd3(data, fos): - - if data['log_syslogd3_setting']: - resp = log_syslogd3_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_syslogd3_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "certificate": {"required": False, "type": "str"}, - "custom_field_name": {"required": False, "type": "list", - "options": { - "custom": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "name": {"required": False, "type": "str"} - }}, - "enc_algorithm": {"required": False, "type": "str", - "choices": ["high-medium", "high", "low", - "disable"]}, - "facility": {"required": False, "type": "str", - "choices": ["kernel", "user", "mail", - "daemon", "auth", "syslog", - "lpr", "news", "uucp", - "cron", "authpriv", "ftp", - "ntp", "audit", "alert", - "clock", "local0", "local1", - "local2", "local3", "local4", - "local5", "local6", "local7"]}, - "format": {"required": False, "type": "str", - "choices": ["default", "csv", "cef"]}, - "mode": {"required": False, "type": "str", - "choices": ["udp", "legacy-reliable", "reliable"]}, - "port": {"required": False, "type": "int"}, - "server": {"required": False, "type": "str"}, - "source_ip": {"required": False, "type": "str"}, - "ssl_min_proto_version": {"required": False, "type": "str", - "choices": ["default", "SSLv3", "TLSv1", - "TLSv1-1", "TLSv1-2"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_syslogd3(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_syslogd3(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_syslogd4_filter.py b/lib/ansible/modules/network/fortios/fortios_log_syslogd4_filter.py deleted file mode 100644 index 88b76dbc397..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_syslogd4_filter.py +++ /dev/null @@ -1,424 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_syslogd4_filter -short_description: Filters for remote system server in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_syslogd4 feature and filter category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_syslogd4_filter: - description: - - Filters for remote system server. - default: null - type: dict - suboptions: - anomaly: - description: - - Enable/disable anomaly logging. - type: str - choices: - - enable - - disable - dns: - description: - - Enable/disable detailed DNS event logging. - type: str - choices: - - enable - - disable - filter: - description: - - Syslog 4 filter. - type: str - filter_type: - description: - - Include/exclude logs that match the filter. - type: str - choices: - - include - - exclude - forward_traffic: - description: - - Enable/disable forward traffic logging. - type: str - choices: - - enable - - disable - gtp: - description: - - Enable/disable GTP messages logging. - type: str - choices: - - enable - - disable - local_traffic: - description: - - Enable/disable local in or out traffic logging. - type: str - choices: - - enable - - disable - multicast_traffic: - description: - - Enable/disable multicast traffic logging. - type: str - choices: - - enable - - disable - netscan_discovery: - description: - - Enable/disable netscan discovery event logging. - type: str - netscan_vulnerability: - description: - - Enable/disable netscan vulnerability event logging. - type: str - severity: - description: - - Lowest severity level to log. - type: str - choices: - - emergency - - alert - - critical - - error - - warning - - notification - - information - - debug - sniffer_traffic: - description: - - Enable/disable sniffer traffic logging. - type: str - choices: - - enable - - disable - ssh: - description: - - Enable/disable SSH logging. - type: str - choices: - - enable - - disable - voip: - description: - - Enable/disable VoIP logging. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Filters for remote system server. - fortios_log_syslogd4_filter: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_syslogd4_filter: - anomaly: "enable" - dns: "enable" - filter: "" - filter_type: "include" - forward_traffic: "enable" - gtp: "enable" - local_traffic: "enable" - multicast_traffic: "enable" - netscan_discovery: "" - netscan_vulnerability: "" - severity: "emergency" - sniffer_traffic: "enable" - ssh: "enable" - voip: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_syslogd4_filter_data(json): - option_list = ['anomaly', 'dns', 'filter', - 'filter_type', 'forward_traffic', 'gtp', - 'local_traffic', 'multicast_traffic', 'netscan_discovery', - 'netscan_vulnerability', 'severity', 'sniffer_traffic', - 'ssh', 'voip'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_syslogd4_filter(data, fos): - vdom = data['vdom'] - log_syslogd4_filter_data = data['log_syslogd4_filter'] - filtered_data = underscore_to_hyphen(filter_log_syslogd4_filter_data(log_syslogd4_filter_data)) - - return fos.set('log.syslogd4', - 'filter', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_syslogd4(data, fos): - - if data['log_syslogd4_filter']: - resp = log_syslogd4_filter(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_syslogd4_filter": { - "required": False, "type": "dict", "default": None, - "options": { - "anomaly": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dns": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "filter": {"required": False, "type": "str"}, - "filter_type": {"required": False, "type": "str", - "choices": ["include", "exclude"]}, - "forward_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gtp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "multicast_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "netscan_discovery": {"required": False, "type": "str"}, - "netscan_vulnerability": {"required": False, "type": "str"}, - "severity": {"required": False, "type": "str", - "choices": ["emergency", "alert", "critical", - "error", "warning", "notification", - "information", "debug"]}, - "sniffer_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssh": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "voip": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_syslogd4(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_syslogd4(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_syslogd4_setting.py b/lib/ansible/modules/network/fortios/fortios_log_syslogd4_setting.py deleted file mode 100644 index d3326e3cf74..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_syslogd4_setting.py +++ /dev/null @@ -1,438 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_syslogd4_setting -short_description: Global settings for remote syslog server in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_syslogd4 feature and setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_syslogd4_setting: - description: - - Global settings for remote syslog server. - default: null - type: dict - suboptions: - certificate: - description: - - Certificate used to communicate with Syslog server. Source certificate.local.name. - type: str - custom_field_name: - description: - - Custom field name for CEF format logging. - type: list - suboptions: - custom: - description: - - Field custom name. - type: str - id: - description: - - Entry ID. - required: true - type: int - name: - description: - - Field name. - type: str - enc_algorithm: - description: - - Enable/disable reliable syslogging with TLS encryption. - type: str - choices: - - high-medium - - high - - low - - disable - facility: - description: - - Remote syslog facility. - type: str - choices: - - kernel - - user - - mail - - daemon - - auth - - syslog - - lpr - - news - - uucp - - cron - - authpriv - - ftp - - ntp - - audit - - alert - - clock - - local0 - - local1 - - local2 - - local3 - - local4 - - local5 - - local6 - - local7 - format: - description: - - Log format. - type: str - choices: - - default - - csv - - cef - mode: - description: - - Remote syslog logging over UDP/Reliable TCP. - type: str - choices: - - udp - - legacy-reliable - - reliable - port: - description: - - Server listen port. - type: int - server: - description: - - Address of remote syslog server. - type: str - source_ip: - description: - - Source IP address of syslog. - type: str - ssl_min_proto_version: - description: - - Minimum supported protocol version for SSL/TLS connections . - type: str - choices: - - default - - SSLv3 - - TLSv1 - - TLSv1-1 - - TLSv1-2 - status: - description: - - Enable/disable remote syslog logging. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Global settings for remote syslog server. - fortios_log_syslogd4_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_syslogd4_setting: - certificate: " (source certificate.local.name)" - custom_field_name: - - - custom: "" - id: "6" - name: "default_name_7" - enc_algorithm: "high-medium" - facility: "kernel" - format: "default" - mode: "udp" - port: "12" - server: "192.168.100.40" - source_ip: "84.230.14.43" - ssl_min_proto_version: "default" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_syslogd4_setting_data(json): - option_list = ['certificate', 'custom_field_name', 'enc_algorithm', - 'facility', 'format', 'mode', - 'port', 'server', 'source_ip', - 'ssl_min_proto_version', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_syslogd4_setting(data, fos): - vdom = data['vdom'] - log_syslogd4_setting_data = data['log_syslogd4_setting'] - filtered_data = underscore_to_hyphen(filter_log_syslogd4_setting_data(log_syslogd4_setting_data)) - - return fos.set('log.syslogd4', - 'setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_syslogd4(data, fos): - - if data['log_syslogd4_setting']: - resp = log_syslogd4_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_syslogd4_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "certificate": {"required": False, "type": "str"}, - "custom_field_name": {"required": False, "type": "list", - "options": { - "custom": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "name": {"required": False, "type": "str"} - }}, - "enc_algorithm": {"required": False, "type": "str", - "choices": ["high-medium", "high", "low", - "disable"]}, - "facility": {"required": False, "type": "str", - "choices": ["kernel", "user", "mail", - "daemon", "auth", "syslog", - "lpr", "news", "uucp", - "cron", "authpriv", "ftp", - "ntp", "audit", "alert", - "clock", "local0", "local1", - "local2", "local3", "local4", - "local5", "local6", "local7"]}, - "format": {"required": False, "type": "str", - "choices": ["default", "csv", "cef"]}, - "mode": {"required": False, "type": "str", - "choices": ["udp", "legacy-reliable", "reliable"]}, - "port": {"required": False, "type": "int"}, - "server": {"required": False, "type": "str"}, - "source_ip": {"required": False, "type": "str"}, - "ssl_min_proto_version": {"required": False, "type": "str", - "choices": ["default", "SSLv3", "TLSv1", - "TLSv1-1", "TLSv1-2"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_syslogd4(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_syslogd4(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_syslogd_filter.py b/lib/ansible/modules/network/fortios/fortios_log_syslogd_filter.py deleted file mode 100644 index 09dce1e73bd..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_syslogd_filter.py +++ /dev/null @@ -1,424 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_syslogd_filter -short_description: Filters for remote system server in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_syslogd feature and filter category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_syslogd_filter: - description: - - Filters for remote system server. - default: null - type: dict - suboptions: - anomaly: - description: - - Enable/disable anomaly logging. - type: str - choices: - - enable - - disable - dns: - description: - - Enable/disable detailed DNS event logging. - type: str - choices: - - enable - - disable - filter: - description: - - Syslog filter. - type: str - filter_type: - description: - - Include/exclude logs that match the filter. - type: str - choices: - - include - - exclude - forward_traffic: - description: - - Enable/disable forward traffic logging. - type: str - choices: - - enable - - disable - gtp: - description: - - Enable/disable GTP messages logging. - type: str - choices: - - enable - - disable - local_traffic: - description: - - Enable/disable local in or out traffic logging. - type: str - choices: - - enable - - disable - multicast_traffic: - description: - - Enable/disable multicast traffic logging. - type: str - choices: - - enable - - disable - netscan_discovery: - description: - - Enable/disable netscan discovery event logging. - type: str - netscan_vulnerability: - description: - - Enable/disable netscan vulnerability event logging. - type: str - severity: - description: - - Lowest severity level to log. - type: str - choices: - - emergency - - alert - - critical - - error - - warning - - notification - - information - - debug - sniffer_traffic: - description: - - Enable/disable sniffer traffic logging. - type: str - choices: - - enable - - disable - ssh: - description: - - Enable/disable SSH logging. - type: str - choices: - - enable - - disable - voip: - description: - - Enable/disable VoIP logging. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Filters for remote system server. - fortios_log_syslogd_filter: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_syslogd_filter: - anomaly: "enable" - dns: "enable" - filter: "" - filter_type: "include" - forward_traffic: "enable" - gtp: "enable" - local_traffic: "enable" - multicast_traffic: "enable" - netscan_discovery: "" - netscan_vulnerability: "" - severity: "emergency" - sniffer_traffic: "enable" - ssh: "enable" - voip: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_syslogd_filter_data(json): - option_list = ['anomaly', 'dns', 'filter', - 'filter_type', 'forward_traffic', 'gtp', - 'local_traffic', 'multicast_traffic', 'netscan_discovery', - 'netscan_vulnerability', 'severity', 'sniffer_traffic', - 'ssh', 'voip'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_syslogd_filter(data, fos): - vdom = data['vdom'] - log_syslogd_filter_data = data['log_syslogd_filter'] - filtered_data = underscore_to_hyphen(filter_log_syslogd_filter_data(log_syslogd_filter_data)) - - return fos.set('log.syslogd', - 'filter', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_syslogd(data, fos): - - if data['log_syslogd_filter']: - resp = log_syslogd_filter(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_syslogd_filter": { - "required": False, "type": "dict", "default": None, - "options": { - "anomaly": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dns": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "filter": {"required": False, "type": "str"}, - "filter_type": {"required": False, "type": "str", - "choices": ["include", "exclude"]}, - "forward_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gtp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "multicast_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "netscan_discovery": {"required": False, "type": "str"}, - "netscan_vulnerability": {"required": False, "type": "str"}, - "severity": {"required": False, "type": "str", - "choices": ["emergency", "alert", "critical", - "error", "warning", "notification", - "information", "debug"]}, - "sniffer_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssh": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "voip": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_syslogd(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_syslogd(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_syslogd_override_filter.py b/lib/ansible/modules/network/fortios/fortios_log_syslogd_override_filter.py deleted file mode 100644 index a31e52deac1..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_syslogd_override_filter.py +++ /dev/null @@ -1,424 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_syslogd_override_filter -short_description: Override filters for remote system server in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_syslogd feature and override_filter category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_syslogd_override_filter: - description: - - Override filters for remote system server. - default: null - type: dict - suboptions: - anomaly: - description: - - Enable/disable anomaly logging. - type: str - choices: - - enable - - disable - dns: - description: - - Enable/disable detailed DNS event logging. - type: str - choices: - - enable - - disable - filter: - description: - - Syslog filter. - type: str - filter_type: - description: - - Include/exclude logs that match the filter. - type: str - choices: - - include - - exclude - forward_traffic: - description: - - Enable/disable forward traffic logging. - type: str - choices: - - enable - - disable - gtp: - description: - - Enable/disable GTP messages logging. - type: str - choices: - - enable - - disable - local_traffic: - description: - - Enable/disable local in or out traffic logging. - type: str - choices: - - enable - - disable - multicast_traffic: - description: - - Enable/disable multicast traffic logging. - type: str - choices: - - enable - - disable - netscan_discovery: - description: - - Enable/disable netscan discovery event logging. - type: str - netscan_vulnerability: - description: - - Enable/disable netscan vulnerability event logging. - type: str - severity: - description: - - Lowest severity level to log. - type: str - choices: - - emergency - - alert - - critical - - error - - warning - - notification - - information - - debug - sniffer_traffic: - description: - - Enable/disable sniffer traffic logging. - type: str - choices: - - enable - - disable - ssh: - description: - - Enable/disable SSH logging. - type: str - choices: - - enable - - disable - voip: - description: - - Enable/disable VoIP logging. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Override filters for remote system server. - fortios_log_syslogd_override_filter: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_syslogd_override_filter: - anomaly: "enable" - dns: "enable" - filter: "" - filter_type: "include" - forward_traffic: "enable" - gtp: "enable" - local_traffic: "enable" - multicast_traffic: "enable" - netscan_discovery: "" - netscan_vulnerability: "" - severity: "emergency" - sniffer_traffic: "enable" - ssh: "enable" - voip: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_syslogd_override_filter_data(json): - option_list = ['anomaly', 'dns', 'filter', - 'filter_type', 'forward_traffic', 'gtp', - 'local_traffic', 'multicast_traffic', 'netscan_discovery', - 'netscan_vulnerability', 'severity', 'sniffer_traffic', - 'ssh', 'voip'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_syslogd_override_filter(data, fos): - vdom = data['vdom'] - log_syslogd_override_filter_data = data['log_syslogd_override_filter'] - filtered_data = underscore_to_hyphen(filter_log_syslogd_override_filter_data(log_syslogd_override_filter_data)) - - return fos.set('log.syslogd', - 'override-filter', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_syslogd(data, fos): - - if data['log_syslogd_override_filter']: - resp = log_syslogd_override_filter(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_syslogd_override_filter": { - "required": False, "type": "dict", "default": None, - "options": { - "anomaly": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dns": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "filter": {"required": False, "type": "str"}, - "filter_type": {"required": False, "type": "str", - "choices": ["include", "exclude"]}, - "forward_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gtp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "multicast_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "netscan_discovery": {"required": False, "type": "str"}, - "netscan_vulnerability": {"required": False, "type": "str"}, - "severity": {"required": False, "type": "str", - "choices": ["emergency", "alert", "critical", - "error", "warning", "notification", - "information", "debug"]}, - "sniffer_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssh": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "voip": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_syslogd(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_syslogd(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_syslogd_override_setting.py b/lib/ansible/modules/network/fortios/fortios_log_syslogd_override_setting.py deleted file mode 100644 index f775e1439e6..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_syslogd_override_setting.py +++ /dev/null @@ -1,448 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_syslogd_override_setting -short_description: Override settings for remote syslog server in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_syslogd feature and override_setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_syslogd_override_setting: - description: - - Override settings for remote syslog server. - default: null - type: dict - suboptions: - certificate: - description: - - Certificate used to communicate with Syslog server. Source certificate.local.name. - type: str - custom_field_name: - description: - - Custom field name for CEF format logging. - type: list - suboptions: - custom: - description: - - Field custom name. - type: str - id: - description: - - Entry ID. - required: true - type: int - name: - description: - - Field name. - type: str - enc_algorithm: - description: - - Enable/disable reliable syslogging with TLS encryption. - type: str - choices: - - high-medium - - high - - low - - disable - facility: - description: - - Remote syslog facility. - type: str - choices: - - kernel - - user - - mail - - daemon - - auth - - syslog - - lpr - - news - - uucp - - cron - - authpriv - - ftp - - ntp - - audit - - alert - - clock - - local0 - - local1 - - local2 - - local3 - - local4 - - local5 - - local6 - - local7 - format: - description: - - Log format. - type: str - choices: - - default - - csv - - cef - mode: - description: - - Remote syslog logging over UDP/Reliable TCP. - type: str - choices: - - udp - - legacy-reliable - - reliable - override: - description: - - Enable/disable override syslog settings. - type: str - choices: - - enable - - disable - port: - description: - - Server listen port. - type: int - server: - description: - - Address of remote syslog server. - type: str - source_ip: - description: - - Source IP address of syslog. - type: str - ssl_min_proto_version: - description: - - Minimum supported protocol version for SSL/TLS connections . - type: str - choices: - - default - - SSLv3 - - TLSv1 - - TLSv1-1 - - TLSv1-2 - status: - description: - - Enable/disable remote syslog logging. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Override settings for remote syslog server. - fortios_log_syslogd_override_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_syslogd_override_setting: - certificate: " (source certificate.local.name)" - custom_field_name: - - - custom: "" - id: "6" - name: "default_name_7" - enc_algorithm: "high-medium" - facility: "kernel" - format: "default" - mode: "udp" - override: "enable" - port: "13" - server: "192.168.100.40" - source_ip: "84.230.14.43" - ssl_min_proto_version: "default" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_syslogd_override_setting_data(json): - option_list = ['certificate', 'custom_field_name', 'enc_algorithm', - 'facility', 'format', 'mode', - 'override', 'port', 'server', - 'source_ip', 'ssl_min_proto_version', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_syslogd_override_setting(data, fos): - vdom = data['vdom'] - log_syslogd_override_setting_data = data['log_syslogd_override_setting'] - filtered_data = underscore_to_hyphen(filter_log_syslogd_override_setting_data(log_syslogd_override_setting_data)) - - return fos.set('log.syslogd', - 'override-setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_syslogd(data, fos): - - if data['log_syslogd_override_setting']: - resp = log_syslogd_override_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_syslogd_override_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "certificate": {"required": False, "type": "str"}, - "custom_field_name": {"required": False, "type": "list", - "options": { - "custom": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "name": {"required": False, "type": "str"} - }}, - "enc_algorithm": {"required": False, "type": "str", - "choices": ["high-medium", "high", "low", - "disable"]}, - "facility": {"required": False, "type": "str", - "choices": ["kernel", "user", "mail", - "daemon", "auth", "syslog", - "lpr", "news", "uucp", - "cron", "authpriv", "ftp", - "ntp", "audit", "alert", - "clock", "local0", "local1", - "local2", "local3", "local4", - "local5", "local6", "local7"]}, - "format": {"required": False, "type": "str", - "choices": ["default", "csv", "cef"]}, - "mode": {"required": False, "type": "str", - "choices": ["udp", "legacy-reliable", "reliable"]}, - "override": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "port": {"required": False, "type": "int"}, - "server": {"required": False, "type": "str"}, - "source_ip": {"required": False, "type": "str"}, - "ssl_min_proto_version": {"required": False, "type": "str", - "choices": ["default", "SSLv3", "TLSv1", - "TLSv1-1", "TLSv1-2"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_syslogd(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_syslogd(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_syslogd_setting.py b/lib/ansible/modules/network/fortios/fortios_log_syslogd_setting.py deleted file mode 100644 index 6c1a475d3f5..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_syslogd_setting.py +++ /dev/null @@ -1,438 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_syslogd_setting -short_description: Global settings for remote syslog server in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_syslogd feature and setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_syslogd_setting: - description: - - Global settings for remote syslog server. - default: null - type: dict - suboptions: - certificate: - description: - - Certificate used to communicate with Syslog server. Source certificate.local.name. - type: str - custom_field_name: - description: - - Custom field name for CEF format logging. - type: list - suboptions: - custom: - description: - - Field custom name. - type: str - id: - description: - - Entry ID. - required: true - type: int - name: - description: - - Field name. - type: str - enc_algorithm: - description: - - Enable/disable reliable syslogging with TLS encryption. - type: str - choices: - - high-medium - - high - - low - - disable - facility: - description: - - Remote syslog facility. - type: str - choices: - - kernel - - user - - mail - - daemon - - auth - - syslog - - lpr - - news - - uucp - - cron - - authpriv - - ftp - - ntp - - audit - - alert - - clock - - local0 - - local1 - - local2 - - local3 - - local4 - - local5 - - local6 - - local7 - format: - description: - - Log format. - type: str - choices: - - default - - csv - - cef - mode: - description: - - Remote syslog logging over UDP/Reliable TCP. - type: str - choices: - - udp - - legacy-reliable - - reliable - port: - description: - - Server listen port. - type: int - server: - description: - - Address of remote syslog server. - type: str - source_ip: - description: - - Source IP address of syslog. - type: str - ssl_min_proto_version: - description: - - Minimum supported protocol version for SSL/TLS connections . - type: str - choices: - - default - - SSLv3 - - TLSv1 - - TLSv1-1 - - TLSv1-2 - status: - description: - - Enable/disable remote syslog logging. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Global settings for remote syslog server. - fortios_log_syslogd_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_syslogd_setting: - certificate: " (source certificate.local.name)" - custom_field_name: - - - custom: "" - id: "6" - name: "default_name_7" - enc_algorithm: "high-medium" - facility: "kernel" - format: "default" - mode: "udp" - port: "12" - server: "192.168.100.40" - source_ip: "84.230.14.43" - ssl_min_proto_version: "default" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_syslogd_setting_data(json): - option_list = ['certificate', 'custom_field_name', 'enc_algorithm', - 'facility', 'format', 'mode', - 'port', 'server', 'source_ip', - 'ssl_min_proto_version', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_syslogd_setting(data, fos): - vdom = data['vdom'] - log_syslogd_setting_data = data['log_syslogd_setting'] - filtered_data = underscore_to_hyphen(filter_log_syslogd_setting_data(log_syslogd_setting_data)) - - return fos.set('log.syslogd', - 'setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_syslogd(data, fos): - - if data['log_syslogd_setting']: - resp = log_syslogd_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_syslogd_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "certificate": {"required": False, "type": "str"}, - "custom_field_name": {"required": False, "type": "list", - "options": { - "custom": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "name": {"required": False, "type": "str"} - }}, - "enc_algorithm": {"required": False, "type": "str", - "choices": ["high-medium", "high", "low", - "disable"]}, - "facility": {"required": False, "type": "str", - "choices": ["kernel", "user", "mail", - "daemon", "auth", "syslog", - "lpr", "news", "uucp", - "cron", "authpriv", "ftp", - "ntp", "audit", "alert", - "clock", "local0", "local1", - "local2", "local3", "local4", - "local5", "local6", "local7"]}, - "format": {"required": False, "type": "str", - "choices": ["default", "csv", "cef"]}, - "mode": {"required": False, "type": "str", - "choices": ["udp", "legacy-reliable", "reliable"]}, - "port": {"required": False, "type": "int"}, - "server": {"required": False, "type": "str"}, - "source_ip": {"required": False, "type": "str"}, - "ssl_min_proto_version": {"required": False, "type": "str", - "choices": ["default", "SSLv3", "TLSv1", - "TLSv1-1", "TLSv1-2"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_syslogd(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_syslogd(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_threat_weight.py b/lib/ansible/modules/network/fortios/fortios_log_threat_weight.py deleted file mode 100644 index db47a1276a7..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_threat_weight.py +++ /dev/null @@ -1,725 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_threat_weight -short_description: Configure threat weight settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log feature and threat_weight category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_threat_weight: - description: - - Configure threat weight settings. - default: null - type: dict - suboptions: - application: - description: - - Application-control threat weight settings. - type: list - suboptions: - category: - description: - - Application category. - type: int - id: - description: - - Entry ID. - required: true - type: int - level: - description: - - Threat weight score for Application events. - type: str - choices: - - disable - - low - - medium - - high - - critical - blocked_connection: - description: - - Threat weight score for blocked connections. - type: str - choices: - - disable - - low - - medium - - high - - critical - failed_connection: - description: - - Threat weight score for failed connections. - type: str - choices: - - disable - - low - - medium - - high - - critical - geolocation: - description: - - Geolocation-based threat weight settings. - type: list - suboptions: - country: - description: - - Country code. - type: str - id: - description: - - Entry ID. - required: true - type: int - level: - description: - - Threat weight score for Geolocation-based events. - type: str - choices: - - disable - - low - - medium - - high - - critical - ips: - description: - - IPS threat weight settings. - type: dict - suboptions: - critical_severity: - description: - - Threat weight score for IPS critical severity events. - type: str - choices: - - disable - - low - - medium - - high - - critical - high_severity: - description: - - Threat weight score for IPS high severity events. - type: str - choices: - - disable - - low - - medium - - high - - critical - info_severity: - description: - - Threat weight score for IPS info severity events. - type: str - choices: - - disable - - low - - medium - - high - - critical - low_severity: - description: - - Threat weight score for IPS low severity events. - type: str - choices: - - disable - - low - - medium - - high - - critical - medium_severity: - description: - - Threat weight score for IPS medium severity events. - type: str - choices: - - disable - - low - - medium - - high - - critical - level: - description: - - Score mapping for threat weight levels. - type: dict - suboptions: - critical: - description: - - Critical level score value (1 - 100). - type: int - high: - description: - - High level score value (1 - 100). - type: int - low: - description: - - Low level score value (1 - 100). - type: int - medium: - description: - - Medium level score value (1 - 100). - type: int - malware: - description: - - Anti-virus malware threat weight settings. - type: dict - suboptions: - botnet_connection: - description: - - Threat weight score for detected botnet connections. - type: str - choices: - - disable - - low - - medium - - high - - critical - command_blocked: - description: - - Threat weight score for blocked command detected. - type: str - choices: - - disable - - low - - medium - - high - - critical - content_disarm: - description: - - Threat weight score for virus (content disarm) detected. - type: str - choices: - - disable - - low - - medium - - high - - critical - mimefragmented: - description: - - Threat weight score for mimefragmented detected. - type: str - choices: - - disable - - low - - medium - - high - - critical - oversized: - description: - - Threat weight score for oversized file detected. - type: str - choices: - - disable - - low - - medium - - high - - critical - switch_proto: - description: - - Threat weight score for switch proto detected. - type: str - choices: - - disable - - low - - medium - - high - - critical - virus_blocked: - description: - - Threat weight score for virus (blocked) detected. - type: str - choices: - - disable - - low - - medium - - high - - critical - virus_file_type_executable: - description: - - Threat weight score for virus (filetype executable) detected. - type: str - choices: - - disable - - low - - medium - - high - - critical - virus_infected: - description: - - Threat weight score for virus (infected) detected. - type: str - choices: - - disable - - low - - medium - - high - - critical - virus_outbreak_prevention: - description: - - Threat weight score for virus (outbreak prevention) event. - type: str - choices: - - disable - - low - - medium - - high - - critical - virus_scan_error: - description: - - Threat weight score for virus (scan error) detected. - type: str - choices: - - disable - - low - - medium - - high - - critical - status: - description: - - Enable/disable the threat weight feature. - type: str - choices: - - enable - - disable - url_block_detected: - description: - - Threat weight score for URL blocking. - type: str - choices: - - disable - - low - - medium - - high - - critical - web: - description: - - Web filtering threat weight settings. - type: list - suboptions: - category: - description: - - Threat weight score for web category filtering matches. - type: int - id: - description: - - Entry ID. - required: true - type: int - level: - description: - - Threat weight score for web category filtering matches. - type: str - choices: - - disable - - low - - medium - - high - - critical -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure threat weight settings. - fortios_log_threat_weight: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_threat_weight: - application: - - - category: "4" - id: "5" - level: "disable" - blocked_connection: "disable" - failed_connection: "disable" - geolocation: - - - country: "" - id: "11" - level: "disable" - ips: - critical_severity: "disable" - high_severity: "disable" - info_severity: "disable" - low_severity: "disable" - medium_severity: "disable" - level: - critical: "20" - high: "21" - low: "22" - medium: "23" - malware: - botnet_connection: "disable" - command_blocked: "disable" - content_disarm: "disable" - mimefragmented: "disable" - oversized: "disable" - switch_proto: "disable" - virus_blocked: "disable" - virus_file_type_executable: "disable" - virus_infected: "disable" - virus_outbreak_prevention: "disable" - virus_scan_error: "disable" - status: "enable" - url_block_detected: "disable" - web: - - - category: "39" - id: "40" - level: "disable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_threat_weight_data(json): - option_list = ['application', 'blocked_connection', 'failed_connection', - 'geolocation', 'ips', 'level', - 'malware', 'status', 'url_block_detected', - 'web'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_threat_weight(data, fos): - vdom = data['vdom'] - log_threat_weight_data = data['log_threat_weight'] - filtered_data = underscore_to_hyphen(filter_log_threat_weight_data(log_threat_weight_data)) - - return fos.set('log', - 'threat-weight', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log(data, fos): - - if data['log_threat_weight']: - resp = log_threat_weight(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_threat_weight": { - "required": False, "type": "dict", "default": None, - "options": { - "application": {"required": False, "type": "list", - "options": { - "category": {"required": False, "type": "int"}, - "id": {"required": True, "type": "int"}, - "level": {"required": False, "type": "str", - "choices": ["disable", "low", "medium", - "high", "critical"]} - }}, - "blocked_connection": {"required": False, "type": "str", - "choices": ["disable", "low", "medium", - "high", "critical"]}, - "failed_connection": {"required": False, "type": "str", - "choices": ["disable", "low", "medium", - "high", "critical"]}, - "geolocation": {"required": False, "type": "list", - "options": { - "country": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "level": {"required": False, "type": "str", - "choices": ["disable", "low", "medium", - "high", "critical"]} - }}, - "ips": {"required": False, "type": "dict", - "options": { - "critical_severity": {"required": False, "type": "str", - "choices": ["disable", "low", "medium", - "high", "critical"]}, - "high_severity": {"required": False, "type": "str", - "choices": ["disable", "low", "medium", - "high", "critical"]}, - "info_severity": {"required": False, "type": "str", - "choices": ["disable", "low", "medium", - "high", "critical"]}, - "low_severity": {"required": False, "type": "str", - "choices": ["disable", "low", "medium", - "high", "critical"]}, - "medium_severity": {"required": False, "type": "str", - "choices": ["disable", "low", "medium", - "high", "critical"]} - }}, - "level": {"required": False, "type": "dict", - "options": { - "critical": {"required": False, "type": "int"}, - "high": {"required": False, "type": "int"}, - "low": {"required": False, "type": "int"}, - "medium": {"required": False, "type": "int"} - }}, - "malware": {"required": False, "type": "dict", - "options": { - "botnet_connection": {"required": False, "type": "str", - "choices": ["disable", "low", "medium", - "high", "critical"]}, - "command_blocked": {"required": False, "type": "str", - "choices": ["disable", "low", "medium", - "high", "critical"]}, - "content_disarm": {"required": False, "type": "str", - "choices": ["disable", "low", "medium", - "high", "critical"]}, - "mimefragmented": {"required": False, "type": "str", - "choices": ["disable", "low", "medium", - "high", "critical"]}, - "oversized": {"required": False, "type": "str", - "choices": ["disable", "low", "medium", - "high", "critical"]}, - "switch_proto": {"required": False, "type": "str", - "choices": ["disable", "low", "medium", - "high", "critical"]}, - "virus_blocked": {"required": False, "type": "str", - "choices": ["disable", "low", "medium", - "high", "critical"]}, - "virus_file_type_executable": {"required": False, "type": "str", - "choices": ["disable", "low", "medium", - "high", "critical"]}, - "virus_infected": {"required": False, "type": "str", - "choices": ["disable", "low", "medium", - "high", "critical"]}, - "virus_outbreak_prevention": {"required": False, "type": "str", - "choices": ["disable", "low", "medium", - "high", "critical"]}, - "virus_scan_error": {"required": False, "type": "str", - "choices": ["disable", "low", "medium", - "high", "critical"]} - }}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "url_block_detected": {"required": False, "type": "str", - "choices": ["disable", "low", "medium", - "high", "critical"]}, - "web": {"required": False, "type": "list", - "options": { - "category": {"required": False, "type": "int"}, - "id": {"required": True, "type": "int"}, - "level": {"required": False, "type": "str", - "choices": ["disable", "low", "medium", - "high", "critical"]} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_webtrends_filter.py b/lib/ansible/modules/network/fortios/fortios_log_webtrends_filter.py deleted file mode 100644 index 05bb1257931..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_webtrends_filter.py +++ /dev/null @@ -1,424 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_webtrends_filter -short_description: Filters for WebTrends in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_webtrends feature and filter category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_webtrends_filter: - description: - - Filters for WebTrends. - default: null - type: dict - suboptions: - anomaly: - description: - - Enable/disable anomaly logging. - type: str - choices: - - enable - - disable - dns: - description: - - Enable/disable detailed DNS event logging. - type: str - choices: - - enable - - disable - filter: - description: - - Webtrends log filter. - type: str - filter_type: - description: - - Include/exclude logs that match the filter. - type: str - choices: - - include - - exclude - forward_traffic: - description: - - Enable/disable forward traffic logging. - type: str - choices: - - enable - - disable - gtp: - description: - - Enable/disable GTP messages logging. - type: str - choices: - - enable - - disable - local_traffic: - description: - - Enable/disable local in or out traffic logging. - type: str - choices: - - enable - - disable - multicast_traffic: - description: - - Enable/disable multicast traffic logging. - type: str - choices: - - enable - - disable - netscan_discovery: - description: - - Enable/disable netscan discovery event logging. - type: str - netscan_vulnerability: - description: - - Enable/disable netscan vulnerability event logging. - type: str - severity: - description: - - Lowest severity level to log to WebTrends. - type: str - choices: - - emergency - - alert - - critical - - error - - warning - - notification - - information - - debug - sniffer_traffic: - description: - - Enable/disable sniffer traffic logging. - type: str - choices: - - enable - - disable - ssh: - description: - - Enable/disable SSH logging. - type: str - choices: - - enable - - disable - voip: - description: - - Enable/disable VoIP logging. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Filters for WebTrends. - fortios_log_webtrends_filter: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_webtrends_filter: - anomaly: "enable" - dns: "enable" - filter: "" - filter_type: "include" - forward_traffic: "enable" - gtp: "enable" - local_traffic: "enable" - multicast_traffic: "enable" - netscan_discovery: "" - netscan_vulnerability: "" - severity: "emergency" - sniffer_traffic: "enable" - ssh: "enable" - voip: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_webtrends_filter_data(json): - option_list = ['anomaly', 'dns', 'filter', - 'filter_type', 'forward_traffic', 'gtp', - 'local_traffic', 'multicast_traffic', 'netscan_discovery', - 'netscan_vulnerability', 'severity', 'sniffer_traffic', - 'ssh', 'voip'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_webtrends_filter(data, fos): - vdom = data['vdom'] - log_webtrends_filter_data = data['log_webtrends_filter'] - filtered_data = underscore_to_hyphen(filter_log_webtrends_filter_data(log_webtrends_filter_data)) - - return fos.set('log.webtrends', - 'filter', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_webtrends(data, fos): - - if data['log_webtrends_filter']: - resp = log_webtrends_filter(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_webtrends_filter": { - "required": False, "type": "dict", "default": None, - "options": { - "anomaly": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dns": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "filter": {"required": False, "type": "str"}, - "filter_type": {"required": False, "type": "str", - "choices": ["include", "exclude"]}, - "forward_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gtp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "multicast_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "netscan_discovery": {"required": False, "type": "str"}, - "netscan_vulnerability": {"required": False, "type": "str"}, - "severity": {"required": False, "type": "str", - "choices": ["emergency", "alert", "critical", - "error", "warning", "notification", - "information", "debug"]}, - "sniffer_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssh": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "voip": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_webtrends(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_webtrends(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_log_webtrends_setting.py b/lib/ansible/modules/network/fortios/fortios_log_webtrends_setting.py deleted file mode 100644 index 47112297b9f..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_log_webtrends_setting.py +++ /dev/null @@ -1,300 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_log_webtrends_setting -short_description: Settings for WebTrends in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify log_webtrends feature and setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - log_webtrends_setting: - description: - - Settings for WebTrends. - default: null - type: dict - suboptions: - server: - description: - - Address of the remote WebTrends server. - type: str - status: - description: - - Enable/disable logging to WebTrends. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Settings for WebTrends. - fortios_log_webtrends_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - log_webtrends_setting: - server: "192.168.100.40" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_log_webtrends_setting_data(json): - option_list = ['server', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def log_webtrends_setting(data, fos): - vdom = data['vdom'] - log_webtrends_setting_data = data['log_webtrends_setting'] - filtered_data = underscore_to_hyphen(filter_log_webtrends_setting_data(log_webtrends_setting_data)) - - return fos.set('log.webtrends', - 'setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_log_webtrends(data, fos): - - if data['log_webtrends_setting']: - resp = log_webtrends_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "log_webtrends_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "server": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_log_webtrends(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_log_webtrends(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_report_chart.py b/lib/ansible/modules/network/fortios/fortios_report_chart.py deleted file mode 100644 index fec1df27b72..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_report_chart.py +++ /dev/null @@ -1,850 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_report_chart -short_description: Report chart widget configuration in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify report feature and chart category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - report_chart: - description: - - Report chart widget configuration. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - background: - description: - - Chart background. - type: str - category: - description: - - Category. - type: str - choices: - - misc - - traffic - - event - - virus - - webfilter - - attack - - spam - - dlp - - app-ctrl - - vulnerability - category_series: - description: - - Category series of pie chart. - type: dict - suboptions: - databind: - description: - - Category series value expression. - type: str - font_size: - description: - - Font size of category-series title. - type: int - color_palette: - description: - - Color palette (system will pick color automatically by default). - type: str - column: - description: - - Table column definition. - type: list - suboptions: - detail_unit: - description: - - Detail unit of column. - type: str - detail_value: - description: - - Detail value of column. - type: str - footer_unit: - description: - - Footer unit of column. - type: str - footer_value: - description: - - Footer value of column. - type: str - header_value: - description: - - Display name of table header. - type: str - id: - description: - - ID. - required: true - type: int - mapping: - description: - - Show detail in certain display value for certain condition. - type: list - suboptions: - displayname: - description: - - Display name. - type: str - id: - description: - - id - required: true - type: int - op: - description: - - Comparison operator. - type: str - choices: - - none - - greater - - greater-equal - - less - - less-equal - - equal - - between - value_type: - description: - - Value type. - type: str - choices: - - integer - - string - value1: - description: - - Value 1. - type: str - value2: - description: - - Value 2. - type: str - comments: - description: - - Comment. - type: str - dataset: - description: - - Bind dataset to chart. - type: str - dimension: - description: - - Dimension. - type: str - choices: - - 2D - - 3D - drill_down_charts: - description: - - Drill down charts. - type: list - suboptions: - chart_name: - description: - - Drill down chart name. - type: str - id: - description: - - Drill down chart ID. - required: true - type: int - status: - description: - - Enable/disable this drill down chart. - type: str - choices: - - enable - - disable - favorite: - description: - - Favorite. - type: str - choices: - - no - - yes - graph_type: - description: - - Graph type. - type: str - choices: - - none - - bar - - pie - - line - - flow - legend: - description: - - Enable/Disable Legend area. - type: str - choices: - - enable - - disable - legend_font_size: - description: - - Font size of legend area. - type: int - name: - description: - - Chart Widget Name - required: true - type: str - period: - description: - - Time period. - type: str - choices: - - last24h - - last7d - policy: - description: - - Used by monitor policy. - type: int - style: - description: - - Style. - type: str - choices: - - auto - - manual - title: - description: - - Chart title. - type: str - title_font_size: - description: - - Font size of chart title. - type: int - type: - description: - - Chart type. - type: str - choices: - - graph - - table - value_series: - description: - - Value series of pie chart. - type: dict - suboptions: - databind: - description: - - Value series value expression. - type: str - x_series: - description: - - X-series of chart. - type: dict - suboptions: - caption: - description: - - X-series caption. - type: str - caption_font_size: - description: - - X-series caption font size. - type: int - databind: - description: - - X-series value expression. - type: str - font_size: - description: - - X-series label font size. - type: int - is_category: - description: - - X-series represent category or not. - type: str - choices: - - yes - - no - label_angle: - description: - - X-series label angle. - type: str - choices: - - 45-degree - - vertical - - horizontal - scale_direction: - description: - - Scale increase or decrease. - type: str - choices: - - decrease - - increase - scale_format: - description: - - Date/time format. - type: str - choices: - - YYYY-MM-DD-HH-MM - - YYYY-MM-DD HH - - YYYY-MM-DD - - YYYY-MM - - YYYY - - HH-MM - - MM-DD - scale_step: - description: - - Scale step. - type: int - scale_unit: - description: - - Scale unit. - type: str - choices: - - minute - - hour - - day - - month - - year - unit: - description: - - X-series unit. - type: str - y_series: - description: - - Y-series of chart. - type: dict - suboptions: - caption: - description: - - Y-series caption. - type: str - caption_font_size: - description: - - Y-series caption font size. - type: int - databind: - description: - - Y-series value expression. - type: str - extra_databind: - description: - - Extra Y-series value. - type: str - extra_y: - description: - - Allow another Y-series value - type: str - choices: - - enable - - disable - extra_y_legend: - description: - - Extra Y-series legend type/name. - type: str - font_size: - description: - - Y-series label font size. - type: int - group: - description: - - Y-series group option. - type: str - label_angle: - description: - - Y-series label angle. - type: str - choices: - - 45-degree - - vertical - - horizontal - unit: - description: - - Y-series unit. - type: str - y_legend: - description: - - First Y-series legend type/name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Report chart widget configuration. - fortios_report_chart: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - report_chart: - background: "" - category: "misc" - category_series: - databind: "" - font_size: "7" - color_palette: "" - column: - - - detail_unit: "" - detail_value: "" - footer_unit: "" - footer_value: "" - header_value: "" - id: "15" - mapping: - - - displayname: "" - id: "18" - op: "none" - value_type: "integer" - value1: "" - value2: "" - comments: "" - dataset: "" - dimension: "2D" - drill_down_charts: - - - chart_name: "" - id: "28" - status: "enable" - favorite: "no" - graph_type: "none" - legend: "enable" - legend_font_size: "33" - name: "default_name_34" - period: "last24h" - policy: "36" - style: "auto" - title: "" - title_font_size: "39" - type: "graph" - value_series: - databind: "" - x_series: - caption: "" - caption_font_size: "45" - databind: "" - font_size: "47" - is_category: "yes" - label_angle: "45-degree" - scale_direction: "decrease" - scale_format: "YYYY-MM-DD-HH-MM" - scale_step: "52" - scale_unit: "minute" - unit: "" - y_series: - caption: "" - caption_font_size: "57" - databind: "" - extra_databind: "" - extra_y: "enable" - extra_y_legend: "" - font_size: "62" - group: "" - label_angle: "45-degree" - unit: "" - y_legend: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_report_chart_data(json): - option_list = ['background', 'category', 'category_series', - 'color_palette', 'column', 'comments', - 'dataset', 'dimension', 'drill_down_charts', - 'favorite', 'graph_type', 'legend', - 'legend_font_size', 'name', 'period', - 'policy', 'style', 'title', - 'title_font_size', 'type', 'value_series', - 'x_series', 'y_series'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def report_chart(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['report_chart'] and data['report_chart']: - state = data['report_chart']['state'] - else: - state = True - report_chart_data = data['report_chart'] - filtered_data = underscore_to_hyphen(filter_report_chart_data(report_chart_data)) - - if state == "present": - return fos.set('report', - 'chart', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('report', - 'chart', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_report(data, fos): - - if data['report_chart']: - resp = report_chart(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "report_chart": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "background": {"required": False, "type": "str"}, - "category": {"required": False, "type": "str", - "choices": ["misc", "traffic", "event", - "virus", "webfilter", "attack", - "spam", "dlp", "app-ctrl", - "vulnerability"]}, - "category_series": {"required": False, "type": "dict", - "options": { - "databind": {"required": False, "type": "str"}, - "font_size": {"required": False, "type": "int"} - }}, - "color_palette": {"required": False, "type": "str"}, - "column": {"required": False, "type": "list", - "options": { - "detail_unit": {"required": False, "type": "str"}, - "detail_value": {"required": False, "type": "str"}, - "footer_unit": {"required": False, "type": "str"}, - "footer_value": {"required": False, "type": "str"}, - "header_value": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "mapping": {"required": False, "type": "list", - "options": { - "displayname": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "op": {"required": False, "type": "str", - "choices": ["none", "greater", "greater-equal", - "less", "less-equal", "equal", - "between"]}, - "value_type": {"required": False, "type": "str", - "choices": ["integer", "string"]}, - "value1": {"required": False, "type": "str"}, - "value2": {"required": False, "type": "str"} - }} - }}, - "comments": {"required": False, "type": "str"}, - "dataset": {"required": False, "type": "str"}, - "dimension": {"required": False, "type": "str", - "choices": ["2D", "3D"]}, - "drill_down_charts": {"required": False, "type": "list", - "options": { - "chart_name": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "favorite": {"required": False, "type": "str", - "choices": ["no", "yes"]}, - "graph_type": {"required": False, "type": "str", - "choices": ["none", "bar", "pie", - "line", "flow"]}, - "legend": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "legend_font_size": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "period": {"required": False, "type": "str", - "choices": ["last24h", "last7d"]}, - "policy": {"required": False, "type": "int"}, - "style": {"required": False, "type": "str", - "choices": ["auto", "manual"]}, - "title": {"required": False, "type": "str"}, - "title_font_size": {"required": False, "type": "int"}, - "type": {"required": False, "type": "str", - "choices": ["graph", "table"]}, - "value_series": {"required": False, "type": "dict", - "options": { - "databind": {"required": False, "type": "str"} - }}, - "x_series": {"required": False, "type": "dict", - "options": { - "caption": {"required": False, "type": "str"}, - "caption_font_size": {"required": False, "type": "int"}, - "databind": {"required": False, "type": "str"}, - "font_size": {"required": False, "type": "int"}, - "is_category": {"required": False, "type": "str", - "choices": ["yes", "no"]}, - "label_angle": {"required": False, "type": "str", - "choices": ["45-degree", "vertical", "horizontal"]}, - "scale_direction": {"required": False, "type": "str", - "choices": ["decrease", "increase"]}, - "scale_format": {"required": False, "type": "str", - "choices": ["YYYY-MM-DD-HH-MM", "YYYY-MM-DD HH", "YYYY-MM-DD", - "YYYY-MM", "YYYY", "HH-MM", - "MM-DD"]}, - "scale_step": {"required": False, "type": "int"}, - "scale_unit": {"required": False, "type": "str", - "choices": ["minute", "hour", "day", - "month", "year"]}, - "unit": {"required": False, "type": "str"} - }}, - "y_series": {"required": False, "type": "dict", - "options": { - "caption": {"required": False, "type": "str"}, - "caption_font_size": {"required": False, "type": "int"}, - "databind": {"required": False, "type": "str"}, - "extra_databind": {"required": False, "type": "str"}, - "extra_y": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "extra_y_legend": {"required": False, "type": "str"}, - "font_size": {"required": False, "type": "int"}, - "group": {"required": False, "type": "str"}, - "label_angle": {"required": False, "type": "str", - "choices": ["45-degree", "vertical", "horizontal"]}, - "unit": {"required": False, "type": "str"}, - "y_legend": {"required": False, "type": "str"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_report(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_report(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_report_dataset.py b/lib/ansible/modules/network/fortios/fortios_report_dataset.py deleted file mode 100644 index 76e2367fb95..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_report_dataset.py +++ /dev/null @@ -1,427 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_report_dataset -short_description: Report dataset configuration in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify report feature and dataset category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - report_dataset: - description: - - Report dataset configuration. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - field: - description: - - Fields. - type: list - suboptions: - displayname: - description: - - Display name. - type: str - id: - description: - - Field ID (1 to number of columns in SQL result). - required: true - type: int - name: - description: - - Name. - type: str - type: - description: - - Field type. - type: str - choices: - - text - - integer - - double - name: - description: - - Name. - required: true - type: str - parameters: - description: - - Parameters. - type: list - suboptions: - data_type: - description: - - Data type. - type: str - choices: - - text - - integer - - double - - long-integer - - date-time - display_name: - description: - - Display name. - type: str - field: - description: - - SQL field name. - type: str - id: - description: - - Parameter ID (1 to number of columns in SQL result). - required: true - type: int - policy: - description: - - Used by monitor policy. - type: int - query: - description: - - SQL query statement. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Report dataset configuration. - fortios_report_dataset: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - report_dataset: - field: - - - displayname: "" - id: "5" - name: "default_name_6" - type: "text" - name: "default_name_8" - parameters: - - - data_type: "text" - display_name: "" - field: "" - id: "13" - policy: "14" - query: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_report_dataset_data(json): - option_list = ['field', 'name', 'parameters', - 'policy', 'query'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def report_dataset(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['report_dataset'] and data['report_dataset']: - state = data['report_dataset']['state'] - else: - state = True - report_dataset_data = data['report_dataset'] - filtered_data = underscore_to_hyphen(filter_report_dataset_data(report_dataset_data)) - - if state == "present": - return fos.set('report', - 'dataset', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('report', - 'dataset', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_report(data, fos): - - if data['report_dataset']: - resp = report_dataset(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "report_dataset": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "field": {"required": False, "type": "list", - "options": { - "displayname": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "name": {"required": False, "type": "str"}, - "type": {"required": False, "type": "str", - "choices": ["text", "integer", "double"]} - }}, - "name": {"required": True, "type": "str"}, - "parameters": {"required": False, "type": "list", - "options": { - "data_type": {"required": False, "type": "str", - "choices": ["text", "integer", "double", - "long-integer", "date-time"]}, - "display_name": {"required": False, "type": "str"}, - "field": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"} - }}, - "policy": {"required": False, "type": "int"}, - "query": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_report(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_report(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_report_layout.py b/lib/ansible/modules/network/fortios/fortios_report_layout.py deleted file mode 100644 index 0b15ed9fbdd..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_report_layout.py +++ /dev/null @@ -1,867 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_report_layout -short_description: Report layout configuration in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify report feature and layout category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - report_layout: - description: - - Report layout configuration. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - body_item: - description: - - Configure report body item. - type: list - suboptions: - chart: - description: - - Report item chart name. - type: str - chart_options: - description: - - Report chart options. - type: str - choices: - - include-no-data - - hide-title - - show-caption - column: - description: - - Report section column number. - type: int - content: - description: - - Report item text content. - type: str - description: - description: - - Description. - type: str - drill_down_items: - description: - - Control how drill down charts are shown. - type: str - drill_down_types: - description: - - Control whether keys from the parent being combined or not. - type: str - hide: - description: - - Enable/disable hide item in report. - type: str - choices: - - enable - - disable - id: - description: - - Report item ID. - required: true - type: int - img_src: - description: - - Report item image file name. - type: str - list: - description: - - Configure report list item. - type: list - suboptions: - content: - description: - - List entry content. - type: str - id: - description: - - List entry ID. - required: true - type: int - list_component: - description: - - Report item list component. - type: str - choices: - - bullet - - numbered - misc_component: - description: - - Report item miscellaneous component. - type: str - choices: - - hline - - page-break - - column-break - - section-start - parameters: - description: - - Parameters. - type: list - suboptions: - id: - description: - - ID. - required: true - type: int - name: - description: - - Field name that match field of parameters defined in dataset. - type: str - value: - description: - - Value to replace corresponding field of parameters defined in dataset. - type: str - style: - description: - - Report item style. - type: str - table_caption_style: - description: - - Table chart caption style. - type: str - table_column_widths: - description: - - Report item table column widths. - type: str - table_even_row_style: - description: - - Table chart even row style. - type: str - table_head_style: - description: - - Table chart head style. - type: str - table_odd_row_style: - description: - - Table chart odd row style. - type: str - text_component: - description: - - Report item text component. - type: str - choices: - - text - - heading1 - - heading2 - - heading3 - title: - description: - - Report section title. - type: str - top_n: - description: - - Value of top. - type: int - type: - description: - - Report item type. - type: str - choices: - - text - - image - - chart - - misc - cutoff_option: - description: - - Cutoff-option is either run-time or custom. - type: str - choices: - - run-time - - custom - cutoff_time: - description: - - "Custom cutoff time to generate report [hh:mm]." - type: str - day: - description: - - Schedule days of week to generate report. - type: str - choices: - - sunday - - monday - - tuesday - - wednesday - - thursday - - friday - - saturday - description: - description: - - Description. - type: str - email_recipients: - description: - - Email recipients for generated reports. - type: str - email_send: - description: - - Enable/disable sending emails after reports are generated. - type: str - choices: - - enable - - disable - format: - description: - - Report format. - type: str - choices: - - pdf - max_pdf_report: - description: - - Maximum number of PDF reports to keep at one time (oldest report is overwritten). - type: int - name: - description: - - Report layout name. - required: true - type: str - options: - description: - - Report layout options. - type: str - choices: - - include-table-of-content - - auto-numbering-heading - - view-chart-as-heading - - show-html-navbar-before-heading - - dummy-option - page: - description: - - Configure report page. - type: dict - suboptions: - column_break_before: - description: - - Report page auto column break before heading. - type: str - choices: - - heading1 - - heading2 - - heading3 - footer: - description: - - Configure report page footer. - type: dict - suboptions: - footer_item: - description: - - Configure report footer item. - type: list - suboptions: - content: - description: - - Report item text content. - type: str - description: - description: - - Description. - type: str - id: - description: - - Report item ID. - required: true - type: int - img_src: - description: - - Report item image file name. - type: str - style: - description: - - Report item style. - type: str - type: - description: - - Report item type. - type: str - choices: - - text - - image - style: - description: - - Report footer style. - type: str - header: - description: - - Configure report page header. - type: dict - suboptions: - header_item: - description: - - Configure report header item. - type: list - suboptions: - content: - description: - - Report item text content. - type: str - description: - description: - - Description. - type: str - id: - description: - - Report item ID. - required: true - type: int - img_src: - description: - - Report item image file name. - type: str - style: - description: - - Report item style. - type: str - type: - description: - - Report item type. - type: str - choices: - - text - - image - style: - description: - - Report header style. - type: str - options: - description: - - Report page options. - type: str - choices: - - header-on-first-page - - footer-on-first-page - page_break_before: - description: - - Report page auto page break before heading. - type: str - choices: - - heading1 - - heading2 - - heading3 - paper: - description: - - Report page paper. - type: str - choices: - - a4 - - letter - schedule_type: - description: - - Report schedule type. - type: str - choices: - - demand - - daily - - weekly - style_theme: - description: - - Report style theme. - type: str - subtitle: - description: - - Report subtitle. - type: str - time: - description: - - "Schedule time to generate report [hh:mm]." - type: str - title: - description: - - Report title. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Report layout configuration. - fortios_report_layout: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - report_layout: - body_item: - - - chart: "" - chart_options: "include-no-data" - column: "6" - content: "" - description: "" - drill_down_items: "" - drill_down_types: "" - hide: "enable" - id: "12" - img_src: "" - list: - - - content: "" - id: "16" - list_component: "bullet" - misc_component: "hline" - parameters: - - - id: "20" - name: "default_name_21" - value: "" - style: "" - table_caption_style: "" - table_column_widths: "" - table_even_row_style: "" - table_head_style: "" - table_odd_row_style: "" - text_component: "text" - title: "" - top_n: "31" - type: "text" - cutoff_option: "run-time" - cutoff_time: "" - day: "sunday" - description: "" - email_recipients: "" - email_send: "enable" - format: "pdf" - max_pdf_report: "40" - name: "default_name_41" - options: "include-table-of-content" - page: - column_break_before: "heading1" - footer: - footer_item: - - - content: "" - description: "" - id: "49" - img_src: "" - style: "" - type: "text" - style: "" - header: - header_item: - - - content: "" - description: "" - id: "58" - img_src: "" - style: "" - type: "text" - style: "" - options: "header-on-first-page" - page_break_before: "heading1" - paper: "a4" - schedule_type: "demand" - style_theme: "" - subtitle: "" - time: "" - title: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_report_layout_data(json): - option_list = ['body_item', 'cutoff_option', 'cutoff_time', - 'day', 'description', 'email_recipients', - 'email_send', 'format', 'max_pdf_report', - 'name', 'options', 'page', - 'schedule_type', 'style_theme', 'subtitle', - 'time', 'title'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def report_layout(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['report_layout'] and data['report_layout']: - state = data['report_layout']['state'] - else: - state = True - report_layout_data = data['report_layout'] - filtered_data = underscore_to_hyphen(filter_report_layout_data(report_layout_data)) - - if state == "present": - return fos.set('report', - 'layout', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('report', - 'layout', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_report(data, fos): - - if data['report_layout']: - resp = report_layout(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "report_layout": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "body_item": {"required": False, "type": "list", - "options": { - "chart": {"required": False, "type": "str"}, - "chart_options": {"required": False, "type": "str", - "choices": ["include-no-data", "hide-title", "show-caption"]}, - "column": {"required": False, "type": "int"}, - "content": {"required": False, "type": "str"}, - "description": {"required": False, "type": "str"}, - "drill_down_items": {"required": False, "type": "str"}, - "drill_down_types": {"required": False, "type": "str"}, - "hide": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "id": {"required": True, "type": "int"}, - "img_src": {"required": False, "type": "str"}, - "list": {"required": False, "type": "list", - "options": { - "content": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"} - }}, - "list_component": {"required": False, "type": "str", - "choices": ["bullet", "numbered"]}, - "misc_component": {"required": False, "type": "str", - "choices": ["hline", "page-break", "column-break", - "section-start"]}, - "parameters": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "name": {"required": False, "type": "str"}, - "value": {"required": False, "type": "str"} - }}, - "style": {"required": False, "type": "str"}, - "table_caption_style": {"required": False, "type": "str"}, - "table_column_widths": {"required": False, "type": "str"}, - "table_even_row_style": {"required": False, "type": "str"}, - "table_head_style": {"required": False, "type": "str"}, - "table_odd_row_style": {"required": False, "type": "str"}, - "text_component": {"required": False, "type": "str", - "choices": ["text", "heading1", "heading2", - "heading3"]}, - "title": {"required": False, "type": "str"}, - "top_n": {"required": False, "type": "int"}, - "type": {"required": False, "type": "str", - "choices": ["text", "image", "chart", - "misc"]} - }}, - "cutoff_option": {"required": False, "type": "str", - "choices": ["run-time", "custom"]}, - "cutoff_time": {"required": False, "type": "str"}, - "day": {"required": False, "type": "str", - "choices": ["sunday", "monday", "tuesday", - "wednesday", "thursday", "friday", - "saturday"]}, - "description": {"required": False, "type": "str"}, - "email_recipients": {"required": False, "type": "str"}, - "email_send": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "format": {"required": False, "type": "str", - "choices": ["pdf"]}, - "max_pdf_report": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "options": {"required": False, "type": "str", - "choices": ["include-table-of-content", "auto-numbering-heading", "view-chart-as-heading", - "show-html-navbar-before-heading", "dummy-option"]}, - "page": {"required": False, "type": "dict", - "options": { - "column_break_before": {"required": False, "type": "str", - "choices": ["heading1", "heading2", "heading3"]}, - "footer": {"required": False, "type": "dict", - "options": { - "footer_item": {"required": False, "type": "list", - "options": { - "content": {"required": False, "type": "str"}, - "description": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "img_src": {"required": False, "type": "str"}, - "style": {"required": False, "type": "str"}, - "type": {"required": False, "type": "str", - "choices": ["text", "image"]} - }}, - "style": {"required": False, "type": "str"} - }}, - "header": {"required": False, "type": "dict", - "options": { - "header_item": {"required": False, "type": "list", - "options": { - "content": {"required": False, "type": "str"}, - "description": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "img_src": {"required": False, "type": "str"}, - "style": {"required": False, "type": "str"}, - "type": {"required": False, "type": "str", - "choices": ["text", "image"]} - }}, - "style": {"required": False, "type": "str"} - }}, - "options": {"required": False, "type": "str", - "choices": ["header-on-first-page", "footer-on-first-page"]}, - "page_break_before": {"required": False, "type": "str", - "choices": ["heading1", "heading2", "heading3"]}, - "paper": {"required": False, "type": "str", - "choices": ["a4", "letter"]} - }}, - "schedule_type": {"required": False, "type": "str", - "choices": ["demand", "daily", "weekly"]}, - "style_theme": {"required": False, "type": "str"}, - "subtitle": {"required": False, "type": "str"}, - "time": {"required": False, "type": "str"}, - "title": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_report(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_report(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_report_setting.py b/lib/ansible/modules/network/fortios/fortios_report_setting.py deleted file mode 100644 index 901daf4f9cb..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_report_setting.py +++ /dev/null @@ -1,328 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_report_setting -short_description: Report setting configuration in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify report feature and setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - report_setting: - description: - - Report setting configuration. - default: null - type: dict - suboptions: - fortiview: - description: - - Enable/disable historical FortiView. - type: str - choices: - - enable - - disable - pdf_report: - description: - - Enable/disable PDF report. - type: str - choices: - - enable - - disable - report_source: - description: - - Report log source. - type: str - choices: - - forward-traffic - - sniffer-traffic - - local-deny-traffic - top_n: - description: - - Number of items to populate (100 - 4000). - type: int - web_browsing_threshold: - description: - - Web browsing time calculation threshold (3 - 15 min). - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Report setting configuration. - fortios_report_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - report_setting: - fortiview: "enable" - pdf_report: "enable" - report_source: "forward-traffic" - top_n: "6" - web_browsing_threshold: "7" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_report_setting_data(json): - option_list = ['fortiview', 'pdf_report', 'report_source', - 'top_n', 'web_browsing_threshold'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def report_setting(data, fos): - vdom = data['vdom'] - report_setting_data = data['report_setting'] - filtered_data = underscore_to_hyphen(filter_report_setting_data(report_setting_data)) - - return fos.set('report', - 'setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_report(data, fos): - - if data['report_setting']: - resp = report_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "report_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "fortiview": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "pdf_report": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "report_source": {"required": False, "type": "str", - "choices": ["forward-traffic", "sniffer-traffic", "local-deny-traffic"]}, - "top_n": {"required": False, "type": "int"}, - "web_browsing_threshold": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_report(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_report(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_report_style.py b/lib/ansible/modules/network/fortios/fortios_report_style.py deleted file mode 100644 index 8b7e651ee93..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_report_style.py +++ /dev/null @@ -1,529 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_report_style -short_description: Report style configuration in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify report feature and style category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - report_style: - description: - - Report style configuration. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - align: - description: - - Alignment. - type: str - choices: - - left - - center - - right - - justify - bg_color: - description: - - Background color. - type: str - border_bottom: - description: - - Border bottom. - type: str - border_left: - description: - - Border left. - type: str - border_right: - description: - - Border right. - type: str - border_top: - description: - - Border top. - type: str - column_gap: - description: - - Column gap. - type: str - column_span: - description: - - Column span. - type: str - choices: - - none - - all - fg_color: - description: - - Foreground color. - type: str - font_family: - description: - - Font family. - type: str - choices: - - Verdana - - Arial - - Helvetica - - Courier - - Times - font_size: - description: - - Font size. - type: str - font_style: - description: - - Font style. - type: str - choices: - - normal - - italic - font_weight: - description: - - Font weight. - type: str - choices: - - normal - - bold - height: - description: - - Height. - type: str - line_height: - description: - - Text line height. - type: str - margin_bottom: - description: - - Margin bottom. - type: str - margin_left: - description: - - Margin left. - type: str - margin_right: - description: - - Margin right. - type: str - margin_top: - description: - - Margin top. - type: str - name: - description: - - Report style name. - required: true - type: str - options: - description: - - Report style options. - type: str - choices: - - font - - text - - color - - align - - size - - margin - - border - - padding - - column - padding_bottom: - description: - - Padding bottom. - type: str - padding_left: - description: - - Padding left. - type: str - padding_right: - description: - - Padding right. - type: str - padding_top: - description: - - Padding top. - type: str - width: - description: - - Width. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Report style configuration. - fortios_report_style: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - report_style: - align: "left" - bg_color: "" - border_bottom: "" - border_left: "" - border_right: "" - border_top: "" - column_gap: "" - column_span: "none" - fg_color: "" - font_family: "Verdana" - font_size: "" - font_style: "normal" - font_weight: "normal" - height: "" - line_height: "" - margin_bottom: "" - margin_left: "" - margin_right: "" - margin_top: "" - name: "default_name_22" - options: "font" - padding_bottom: "" - padding_left: "" - padding_right: "" - padding_top: "" - width: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_report_style_data(json): - option_list = ['align', 'bg_color', 'border_bottom', - 'border_left', 'border_right', 'border_top', - 'column_gap', 'column_span', 'fg_color', - 'font_family', 'font_size', 'font_style', - 'font_weight', 'height', 'line_height', - 'margin_bottom', 'margin_left', 'margin_right', - 'margin_top', 'name', 'options', - 'padding_bottom', 'padding_left', 'padding_right', - 'padding_top', 'width'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def report_style(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['report_style'] and data['report_style']: - state = data['report_style']['state'] - else: - state = True - report_style_data = data['report_style'] - filtered_data = underscore_to_hyphen(filter_report_style_data(report_style_data)) - - if state == "present": - return fos.set('report', - 'style', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('report', - 'style', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_report(data, fos): - - if data['report_style']: - resp = report_style(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "report_style": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "align": {"required": False, "type": "str", - "choices": ["left", "center", "right", - "justify"]}, - "bg_color": {"required": False, "type": "str"}, - "border_bottom": {"required": False, "type": "str"}, - "border_left": {"required": False, "type": "str"}, - "border_right": {"required": False, "type": "str"}, - "border_top": {"required": False, "type": "str"}, - "column_gap": {"required": False, "type": "str"}, - "column_span": {"required": False, "type": "str", - "choices": ["none", "all"]}, - "fg_color": {"required": False, "type": "str"}, - "font_family": {"required": False, "type": "str", - "choices": ["Verdana", "Arial", "Helvetica", - "Courier", "Times"]}, - "font_size": {"required": False, "type": "str"}, - "font_style": {"required": False, "type": "str", - "choices": ["normal", "italic"]}, - "font_weight": {"required": False, "type": "str", - "choices": ["normal", "bold"]}, - "height": {"required": False, "type": "str"}, - "line_height": {"required": False, "type": "str"}, - "margin_bottom": {"required": False, "type": "str"}, - "margin_left": {"required": False, "type": "str"}, - "margin_right": {"required": False, "type": "str"}, - "margin_top": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "options": {"required": False, "type": "str", - "choices": ["font", "text", "color", - "align", "size", "margin", - "border", "padding", "column"]}, - "padding_bottom": {"required": False, "type": "str"}, - "padding_left": {"required": False, "type": "str"}, - "padding_right": {"required": False, "type": "str"}, - "padding_top": {"required": False, "type": "str"}, - "width": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_report(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_report(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_report_theme.py b/lib/ansible/modules/network/fortios/fortios_report_theme.py deleted file mode 100644 index 4a226c198e6..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_report_theme.py +++ /dev/null @@ -1,523 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_report_theme -short_description: Report themes configuration in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify report feature and theme category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - report_theme: - description: - - Report themes configuration - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - bullet_list_style: - description: - - Bullet list style. - type: str - column_count: - description: - - Report page column count. - type: str - choices: - - 1 - - 2 - - 3 - default_html_style: - description: - - Default HTML report style. - type: str - default_pdf_style: - description: - - Default PDF report style. - type: str - graph_chart_style: - description: - - Graph chart style. - type: str - heading1_style: - description: - - Report heading style. - type: str - heading2_style: - description: - - Report heading style. - type: str - heading3_style: - description: - - Report heading style. - type: str - heading4_style: - description: - - Report heading style. - type: str - hline_style: - description: - - Horizontal line style. - type: str - image_style: - description: - - Image style. - type: str - name: - description: - - Report theme name. - required: true - type: str - normal_text_style: - description: - - Normal text style. - type: str - numbered_list_style: - description: - - Numbered list style. - type: str - page_footer_style: - description: - - Report page footer style. - type: str - page_header_style: - description: - - Report page header style. - type: str - page_orient: - description: - - Report page orientation. - type: str - choices: - - portrait - - landscape - page_style: - description: - - Report page style. - type: str - report_subtitle_style: - description: - - Report subtitle style. - type: str - report_title_style: - description: - - Report title style. - type: str - table_chart_caption_style: - description: - - Table chart caption style. - type: str - table_chart_even_row_style: - description: - - Table chart even row style. - type: str - table_chart_head_style: - description: - - Table chart head row style. - type: str - table_chart_odd_row_style: - description: - - Table chart odd row style. - type: str - table_chart_style: - description: - - Table chart style. - type: str - toc_heading1_style: - description: - - Table of contents heading style. - type: str - toc_heading2_style: - description: - - Table of contents heading style. - type: str - toc_heading3_style: - description: - - Table of contents heading style. - type: str - toc_heading4_style: - description: - - Table of contents heading style. - type: str - toc_title_style: - description: - - Table of contents title style. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Report themes configuration - fortios_report_theme: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - report_theme: - bullet_list_style: "" - column_count: "1" - default_html_style: "" - default_pdf_style: "" - graph_chart_style: "" - heading1_style: "" - heading2_style: "" - heading3_style: "" - heading4_style: "" - hline_style: "" - image_style: "" - name: "default_name_14" - normal_text_style: "" - numbered_list_style: "" - page_footer_style: "" - page_header_style: "" - page_orient: "portrait" - page_style: "" - report_subtitle_style: "" - report_title_style: "" - table_chart_caption_style: "" - table_chart_even_row_style: "" - table_chart_head_style: "" - table_chart_odd_row_style: "" - table_chart_style: "" - toc_heading1_style: "" - toc_heading2_style: "" - toc_heading3_style: "" - toc_heading4_style: "" - toc_title_style: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_report_theme_data(json): - option_list = ['bullet_list_style', 'column_count', 'default_html_style', - 'default_pdf_style', 'graph_chart_style', 'heading1_style', - 'heading2_style', 'heading3_style', 'heading4_style', - 'hline_style', 'image_style', 'name', - 'normal_text_style', 'numbered_list_style', 'page_footer_style', - 'page_header_style', 'page_orient', 'page_style', - 'report_subtitle_style', 'report_title_style', 'table_chart_caption_style', - 'table_chart_even_row_style', 'table_chart_head_style', 'table_chart_odd_row_style', - 'table_chart_style', 'toc_heading1_style', 'toc_heading2_style', - 'toc_heading3_style', 'toc_heading4_style', 'toc_title_style'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def report_theme(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['report_theme'] and data['report_theme']: - state = data['report_theme']['state'] - else: - state = True - report_theme_data = data['report_theme'] - filtered_data = underscore_to_hyphen(filter_report_theme_data(report_theme_data)) - - if state == "present": - return fos.set('report', - 'theme', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('report', - 'theme', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_report(data, fos): - - if data['report_theme']: - resp = report_theme(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "report_theme": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "bullet_list_style": {"required": False, "type": "str"}, - "column_count": {"required": False, "type": "str", - "choices": ["1", "2", "3"]}, - "default_html_style": {"required": False, "type": "str"}, - "default_pdf_style": {"required": False, "type": "str"}, - "graph_chart_style": {"required": False, "type": "str"}, - "heading1_style": {"required": False, "type": "str"}, - "heading2_style": {"required": False, "type": "str"}, - "heading3_style": {"required": False, "type": "str"}, - "heading4_style": {"required": False, "type": "str"}, - "hline_style": {"required": False, "type": "str"}, - "image_style": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "normal_text_style": {"required": False, "type": "str"}, - "numbered_list_style": {"required": False, "type": "str"}, - "page_footer_style": {"required": False, "type": "str"}, - "page_header_style": {"required": False, "type": "str"}, - "page_orient": {"required": False, "type": "str", - "choices": ["portrait", "landscape"]}, - "page_style": {"required": False, "type": "str"}, - "report_subtitle_style": {"required": False, "type": "str"}, - "report_title_style": {"required": False, "type": "str"}, - "table_chart_caption_style": {"required": False, "type": "str"}, - "table_chart_even_row_style": {"required": False, "type": "str"}, - "table_chart_head_style": {"required": False, "type": "str"}, - "table_chart_odd_row_style": {"required": False, "type": "str"}, - "table_chart_style": {"required": False, "type": "str"}, - "toc_heading1_style": {"required": False, "type": "str"}, - "toc_heading2_style": {"required": False, "type": "str"}, - "toc_heading3_style": {"required": False, "type": "str"}, - "toc_heading4_style": {"required": False, "type": "str"}, - "toc_title_style": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_report(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_report(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_router_access_list.py b/lib/ansible/modules/network/fortios/fortios_router_access_list.py deleted file mode 100644 index bbf8e4d7546..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_router_access_list.py +++ /dev/null @@ -1,392 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_router_access_list -short_description: Configure access lists in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify router feature and access_list category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - router_access_list: - description: - - Configure access lists. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - comments: - description: - - Comment. - type: str - name: - description: - - Name. - required: true - type: str - rule: - description: - - Rule. - type: list - suboptions: - action: - description: - - Permit or deny this IP address and netmask prefix. - type: str - choices: - - permit - - deny - exact_match: - description: - - Enable/disable exact match. - type: str - choices: - - enable - - disable - flags: - description: - - Flags. - type: int - id: - description: - - Rule ID. - required: true - type: int - prefix: - description: - - IPv4 prefix to define regular filter criteria, such as "any" or subnets. - type: str - wildcard: - description: - - Wildcard to define Cisco-style wildcard filter criteria. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure access lists. - fortios_router_access_list: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - router_access_list: - comments: "" - name: "default_name_4" - rule: - - - action: "permit" - exact_match: "enable" - flags: "8" - id: "9" - prefix: "" - wildcard: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_router_access_list_data(json): - option_list = ['comments', 'name', 'rule'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def router_access_list(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['router_access_list'] and data['router_access_list']: - state = data['router_access_list']['state'] - else: - state = True - router_access_list_data = data['router_access_list'] - filtered_data = underscore_to_hyphen(filter_router_access_list_data(router_access_list_data)) - - if state == "present": - return fos.set('router', - 'access-list', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('router', - 'access-list', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_router(data, fos): - - if data['router_access_list']: - resp = router_access_list(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "router_access_list": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "comments": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "rule": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["permit", "deny"]}, - "exact_match": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "flags": {"required": False, "type": "int"}, - "id": {"required": True, "type": "int"}, - "prefix": {"required": False, "type": "str"}, - "wildcard": {"required": False, "type": "str"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_router(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_router(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_router_access_list6.py b/lib/ansible/modules/network/fortios/fortios_router_access_list6.py deleted file mode 100644 index 56b72e70432..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_router_access_list6.py +++ /dev/null @@ -1,364 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_router_access_list6 -short_description: Configure IPv6 access lists in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify router feature and access_list6 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - router_access_list6: - description: - - Configure IPv6 access lists. - default: null - type: dict - suboptions: - comments: - description: - - Comment. - type: str - name: - description: - - Name. - required: true - type: str - rule: - description: - - Rule. - type: list - suboptions: - action: - description: - - Permit or deny this IP address and netmask prefix. - type: str - choices: - - permit - - deny - exact_match: - description: - - Enable/disable exact prefix match. - type: str - choices: - - enable - - disable - flags: - description: - - Flags. - type: int - id: - description: - - Rule ID. - required: true - type: int - prefix6: - description: - - IPv6 prefix to define regular filter criteria, such as "any" or subnets. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv6 access lists. - fortios_router_access_list6: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - router_access_list6: - comments: "" - name: "default_name_4" - rule: - - - action: "permit" - exact_match: "enable" - flags: "8" - id: "9" - prefix6: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_router_access_list6_data(json): - option_list = ['comments', 'name', 'rule'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def router_access_list6(data, fos): - vdom = data['vdom'] - state = data['state'] - router_access_list6_data = data['router_access_list6'] - filtered_data = underscore_to_hyphen(filter_router_access_list6_data(router_access_list6_data)) - - if state == "present": - return fos.set('router', - 'access-list6', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('router', - 'access-list6', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_router(data, fos): - - if data['router_access_list6']: - resp = router_access_list6(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "router_access_list6": { - "required": False, "type": "dict", "default": None, - "options": { - "comments": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "rule": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["permit", "deny"]}, - "exact_match": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "flags": {"required": False, "type": "int"}, - "id": {"required": True, "type": "int"}, - "prefix6": {"required": False, "type": "str"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_router(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_router(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_router_aspath_list.py b/lib/ansible/modules/network/fortios/fortios_router_aspath_list.py deleted file mode 100644 index e79a4ed113b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_router_aspath_list.py +++ /dev/null @@ -1,342 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_router_aspath_list -short_description: Configure Autonomous System (AS) path lists in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify router feature and aspath_list category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - router_aspath_list: - description: - - Configure Autonomous System (AS) path lists. - default: null - type: dict - suboptions: - name: - description: - - AS path list name. - required: true - type: str - rule: - description: - - AS path list rule. - type: list - suboptions: - action: - description: - - Permit or deny route-based operations, based on the route's AS_PATH attribute. - type: str - choices: - - deny - - permit - id: - description: - - ID. - required: true - type: int - regexp: - description: - - Regular-expression to match the Border Gateway Protocol (BGP) AS paths. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure Autonomous System (AS) path lists. - fortios_router_aspath_list: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - router_aspath_list: - name: "default_name_3" - rule: - - - action: "deny" - id: "6" - regexp: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_router_aspath_list_data(json): - option_list = ['name', 'rule'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def router_aspath_list(data, fos): - vdom = data['vdom'] - state = data['state'] - router_aspath_list_data = data['router_aspath_list'] - filtered_data = underscore_to_hyphen(filter_router_aspath_list_data(router_aspath_list_data)) - - if state == "present": - return fos.set('router', - 'aspath-list', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('router', - 'aspath-list', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_router(data, fos): - - if data['router_aspath_list']: - resp = router_aspath_list(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "router_aspath_list": { - "required": False, "type": "dict", "default": None, - "options": { - "name": {"required": True, "type": "str"}, - "rule": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["deny", "permit"]}, - "id": {"required": True, "type": "int"}, - "regexp": {"required": False, "type": "str"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_router(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_router(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_router_auth_path.py b/lib/ansible/modules/network/fortios/fortios_router_auth_path.py deleted file mode 100644 index 144ab836c9d..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_router_auth_path.py +++ /dev/null @@ -1,343 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_router_auth_path -short_description: Configure authentication based routing in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify router feature and auth_path category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - router_auth_path: - description: - - Configure authentication based routing. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - device: - description: - - Outgoing interface. Source system.interface.name. - type: str - gateway: - description: - - Gateway IP address. - type: str - name: - description: - - Name of the entry. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure authentication based routing. - fortios_router_auth_path: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - router_auth_path: - device: " (source system.interface.name)" - gateway: "" - name: "default_name_5" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_router_auth_path_data(json): - option_list = ['device', 'gateway', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def router_auth_path(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['router_auth_path'] and data['router_auth_path']: - state = data['router_auth_path']['state'] - else: - state = True - router_auth_path_data = data['router_auth_path'] - filtered_data = underscore_to_hyphen(filter_router_auth_path_data(router_auth_path_data)) - - if state == "present": - return fos.set('router', - 'auth-path', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('router', - 'auth-path', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_router(data, fos): - - if data['router_auth_path']: - resp = router_auth_path(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "router_auth_path": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "device": {"required": False, "type": "str"}, - "gateway": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_router(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_router(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_router_bfd.py b/lib/ansible/modules/network/fortios/fortios_router_bfd.py deleted file mode 100644 index f9eb1e2ba6e..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_router_bfd.py +++ /dev/null @@ -1,307 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_router_bfd -short_description: Configure BFD in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify router feature and bfd category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - router_bfd: - description: - - Configure BFD. - default: null - type: dict - suboptions: - neighbor: - description: - - neighbor - type: list - suboptions: - interface: - description: - - Interface name. Source system.interface.name. - type: str - ip: - description: - - IPv4 address of the BFD neighbor. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure BFD. - fortios_router_bfd: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - router_bfd: - neighbor: - - - interface: " (source system.interface.name)" - ip: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_router_bfd_data(json): - option_list = ['neighbor'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def router_bfd(data, fos): - vdom = data['vdom'] - router_bfd_data = data['router_bfd'] - filtered_data = underscore_to_hyphen(filter_router_bfd_data(router_bfd_data)) - - return fos.set('router', - 'bfd', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_router(data, fos): - - if data['router_bfd']: - resp = router_bfd(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "router_bfd": { - "required": False, "type": "dict", "default": None, - "options": { - "neighbor": {"required": False, "type": "list", - "options": { - "interface": {"required": False, "type": "str"}, - "ip": {"required": True, "type": "str"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_router(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_router(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_router_bfd6.py b/lib/ansible/modules/network/fortios/fortios_router_bfd6.py deleted file mode 100644 index 431246001a0..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_router_bfd6.py +++ /dev/null @@ -1,306 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_router_bfd6 -short_description: Configure IPv6 BFD in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify router feature and bfd6 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - router_bfd6: - description: - - Configure IPv6 BFD. - default: null - type: dict - suboptions: - neighbor: - description: - - Configure neighbor of IPv6 BFD. - type: list - suboptions: - interface: - description: - - Interface to the BFD neighbor. Source system.interface.name. - type: str - ip6_address: - description: - - IPv6 address of the BFD neighbor. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv6 BFD. - fortios_router_bfd6: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - router_bfd6: - neighbor: - - - interface: " (source system.interface.name)" - ip6_address: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_router_bfd6_data(json): - option_list = ['neighbor'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def router_bfd6(data, fos): - vdom = data['vdom'] - router_bfd6_data = data['router_bfd6'] - filtered_data = underscore_to_hyphen(filter_router_bfd6_data(router_bfd6_data)) - - return fos.set('router', - 'bfd6', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_router(data, fos): - - if data['router_bfd6']: - resp = router_bfd6(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "router_bfd6": { - "required": False, "type": "dict", "default": None, - "options": { - "neighbor": {"required": False, "type": "list", - "options": { - "interface": {"required": False, "type": "str"}, - "ip6_address": {"required": False, "type": "str"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_router(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_router(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_router_bgp.py b/lib/ansible/modules/network/fortios/fortios_router_bgp.py deleted file mode 100644 index c6ea95f311c..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_router_bgp.py +++ /dev/null @@ -1,2350 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_router_bgp -short_description: Configure BGP in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify router feature and bgp category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - router_bgp: - description: - - Configure BGP. - default: null - type: dict - suboptions: - admin_distance: - description: - - Administrative distance modifications. - type: list - suboptions: - distance: - description: - - Administrative distance to apply (1 - 255). - type: int - id: - description: - - ID. - required: true - type: int - neighbour_prefix: - description: - - Neighbor address prefix. - type: str - route_list: - description: - - Access list of routes to apply new distance to. Source router.access-list.name. - type: str - aggregate_address: - description: - - BGP aggregate address table. - type: list - suboptions: - as_set: - description: - - Enable/disable generate AS set path information. - type: str - choices: - - enable - - disable - id: - description: - - ID. - required: true - type: int - prefix: - description: - - Aggregate prefix. - type: str - summary_only: - description: - - Enable/disable filter more specific routes from updates. - type: str - choices: - - enable - - disable - aggregate_address6: - description: - - BGP IPv6 aggregate address table. - type: list - suboptions: - as_set: - description: - - Enable/disable generate AS set path information. - type: str - choices: - - enable - - disable - id: - description: - - ID. - required: true - type: int - prefix6: - description: - - Aggregate IPv6 prefix. - type: str - summary_only: - description: - - Enable/disable filter more specific routes from updates. - type: str - choices: - - enable - - disable - always_compare_med: - description: - - Enable/disable always compare MED. - type: str - choices: - - enable - - disable - as: - description: - - Router AS number, valid from 1 to 4294967295, 0 to disable BGP. - type: int - bestpath_as_path_ignore: - description: - - Enable/disable ignore AS path. - type: str - choices: - - enable - - disable - bestpath_cmp_confed_aspath: - description: - - Enable/disable compare federation AS path length. - type: str - choices: - - enable - - disable - bestpath_cmp_routerid: - description: - - Enable/disable compare router ID for identical EBGP paths. - type: str - choices: - - enable - - disable - bestpath_med_confed: - description: - - Enable/disable compare MED among confederation paths. - type: str - choices: - - enable - - disable - bestpath_med_missing_as_worst: - description: - - Enable/disable treat missing MED as least preferred. - type: str - choices: - - enable - - disable - client_to_client_reflection: - description: - - Enable/disable client-to-client route reflection. - type: str - choices: - - enable - - disable - cluster_id: - description: - - Route reflector cluster ID. - type: str - confederation_identifier: - description: - - Confederation identifier. - type: int - confederation_peers: - description: - - Confederation peers. - type: list - suboptions: - peer: - description: - - Peer ID. - required: true - type: str - dampening: - description: - - Enable/disable route-flap dampening. - type: str - choices: - - enable - - disable - dampening_max_suppress_time: - description: - - Maximum minutes a route can be suppressed. - type: int - dampening_reachability_half_life: - description: - - Reachability half-life time for penalty (min). - type: int - dampening_reuse: - description: - - Threshold to reuse routes. - type: int - dampening_route_map: - description: - - Criteria for dampening. Source router.route-map.name. - type: str - dampening_suppress: - description: - - Threshold to suppress routes. - type: int - dampening_unreachability_half_life: - description: - - Unreachability half-life time for penalty (min). - type: int - default_local_preference: - description: - - Default local preference. - type: int - deterministic_med: - description: - - Enable/disable enforce deterministic comparison of MED. - type: str - choices: - - enable - - disable - distance_external: - description: - - Distance for routes external to the AS. - type: int - distance_internal: - description: - - Distance for routes internal to the AS. - type: int - distance_local: - description: - - Distance for routes local to the AS. - type: int - ebgp_multipath: - description: - - Enable/disable EBGP multi-path. - type: str - choices: - - enable - - disable - enforce_first_as: - description: - - Enable/disable enforce first AS for EBGP routes. - type: str - choices: - - enable - - disable - fast_external_failover: - description: - - Enable/disable reset peer BGP session if link goes down. - type: str - choices: - - enable - - disable - graceful_end_on_timer: - description: - - Enable/disable to exit graceful restart on timer only. - type: str - choices: - - enable - - disable - graceful_restart: - description: - - Enable/disable BGP graceful restart capabilities. - type: str - choices: - - enable - - disable - graceful_restart_time: - description: - - Time needed for neighbors to restart (sec). - type: int - graceful_stalepath_time: - description: - - Time to hold stale paths of restarting neighbor (sec). - type: int - graceful_update_delay: - description: - - Route advertisement/selection delay after restart (sec). - type: int - holdtime_timer: - description: - - Number of seconds to mark peer as dead. - type: int - ibgp_multipath: - description: - - Enable/disable IBGP multi-path. - type: str - choices: - - enable - - disable - ignore_optional_capability: - description: - - Don't send unknown optional capability notification message - type: str - choices: - - enable - - disable - keepalive_timer: - description: - - Frequency to send keep alive requests. - type: int - log_neighbour_changes: - description: - - Enable logging of BGP neighbour's changes - type: str - choices: - - enable - - disable - neighbor: - description: - - BGP neighbor table. - type: list - suboptions: - activate: - description: - - Enable/disable address family IPv4 for this neighbor. - type: str - choices: - - enable - - disable - activate6: - description: - - Enable/disable address family IPv6 for this neighbor. - type: str - choices: - - enable - - disable - advertisement_interval: - description: - - Minimum interval (sec) between sending updates. - type: int - allowas_in: - description: - - IPv4 The maximum number of occurrence of my AS number allowed. - type: int - allowas_in_enable: - description: - - Enable/disable IPv4 Enable to allow my AS in AS path. - type: str - choices: - - enable - - disable - allowas_in_enable6: - description: - - Enable/disable IPv6 Enable to allow my AS in AS path. - type: str - choices: - - enable - - disable - allowas_in6: - description: - - IPv6 The maximum number of occurrence of my AS number allowed. - type: int - as_override: - description: - - Enable/disable replace peer AS with own AS for IPv4. - type: str - choices: - - enable - - disable - as_override6: - description: - - Enable/disable replace peer AS with own AS for IPv6. - type: str - choices: - - enable - - disable - attribute_unchanged: - description: - - IPv4 List of attributes that should be unchanged. - type: str - choices: - - as-path - - med - - next-hop - attribute_unchanged6: - description: - - IPv6 List of attributes that should be unchanged. - type: str - choices: - - as-path - - med - - next-hop - bfd: - description: - - Enable/disable BFD for this neighbor. - type: str - choices: - - enable - - disable - capability_default_originate: - description: - - Enable/disable advertise default IPv4 route to this neighbor. - type: str - choices: - - enable - - disable - capability_default_originate6: - description: - - Enable/disable advertise default IPv6 route to this neighbor. - type: str - choices: - - enable - - disable - capability_dynamic: - description: - - Enable/disable advertise dynamic capability to this neighbor. - type: str - choices: - - enable - - disable - capability_graceful_restart: - description: - - Enable/disable advertise IPv4 graceful restart capability to this neighbor. - type: str - choices: - - enable - - disable - capability_graceful_restart6: - description: - - Enable/disable advertise IPv6 graceful restart capability to this neighbor. - type: str - choices: - - enable - - disable - capability_orf: - description: - - Accept/Send IPv4 ORF lists to/from this neighbor. - type: str - choices: - - none - - receive - - send - - both - capability_orf6: - description: - - Accept/Send IPv6 ORF lists to/from this neighbor. - type: str - choices: - - none - - receive - - send - - both - capability_route_refresh: - description: - - Enable/disable advertise route refresh capability to this neighbor. - type: str - choices: - - enable - - disable - conditional_advertise: - description: - - Conditional advertisement. - type: list - suboptions: - advertise_routemap: - description: - - Name of advertising route map. Source router.route-map.name. - type: str - condition_routemap: - description: - - Name of condition route map. Source router.route-map.name. - type: str - condition_type: - description: - - Type of condition. - type: str - choices: - - exist - - non-exist - connect_timer: - description: - - Interval (sec) for connect timer. - type: int - default_originate_routemap: - description: - - Route map to specify criteria to originate IPv4 default. Source router.route-map.name. - type: str - default_originate_routemap6: - description: - - Route map to specify criteria to originate IPv6 default. Source router.route-map.name. - type: str - description: - description: - - Description. - type: str - distribute_list_in: - description: - - Filter for IPv4 updates from this neighbor. Source router.access-list.name. - type: str - distribute_list_in6: - description: - - Filter for IPv6 updates from this neighbor. Source router.access-list6.name. - type: str - distribute_list_out: - description: - - Filter for IPv4 updates to this neighbor. Source router.access-list.name. - type: str - distribute_list_out6: - description: - - Filter for IPv6 updates to this neighbor. Source router.access-list6.name. - type: str - dont_capability_negotiate: - description: - - Don't negotiate capabilities with this neighbor - type: str - choices: - - enable - - disable - ebgp_enforce_multihop: - description: - - Enable/disable allow multi-hop EBGP neighbors. - type: str - choices: - - enable - - disable - ebgp_multihop_ttl: - description: - - EBGP multihop TTL for this peer. - type: int - filter_list_in: - description: - - BGP filter for IPv4 inbound routes. Source router.aspath-list.name. - type: str - filter_list_in6: - description: - - BGP filter for IPv6 inbound routes. Source router.aspath-list.name. - type: str - filter_list_out: - description: - - BGP filter for IPv4 outbound routes. Source router.aspath-list.name. - type: str - filter_list_out6: - description: - - BGP filter for IPv6 outbound routes. Source router.aspath-list.name. - type: str - holdtime_timer: - description: - - Interval (sec) before peer considered dead. - type: int - interface: - description: - - Interface Source system.interface.name. - type: str - ip: - description: - - IP/IPv6 address of neighbor. - required: true - type: str - keep_alive_timer: - description: - - Keep alive timer interval (sec). - type: int - link_down_failover: - description: - - Enable/disable failover upon link down. - type: str - choices: - - enable - - disable - local_as: - description: - - Local AS number of neighbor. - type: int - local_as_no_prepend: - description: - - Do not prepend local-as to incoming updates. - type: str - choices: - - enable - - disable - local_as_replace_as: - description: - - Replace real AS with local-as in outgoing updates. - type: str - choices: - - enable - - disable - maximum_prefix: - description: - - Maximum number of IPv4 prefixes to accept from this peer. - type: int - maximum_prefix_threshold: - description: - - Maximum IPv4 prefix threshold value (1 - 100 percent). - type: int - maximum_prefix_threshold6: - description: - - Maximum IPv6 prefix threshold value (1 - 100 percent). - type: int - maximum_prefix_warning_only: - description: - - Enable/disable IPv4 Only give warning message when limit is exceeded. - type: str - choices: - - enable - - disable - maximum_prefix_warning_only6: - description: - - Enable/disable IPv6 Only give warning message when limit is exceeded. - type: str - choices: - - enable - - disable - maximum_prefix6: - description: - - Maximum number of IPv6 prefixes to accept from this peer. - type: int - next_hop_self: - description: - - Enable/disable IPv4 next-hop calculation for this neighbor. - type: str - choices: - - enable - - disable - next_hop_self6: - description: - - Enable/disable IPv6 next-hop calculation for this neighbor. - type: str - choices: - - enable - - disable - override_capability: - description: - - Enable/disable override result of capability negotiation. - type: str - choices: - - enable - - disable - passive: - description: - - Enable/disable sending of open messages to this neighbor. - type: str - choices: - - enable - - disable - password: - description: - - Password used in MD5 authentication. - type: str - prefix_list_in: - description: - - IPv4 Inbound filter for updates from this neighbor. Source router.prefix-list.name. - type: str - prefix_list_in6: - description: - - IPv6 Inbound filter for updates from this neighbor. Source router.prefix-list6.name. - type: str - prefix_list_out: - description: - - IPv4 Outbound filter for updates to this neighbor. Source router.prefix-list.name. - type: str - prefix_list_out6: - description: - - IPv6 Outbound filter for updates to this neighbor. Source router.prefix-list6.name. - type: str - remote_as: - description: - - AS number of neighbor. - type: int - remove_private_as: - description: - - Enable/disable remove private AS number from IPv4 outbound updates. - type: str - choices: - - enable - - disable - remove_private_as6: - description: - - Enable/disable remove private AS number from IPv6 outbound updates. - type: str - choices: - - enable - - disable - restart_time: - description: - - Graceful restart delay time (sec, 0 = global default). - type: int - retain_stale_time: - description: - - Time to retain stale routes. - type: int - route_map_in: - description: - - IPv4 Inbound route map filter. Source router.route-map.name. - type: str - route_map_in6: - description: - - IPv6 Inbound route map filter. Source router.route-map.name. - type: str - route_map_out: - description: - - IPv4 Outbound route map filter. Source router.route-map.name. - type: str - route_map_out6: - description: - - IPv6 Outbound route map filter. Source router.route-map.name. - type: str - route_reflector_client: - description: - - Enable/disable IPv4 AS route reflector client. - type: str - choices: - - enable - - disable - route_reflector_client6: - description: - - Enable/disable IPv6 AS route reflector client. - type: str - choices: - - enable - - disable - route_server_client: - description: - - Enable/disable IPv4 AS route server client. - type: str - choices: - - enable - - disable - route_server_client6: - description: - - Enable/disable IPv6 AS route server client. - type: str - choices: - - enable - - disable - send_community: - description: - - IPv4 Send community attribute to neighbor. - type: str - choices: - - standard - - extended - - both - - disable - send_community6: - description: - - IPv6 Send community attribute to neighbor. - type: str - choices: - - standard - - extended - - both - - disable - shutdown: - description: - - Enable/disable shutdown this neighbor. - type: str - choices: - - enable - - disable - soft_reconfiguration: - description: - - Enable/disable allow IPv4 inbound soft reconfiguration. - type: str - choices: - - enable - - disable - soft_reconfiguration6: - description: - - Enable/disable allow IPv6 inbound soft reconfiguration. - type: str - choices: - - enable - - disable - stale_route: - description: - - Enable/disable stale route after neighbor down. - type: str - choices: - - enable - - disable - strict_capability_match: - description: - - Enable/disable strict capability matching. - type: str - choices: - - enable - - disable - unsuppress_map: - description: - - IPv4 Route map to selectively unsuppress suppressed routes. Source router.route-map.name. - type: str - unsuppress_map6: - description: - - IPv6 Route map to selectively unsuppress suppressed routes. Source router.route-map.name. - type: str - update_source: - description: - - Interface to use as source IP/IPv6 address of TCP connections. Source system.interface.name. - type: str - weight: - description: - - Neighbor weight. - type: int - neighbor_group: - description: - - BGP neighbor group table. - type: list - suboptions: - activate: - description: - - Enable/disable address family IPv4 for this neighbor. - type: str - choices: - - enable - - disable - activate6: - description: - - Enable/disable address family IPv6 for this neighbor. - type: str - choices: - - enable - - disable - advertisement_interval: - description: - - Minimum interval (sec) between sending updates. - type: int - allowas_in: - description: - - IPv4 The maximum number of occurrence of my AS number allowed. - type: int - allowas_in_enable: - description: - - Enable/disable IPv4 Enable to allow my AS in AS path. - type: str - choices: - - enable - - disable - allowas_in_enable6: - description: - - Enable/disable IPv6 Enable to allow my AS in AS path. - type: str - choices: - - enable - - disable - allowas_in6: - description: - - IPv6 The maximum number of occurrence of my AS number allowed. - type: int - as_override: - description: - - Enable/disable replace peer AS with own AS for IPv4. - type: str - choices: - - enable - - disable - as_override6: - description: - - Enable/disable replace peer AS with own AS for IPv6. - type: str - choices: - - enable - - disable - attribute_unchanged: - description: - - IPv4 List of attributes that should be unchanged. - type: str - choices: - - as-path - - med - - next-hop - attribute_unchanged6: - description: - - IPv6 List of attributes that should be unchanged. - type: str - choices: - - as-path - - med - - next-hop - bfd: - description: - - Enable/disable BFD for this neighbor. - type: str - choices: - - enable - - disable - capability_default_originate: - description: - - Enable/disable advertise default IPv4 route to this neighbor. - type: str - choices: - - enable - - disable - capability_default_originate6: - description: - - Enable/disable advertise default IPv6 route to this neighbor. - type: str - choices: - - enable - - disable - capability_dynamic: - description: - - Enable/disable advertise dynamic capability to this neighbor. - type: str - choices: - - enable - - disable - capability_graceful_restart: - description: - - Enable/disable advertise IPv4 graceful restart capability to this neighbor. - type: str - choices: - - enable - - disable - capability_graceful_restart6: - description: - - Enable/disable advertise IPv6 graceful restart capability to this neighbor. - type: str - choices: - - enable - - disable - capability_orf: - description: - - Accept/Send IPv4 ORF lists to/from this neighbor. - type: str - choices: - - none - - receive - - send - - both - capability_orf6: - description: - - Accept/Send IPv6 ORF lists to/from this neighbor. - type: str - choices: - - none - - receive - - send - - both - capability_route_refresh: - description: - - Enable/disable advertise route refresh capability to this neighbor. - type: str - choices: - - enable - - disable - connect_timer: - description: - - Interval (sec) for connect timer. - type: int - default_originate_routemap: - description: - - Route map to specify criteria to originate IPv4 default. Source router.route-map.name. - type: str - default_originate_routemap6: - description: - - Route map to specify criteria to originate IPv6 default. Source router.route-map.name. - type: str - description: - description: - - Description. - type: str - distribute_list_in: - description: - - Filter for IPv4 updates from this neighbor. Source router.access-list.name. - type: str - distribute_list_in6: - description: - - Filter for IPv6 updates from this neighbor. Source router.access-list6.name. - type: str - distribute_list_out: - description: - - Filter for IPv4 updates to this neighbor. Source router.access-list.name. - type: str - distribute_list_out6: - description: - - Filter for IPv6 updates to this neighbor. Source router.access-list6.name. - type: str - dont_capability_negotiate: - description: - - Don't negotiate capabilities with this neighbor - type: str - choices: - - enable - - disable - ebgp_enforce_multihop: - description: - - Enable/disable allow multi-hop EBGP neighbors. - type: str - choices: - - enable - - disable - ebgp_multihop_ttl: - description: - - EBGP multihop TTL for this peer. - type: int - filter_list_in: - description: - - BGP filter for IPv4 inbound routes. Source router.aspath-list.name. - type: str - filter_list_in6: - description: - - BGP filter for IPv6 inbound routes. Source router.aspath-list.name. - type: str - filter_list_out: - description: - - BGP filter for IPv4 outbound routes. Source router.aspath-list.name. - type: str - filter_list_out6: - description: - - BGP filter for IPv6 outbound routes. Source router.aspath-list.name. - type: str - holdtime_timer: - description: - - Interval (sec) before peer considered dead. - type: int - interface: - description: - - Interface Source system.interface.name. - type: str - keep_alive_timer: - description: - - Keep alive timer interval (sec). - type: int - link_down_failover: - description: - - Enable/disable failover upon link down. - type: str - choices: - - enable - - disable - local_as: - description: - - Local AS number of neighbor. - type: int - local_as_no_prepend: - description: - - Do not prepend local-as to incoming updates. - type: str - choices: - - enable - - disable - local_as_replace_as: - description: - - Replace real AS with local-as in outgoing updates. - type: str - choices: - - enable - - disable - maximum_prefix: - description: - - Maximum number of IPv4 prefixes to accept from this peer. - type: int - maximum_prefix_threshold: - description: - - Maximum IPv4 prefix threshold value (1 - 100 percent). - type: int - maximum_prefix_threshold6: - description: - - Maximum IPv6 prefix threshold value (1 - 100 percent). - type: int - maximum_prefix_warning_only: - description: - - Enable/disable IPv4 Only give warning message when limit is exceeded. - type: str - choices: - - enable - - disable - maximum_prefix_warning_only6: - description: - - Enable/disable IPv6 Only give warning message when limit is exceeded. - type: str - choices: - - enable - - disable - maximum_prefix6: - description: - - Maximum number of IPv6 prefixes to accept from this peer. - type: int - name: - description: - - Neighbor group name. - required: true - type: str - next_hop_self: - description: - - Enable/disable IPv4 next-hop calculation for this neighbor. - type: str - choices: - - enable - - disable - next_hop_self6: - description: - - Enable/disable IPv6 next-hop calculation for this neighbor. - type: str - choices: - - enable - - disable - override_capability: - description: - - Enable/disable override result of capability negotiation. - type: str - choices: - - enable - - disable - passive: - description: - - Enable/disable sending of open messages to this neighbor. - type: str - choices: - - enable - - disable - prefix_list_in: - description: - - IPv4 Inbound filter for updates from this neighbor. Source router.prefix-list.name. - type: str - prefix_list_in6: - description: - - IPv6 Inbound filter for updates from this neighbor. Source router.prefix-list6.name. - type: str - prefix_list_out: - description: - - IPv4 Outbound filter for updates to this neighbor. Source router.prefix-list.name. - type: str - prefix_list_out6: - description: - - IPv6 Outbound filter for updates to this neighbor. Source router.prefix-list6.name. - type: str - remote_as: - description: - - AS number of neighbor. - type: int - remove_private_as: - description: - - Enable/disable remove private AS number from IPv4 outbound updates. - type: str - choices: - - enable - - disable - remove_private_as6: - description: - - Enable/disable remove private AS number from IPv6 outbound updates. - type: str - choices: - - enable - - disable - restart_time: - description: - - Graceful restart delay time (sec, 0 = global default). - type: int - retain_stale_time: - description: - - Time to retain stale routes. - type: int - route_map_in: - description: - - IPv4 Inbound route map filter. Source router.route-map.name. - type: str - route_map_in6: - description: - - IPv6 Inbound route map filter. Source router.route-map.name. - type: str - route_map_out: - description: - - IPv4 Outbound route map filter. Source router.route-map.name. - type: str - route_map_out6: - description: - - IPv6 Outbound route map filter. Source router.route-map.name. - type: str - route_reflector_client: - description: - - Enable/disable IPv4 AS route reflector client. - type: str - choices: - - enable - - disable - route_reflector_client6: - description: - - Enable/disable IPv6 AS route reflector client. - type: str - choices: - - enable - - disable - route_server_client: - description: - - Enable/disable IPv4 AS route server client. - type: str - choices: - - enable - - disable - route_server_client6: - description: - - Enable/disable IPv6 AS route server client. - type: str - choices: - - enable - - disable - send_community: - description: - - IPv4 Send community attribute to neighbor. - type: str - choices: - - standard - - extended - - both - - disable - send_community6: - description: - - IPv6 Send community attribute to neighbor. - type: str - choices: - - standard - - extended - - both - - disable - shutdown: - description: - - Enable/disable shutdown this neighbor. - type: str - choices: - - enable - - disable - soft_reconfiguration: - description: - - Enable/disable allow IPv4 inbound soft reconfiguration. - type: str - choices: - - enable - - disable - soft_reconfiguration6: - description: - - Enable/disable allow IPv6 inbound soft reconfiguration. - type: str - choices: - - enable - - disable - stale_route: - description: - - Enable/disable stale route after neighbor down. - type: str - choices: - - enable - - disable - strict_capability_match: - description: - - Enable/disable strict capability matching. - type: str - choices: - - enable - - disable - unsuppress_map: - description: - - IPv4 Route map to selectively unsuppress suppressed routes. Source router.route-map.name. - type: str - unsuppress_map6: - description: - - IPv6 Route map to selectively unsuppress suppressed routes. Source router.route-map.name. - type: str - update_source: - description: - - Interface to use as source IP/IPv6 address of TCP connections. Source system.interface.name. - type: str - weight: - description: - - Neighbor weight. - type: int - neighbor_range: - description: - - BGP neighbor range table. - type: list - suboptions: - id: - description: - - Neighbor range ID. - required: true - type: int - max_neighbor_num: - description: - - Maximum number of neighbors. - type: int - neighbor_group: - description: - - Neighbor group name. Source router.bgp.neighbor-group.name. - type: str - prefix: - description: - - Neighbor range prefix. - type: str - neighbor_range6: - description: - - BGP IPv6 neighbor range table. - type: list - suboptions: - id: - description: - - IPv6 neighbor range ID. - required: true - type: int - max_neighbor_num: - description: - - Maximum number of neighbors. - type: int - neighbor_group: - description: - - Neighbor group name. Source router.bgp.neighbor-group.name. - type: str - prefix6: - description: - - IPv6 prefix. - type: str - network: - description: - - BGP network table. - type: list - suboptions: - backdoor: - description: - - Enable/disable route as backdoor. - type: str - choices: - - enable - - disable - id: - description: - - ID. - required: true - type: int - prefix: - description: - - Network prefix. - type: str - route_map: - description: - - Route map to modify generated route. Source router.route-map.name. - type: str - network_import_check: - description: - - Enable/disable ensure BGP network route exists in IGP. - type: str - choices: - - enable - - disable - network6: - description: - - BGP IPv6 network table. - type: list - suboptions: - backdoor: - description: - - Enable/disable route as backdoor. - type: str - choices: - - enable - - disable - id: - description: - - ID. - required: true - type: int - prefix6: - description: - - Network IPv6 prefix. - type: str - route_map: - description: - - Route map to modify generated route. Source router.route-map.name. - type: str - redistribute: - description: - - BGP IPv4 redistribute table. - type: list - suboptions: - name: - description: - - Distribute list entry name. - required: true - type: str - route_map: - description: - - Route map name. Source router.route-map.name. - type: str - status: - description: - - Status - type: str - choices: - - enable - - disable - redistribute6: - description: - - BGP IPv6 redistribute table. - type: list - suboptions: - name: - description: - - Distribute list entry name. - required: true - type: str - route_map: - description: - - Route map name. Source router.route-map.name. - type: str - status: - description: - - Status - type: str - choices: - - enable - - disable - router_id: - description: - - Router ID. - type: str - scan_time: - description: - - Background scanner interval (sec), 0 to disable it. - type: int - synchronization: - description: - - Enable/disable only advertise routes from iBGP if routes present in an IGP. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure BGP. - fortios_router_bgp: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - router_bgp: - admin_distance: - - - distance: "4" - id: "5" - neighbour_prefix: "" - route_list: " (source router.access-list.name)" - aggregate_address: - - - as_set: "enable" - id: "10" - prefix: "" - summary_only: "enable" - aggregate_address6: - - - as_set: "enable" - id: "15" - prefix6: "" - summary_only: "enable" - always_compare_med: "enable" - as: "19" - bestpath_as_path_ignore: "enable" - bestpath_cmp_confed_aspath: "enable" - bestpath_cmp_routerid: "enable" - bestpath_med_confed: "enable" - bestpath_med_missing_as_worst: "enable" - client_to_client_reflection: "enable" - cluster_id: "" - confederation_identifier: "27" - confederation_peers: - - - peer: "" - dampening: "enable" - dampening_max_suppress_time: "31" - dampening_reachability_half_life: "32" - dampening_reuse: "33" - dampening_route_map: " (source router.route-map.name)" - dampening_suppress: "35" - dampening_unreachability_half_life: "36" - default_local_preference: "37" - deterministic_med: "enable" - distance_external: "39" - distance_internal: "40" - distance_local: "41" - ebgp_multipath: "enable" - enforce_first_as: "enable" - fast_external_failover: "enable" - graceful_end_on_timer: "enable" - graceful_restart: "enable" - graceful_restart_time: "47" - graceful_stalepath_time: "48" - graceful_update_delay: "49" - holdtime_timer: "50" - ibgp_multipath: "enable" - ignore_optional_capability: "enable" - keepalive_timer: "53" - log_neighbour_changes: "enable" - neighbor: - - - activate: "enable" - activate6: "enable" - advertisement_interval: "58" - allowas_in: "59" - allowas_in_enable: "enable" - allowas_in_enable6: "enable" - allowas_in6: "62" - as_override: "enable" - as_override6: "enable" - attribute_unchanged: "as-path" - attribute_unchanged6: "as-path" - bfd: "enable" - capability_default_originate: "enable" - capability_default_originate6: "enable" - capability_dynamic: "enable" - capability_graceful_restart: "enable" - capability_graceful_restart6: "enable" - capability_orf: "none" - capability_orf6: "none" - capability_route_refresh: "enable" - conditional_advertise: - - - advertise_routemap: " (source router.route-map.name)" - condition_routemap: " (source router.route-map.name)" - condition_type: "exist" - connect_timer: "80" - default_originate_routemap: " (source router.route-map.name)" - default_originate_routemap6: " (source router.route-map.name)" - description: "" - distribute_list_in: " (source router.access-list.name)" - distribute_list_in6: " (source router.access-list6.name)" - distribute_list_out: " (source router.access-list.name)" - distribute_list_out6: " (source router.access-list6.name)" - dont_capability_negotiate: "enable" - ebgp_enforce_multihop: "enable" - ebgp_multihop_ttl: "90" - filter_list_in: " (source router.aspath-list.name)" - filter_list_in6: " (source router.aspath-list.name)" - filter_list_out: " (source router.aspath-list.name)" - filter_list_out6: " (source router.aspath-list.name)" - holdtime_timer: "95" - interface: " (source system.interface.name)" - ip: "" - keep_alive_timer: "98" - link_down_failover: "enable" - local_as: "100" - local_as_no_prepend: "enable" - local_as_replace_as: "enable" - maximum_prefix: "103" - maximum_prefix_threshold: "104" - maximum_prefix_threshold6: "105" - maximum_prefix_warning_only: "enable" - maximum_prefix_warning_only6: "enable" - maximum_prefix6: "108" - next_hop_self: "enable" - next_hop_self6: "enable" - override_capability: "enable" - passive: "enable" - password: "" - prefix_list_in: " (source router.prefix-list.name)" - prefix_list_in6: " (source router.prefix-list6.name)" - prefix_list_out: " (source router.prefix-list.name)" - prefix_list_out6: " (source router.prefix-list6.name)" - remote_as: "118" - remove_private_as: "enable" - remove_private_as6: "enable" - restart_time: "121" - retain_stale_time: "122" - route_map_in: " (source router.route-map.name)" - route_map_in6: " (source router.route-map.name)" - route_map_out: " (source router.route-map.name)" - route_map_out6: " (source router.route-map.name)" - route_reflector_client: "enable" - route_reflector_client6: "enable" - route_server_client: "enable" - route_server_client6: "enable" - send_community: "standard" - send_community6: "standard" - shutdown: "enable" - soft_reconfiguration: "enable" - soft_reconfiguration6: "enable" - stale_route: "enable" - strict_capability_match: "enable" - unsuppress_map: " (source router.route-map.name)" - unsuppress_map6: " (source router.route-map.name)" - update_source: " (source system.interface.name)" - weight: "141" - neighbor_group: - - - activate: "enable" - activate6: "enable" - advertisement_interval: "145" - allowas_in: "146" - allowas_in_enable: "enable" - allowas_in_enable6: "enable" - allowas_in6: "149" - as_override: "enable" - as_override6: "enable" - attribute_unchanged: "as-path" - attribute_unchanged6: "as-path" - bfd: "enable" - capability_default_originate: "enable" - capability_default_originate6: "enable" - capability_dynamic: "enable" - capability_graceful_restart: "enable" - capability_graceful_restart6: "enable" - capability_orf: "none" - capability_orf6: "none" - capability_route_refresh: "enable" - connect_timer: "163" - default_originate_routemap: " (source router.route-map.name)" - default_originate_routemap6: " (source router.route-map.name)" - description: "" - distribute_list_in: " (source router.access-list.name)" - distribute_list_in6: " (source router.access-list6.name)" - distribute_list_out: " (source router.access-list.name)" - distribute_list_out6: " (source router.access-list6.name)" - dont_capability_negotiate: "enable" - ebgp_enforce_multihop: "enable" - ebgp_multihop_ttl: "173" - filter_list_in: " (source router.aspath-list.name)" - filter_list_in6: " (source router.aspath-list.name)" - filter_list_out: " (source router.aspath-list.name)" - filter_list_out6: " (source router.aspath-list.name)" - holdtime_timer: "178" - interface: " (source system.interface.name)" - keep_alive_timer: "180" - link_down_failover: "enable" - local_as: "182" - local_as_no_prepend: "enable" - local_as_replace_as: "enable" - maximum_prefix: "185" - maximum_prefix_threshold: "186" - maximum_prefix_threshold6: "187" - maximum_prefix_warning_only: "enable" - maximum_prefix_warning_only6: "enable" - maximum_prefix6: "190" - name: "default_name_191" - next_hop_self: "enable" - next_hop_self6: "enable" - override_capability: "enable" - passive: "enable" - prefix_list_in: " (source router.prefix-list.name)" - prefix_list_in6: " (source router.prefix-list6.name)" - prefix_list_out: " (source router.prefix-list.name)" - prefix_list_out6: " (source router.prefix-list6.name)" - remote_as: "200" - remove_private_as: "enable" - remove_private_as6: "enable" - restart_time: "203" - retain_stale_time: "204" - route_map_in: " (source router.route-map.name)" - route_map_in6: " (source router.route-map.name)" - route_map_out: " (source router.route-map.name)" - route_map_out6: " (source router.route-map.name)" - route_reflector_client: "enable" - route_reflector_client6: "enable" - route_server_client: "enable" - route_server_client6: "enable" - send_community: "standard" - send_community6: "standard" - shutdown: "enable" - soft_reconfiguration: "enable" - soft_reconfiguration6: "enable" - stale_route: "enable" - strict_capability_match: "enable" - unsuppress_map: " (source router.route-map.name)" - unsuppress_map6: " (source router.route-map.name)" - update_source: " (source system.interface.name)" - weight: "223" - neighbor_range: - - - id: "225" - max_neighbor_num: "226" - neighbor_group: " (source router.bgp.neighbor-group.name)" - prefix: "" - neighbor_range6: - - - id: "230" - max_neighbor_num: "231" - neighbor_group: " (source router.bgp.neighbor-group.name)" - prefix6: "" - network: - - - backdoor: "enable" - id: "236" - prefix: "" - route_map: " (source router.route-map.name)" - network_import_check: "enable" - network6: - - - backdoor: "enable" - id: "242" - prefix6: "" - route_map: " (source router.route-map.name)" - redistribute: - - - name: "default_name_246" - route_map: " (source router.route-map.name)" - status: "enable" - redistribute6: - - - name: "default_name_250" - route_map: " (source router.route-map.name)" - status: "enable" - router_id: "" - scan_time: "254" - synchronization: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_router_bgp_data(json): - option_list = ['admin_distance', 'aggregate_address', 'aggregate_address6', - 'always_compare_med', 'as', 'bestpath_as_path_ignore', - 'bestpath_cmp_confed_aspath', 'bestpath_cmp_routerid', 'bestpath_med_confed', - 'bestpath_med_missing_as_worst', 'client_to_client_reflection', 'cluster_id', - 'confederation_identifier', 'confederation_peers', 'dampening', - 'dampening_max_suppress_time', 'dampening_reachability_half_life', 'dampening_reuse', - 'dampening_route_map', 'dampening_suppress', 'dampening_unreachability_half_life', - 'default_local_preference', 'deterministic_med', 'distance_external', - 'distance_internal', 'distance_local', 'ebgp_multipath', - 'enforce_first_as', 'fast_external_failover', 'graceful_end_on_timer', - 'graceful_restart', 'graceful_restart_time', 'graceful_stalepath_time', - 'graceful_update_delay', 'holdtime_timer', 'ibgp_multipath', - 'ignore_optional_capability', 'keepalive_timer', 'log_neighbour_changes', - 'neighbor', 'neighbor_group', 'neighbor_range', - 'neighbor_range6', 'network', 'network_import_check', - 'network6', 'redistribute', 'redistribute6', - 'router_id', 'scan_time', 'synchronization'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def router_bgp(data, fos): - vdom = data['vdom'] - router_bgp_data = data['router_bgp'] - filtered_data = underscore_to_hyphen(filter_router_bgp_data(router_bgp_data)) - - return fos.set('router', - 'bgp', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_router(data, fos): - - if data['router_bgp']: - resp = router_bgp(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "router_bgp": { - "required": False, "type": "dict", "default": None, - "options": { - "admin_distance": {"required": False, "type": "list", - "options": { - "distance": {"required": False, "type": "int"}, - "id": {"required": True, "type": "int"}, - "neighbour_prefix": {"required": False, "type": "str"}, - "route_list": {"required": False, "type": "str"} - }}, - "aggregate_address": {"required": False, "type": "list", - "options": { - "as_set": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "id": {"required": True, "type": "int"}, - "prefix": {"required": False, "type": "str"}, - "summary_only": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "aggregate_address6": {"required": False, "type": "list", - "options": { - "as_set": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "id": {"required": True, "type": "int"}, - "prefix6": {"required": False, "type": "str"}, - "summary_only": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "always_compare_med": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "as": {"required": False, "type": "int"}, - "bestpath_as_path_ignore": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "bestpath_cmp_confed_aspath": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "bestpath_cmp_routerid": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "bestpath_med_confed": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "bestpath_med_missing_as_worst": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "client_to_client_reflection": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "cluster_id": {"required": False, "type": "str"}, - "confederation_identifier": {"required": False, "type": "int"}, - "confederation_peers": {"required": False, "type": "list", - "options": { - "peer": {"required": True, "type": "str"} - }}, - "dampening": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dampening_max_suppress_time": {"required": False, "type": "int"}, - "dampening_reachability_half_life": {"required": False, "type": "int"}, - "dampening_reuse": {"required": False, "type": "int"}, - "dampening_route_map": {"required": False, "type": "str"}, - "dampening_suppress": {"required": False, "type": "int"}, - "dampening_unreachability_half_life": {"required": False, "type": "int"}, - "default_local_preference": {"required": False, "type": "int"}, - "deterministic_med": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "distance_external": {"required": False, "type": "int"}, - "distance_internal": {"required": False, "type": "int"}, - "distance_local": {"required": False, "type": "int"}, - "ebgp_multipath": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "enforce_first_as": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "fast_external_failover": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "graceful_end_on_timer": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "graceful_restart": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "graceful_restart_time": {"required": False, "type": "int"}, - "graceful_stalepath_time": {"required": False, "type": "int"}, - "graceful_update_delay": {"required": False, "type": "int"}, - "holdtime_timer": {"required": False, "type": "int"}, - "ibgp_multipath": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ignore_optional_capability": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "keepalive_timer": {"required": False, "type": "int"}, - "log_neighbour_changes": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "neighbor": {"required": False, "type": "list", - "options": { - "activate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "activate6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "advertisement_interval": {"required": False, "type": "int"}, - "allowas_in": {"required": False, "type": "int"}, - "allowas_in_enable": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "allowas_in_enable6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "allowas_in6": {"required": False, "type": "int"}, - "as_override": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "as_override6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "attribute_unchanged": {"required": False, "type": "str", - "choices": ["as-path", "med", "next-hop"]}, - "attribute_unchanged6": {"required": False, "type": "str", - "choices": ["as-path", "med", "next-hop"]}, - "bfd": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "capability_default_originate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "capability_default_originate6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "capability_dynamic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "capability_graceful_restart": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "capability_graceful_restart6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "capability_orf": {"required": False, "type": "str", - "choices": ["none", "receive", "send", - "both"]}, - "capability_orf6": {"required": False, "type": "str", - "choices": ["none", "receive", "send", - "both"]}, - "capability_route_refresh": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "conditional_advertise": {"required": False, "type": "list", - "options": { - "advertise_routemap": {"required": False, "type": "str"}, - "condition_routemap": {"required": False, "type": "str"}, - "condition_type": {"required": False, "type": "str", - "choices": ["exist", "non-exist"]} - }}, - "connect_timer": {"required": False, "type": "int"}, - "default_originate_routemap": {"required": False, "type": "str"}, - "default_originate_routemap6": {"required": False, "type": "str"}, - "description": {"required": False, "type": "str"}, - "distribute_list_in": {"required": False, "type": "str"}, - "distribute_list_in6": {"required": False, "type": "str"}, - "distribute_list_out": {"required": False, "type": "str"}, - "distribute_list_out6": {"required": False, "type": "str"}, - "dont_capability_negotiate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ebgp_enforce_multihop": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ebgp_multihop_ttl": {"required": False, "type": "int"}, - "filter_list_in": {"required": False, "type": "str"}, - "filter_list_in6": {"required": False, "type": "str"}, - "filter_list_out": {"required": False, "type": "str"}, - "filter_list_out6": {"required": False, "type": "str"}, - "holdtime_timer": {"required": False, "type": "int"}, - "interface": {"required": False, "type": "str"}, - "ip": {"required": True, "type": "str"}, - "keep_alive_timer": {"required": False, "type": "int"}, - "link_down_failover": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_as": {"required": False, "type": "int"}, - "local_as_no_prepend": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_as_replace_as": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "maximum_prefix": {"required": False, "type": "int"}, - "maximum_prefix_threshold": {"required": False, "type": "int"}, - "maximum_prefix_threshold6": {"required": False, "type": "int"}, - "maximum_prefix_warning_only": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "maximum_prefix_warning_only6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "maximum_prefix6": {"required": False, "type": "int"}, - "next_hop_self": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "next_hop_self6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "override_capability": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "passive": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "password": {"required": False, "type": "str"}, - "prefix_list_in": {"required": False, "type": "str"}, - "prefix_list_in6": {"required": False, "type": "str"}, - "prefix_list_out": {"required": False, "type": "str"}, - "prefix_list_out6": {"required": False, "type": "str"}, - "remote_as": {"required": False, "type": "int"}, - "remove_private_as": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "remove_private_as6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "restart_time": {"required": False, "type": "int"}, - "retain_stale_time": {"required": False, "type": "int"}, - "route_map_in": {"required": False, "type": "str"}, - "route_map_in6": {"required": False, "type": "str"}, - "route_map_out": {"required": False, "type": "str"}, - "route_map_out6": {"required": False, "type": "str"}, - "route_reflector_client": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "route_reflector_client6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "route_server_client": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "route_server_client6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "send_community": {"required": False, "type": "str", - "choices": ["standard", "extended", "both", - "disable"]}, - "send_community6": {"required": False, "type": "str", - "choices": ["standard", "extended", "both", - "disable"]}, - "shutdown": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "soft_reconfiguration": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "soft_reconfiguration6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "stale_route": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "strict_capability_match": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "unsuppress_map": {"required": False, "type": "str"}, - "unsuppress_map6": {"required": False, "type": "str"}, - "update_source": {"required": False, "type": "str"}, - "weight": {"required": False, "type": "int"} - }}, - "neighbor_group": {"required": False, "type": "list", - "options": { - "activate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "activate6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "advertisement_interval": {"required": False, "type": "int"}, - "allowas_in": {"required": False, "type": "int"}, - "allowas_in_enable": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "allowas_in_enable6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "allowas_in6": {"required": False, "type": "int"}, - "as_override": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "as_override6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "attribute_unchanged": {"required": False, "type": "str", - "choices": ["as-path", "med", "next-hop"]}, - "attribute_unchanged6": {"required": False, "type": "str", - "choices": ["as-path", "med", "next-hop"]}, - "bfd": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "capability_default_originate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "capability_default_originate6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "capability_dynamic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "capability_graceful_restart": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "capability_graceful_restart6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "capability_orf": {"required": False, "type": "str", - "choices": ["none", "receive", "send", - "both"]}, - "capability_orf6": {"required": False, "type": "str", - "choices": ["none", "receive", "send", - "both"]}, - "capability_route_refresh": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "connect_timer": {"required": False, "type": "int"}, - "default_originate_routemap": {"required": False, "type": "str"}, - "default_originate_routemap6": {"required": False, "type": "str"}, - "description": {"required": False, "type": "str"}, - "distribute_list_in": {"required": False, "type": "str"}, - "distribute_list_in6": {"required": False, "type": "str"}, - "distribute_list_out": {"required": False, "type": "str"}, - "distribute_list_out6": {"required": False, "type": "str"}, - "dont_capability_negotiate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ebgp_enforce_multihop": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ebgp_multihop_ttl": {"required": False, "type": "int"}, - "filter_list_in": {"required": False, "type": "str"}, - "filter_list_in6": {"required": False, "type": "str"}, - "filter_list_out": {"required": False, "type": "str"}, - "filter_list_out6": {"required": False, "type": "str"}, - "holdtime_timer": {"required": False, "type": "int"}, - "interface": {"required": False, "type": "str"}, - "keep_alive_timer": {"required": False, "type": "int"}, - "link_down_failover": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_as": {"required": False, "type": "int"}, - "local_as_no_prepend": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_as_replace_as": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "maximum_prefix": {"required": False, "type": "int"}, - "maximum_prefix_threshold": {"required": False, "type": "int"}, - "maximum_prefix_threshold6": {"required": False, "type": "int"}, - "maximum_prefix_warning_only": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "maximum_prefix_warning_only6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "maximum_prefix6": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "next_hop_self": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "next_hop_self6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "override_capability": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "passive": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "prefix_list_in": {"required": False, "type": "str"}, - "prefix_list_in6": {"required": False, "type": "str"}, - "prefix_list_out": {"required": False, "type": "str"}, - "prefix_list_out6": {"required": False, "type": "str"}, - "remote_as": {"required": False, "type": "int"}, - "remove_private_as": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "remove_private_as6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "restart_time": {"required": False, "type": "int"}, - "retain_stale_time": {"required": False, "type": "int"}, - "route_map_in": {"required": False, "type": "str"}, - "route_map_in6": {"required": False, "type": "str"}, - "route_map_out": {"required": False, "type": "str"}, - "route_map_out6": {"required": False, "type": "str"}, - "route_reflector_client": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "route_reflector_client6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "route_server_client": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "route_server_client6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "send_community": {"required": False, "type": "str", - "choices": ["standard", "extended", "both", - "disable"]}, - "send_community6": {"required": False, "type": "str", - "choices": ["standard", "extended", "both", - "disable"]}, - "shutdown": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "soft_reconfiguration": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "soft_reconfiguration6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "stale_route": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "strict_capability_match": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "unsuppress_map": {"required": False, "type": "str"}, - "unsuppress_map6": {"required": False, "type": "str"}, - "update_source": {"required": False, "type": "str"}, - "weight": {"required": False, "type": "int"} - }}, - "neighbor_range": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "max_neighbor_num": {"required": False, "type": "int"}, - "neighbor_group": {"required": False, "type": "str"}, - "prefix": {"required": False, "type": "str"} - }}, - "neighbor_range6": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "max_neighbor_num": {"required": False, "type": "int"}, - "neighbor_group": {"required": False, "type": "str"}, - "prefix6": {"required": False, "type": "str"} - }}, - "network": {"required": False, "type": "list", - "options": { - "backdoor": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "id": {"required": True, "type": "int"}, - "prefix": {"required": False, "type": "str"}, - "route_map": {"required": False, "type": "str"} - }}, - "network_import_check": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "network6": {"required": False, "type": "list", - "options": { - "backdoor": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "id": {"required": True, "type": "int"}, - "prefix6": {"required": False, "type": "str"}, - "route_map": {"required": False, "type": "str"} - }}, - "redistribute": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"}, - "route_map": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "redistribute6": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"}, - "route_map": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "router_id": {"required": False, "type": "str"}, - "scan_time": {"required": False, "type": "int"}, - "synchronization": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_router(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_router(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_router_community_list.py b/lib/ansible/modules/network/fortios/fortios_router_community_list.py deleted file mode 100644 index b6c08c7e456..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_router_community_list.py +++ /dev/null @@ -1,358 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_router_community_list -short_description: Configure community lists in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify router feature and community_list category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - router_community_list: - description: - - Configure community lists. - default: null - type: dict - suboptions: - name: - description: - - Community list name. - required: true - type: str - rule: - description: - - Community list rule. - type: list - suboptions: - action: - description: - - Permit or deny route-based operations, based on the route's COMMUNITY attribute. - type: str - choices: - - deny - - permit - id: - description: - - ID. - required: true - type: int - match: - description: - - Community specifications for matching a reserved community. - type: str - regexp: - description: - - Ordered list of COMMUNITY attributes as a regular expression. - type: str - type: - description: - - Community list type (standard or expanded). - type: str - choices: - - standard - - expanded -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure community lists. - fortios_router_community_list: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - router_community_list: - name: "default_name_3" - rule: - - - action: "deny" - id: "6" - match: "" - regexp: "" - type: "standard" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_router_community_list_data(json): - option_list = ['name', 'rule', 'type'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def router_community_list(data, fos): - vdom = data['vdom'] - state = data['state'] - router_community_list_data = data['router_community_list'] - filtered_data = underscore_to_hyphen(filter_router_community_list_data(router_community_list_data)) - - if state == "present": - return fos.set('router', - 'community-list', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('router', - 'community-list', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_router(data, fos): - - if data['router_community_list']: - resp = router_community_list(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "router_community_list": { - "required": False, "type": "dict", "default": None, - "options": { - "name": {"required": True, "type": "str"}, - "rule": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["deny", "permit"]}, - "id": {"required": True, "type": "int"}, - "match": {"required": False, "type": "str"}, - "regexp": {"required": False, "type": "str"} - }}, - "type": {"required": False, "type": "str", - "choices": ["standard", "expanded"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_router(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_router(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_router_isis.py b/lib/ansible/modules/network/fortios/fortios_router_isis.py deleted file mode 100644 index dadcd871e10..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_router_isis.py +++ /dev/null @@ -1,1046 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_router_isis -short_description: Configure IS-IS in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify router feature and isis category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - router_isis: - description: - - Configure IS-IS. - default: null - type: dict - suboptions: - adjacency_check: - description: - - Enable/disable adjacency check. - type: str - choices: - - enable - - disable - adjacency_check6: - description: - - Enable/disable IPv6 adjacency check. - type: str - choices: - - enable - - disable - adv_passive_only: - description: - - Enable/disable IS-IS advertisement of passive interfaces only. - type: str - choices: - - enable - - disable - adv_passive_only6: - description: - - Enable/disable IPv6 IS-IS advertisement of passive interfaces only. - type: str - choices: - - enable - - disable - auth_keychain_l1: - description: - - Authentication key-chain for level 1 PDUs. Source router.key-chain.name. - type: str - auth_keychain_l2: - description: - - Authentication key-chain for level 2 PDUs. Source router.key-chain.name. - type: str - auth_mode_l1: - description: - - Level 1 authentication mode. - type: str - choices: - - password - - md5 - auth_mode_l2: - description: - - Level 2 authentication mode. - type: str - choices: - - password - - md5 - auth_password_l1: - description: - - Authentication password for level 1 PDUs. - type: str - auth_password_l2: - description: - - Authentication password for level 2 PDUs. - type: str - auth_sendonly_l1: - description: - - Enable/disable level 1 authentication send-only. - type: str - choices: - - enable - - disable - auth_sendonly_l2: - description: - - Enable/disable level 2 authentication send-only. - type: str - choices: - - enable - - disable - default_originate: - description: - - Enable/disable distribution of default route information. - type: str - choices: - - enable - - disable - default_originate6: - description: - - Enable/disable distribution of default IPv6 route information. - type: str - choices: - - enable - - disable - dynamic_hostname: - description: - - Enable/disable dynamic hostname. - type: str - choices: - - enable - - disable - ignore_lsp_errors: - description: - - Enable/disable ignoring of LSP errors with bad checksums. - type: str - choices: - - enable - - disable - is_type: - description: - - IS type. - type: str - choices: - - level-1-2 - - level-1 - - level-2-only - isis_interface: - description: - - IS-IS interface configuration. - type: list - suboptions: - auth_keychain_l1: - description: - - Authentication key-chain for level 1 PDUs. Source router.key-chain.name. - type: str - auth_keychain_l2: - description: - - Authentication key-chain for level 2 PDUs. Source router.key-chain.name. - type: str - auth_mode_l1: - description: - - Level 1 authentication mode. - type: str - choices: - - md5 - - password - auth_mode_l2: - description: - - Level 2 authentication mode. - type: str - choices: - - md5 - - password - auth_password_l1: - description: - - Authentication password for level 1 PDUs. - type: str - auth_password_l2: - description: - - Authentication password for level 2 PDUs. - type: str - auth_send_only_l1: - description: - - Enable/disable authentication send-only for level 1 PDUs. - type: str - choices: - - enable - - disable - auth_send_only_l2: - description: - - Enable/disable authentication send-only for level 2 PDUs. - type: str - choices: - - enable - - disable - circuit_type: - description: - - IS-IS interface's circuit type - type: str - choices: - - level-1-2 - - level-1 - - level-2 - csnp_interval_l1: - description: - - Level 1 CSNP interval. - type: int - csnp_interval_l2: - description: - - Level 2 CSNP interval. - type: int - hello_interval_l1: - description: - - Level 1 hello interval. - type: int - hello_interval_l2: - description: - - Level 2 hello interval. - type: int - hello_multiplier_l1: - description: - - Level 1 multiplier for Hello holding time. - type: int - hello_multiplier_l2: - description: - - Level 2 multiplier for Hello holding time. - type: int - hello_padding: - description: - - Enable/disable padding to IS-IS hello packets. - type: str - choices: - - enable - - disable - lsp_interval: - description: - - LSP transmission interval (milliseconds). - type: int - lsp_retransmit_interval: - description: - - LSP retransmission interval (sec). - type: int - mesh_group: - description: - - Enable/disable IS-IS mesh group. - type: str - choices: - - enable - - disable - mesh_group_id: - description: - - "Mesh group ID <0-4294967295>, 0: mesh-group blocked." - type: int - metric_l1: - description: - - Level 1 metric for interface. - type: int - metric_l2: - description: - - Level 2 metric for interface. - type: int - name: - description: - - IS-IS interface name. Source system.interface.name. - required: true - type: str - network_type: - description: - - IS-IS interface's network type - type: str - choices: - - broadcast - - point-to-point - - loopback - priority_l1: - description: - - Level 1 priority. - type: int - priority_l2: - description: - - Level 2 priority. - type: int - status: - description: - - Enable/disable interface for IS-IS. - type: str - choices: - - enable - - disable - status6: - description: - - Enable/disable IPv6 interface for IS-IS. - type: str - choices: - - enable - - disable - wide_metric_l1: - description: - - Level 1 wide metric for interface. - type: int - wide_metric_l2: - description: - - Level 2 wide metric for interface. - type: int - isis_net: - description: - - IS-IS net configuration. - type: list - suboptions: - id: - description: - - isis-net ID. - required: true - type: int - net: - description: - - IS-IS net xx.xxxx. ... .xxxx.xx. - type: str - lsp_gen_interval_l1: - description: - - Minimum interval for level 1 LSP regenerating. - type: int - lsp_gen_interval_l2: - description: - - Minimum interval for level 2 LSP regenerating. - type: int - lsp_refresh_interval: - description: - - LSP refresh time in seconds. - type: int - max_lsp_lifetime: - description: - - Maximum LSP lifetime in seconds. - type: int - metric_style: - description: - - Use old-style (ISO 10589) or new-style packet formats - type: str - choices: - - narrow - - wide - - transition - - narrow-transition - - narrow-transition-l1 - - narrow-transition-l2 - - wide-l1 - - wide-l2 - - wide-transition - - wide-transition-l1 - - wide-transition-l2 - - transition-l1 - - transition-l2 - overload_bit: - description: - - Enable/disable signal other routers not to use us in SPF. - type: str - choices: - - enable - - disable - overload_bit_on_startup: - description: - - Overload-bit only temporarily after reboot. - type: int - overload_bit_suppress: - description: - - Suppress overload-bit for the specific prefixes. - type: str - choices: - - external - - interlevel - redistribute: - description: - - IS-IS redistribute protocols. - type: list - suboptions: - level: - description: - - Level. - type: str - choices: - - level-1-2 - - level-1 - - level-2 - metric: - description: - - Metric. - type: int - metric_type: - description: - - Metric type. - type: str - choices: - - external - - internal - protocol: - description: - - Protocol name. - required: true - type: str - routemap: - description: - - Route map name. Source router.route-map.name. - type: str - status: - description: - - Status. - type: str - choices: - - enable - - disable - redistribute_l1: - description: - - Enable/disable redistribution of level 1 routes into level 2. - type: str - choices: - - enable - - disable - redistribute_l1_list: - description: - - Access-list for route redistribution from l1 to l2. Source router.access-list.name. - type: str - redistribute_l2: - description: - - Enable/disable redistribution of level 2 routes into level 1. - type: str - choices: - - enable - - disable - redistribute_l2_list: - description: - - Access-list for route redistribution from l2 to l1. Source router.access-list.name. - type: str - redistribute6: - description: - - IS-IS IPv6 redistribution for routing protocols. - type: list - suboptions: - level: - description: - - Level. - type: str - choices: - - level-1-2 - - level-1 - - level-2 - metric: - description: - - Metric. - type: int - metric_type: - description: - - Metric type. - type: str - choices: - - external - - internal - protocol: - description: - - Protocol name. - required: true - type: str - routemap: - description: - - Route map name. Source router.route-map.name. - type: str - status: - description: - - Enable/disable redistribution. - type: str - choices: - - enable - - disable - redistribute6_l1: - description: - - Enable/disable redistribution of level 1 IPv6 routes into level 2. - type: str - choices: - - enable - - disable - redistribute6_l1_list: - description: - - Access-list for IPv6 route redistribution from l1 to l2. Source router.access-list6.name. - type: str - redistribute6_l2: - description: - - Enable/disable redistribution of level 2 IPv6 routes into level 1. - type: str - choices: - - enable - - disable - redistribute6_l2_list: - description: - - Access-list for IPv6 route redistribution from l2 to l1. Source router.access-list6.name. - type: str - spf_interval_exp_l1: - description: - - Level 1 SPF calculation delay. - type: str - spf_interval_exp_l2: - description: - - Level 2 SPF calculation delay. - type: str - summary_address: - description: - - IS-IS summary addresses. - type: list - suboptions: - id: - description: - - Summary address entry ID. - required: true - type: int - level: - description: - - Level. - type: str - choices: - - level-1-2 - - level-1 - - level-2 - prefix: - description: - - Prefix. - type: str - summary_address6: - description: - - IS-IS IPv6 summary address. - type: list - suboptions: - id: - description: - - Prefix entry ID. - required: true - type: int - level: - description: - - Level. - type: str - choices: - - level-1-2 - - level-1 - - level-2 - prefix6: - description: - - IPv6 prefix. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IS-IS. - fortios_router_isis: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - router_isis: - adjacency_check: "enable" - adjacency_check6: "enable" - adv_passive_only: "enable" - adv_passive_only6: "enable" - auth_keychain_l1: " (source router.key-chain.name)" - auth_keychain_l2: " (source router.key-chain.name)" - auth_mode_l1: "password" - auth_mode_l2: "password" - auth_password_l1: "" - auth_password_l2: "" - auth_sendonly_l1: "enable" - auth_sendonly_l2: "enable" - default_originate: "enable" - default_originate6: "enable" - dynamic_hostname: "enable" - ignore_lsp_errors: "enable" - is_type: "level-1-2" - isis_interface: - - - auth_keychain_l1: " (source router.key-chain.name)" - auth_keychain_l2: " (source router.key-chain.name)" - auth_mode_l1: "md5" - auth_mode_l2: "md5" - auth_password_l1: "" - auth_password_l2: "" - auth_send_only_l1: "enable" - auth_send_only_l2: "enable" - circuit_type: "level-1-2" - csnp_interval_l1: "30" - csnp_interval_l2: "31" - hello_interval_l1: "32" - hello_interval_l2: "33" - hello_multiplier_l1: "34" - hello_multiplier_l2: "35" - hello_padding: "enable" - lsp_interval: "37" - lsp_retransmit_interval: "38" - mesh_group: "enable" - mesh_group_id: "40" - metric_l1: "41" - metric_l2: "42" - name: "default_name_43 (source system.interface.name)" - network_type: "broadcast" - priority_l1: "45" - priority_l2: "46" - status: "enable" - status6: "enable" - wide_metric_l1: "49" - wide_metric_l2: "50" - isis_net: - - - id: "52" - net: "" - lsp_gen_interval_l1: "54" - lsp_gen_interval_l2: "55" - lsp_refresh_interval: "56" - max_lsp_lifetime: "57" - metric_style: "narrow" - overload_bit: "enable" - overload_bit_on_startup: "60" - overload_bit_suppress: "external" - redistribute: - - - level: "level-1-2" - metric: "64" - metric_type: "external" - protocol: "" - routemap: " (source router.route-map.name)" - status: "enable" - redistribute_l1: "enable" - redistribute_l1_list: " (source router.access-list.name)" - redistribute_l2: "enable" - redistribute_l2_list: " (source router.access-list.name)" - redistribute6: - - - level: "level-1-2" - metric: "75" - metric_type: "external" - protocol: "" - routemap: " (source router.route-map.name)" - status: "enable" - redistribute6_l1: "enable" - redistribute6_l1_list: " (source router.access-list6.name)" - redistribute6_l2: "enable" - redistribute6_l2_list: " (source router.access-list6.name)" - spf_interval_exp_l1: "" - spf_interval_exp_l2: "" - summary_address: - - - id: "87" - level: "level-1-2" - prefix: "" - summary_address6: - - - id: "91" - level: "level-1-2" - prefix6: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_router_isis_data(json): - option_list = ['adjacency_check', 'adjacency_check6', 'adv_passive_only', - 'adv_passive_only6', 'auth_keychain_l1', 'auth_keychain_l2', - 'auth_mode_l1', 'auth_mode_l2', 'auth_password_l1', - 'auth_password_l2', 'auth_sendonly_l1', 'auth_sendonly_l2', - 'default_originate', 'default_originate6', 'dynamic_hostname', - 'ignore_lsp_errors', 'is_type', 'isis_interface', - 'isis_net', 'lsp_gen_interval_l1', 'lsp_gen_interval_l2', - 'lsp_refresh_interval', 'max_lsp_lifetime', 'metric_style', - 'overload_bit', 'overload_bit_on_startup', 'overload_bit_suppress', - 'redistribute', 'redistribute_l1', 'redistribute_l1_list', - 'redistribute_l2', 'redistribute_l2_list', 'redistribute6', - 'redistribute6_l1', 'redistribute6_l1_list', 'redistribute6_l2', - 'redistribute6_l2_list', 'spf_interval_exp_l1', 'spf_interval_exp_l2', - 'summary_address', 'summary_address6'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def router_isis(data, fos): - vdom = data['vdom'] - router_isis_data = data['router_isis'] - filtered_data = underscore_to_hyphen(filter_router_isis_data(router_isis_data)) - - return fos.set('router', - 'isis', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_router(data, fos): - - if data['router_isis']: - resp = router_isis(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "router_isis": { - "required": False, "type": "dict", "default": None, - "options": { - "adjacency_check": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "adjacency_check6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "adv_passive_only": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "adv_passive_only6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "auth_keychain_l1": {"required": False, "type": "str"}, - "auth_keychain_l2": {"required": False, "type": "str"}, - "auth_mode_l1": {"required": False, "type": "str", - "choices": ["password", "md5"]}, - "auth_mode_l2": {"required": False, "type": "str", - "choices": ["password", "md5"]}, - "auth_password_l1": {"required": False, "type": "str"}, - "auth_password_l2": {"required": False, "type": "str"}, - "auth_sendonly_l1": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "auth_sendonly_l2": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "default_originate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "default_originate6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dynamic_hostname": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ignore_lsp_errors": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "is_type": {"required": False, "type": "str", - "choices": ["level-1-2", "level-1", "level-2-only"]}, - "isis_interface": {"required": False, "type": "list", - "options": { - "auth_keychain_l1": {"required": False, "type": "str"}, - "auth_keychain_l2": {"required": False, "type": "str"}, - "auth_mode_l1": {"required": False, "type": "str", - "choices": ["md5", "password"]}, - "auth_mode_l2": {"required": False, "type": "str", - "choices": ["md5", "password"]}, - "auth_password_l1": {"required": False, "type": "str"}, - "auth_password_l2": {"required": False, "type": "str"}, - "auth_send_only_l1": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "auth_send_only_l2": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "circuit_type": {"required": False, "type": "str", - "choices": ["level-1-2", "level-1", "level-2"]}, - "csnp_interval_l1": {"required": False, "type": "int"}, - "csnp_interval_l2": {"required": False, "type": "int"}, - "hello_interval_l1": {"required": False, "type": "int"}, - "hello_interval_l2": {"required": False, "type": "int"}, - "hello_multiplier_l1": {"required": False, "type": "int"}, - "hello_multiplier_l2": {"required": False, "type": "int"}, - "hello_padding": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "lsp_interval": {"required": False, "type": "int"}, - "lsp_retransmit_interval": {"required": False, "type": "int"}, - "mesh_group": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "mesh_group_id": {"required": False, "type": "int"}, - "metric_l1": {"required": False, "type": "int"}, - "metric_l2": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "network_type": {"required": False, "type": "str", - "choices": ["broadcast", "point-to-point", "loopback"]}, - "priority_l1": {"required": False, "type": "int"}, - "priority_l2": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "status6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "wide_metric_l1": {"required": False, "type": "int"}, - "wide_metric_l2": {"required": False, "type": "int"} - }}, - "isis_net": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "net": {"required": False, "type": "str"} - }}, - "lsp_gen_interval_l1": {"required": False, "type": "int"}, - "lsp_gen_interval_l2": {"required": False, "type": "int"}, - "lsp_refresh_interval": {"required": False, "type": "int"}, - "max_lsp_lifetime": {"required": False, "type": "int"}, - "metric_style": {"required": False, "type": "str", - "choices": ["narrow", "wide", "transition", - "narrow-transition", "narrow-transition-l1", "narrow-transition-l2", - "wide-l1", "wide-l2", "wide-transition", - "wide-transition-l1", "wide-transition-l2", "transition-l1", - "transition-l2"]}, - "overload_bit": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "overload_bit_on_startup": {"required": False, "type": "int"}, - "overload_bit_suppress": {"required": False, "type": "str", - "choices": ["external", "interlevel"]}, - "redistribute": {"required": False, "type": "list", - "options": { - "level": {"required": False, "type": "str", - "choices": ["level-1-2", "level-1", "level-2"]}, - "metric": {"required": False, "type": "int"}, - "metric_type": {"required": False, "type": "str", - "choices": ["external", "internal"]}, - "protocol": {"required": True, "type": "str"}, - "routemap": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "redistribute_l1": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "redistribute_l1_list": {"required": False, "type": "str"}, - "redistribute_l2": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "redistribute_l2_list": {"required": False, "type": "str"}, - "redistribute6": {"required": False, "type": "list", - "options": { - "level": {"required": False, "type": "str", - "choices": ["level-1-2", "level-1", "level-2"]}, - "metric": {"required": False, "type": "int"}, - "metric_type": {"required": False, "type": "str", - "choices": ["external", "internal"]}, - "protocol": {"required": True, "type": "str"}, - "routemap": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "redistribute6_l1": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "redistribute6_l1_list": {"required": False, "type": "str"}, - "redistribute6_l2": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "redistribute6_l2_list": {"required": False, "type": "str"}, - "spf_interval_exp_l1": {"required": False, "type": "str"}, - "spf_interval_exp_l2": {"required": False, "type": "str"}, - "summary_address": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "level": {"required": False, "type": "str", - "choices": ["level-1-2", "level-1", "level-2"]}, - "prefix": {"required": False, "type": "str"} - }}, - "summary_address6": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "level": {"required": False, "type": "str", - "choices": ["level-1-2", "level-1", "level-2"]}, - "prefix6": {"required": False, "type": "str"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_router(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_router(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_router_key_chain.py b/lib/ansible/modules/network/fortios/fortios_router_key_chain.py deleted file mode 100644 index 580f583a615..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_router_key_chain.py +++ /dev/null @@ -1,344 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_router_key_chain -short_description: Configure key-chain in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify router feature and key_chain category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - router_key_chain: - description: - - Configure key-chain. - default: null - type: dict - suboptions: - key: - description: - - Configuration method to edit key settings. - type: list - suboptions: - accept_lifetime: - description: - - "Lifetime of received authentication key (format: hh:mm:ss day month year)." - type: str - id: - description: - - Key ID (0 - 2147483647). - required: true - type: str - key_string: - description: - - Password for the key (max. = 35 characters). - type: str - send_lifetime: - description: - - "Lifetime of sent authentication key (format: hh:mm:ss day month year)." - type: str - name: - description: - - Key-chain name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure key-chain. - fortios_router_key_chain: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - router_key_chain: - key: - - - accept_lifetime: "" - id: "5" - key_string: "" - send_lifetime: "" - name: "default_name_8" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_router_key_chain_data(json): - option_list = ['key', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def router_key_chain(data, fos): - vdom = data['vdom'] - state = data['state'] - router_key_chain_data = data['router_key_chain'] - filtered_data = underscore_to_hyphen(filter_router_key_chain_data(router_key_chain_data)) - - if state == "present": - return fos.set('router', - 'key-chain', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('router', - 'key-chain', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_router(data, fos): - - if data['router_key_chain']: - resp = router_key_chain(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "router_key_chain": { - "required": False, "type": "dict", "default": None, - "options": { - "key": {"required": False, "type": "list", - "options": { - "accept_lifetime": {"required": False, "type": "str"}, - "id": {"required": True, "type": "str"}, - "key_string": {"required": False, "type": "str"}, - "send_lifetime": {"required": False, "type": "str"} - }}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_router(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_router(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_router_multicast.py b/lib/ansible/modules/network/fortios/fortios_router_multicast.py deleted file mode 100644 index ac6558694fd..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_router_multicast.py +++ /dev/null @@ -1,760 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_router_multicast -short_description: Configure router multicast in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify router feature and multicast category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - router_multicast: - description: - - Configure router multicast. - default: null - type: dict - suboptions: - interface: - description: - - PIM interfaces. - type: list - suboptions: - bfd: - description: - - Enable/disable Protocol Independent Multicast (PIM) Bidirectional Forwarding Detection (BFD). - type: str - choices: - - enable - - disable - cisco_exclude_genid: - description: - - Exclude GenID from hello packets (compatibility with old Cisco IOS). - type: str - choices: - - enable - - disable - dr_priority: - description: - - DR election priority. - type: int - hello_holdtime: - description: - - Time before old neighbor information expires (0 - 65535 sec). - type: int - hello_interval: - description: - - Interval between sending PIM hello messages (0 - 65535 sec). - type: int - igmp: - description: - - IGMP configuration options. - type: dict - suboptions: - access_group: - description: - - Groups IGMP hosts are allowed to join. Source router.access-list.name. - type: str - immediate_leave_group: - description: - - Groups to drop membership for immediately after receiving IGMPv2 leave. Source router.access-list.name. - type: str - last_member_query_count: - description: - - Number of group specific queries before removing group (2 - 7). - type: int - last_member_query_interval: - description: - - Timeout between IGMPv2 leave and removing group (1 - 65535 msec). - type: int - query_interval: - description: - - Interval between queries to IGMP hosts (1 - 65535 sec). - type: int - query_max_response_time: - description: - - Maximum time to wait for a IGMP query response (1 - 25 sec). - type: int - query_timeout: - description: - - Timeout between queries before becoming querier for network (60 - 900). - type: int - router_alert_check: - description: - - Enable/disable require IGMP packets contain router alert option. - type: str - choices: - - enable - - disable - version: - description: - - Maximum version of IGMP to support. - type: str - choices: - - 3 - - 2 - - 1 - join_group: - description: - - Join multicast groups. - type: list - suboptions: - address: - description: - - Multicast group IP address. - required: true - type: str - multicast_flow: - description: - - Acceptable source for multicast group. Source router.multicast-flow.name. - type: str - name: - description: - - Interface name. Source system.interface.name. - required: true - type: str - neighbour_filter: - description: - - Routers acknowledged as neighbor routers. Source router.access-list.name. - type: str - passive: - description: - - Enable/disable listening to IGMP but not participating in PIM. - type: str - choices: - - enable - - disable - pim_mode: - description: - - PIM operation mode. - type: str - choices: - - sparse-mode - - dense-mode - propagation_delay: - description: - - Delay flooding packets on this interface (100 - 5000 msec). - type: int - rp_candidate: - description: - - Enable/disable compete to become RP in elections. - type: str - choices: - - enable - - disable - rp_candidate_group: - description: - - Multicast groups managed by this RP. Source router.access-list.name. - type: str - rp_candidate_interval: - description: - - RP candidate advertisement interval (1 - 16383 sec). - type: int - rp_candidate_priority: - description: - - Router's priority as RP. - type: int - state_refresh_interval: - description: - - Interval between sending state-refresh packets (1 - 100 sec). - type: int - static_group: - description: - - Statically set multicast groups to forward out. Source router.multicast-flow.name. - type: str - ttl_threshold: - description: - - Minimum TTL of multicast packets that will be forwarded (applied only to new multicast routes) (1 - 255). - type: int - multicast_routing: - description: - - Enable/disable IP multicast routing. - type: str - choices: - - enable - - disable - pim_sm_global: - description: - - PIM sparse-mode global settings. - type: dict - suboptions: - accept_register_list: - description: - - Sources allowed to register packets with this Rendezvous Point (RP). Source router.access-list.name. - type: str - accept_source_list: - description: - - Sources allowed to send multicast traffic. Source router.access-list.name. - type: str - bsr_allow_quick_refresh: - description: - - Enable/disable accept BSR quick refresh packets from neighbors. - type: str - choices: - - enable - - disable - bsr_candidate: - description: - - Enable/disable allowing this router to become a bootstrap router (BSR). - type: str - choices: - - enable - - disable - bsr_hash: - description: - - BSR hash length (0 - 32). - type: int - bsr_interface: - description: - - Interface to advertise as candidate BSR. Source system.interface.name. - type: str - bsr_priority: - description: - - BSR priority (0 - 255). - type: int - cisco_crp_prefix: - description: - - Enable/disable making candidate RP compatible with old Cisco IOS. - type: str - choices: - - enable - - disable - cisco_ignore_rp_set_priority: - description: - - Use only hash for RP selection (compatibility with old Cisco IOS). - type: str - choices: - - enable - - disable - cisco_register_checksum: - description: - - Checksum entire register packet(for old Cisco IOS compatibility). - type: str - choices: - - enable - - disable - cisco_register_checksum_group: - description: - - Cisco register checksum only these groups. Source router.access-list.name. - type: str - join_prune_holdtime: - description: - - Join/prune holdtime (1 - 65535). - type: int - message_interval: - description: - - Period of time between sending periodic PIM join/prune messages in seconds (1 - 65535). - type: int - null_register_retries: - description: - - Maximum retries of null register (1 - 20). - type: int - register_rate_limit: - description: - - Limit of packets/sec per source registered through this RP (0 - 65535). - type: int - register_rp_reachability: - description: - - Enable/disable check RP is reachable before registering packets. - type: str - choices: - - enable - - disable - register_source: - description: - - Override source address in register packets. - type: str - choices: - - disable - - interface - - ip-address - register_source_interface: - description: - - Override with primary interface address. Source system.interface.name. - type: str - register_source_ip: - description: - - Override with local IP address. - type: str - register_supression: - description: - - Period of time to honor register-stop message (1 - 65535 sec). - type: int - rp_address: - description: - - Statically configure RP addresses. - type: list - suboptions: - group: - description: - - Groups to use this RP. Source router.access-list.name. - type: str - id: - description: - - ID. - required: true - type: int - ip_address: - description: - - RP router address. - type: str - rp_register_keepalive: - description: - - Timeout for RP receiving data on (S,G) tree (1 - 65535 sec). - type: int - spt_threshold: - description: - - Enable/disable switching to source specific trees. - type: str - choices: - - enable - - disable - spt_threshold_group: - description: - - Groups allowed to switch to source tree. Source router.access-list.name. - type: str - ssm: - description: - - Enable/disable source specific multicast. - type: str - choices: - - enable - - disable - ssm_range: - description: - - Groups allowed to source specific multicast. Source router.access-list.name. - type: str - route_limit: - description: - - Maximum number of multicast routes. - type: int - route_threshold: - description: - - Generate warnings when the number of multicast routes exceeds this number, must not be greater than route-limit. - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure router multicast. - fortios_router_multicast: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - router_multicast: - interface: - - - bfd: "enable" - cisco_exclude_genid: "enable" - dr_priority: "6" - hello_holdtime: "7" - hello_interval: "8" - igmp: - access_group: " (source router.access-list.name)" - immediate_leave_group: " (source router.access-list.name)" - last_member_query_count: "12" - last_member_query_interval: "13" - query_interval: "14" - query_max_response_time: "15" - query_timeout: "16" - router_alert_check: "enable" - version: "3" - join_group: - - - address: "" - multicast_flow: " (source router.multicast-flow.name)" - name: "default_name_22 (source system.interface.name)" - neighbour_filter: " (source router.access-list.name)" - passive: "enable" - pim_mode: "sparse-mode" - propagation_delay: "26" - rp_candidate: "enable" - rp_candidate_group: " (source router.access-list.name)" - rp_candidate_interval: "29" - rp_candidate_priority: "30" - state_refresh_interval: "31" - static_group: " (source router.multicast-flow.name)" - ttl_threshold: "33" - multicast_routing: "enable" - pim_sm_global: - accept_register_list: " (source router.access-list.name)" - accept_source_list: " (source router.access-list.name)" - bsr_allow_quick_refresh: "enable" - bsr_candidate: "enable" - bsr_hash: "40" - bsr_interface: " (source system.interface.name)" - bsr_priority: "42" - cisco_crp_prefix: "enable" - cisco_ignore_rp_set_priority: "enable" - cisco_register_checksum: "enable" - cisco_register_checksum_group: " (source router.access-list.name)" - join_prune_holdtime: "47" - message_interval: "48" - null_register_retries: "49" - register_rate_limit: "50" - register_rp_reachability: "enable" - register_source: "disable" - register_source_interface: " (source system.interface.name)" - register_source_ip: "" - register_supression: "55" - rp_address: - - - group: " (source router.access-list.name)" - id: "58" - ip_address: "" - rp_register_keepalive: "60" - spt_threshold: "enable" - spt_threshold_group: " (source router.access-list.name)" - ssm: "enable" - ssm_range: " (source router.access-list.name)" - route_limit: "65" - route_threshold: "66" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_router_multicast_data(json): - option_list = ['interface', 'multicast_routing', 'pim_sm_global', - 'route_limit', 'route_threshold'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def router_multicast(data, fos): - vdom = data['vdom'] - router_multicast_data = data['router_multicast'] - filtered_data = underscore_to_hyphen(filter_router_multicast_data(router_multicast_data)) - - return fos.set('router', - 'multicast', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_router(data, fos): - - if data['router_multicast']: - resp = router_multicast(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "router_multicast": { - "required": False, "type": "dict", "default": None, - "options": { - "interface": {"required": False, "type": "list", - "options": { - "bfd": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "cisco_exclude_genid": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dr_priority": {"required": False, "type": "int"}, - "hello_holdtime": {"required": False, "type": "int"}, - "hello_interval": {"required": False, "type": "int"}, - "igmp": {"required": False, "type": "dict", - "options": { - "access_group": {"required": False, "type": "str"}, - "immediate_leave_group": {"required": False, "type": "str"}, - "last_member_query_count": {"required": False, "type": "int"}, - "last_member_query_interval": {"required": False, "type": "int"}, - "query_interval": {"required": False, "type": "int"}, - "query_max_response_time": {"required": False, "type": "int"}, - "query_timeout": {"required": False, "type": "int"}, - "router_alert_check": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "version": {"required": False, "type": "str", - "choices": ["3", "2", "1"]} - }}, - "join_group": {"required": False, "type": "list", - "options": { - "address": {"required": True, "type": "str"} - }}, - "multicast_flow": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "neighbour_filter": {"required": False, "type": "str"}, - "passive": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "pim_mode": {"required": False, "type": "str", - "choices": ["sparse-mode", "dense-mode"]}, - "propagation_delay": {"required": False, "type": "int"}, - "rp_candidate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "rp_candidate_group": {"required": False, "type": "str"}, - "rp_candidate_interval": {"required": False, "type": "int"}, - "rp_candidate_priority": {"required": False, "type": "int"}, - "state_refresh_interval": {"required": False, "type": "int"}, - "static_group": {"required": False, "type": "str"}, - "ttl_threshold": {"required": False, "type": "int"} - }}, - "multicast_routing": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "pim_sm_global": {"required": False, "type": "dict", - "options": { - "accept_register_list": {"required": False, "type": "str"}, - "accept_source_list": {"required": False, "type": "str"}, - "bsr_allow_quick_refresh": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "bsr_candidate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "bsr_hash": {"required": False, "type": "int"}, - "bsr_interface": {"required": False, "type": "str"}, - "bsr_priority": {"required": False, "type": "int"}, - "cisco_crp_prefix": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "cisco_ignore_rp_set_priority": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "cisco_register_checksum": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "cisco_register_checksum_group": {"required": False, "type": "str"}, - "join_prune_holdtime": {"required": False, "type": "int"}, - "message_interval": {"required": False, "type": "int"}, - "null_register_retries": {"required": False, "type": "int"}, - "register_rate_limit": {"required": False, "type": "int"}, - "register_rp_reachability": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "register_source": {"required": False, "type": "str", - "choices": ["disable", "interface", "ip-address"]}, - "register_source_interface": {"required": False, "type": "str"}, - "register_source_ip": {"required": False, "type": "str"}, - "register_supression": {"required": False, "type": "int"}, - "rp_address": {"required": False, "type": "list", - "options": { - "group": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "ip_address": {"required": False, "type": "str"} - }}, - "rp_register_keepalive": {"required": False, "type": "int"}, - "spt_threshold": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "spt_threshold_group": {"required": False, "type": "str"}, - "ssm": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssm_range": {"required": False, "type": "str"} - }}, - "route_limit": {"required": False, "type": "int"}, - "route_threshold": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_router(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_router(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_router_multicast6.py b/lib/ansible/modules/network/fortios/fortios_router_multicast6.py deleted file mode 100644 index 4eace3697fe..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_router_multicast6.py +++ /dev/null @@ -1,372 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_router_multicast6 -short_description: Configure IPv6 multicast in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify router feature and multicast6 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - router_multicast6: - description: - - Configure IPv6 multicast. - default: null - type: dict - suboptions: - interface: - description: - - Protocol Independent Multicast (PIM) interfaces. - type: list - suboptions: - hello_holdtime: - description: - - Time before old neighbour information expires (1 - 65535 sec). - type: int - hello_interval: - description: - - Interval between sending PIM hello messages (1 - 65535 sec).. - type: int - name: - description: - - Interface name. Source system.interface.name. - required: true - type: str - multicast_pmtu: - description: - - Enable/disable PMTU for IPv6 multicast. - type: str - choices: - - enable - - disable - multicast_routing: - description: - - Enable/disable IPv6 multicast routing. - type: str - choices: - - enable - - disable - pim_sm_global: - description: - - PIM sparse-mode global settings. - type: dict - suboptions: - register_rate_limit: - description: - - Limit of packets/sec per source registered through this RP (0 means unlimited). - type: int - rp_address: - description: - - Statically configured RP addresses. - type: list - suboptions: - id: - description: - - ID of the entry. - required: true - type: int - ip6_address: - description: - - RP router IPv6 address. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv6 multicast. - fortios_router_multicast6: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - router_multicast6: - interface: - - - hello_holdtime: "4" - hello_interval: "5" - name: "default_name_6 (source system.interface.name)" - multicast_pmtu: "enable" - multicast_routing: "enable" - pim_sm_global: - register_rate_limit: "10" - rp_address: - - - id: "12" - ip6_address: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_router_multicast6_data(json): - option_list = ['interface', 'multicast_pmtu', 'multicast_routing', - 'pim_sm_global'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def router_multicast6(data, fos): - vdom = data['vdom'] - router_multicast6_data = data['router_multicast6'] - filtered_data = underscore_to_hyphen(filter_router_multicast6_data(router_multicast6_data)) - - return fos.set('router', - 'multicast6', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_router(data, fos): - - if data['router_multicast6']: - resp = router_multicast6(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "router_multicast6": { - "required": False, "type": "dict", "default": None, - "options": { - "interface": {"required": False, "type": "list", - "options": { - "hello_holdtime": {"required": False, "type": "int"}, - "hello_interval": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"} - }}, - "multicast_pmtu": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "multicast_routing": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "pim_sm_global": {"required": False, "type": "dict", - "options": { - "register_rate_limit": {"required": False, "type": "int"}, - "rp_address": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "ip6_address": {"required": False, "type": "str"} - }} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_router(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_router(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_router_multicast_flow.py b/lib/ansible/modules/network/fortios/fortios_router_multicast_flow.py deleted file mode 100644 index ad2a0002b02..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_router_multicast_flow.py +++ /dev/null @@ -1,366 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_router_multicast_flow -short_description: Configure multicast-flow in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify router feature and multicast_flow category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - router_multicast_flow: - description: - - Configure multicast-flow. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - comments: - description: - - Comment. - type: str - flows: - description: - - Multicast-flow entries. - type: list - suboptions: - group_addr: - description: - - Multicast group IP address. - type: str - id: - description: - - Flow ID. - required: true - type: int - source_addr: - description: - - Multicast source IP address. - type: str - name: - description: - - Name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure multicast-flow. - fortios_router_multicast_flow: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - router_multicast_flow: - comments: "" - flows: - - - group_addr: "" - id: "6" - source_addr: "" - name: "default_name_8" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_router_multicast_flow_data(json): - option_list = ['comments', 'flows', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def router_multicast_flow(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['router_multicast_flow'] and data['router_multicast_flow']: - state = data['router_multicast_flow']['state'] - else: - state = True - router_multicast_flow_data = data['router_multicast_flow'] - filtered_data = underscore_to_hyphen(filter_router_multicast_flow_data(router_multicast_flow_data)) - - if state == "present": - return fos.set('router', - 'multicast-flow', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('router', - 'multicast-flow', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_router(data, fos): - - if data['router_multicast_flow']: - resp = router_multicast_flow(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "router_multicast_flow": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "comments": {"required": False, "type": "str"}, - "flows": {"required": False, "type": "list", - "options": { - "group_addr": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "source_addr": {"required": False, "type": "str"} - }}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_router(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_router(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_router_ospf.py b/lib/ansible/modules/network/fortios/fortios_router_ospf.py deleted file mode 100644 index f13254c5cb0..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_router_ospf.py +++ /dev/null @@ -1,1117 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_router_ospf -short_description: Configure OSPF in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify router feature and ospf category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - router_ospf: - description: - - Configure OSPF. - default: null - type: dict - suboptions: - abr_type: - description: - - Area border router type. - type: str - choices: - - cisco - - ibm - - shortcut - - standard - area: - description: - - OSPF area configuration. - type: list - suboptions: - authentication: - description: - - Authentication type. - type: str - choices: - - none - - text - - md5 - default_cost: - description: - - Summary default cost of stub or NSSA area. - type: int - filter_list: - description: - - OSPF area filter-list configuration. - type: list - suboptions: - direction: - description: - - Direction. - type: str - choices: - - in - - out - id: - description: - - Filter list entry ID. - required: true - type: int - list: - description: - - Access-list or prefix-list name. Source router.access-list.name router.prefix-list.name. - type: str - id: - description: - - Area entry IP address. - required: true - type: str - nssa_default_information_originate: - description: - - Redistribute, advertise, or do not originate Type-7 default route into NSSA area. - type: str - choices: - - enable - - always - - disable - nssa_default_information_originate_metric: - description: - - OSPF default metric. - type: int - nssa_default_information_originate_metric_type: - description: - - OSPF metric type for default routes. - type: str - choices: - - 1 - - 2 - nssa_redistribution: - description: - - Enable/disable redistribute into NSSA area. - type: str - choices: - - enable - - disable - nssa_translator_role: - description: - - NSSA translator role type. - type: str - choices: - - candidate - - never - - always - range: - description: - - OSPF area range configuration. - type: list - suboptions: - advertise: - description: - - Enable/disable advertise status. - type: str - choices: - - disable - - enable - id: - description: - - Range entry ID. - required: true - type: int - prefix: - description: - - Prefix. - type: str - substitute: - description: - - Substitute prefix. - type: str - substitute_status: - description: - - Enable/disable substitute status. - type: str - choices: - - enable - - disable - shortcut: - description: - - Enable/disable shortcut option. - type: str - choices: - - disable - - enable - - default - stub_type: - description: - - Stub summary setting. - type: str - choices: - - no-summary - - summary - type: - description: - - Area type setting. - type: str - choices: - - regular - - nssa - - stub - virtual_link: - description: - - OSPF virtual link configuration. - type: list - suboptions: - authentication: - description: - - Authentication type. - type: str - choices: - - none - - text - - md5 - authentication_key: - description: - - Authentication key. - type: str - dead_interval: - description: - - Dead interval. - type: int - hello_interval: - description: - - Hello interval. - type: int - md5_key: - description: - - MD5 key. - type: str - name: - description: - - Virtual link entry name. - required: true - type: str - peer: - description: - - Peer IP. - type: str - retransmit_interval: - description: - - Retransmit interval. - type: int - transmit_delay: - description: - - Transmit delay. - type: int - auto_cost_ref_bandwidth: - description: - - Reference bandwidth in terms of megabits per second. - type: int - bfd: - description: - - Bidirectional Forwarding Detection (BFD). - type: str - choices: - - enable - - disable - database_overflow: - description: - - Enable/disable database overflow. - type: str - choices: - - enable - - disable - database_overflow_max_lsas: - description: - - Database overflow maximum LSAs. - type: int - database_overflow_time_to_recover: - description: - - Database overflow time to recover (sec). - type: int - default_information_metric: - description: - - Default information metric. - type: int - default_information_metric_type: - description: - - Default information metric type. - type: str - choices: - - 1 - - 2 - default_information_originate: - description: - - Enable/disable generation of default route. - type: str - choices: - - enable - - always - - disable - default_information_route_map: - description: - - Default information route map. Source router.route-map.name. - type: str - default_metric: - description: - - Default metric of redistribute routes. - type: int - distance: - description: - - Distance of the route. - type: int - distance_external: - description: - - Administrative external distance. - type: int - distance_inter_area: - description: - - Administrative inter-area distance. - type: int - distance_intra_area: - description: - - Administrative intra-area distance. - type: int - distribute_list: - description: - - Distribute list configuration. - type: list - suboptions: - access_list: - description: - - Access list name. Source router.access-list.name. - type: str - id: - description: - - Distribute list entry ID. - required: true - type: int - protocol: - description: - - Protocol type. - type: str - choices: - - connected - - static - - rip - distribute_list_in: - description: - - Filter incoming routes. Source router.access-list.name router.prefix-list.name. - type: str - distribute_route_map_in: - description: - - Filter incoming external routes by route-map. Source router.route-map.name. - type: str - log_neighbour_changes: - description: - - Enable logging of OSPF neighbour's changes - type: str - choices: - - enable - - disable - neighbor: - description: - - OSPF neighbor configuration are used when OSPF runs on non-broadcast media - type: list - suboptions: - cost: - description: - - Cost of the interface, value range from 0 to 65535, 0 means auto-cost. - type: int - id: - description: - - Neighbor entry ID. - required: true - type: int - ip: - description: - - Interface IP address of the neighbor. - type: str - poll_interval: - description: - - Poll interval time in seconds. - type: int - priority: - description: - - Priority. - type: int - network: - description: - - OSPF network configuration. - type: list - suboptions: - area: - description: - - Attach the network to area. - type: str - id: - description: - - Network entry ID. - required: true - type: int - prefix: - description: - - Prefix. - type: str - ospf_interface: - description: - - OSPF interface configuration. - type: list - suboptions: - authentication: - description: - - Authentication type. - type: str - choices: - - none - - text - - md5 - authentication_key: - description: - - Authentication key. - type: str - bfd: - description: - - Bidirectional Forwarding Detection (BFD). - type: str - choices: - - global - - enable - - disable - cost: - description: - - Cost of the interface, value range from 0 to 65535, 0 means auto-cost. - type: int - database_filter_out: - description: - - Enable/disable control of flooding out LSAs. - type: str - choices: - - enable - - disable - dead_interval: - description: - - Dead interval. - type: int - hello_interval: - description: - - Hello interval. - type: int - hello_multiplier: - description: - - Number of hello packets within dead interval. - type: int - interface: - description: - - Configuration interface name. Source system.interface.name. - type: str - ip: - description: - - IP address. - type: str - md5_key: - description: - - MD5 key. - type: str - mtu: - description: - - MTU for database description packets. - type: int - mtu_ignore: - description: - - Enable/disable ignore MTU. - type: str - choices: - - enable - - disable - name: - description: - - Interface entry name. - required: true - type: str - network_type: - description: - - Network type. - type: str - choices: - - broadcast - - non-broadcast - - point-to-point - - point-to-multipoint - - point-to-multipoint-non-broadcast - prefix_length: - description: - - Prefix length. - type: int - priority: - description: - - Priority. - type: int - resync_timeout: - description: - - Graceful restart neighbor resynchronization timeout. - type: int - retransmit_interval: - description: - - Retransmit interval. - type: int - status: - description: - - Enable/disable status. - type: str - choices: - - disable - - enable - transmit_delay: - description: - - Transmit delay. - type: int - passive_interface: - description: - - Passive interface configuration. - type: list - suboptions: - name: - description: - - Passive interface name. Source system.interface.name. - required: true - type: str - redistribute: - description: - - Redistribute configuration. - type: list - suboptions: - metric: - description: - - Redistribute metric setting. - type: int - metric_type: - description: - - Metric type. - type: str - choices: - - 1 - - 2 - name: - description: - - Redistribute name. - required: true - type: str - routemap: - description: - - Route map name. Source router.route-map.name. - type: str - status: - description: - - status - type: str - choices: - - enable - - disable - tag: - description: - - Tag value. - type: int - restart_mode: - description: - - OSPF restart mode (graceful or LLS). - type: str - choices: - - none - - lls - - graceful-restart - restart_period: - description: - - Graceful restart period. - type: int - rfc1583_compatible: - description: - - Enable/disable RFC1583 compatibility. - type: str - choices: - - enable - - disable - router_id: - description: - - Router ID. - type: str - spf_timers: - description: - - SPF calculation frequency. - type: str - summary_address: - description: - - IP address summary configuration. - type: list - suboptions: - advertise: - description: - - Enable/disable advertise status. - type: str - choices: - - disable - - enable - id: - description: - - Summary address entry ID. - required: true - type: int - prefix: - description: - - Prefix. - type: str - tag: - description: - - Tag value. - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure OSPF. - fortios_router_ospf: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - router_ospf: - abr_type: "cisco" - area: - - - authentication: "none" - default_cost: "6" - filter_list: - - - direction: "in" - id: "9" - list: " (source router.access-list.name router.prefix-list.name)" - id: "11" - nssa_default_information_originate: "enable" - nssa_default_information_originate_metric: "13" - nssa_default_information_originate_metric_type: "1" - nssa_redistribution: "enable" - nssa_translator_role: "candidate" - range: - - - advertise: "disable" - id: "19" - prefix: "" - substitute: "" - substitute_status: "enable" - shortcut: "disable" - stub_type: "no-summary" - type: "regular" - virtual_link: - - - authentication: "none" - authentication_key: "" - dead_interval: "29" - hello_interval: "30" - md5_key: "" - name: "default_name_32" - peer: "" - retransmit_interval: "34" - transmit_delay: "35" - auto_cost_ref_bandwidth: "36" - bfd: "enable" - database_overflow: "enable" - database_overflow_max_lsas: "39" - database_overflow_time_to_recover: "40" - default_information_metric: "41" - default_information_metric_type: "1" - default_information_originate: "enable" - default_information_route_map: " (source router.route-map.name)" - default_metric: "45" - distance: "46" - distance_external: "47" - distance_inter_area: "48" - distance_intra_area: "49" - distribute_list: - - - access_list: " (source router.access-list.name)" - id: "52" - protocol: "connected" - distribute_list_in: " (source router.access-list.name router.prefix-list.name)" - distribute_route_map_in: " (source router.route-map.name)" - log_neighbour_changes: "enable" - neighbor: - - - cost: "58" - id: "59" - ip: "" - poll_interval: "61" - priority: "62" - network: - - - area: "" - id: "65" - prefix: "" - ospf_interface: - - - authentication: "none" - authentication_key: "" - bfd: "global" - cost: "71" - database_filter_out: "enable" - dead_interval: "73" - hello_interval: "74" - hello_multiplier: "75" - interface: " (source system.interface.name)" - ip: "" - md5_key: "" - mtu: "79" - mtu_ignore: "enable" - name: "default_name_81" - network_type: "broadcast" - prefix_length: "83" - priority: "84" - resync_timeout: "85" - retransmit_interval: "86" - status: "disable" - transmit_delay: "88" - passive_interface: - - - name: "default_name_90 (source system.interface.name)" - redistribute: - - - metric: "92" - metric_type: "1" - name: "default_name_94" - routemap: " (source router.route-map.name)" - status: "enable" - tag: "97" - restart_mode: "none" - restart_period: "99" - rfc1583_compatible: "enable" - router_id: "" - spf_timers: "" - summary_address: - - - advertise: "disable" - id: "105" - prefix: "" - tag: "107" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_router_ospf_data(json): - option_list = ['abr_type', 'area', 'auto_cost_ref_bandwidth', - 'bfd', 'database_overflow', 'database_overflow_max_lsas', - 'database_overflow_time_to_recover', 'default_information_metric', 'default_information_metric_type', - 'default_information_originate', 'default_information_route_map', 'default_metric', - 'distance', 'distance_external', 'distance_inter_area', - 'distance_intra_area', 'distribute_list', 'distribute_list_in', - 'distribute_route_map_in', 'log_neighbour_changes', 'neighbor', - 'network', 'ospf_interface', 'passive_interface', - 'redistribute', 'restart_mode', 'restart_period', - 'rfc1583_compatible', 'router_id', 'spf_timers', - 'summary_address'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def router_ospf(data, fos): - vdom = data['vdom'] - router_ospf_data = data['router_ospf'] - filtered_data = underscore_to_hyphen(filter_router_ospf_data(router_ospf_data)) - - return fos.set('router', - 'ospf', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_router(data, fos): - - if data['router_ospf']: - resp = router_ospf(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "router_ospf": { - "required": False, "type": "dict", "default": None, - "options": { - "abr_type": {"required": False, "type": "str", - "choices": ["cisco", "ibm", "shortcut", - "standard"]}, - "area": {"required": False, "type": "list", - "options": { - "authentication": {"required": False, "type": "str", - "choices": ["none", "text", "md5"]}, - "default_cost": {"required": False, "type": "int"}, - "filter_list": {"required": False, "type": "list", - "options": { - "direction": {"required": False, "type": "str", - "choices": ["in", "out"]}, - "id": {"required": True, "type": "int"}, - "list": {"required": False, "type": "str"} - }}, - "id": {"required": True, "type": "str"}, - "nssa_default_information_originate": {"required": False, "type": "str", - "choices": ["enable", "always", "disable"]}, - "nssa_default_information_originate_metric": {"required": False, "type": "int"}, - "nssa_default_information_originate_metric_type": {"required": False, "type": "str", - "choices": ["1", "2"]}, - "nssa_redistribution": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "nssa_translator_role": {"required": False, "type": "str", - "choices": ["candidate", "never", "always"]}, - "range": {"required": False, "type": "list", - "options": { - "advertise": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "id": {"required": True, "type": "int"}, - "prefix": {"required": False, "type": "str"}, - "substitute": {"required": False, "type": "str"}, - "substitute_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "shortcut": {"required": False, "type": "str", - "choices": ["disable", "enable", "default"]}, - "stub_type": {"required": False, "type": "str", - "choices": ["no-summary", "summary"]}, - "type": {"required": False, "type": "str", - "choices": ["regular", "nssa", "stub"]}, - "virtual_link": {"required": False, "type": "list", - "options": { - "authentication": {"required": False, "type": "str", - "choices": ["none", "text", "md5"]}, - "authentication_key": {"required": False, "type": "str"}, - "dead_interval": {"required": False, "type": "int"}, - "hello_interval": {"required": False, "type": "int"}, - "md5_key": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "peer": {"required": False, "type": "str"}, - "retransmit_interval": {"required": False, "type": "int"}, - "transmit_delay": {"required": False, "type": "int"} - }} - }}, - "auto_cost_ref_bandwidth": {"required": False, "type": "int"}, - "bfd": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "database_overflow": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "database_overflow_max_lsas": {"required": False, "type": "int"}, - "database_overflow_time_to_recover": {"required": False, "type": "int"}, - "default_information_metric": {"required": False, "type": "int"}, - "default_information_metric_type": {"required": False, "type": "str", - "choices": ["1", "2"]}, - "default_information_originate": {"required": False, "type": "str", - "choices": ["enable", "always", "disable"]}, - "default_information_route_map": {"required": False, "type": "str"}, - "default_metric": {"required": False, "type": "int"}, - "distance": {"required": False, "type": "int"}, - "distance_external": {"required": False, "type": "int"}, - "distance_inter_area": {"required": False, "type": "int"}, - "distance_intra_area": {"required": False, "type": "int"}, - "distribute_list": {"required": False, "type": "list", - "options": { - "access_list": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "protocol": {"required": False, "type": "str", - "choices": ["connected", "static", "rip"]} - }}, - "distribute_list_in": {"required": False, "type": "str"}, - "distribute_route_map_in": {"required": False, "type": "str"}, - "log_neighbour_changes": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "neighbor": {"required": False, "type": "list", - "options": { - "cost": {"required": False, "type": "int"}, - "id": {"required": True, "type": "int"}, - "ip": {"required": False, "type": "str"}, - "poll_interval": {"required": False, "type": "int"}, - "priority": {"required": False, "type": "int"} - }}, - "network": {"required": False, "type": "list", - "options": { - "area": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "prefix": {"required": False, "type": "str"} - }}, - "ospf_interface": {"required": False, "type": "list", - "options": { - "authentication": {"required": False, "type": "str", - "choices": ["none", "text", "md5"]}, - "authentication_key": {"required": False, "type": "str"}, - "bfd": {"required": False, "type": "str", - "choices": ["global", "enable", "disable"]}, - "cost": {"required": False, "type": "int"}, - "database_filter_out": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dead_interval": {"required": False, "type": "int"}, - "hello_interval": {"required": False, "type": "int"}, - "hello_multiplier": {"required": False, "type": "int"}, - "interface": {"required": False, "type": "str"}, - "ip": {"required": False, "type": "str"}, - "md5_key": {"required": False, "type": "str"}, - "mtu": {"required": False, "type": "int"}, - "mtu_ignore": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "name": {"required": True, "type": "str"}, - "network_type": {"required": False, "type": "str", - "choices": ["broadcast", "non-broadcast", "point-to-point", - "point-to-multipoint", "point-to-multipoint-non-broadcast"]}, - "prefix_length": {"required": False, "type": "int"}, - "priority": {"required": False, "type": "int"}, - "resync_timeout": {"required": False, "type": "int"}, - "retransmit_interval": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "transmit_delay": {"required": False, "type": "int"} - }}, - "passive_interface": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "redistribute": {"required": False, "type": "list", - "options": { - "metric": {"required": False, "type": "int"}, - "metric_type": {"required": False, "type": "str", - "choices": ["1", "2"]}, - "name": {"required": True, "type": "str"}, - "routemap": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "tag": {"required": False, "type": "int"} - }}, - "restart_mode": {"required": False, "type": "str", - "choices": ["none", "lls", "graceful-restart"]}, - "restart_period": {"required": False, "type": "int"}, - "rfc1583_compatible": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "router_id": {"required": False, "type": "str"}, - "spf_timers": {"required": False, "type": "str"}, - "summary_address": {"required": False, "type": "list", - "options": { - "advertise": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "id": {"required": True, "type": "int"}, - "prefix": {"required": False, "type": "str"}, - "tag": {"required": False, "type": "int"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_router(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_router(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_router_ospf6.py b/lib/ansible/modules/network/fortios/fortios_router_ospf6.py deleted file mode 100644 index 93d317d3661..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_router_ospf6.py +++ /dev/null @@ -1,804 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_router_ospf6 -short_description: Configure IPv6 OSPF in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify router feature and ospf6 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - router_ospf6: - description: - - Configure IPv6 OSPF. - default: null - type: dict - suboptions: - abr_type: - description: - - Area border router type. - type: str - choices: - - cisco - - ibm - - standard - area: - description: - - OSPF6 area configuration. - type: list - suboptions: - default_cost: - description: - - Summary default cost of stub or NSSA area. - type: int - id: - description: - - Area entry IP address. - required: true - type: str - nssa_default_information_originate: - description: - - Enable/disable originate type 7 default into NSSA area. - type: str - choices: - - enable - - disable - nssa_default_information_originate_metric: - description: - - OSPFv3 default metric. - type: int - nssa_default_information_originate_metric_type: - description: - - OSPFv3 metric type for default routes. - type: str - choices: - - 1 - - 2 - nssa_redistribution: - description: - - Enable/disable redistribute into NSSA area. - type: str - choices: - - enable - - disable - nssa_translator_role: - description: - - NSSA translator role type. - type: str - choices: - - candidate - - never - - always - range: - description: - - OSPF6 area range configuration. - type: list - suboptions: - advertise: - description: - - Enable/disable advertise status. - type: str - choices: - - disable - - enable - id: - description: - - Range entry ID. - required: true - type: int - prefix6: - description: - - IPv6 prefix. - type: str - stub_type: - description: - - Stub summary setting. - type: str - choices: - - no-summary - - summary - type: - description: - - Area type setting. - type: str - choices: - - regular - - nssa - - stub - virtual_link: - description: - - OSPF6 virtual link configuration. - type: list - suboptions: - dead_interval: - description: - - Dead interval. - type: int - hello_interval: - description: - - Hello interval. - type: int - name: - description: - - Virtual link entry name. - required: true - type: str - peer: - description: - - A.B.C.D, peer router ID. - type: str - retransmit_interval: - description: - - Retransmit interval. - type: int - transmit_delay: - description: - - Transmit delay. - type: int - auto_cost_ref_bandwidth: - description: - - Reference bandwidth in terms of megabits per second. - type: int - bfd: - description: - - Enable/disable Bidirectional Forwarding Detection (BFD). - type: str - choices: - - enable - - disable - default_information_metric: - description: - - Default information metric. - type: int - default_information_metric_type: - description: - - Default information metric type. - type: str - choices: - - 1 - - 2 - default_information_originate: - description: - - Enable/disable generation of default route. - type: str - choices: - - enable - - always - - disable - default_information_route_map: - description: - - Default information route map. Source router.route-map.name. - type: str - default_metric: - description: - - Default metric of redistribute routes. - type: int - log_neighbour_changes: - description: - - Enable logging of OSPFv3 neighbour's changes - type: str - choices: - - enable - - disable - ospf6_interface: - description: - - OSPF6 interface configuration. - type: list - suboptions: - area_id: - description: - - A.B.C.D, in IPv4 address format. - type: str - bfd: - description: - - Enable/disable Bidirectional Forwarding Detection (BFD). - type: str - choices: - - global - - enable - - disable - cost: - description: - - Cost of the interface, value range from 0 to 65535, 0 means auto-cost. - type: int - dead_interval: - description: - - Dead interval. - type: int - hello_interval: - description: - - Hello interval. - type: int - interface: - description: - - Configuration interface name. Source system.interface.name. - type: str - mtu: - description: - - MTU for OSPFv3 packets. - type: int - mtu_ignore: - description: - - Enable/disable ignoring MTU field in DBD packets. - type: str - choices: - - enable - - disable - name: - description: - - Interface entry name. - required: true - type: str - neighbor: - description: - - OSPFv3 neighbors are used when OSPFv3 runs on non-broadcast media - type: list - suboptions: - cost: - description: - - Cost of the interface, value range from 0 to 65535, 0 means auto-cost. - type: int - ip6: - description: - - IPv6 link local address of the neighbor. - required: true - type: str - poll_interval: - description: - - Poll interval time in seconds. - type: int - priority: - description: - - priority - type: int - network_type: - description: - - Network type. - type: str - choices: - - broadcast - - point-to-point - - non-broadcast - - point-to-multipoint - - point-to-multipoint-non-broadcast - priority: - description: - - priority - type: int - retransmit_interval: - description: - - Retransmit interval. - type: int - status: - description: - - Enable/disable OSPF6 routing on this interface. - type: str - choices: - - disable - - enable - transmit_delay: - description: - - Transmit delay. - type: int - passive_interface: - description: - - Passive interface configuration. - type: list - suboptions: - name: - description: - - Passive interface name. Source system.interface.name. - required: true - type: str - redistribute: - description: - - Redistribute configuration. - type: list - suboptions: - metric: - description: - - Redistribute metric setting. - type: int - metric_type: - description: - - Metric type. - type: str - choices: - - 1 - - 2 - name: - description: - - Redistribute name. - required: true - type: str - routemap: - description: - - Route map name. Source router.route-map.name. - type: str - status: - description: - - status - type: str - choices: - - enable - - disable - router_id: - description: - - A.B.C.D, in IPv4 address format. - type: str - spf_timers: - description: - - SPF calculation frequency. - type: str - summary_address: - description: - - IPv6 address summary configuration. - type: list - suboptions: - advertise: - description: - - Enable/disable advertise status. - type: str - choices: - - disable - - enable - id: - description: - - Summary address entry ID. - required: true - type: int - prefix6: - description: - - IPv6 prefix. - type: str - tag: - description: - - Tag value. - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv6 OSPF. - fortios_router_ospf6: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - router_ospf6: - abr_type: "cisco" - area: - - - default_cost: "5" - id: "6" - nssa_default_information_originate: "enable" - nssa_default_information_originate_metric: "8" - nssa_default_information_originate_metric_type: "1" - nssa_redistribution: "enable" - nssa_translator_role: "candidate" - range: - - - advertise: "disable" - id: "14" - prefix6: "" - stub_type: "no-summary" - type: "regular" - virtual_link: - - - dead_interval: "19" - hello_interval: "20" - name: "default_name_21" - peer: "" - retransmit_interval: "23" - transmit_delay: "24" - auto_cost_ref_bandwidth: "25" - bfd: "enable" - default_information_metric: "27" - default_information_metric_type: "1" - default_information_originate: "enable" - default_information_route_map: " (source router.route-map.name)" - default_metric: "31" - log_neighbour_changes: "enable" - ospf6_interface: - - - area_id: "" - bfd: "global" - cost: "36" - dead_interval: "37" - hello_interval: "38" - interface: " (source system.interface.name)" - mtu: "40" - mtu_ignore: "enable" - name: "default_name_42" - neighbor: - - - cost: "44" - ip6: "" - poll_interval: "46" - priority: "47" - network_type: "broadcast" - priority: "49" - retransmit_interval: "50" - status: "disable" - transmit_delay: "52" - passive_interface: - - - name: "default_name_54 (source system.interface.name)" - redistribute: - - - metric: "56" - metric_type: "1" - name: "default_name_58" - routemap: " (source router.route-map.name)" - status: "enable" - router_id: "" - spf_timers: "" - summary_address: - - - advertise: "disable" - id: "65" - prefix6: "" - tag: "67" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_router_ospf6_data(json): - option_list = ['abr_type', 'area', 'auto_cost_ref_bandwidth', - 'bfd', 'default_information_metric', 'default_information_metric_type', - 'default_information_originate', 'default_information_route_map', 'default_metric', - 'log_neighbour_changes', 'ospf6_interface', 'passive_interface', - 'redistribute', 'router_id', 'spf_timers', - 'summary_address'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def router_ospf6(data, fos): - vdom = data['vdom'] - router_ospf6_data = data['router_ospf6'] - filtered_data = underscore_to_hyphen(filter_router_ospf6_data(router_ospf6_data)) - - return fos.set('router', - 'ospf6', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_router(data, fos): - - if data['router_ospf6']: - resp = router_ospf6(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "router_ospf6": { - "required": False, "type": "dict", "default": None, - "options": { - "abr_type": {"required": False, "type": "str", - "choices": ["cisco", "ibm", "standard"]}, - "area": {"required": False, "type": "list", - "options": { - "default_cost": {"required": False, "type": "int"}, - "id": {"required": True, "type": "str"}, - "nssa_default_information_originate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "nssa_default_information_originate_metric": {"required": False, "type": "int"}, - "nssa_default_information_originate_metric_type": {"required": False, "type": "str", - "choices": ["1", "2"]}, - "nssa_redistribution": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "nssa_translator_role": {"required": False, "type": "str", - "choices": ["candidate", "never", "always"]}, - "range": {"required": False, "type": "list", - "options": { - "advertise": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "id": {"required": True, "type": "int"}, - "prefix6": {"required": False, "type": "str"} - }}, - "stub_type": {"required": False, "type": "str", - "choices": ["no-summary", "summary"]}, - "type": {"required": False, "type": "str", - "choices": ["regular", "nssa", "stub"]}, - "virtual_link": {"required": False, "type": "list", - "options": { - "dead_interval": {"required": False, "type": "int"}, - "hello_interval": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "peer": {"required": False, "type": "str"}, - "retransmit_interval": {"required": False, "type": "int"}, - "transmit_delay": {"required": False, "type": "int"} - }} - }}, - "auto_cost_ref_bandwidth": {"required": False, "type": "int"}, - "bfd": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "default_information_metric": {"required": False, "type": "int"}, - "default_information_metric_type": {"required": False, "type": "str", - "choices": ["1", "2"]}, - "default_information_originate": {"required": False, "type": "str", - "choices": ["enable", "always", "disable"]}, - "default_information_route_map": {"required": False, "type": "str"}, - "default_metric": {"required": False, "type": "int"}, - "log_neighbour_changes": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ospf6_interface": {"required": False, "type": "list", - "options": { - "area_id": {"required": False, "type": "str"}, - "bfd": {"required": False, "type": "str", - "choices": ["global", "enable", "disable"]}, - "cost": {"required": False, "type": "int"}, - "dead_interval": {"required": False, "type": "int"}, - "hello_interval": {"required": False, "type": "int"}, - "interface": {"required": False, "type": "str"}, - "mtu": {"required": False, "type": "int"}, - "mtu_ignore": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "name": {"required": True, "type": "str"}, - "neighbor": {"required": False, "type": "list", - "options": { - "cost": {"required": False, "type": "int"}, - "ip6": {"required": True, "type": "str"}, - "poll_interval": {"required": False, "type": "int"}, - "priority": {"required": False, "type": "int"} - }}, - "network_type": {"required": False, "type": "str", - "choices": ["broadcast", "point-to-point", "non-broadcast", - "point-to-multipoint", "point-to-multipoint-non-broadcast"]}, - "priority": {"required": False, "type": "int"}, - "retransmit_interval": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "transmit_delay": {"required": False, "type": "int"} - }}, - "passive_interface": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "redistribute": {"required": False, "type": "list", - "options": { - "metric": {"required": False, "type": "int"}, - "metric_type": {"required": False, "type": "str", - "choices": ["1", "2"]}, - "name": {"required": True, "type": "str"}, - "routemap": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "router_id": {"required": False, "type": "str"}, - "spf_timers": {"required": False, "type": "str"}, - "summary_address": {"required": False, "type": "list", - "options": { - "advertise": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "id": {"required": True, "type": "int"}, - "prefix6": {"required": False, "type": "str"}, - "tag": {"required": False, "type": "int"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_router(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_router(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_router_policy.py b/lib/ansible/modules/network/fortios/fortios_router_policy.py deleted file mode 100644 index b455a49180f..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_router_policy.py +++ /dev/null @@ -1,521 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_router_policy -short_description: Configure IPv4 routing policies in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify router feature and policy category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - router_policy: - description: - - Configure IPv4 routing policies. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - action: - description: - - Action of the policy route. - type: str - choices: - - deny - - permit - comments: - description: - - Optional comments. - type: str - dst: - description: - - Destination IP and mask (x.x.x.x/x). - type: list - suboptions: - subnet: - description: - - IP and mask. - required: true - type: str - dst_negate: - description: - - Enable/disable negating destination address match. - type: str - choices: - - enable - - disable - dstaddr: - description: - - Destination address name. - type: list - suboptions: - name: - description: - - Address/group name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - end_port: - description: - - End destination port number (0 - 65535). - type: int - end_source_port: - description: - - End source port number (0 - 65535). - type: int - gateway: - description: - - IP address of the gateway. - type: str - input_device: - description: - - Incoming interface name. - type: list - suboptions: - name: - description: - - Interface name. Source system.interface.name. - required: true - type: str - output_device: - description: - - Outgoing interface name. Source system.interface.name. - type: str - protocol: - description: - - Protocol number (0 - 255). - type: int - seq_num: - description: - - Sequence number. - type: int - src: - description: - - Source IP and mask (x.x.x.x/x). - type: list - suboptions: - subnet: - description: - - IP and mask. - required: true - type: str - src_negate: - description: - - Enable/disable negating source address match. - type: str - choices: - - enable - - disable - srcaddr: - description: - - Source address name. - type: list - suboptions: - name: - description: - - Address/group name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - start_port: - description: - - Start destination port number (0 - 65535). - type: int - start_source_port: - description: - - Start source port number (0 - 65535). - type: int - status: - description: - - Enable/disable this policy route. - type: str - choices: - - enable - - disable - tos: - description: - - Type of service bit pattern. - type: str - tos_mask: - description: - - Type of service evaluated bits. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv4 routing policies. - fortios_router_policy: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - router_policy: - action: "deny" - comments: "" - dst: - - - subnet: "" - dst_negate: "enable" - dstaddr: - - - name: "default_name_9 (source firewall.address.name firewall.addrgrp.name)" - end_port: "10" - end_source_port: "11" - gateway: "" - input_device: - - - name: "default_name_14 (source system.interface.name)" - output_device: " (source system.interface.name)" - protocol: "16" - seq_num: "17" - src: - - - subnet: "" - src_negate: "enable" - srcaddr: - - - name: "default_name_22 (source firewall.address.name firewall.addrgrp.name)" - start_port: "23" - start_source_port: "24" - status: "enable" - tos: "" - tos_mask: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_router_policy_data(json): - option_list = ['action', 'comments', 'dst', - 'dst_negate', 'dstaddr', 'end_port', - 'end_source_port', 'gateway', 'input_device', - 'output_device', 'protocol', 'seq_num', - 'src', 'src_negate', 'srcaddr', - 'start_port', 'start_source_port', 'status', - 'tos', 'tos_mask'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def router_policy(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['router_policy'] and data['router_policy']: - state = data['router_policy']['state'] - else: - state = True - router_policy_data = data['router_policy'] - filtered_data = underscore_to_hyphen(filter_router_policy_data(router_policy_data)) - - if state == "present": - return fos.set('router', - 'policy', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('router', - 'policy', - mkey=filtered_data['seq-num'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_router(data, fos): - - if data['router_policy']: - resp = router_policy(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "router_policy": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "action": {"required": False, "type": "str", - "choices": ["deny", "permit"]}, - "comments": {"required": False, "type": "str"}, - "dst": {"required": False, "type": "list", - "options": { - "subnet": {"required": True, "type": "str"} - }}, - "dst_negate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dstaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "end_port": {"required": False, "type": "int"}, - "end_source_port": {"required": False, "type": "int"}, - "gateway": {"required": False, "type": "str"}, - "input_device": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "output_device": {"required": False, "type": "str"}, - "protocol": {"required": False, "type": "int"}, - "seq_num": {"required": False, "type": "int"}, - "src": {"required": False, "type": "list", - "options": { - "subnet": {"required": True, "type": "str"} - }}, - "src_negate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "srcaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "start_port": {"required": False, "type": "int"}, - "start_source_port": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "tos": {"required": False, "type": "str"}, - "tos_mask": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_router(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_router(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_router_policy6.py b/lib/ansible/modules/network/fortios/fortios_router_policy6.py deleted file mode 100644 index 91c8109c042..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_router_policy6.py +++ /dev/null @@ -1,410 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_router_policy6 -short_description: Configure IPv6 routing policies in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify router feature and policy6 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - router_policy6: - description: - - Configure IPv6 routing policies. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - comments: - description: - - Optional comments. - type: str - dst: - description: - - Destination IPv6 prefix. - type: str - end_port: - description: - - End destination port number (1 - 65535). - type: int - gateway: - description: - - IPv6 address of the gateway. - type: str - input_device: - description: - - Incoming interface name. Source system.interface.name. - type: str - output_device: - description: - - Outgoing interface name. Source system.interface.name. - type: str - protocol: - description: - - Protocol number (0 - 255). - type: int - seq_num: - description: - - Sequence number. - type: int - src: - description: - - Source IPv6 prefix. - type: str - start_port: - description: - - Start destination port number (1 - 65535). - type: int - status: - description: - - Enable/disable this policy route. - type: str - choices: - - enable - - disable - tos: - description: - - Type of service bit pattern. - type: str - tos_mask: - description: - - Type of service evaluated bits. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv6 routing policies. - fortios_router_policy6: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - router_policy6: - comments: "" - dst: "" - end_port: "5" - gateway: "" - input_device: " (source system.interface.name)" - output_device: " (source system.interface.name)" - protocol: "9" - seq_num: "10" - src: "" - start_port: "12" - status: "enable" - tos: "" - tos_mask: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_router_policy6_data(json): - option_list = ['comments', 'dst', 'end_port', - 'gateway', 'input_device', 'output_device', - 'protocol', 'seq_num', 'src', - 'start_port', 'status', 'tos', - 'tos_mask'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def router_policy6(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['router_policy6'] and data['router_policy6']: - state = data['router_policy6']['state'] - else: - state = True - router_policy6_data = data['router_policy6'] - filtered_data = underscore_to_hyphen(filter_router_policy6_data(router_policy6_data)) - - if state == "present": - return fos.set('router', - 'policy6', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('router', - 'policy6', - mkey=filtered_data['seq-num'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_router(data, fos): - - if data['router_policy6']: - resp = router_policy6(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "router_policy6": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "comments": {"required": False, "type": "str"}, - "dst": {"required": False, "type": "str"}, - "end_port": {"required": False, "type": "int"}, - "gateway": {"required": False, "type": "str"}, - "input_device": {"required": False, "type": "str"}, - "output_device": {"required": False, "type": "str"}, - "protocol": {"required": False, "type": "int"}, - "seq_num": {"required": False, "type": "int"}, - "src": {"required": False, "type": "str"}, - "start_port": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "tos": {"required": False, "type": "str"}, - "tos_mask": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_router(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_router(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_router_prefix_list.py b/lib/ansible/modules/network/fortios/fortios_router_prefix_list.py deleted file mode 100644 index 880e0cd5f19..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_router_prefix_list.py +++ /dev/null @@ -1,388 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_router_prefix_list -short_description: Configure IPv4 prefix lists in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify router feature and prefix_list category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - router_prefix_list: - description: - - Configure IPv4 prefix lists. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - comments: - description: - - Comment. - type: str - name: - description: - - Name. - required: true - type: str - rule: - description: - - IPv4 prefix list rule. - type: list - suboptions: - action: - description: - - Permit or deny this IP address and netmask prefix. - type: str - choices: - - permit - - deny - flags: - description: - - Flags. - type: int - ge: - description: - - Minimum prefix length to be matched (0 - 32). - type: int - id: - description: - - Rule ID. - required: true - type: int - le: - description: - - Maximum prefix length to be matched (0 - 32). - type: int - prefix: - description: - - IPv4 prefix to define regular filter criteria, such as "any" or subnets. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv4 prefix lists. - fortios_router_prefix_list: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - router_prefix_list: - comments: "" - name: "default_name_4" - rule: - - - action: "permit" - flags: "7" - ge: "8" - id: "9" - le: "10" - prefix: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_router_prefix_list_data(json): - option_list = ['comments', 'name', 'rule'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def router_prefix_list(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['router_prefix_list'] and data['router_prefix_list']: - state = data['router_prefix_list']['state'] - else: - state = True - router_prefix_list_data = data['router_prefix_list'] - filtered_data = underscore_to_hyphen(filter_router_prefix_list_data(router_prefix_list_data)) - - if state == "present": - return fos.set('router', - 'prefix-list', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('router', - 'prefix-list', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_router(data, fos): - - if data['router_prefix_list']: - resp = router_prefix_list(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "router_prefix_list": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "comments": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "rule": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["permit", "deny"]}, - "flags": {"required": False, "type": "int"}, - "ge": {"required": False, "type": "int"}, - "id": {"required": True, "type": "int"}, - "le": {"required": False, "type": "int"}, - "prefix": {"required": False, "type": "str"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_router(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_router(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_router_prefix_list6.py b/lib/ansible/modules/network/fortios/fortios_router_prefix_list6.py deleted file mode 100644 index 147e4f1b593..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_router_prefix_list6.py +++ /dev/null @@ -1,366 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_router_prefix_list6 -short_description: Configure IPv6 prefix lists in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify router feature and prefix_list6 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - router_prefix_list6: - description: - - Configure IPv6 prefix lists. - default: null - type: dict - suboptions: - comments: - description: - - Comment. - type: str - name: - description: - - Name. - required: true - type: str - rule: - description: - - IPv6 prefix list rule. - type: list - suboptions: - action: - description: - - Permit or deny packets that match this rule. - type: str - choices: - - permit - - deny - flags: - description: - - Flags. - type: int - ge: - description: - - Minimum prefix length to be matched (0 - 128). - type: int - id: - description: - - Rule ID. - required: true - type: int - le: - description: - - Maximum prefix length to be matched (0 - 128). - type: int - prefix6: - description: - - IPv6 prefix to define regular filter criteria, such as "any" or subnets. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv6 prefix lists. - fortios_router_prefix_list6: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - router_prefix_list6: - comments: "" - name: "default_name_4" - rule: - - - action: "permit" - flags: "7" - ge: "8" - id: "9" - le: "10" - prefix6: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_router_prefix_list6_data(json): - option_list = ['comments', 'name', 'rule'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def router_prefix_list6(data, fos): - vdom = data['vdom'] - state = data['state'] - router_prefix_list6_data = data['router_prefix_list6'] - filtered_data = underscore_to_hyphen(filter_router_prefix_list6_data(router_prefix_list6_data)) - - if state == "present": - return fos.set('router', - 'prefix-list6', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('router', - 'prefix-list6', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_router(data, fos): - - if data['router_prefix_list6']: - resp = router_prefix_list6(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "router_prefix_list6": { - "required": False, "type": "dict", "default": None, - "options": { - "comments": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "rule": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["permit", "deny"]}, - "flags": {"required": False, "type": "int"}, - "ge": {"required": False, "type": "int"}, - "id": {"required": True, "type": "int"}, - "le": {"required": False, "type": "int"}, - "prefix6": {"required": False, "type": "str"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_router(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_router(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_router_rip.py b/lib/ansible/modules/network/fortios/fortios_router_rip.py deleted file mode 100644 index bd0b2edcc07..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_router_rip.py +++ /dev/null @@ -1,682 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_router_rip -short_description: Configure RIP in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify router feature and rip category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - router_rip: - description: - - Configure RIP. - default: null - type: dict - suboptions: - default_information_originate: - description: - - Enable/disable generation of default route. - type: str - choices: - - enable - - disable - default_metric: - description: - - Default metric. - type: int - distance: - description: - - distance - type: list - suboptions: - access_list: - description: - - Access list for route destination. Source router.access-list.name. - type: str - distance: - description: - - Distance (1 - 255). - type: int - id: - description: - - Distance ID. - required: true - type: int - prefix: - description: - - Distance prefix. - type: str - distribute_list: - description: - - Distribute list. - type: list - suboptions: - direction: - description: - - Distribute list direction. - type: str - choices: - - in - - out - id: - description: - - Distribute list ID. - required: true - type: int - interface: - description: - - Distribute list interface name. Source system.interface.name. - type: str - listname: - description: - - Distribute access/prefix list name. Source router.access-list.name router.prefix-list.name. - type: str - status: - description: - - status - type: str - choices: - - enable - - disable - garbage_timer: - description: - - Garbage timer in seconds. - type: int - interface: - description: - - RIP interface configuration. - type: list - suboptions: - auth_keychain: - description: - - Authentication key-chain name. Source router.key-chain.name. - type: str - auth_mode: - description: - - Authentication mode. - type: str - choices: - - none - - text - - md5 - auth_string: - description: - - Authentication string/password. - type: str - flags: - description: - - flags - type: int - name: - description: - - Interface name. Source system.interface.name. - required: true - type: str - receive_version: - description: - - Receive version. - type: str - choices: - - 1 - - 2 - send_version: - description: - - Send version. - type: str - choices: - - 1 - - 2 - send_version2_broadcast: - description: - - Enable/disable broadcast version 1 compatible packets. - type: str - choices: - - disable - - enable - split_horizon: - description: - - Enable/disable split horizon. - type: str - choices: - - poisoned - - regular - split_horizon_status: - description: - - Enable/disable split horizon. - type: str - choices: - - enable - - disable - max_out_metric: - description: - - Maximum metric allowed to output(0 means 'not set'). - type: int - neighbor: - description: - - neighbor - type: list - suboptions: - id: - description: - - Neighbor entry ID. - required: true - type: int - ip: - description: - - IP address. - type: str - network: - description: - - network - type: list - suboptions: - id: - description: - - Network entry ID. - required: true - type: int - prefix: - description: - - Network prefix. - type: str - offset_list: - description: - - Offset list. - type: list - suboptions: - access_list: - description: - - Access list name. Source router.access-list.name. - type: str - direction: - description: - - Offset list direction. - type: str - choices: - - in - - out - id: - description: - - Offset-list ID. - required: true - type: int - interface: - description: - - Interface name. Source system.interface.name. - type: str - offset: - description: - - offset - type: int - status: - description: - - status - type: str - choices: - - enable - - disable - passive_interface: - description: - - Passive interface configuration. - type: list - suboptions: - name: - description: - - Passive interface name. Source system.interface.name. - required: true - type: str - recv_buffer_size: - description: - - Receiving buffer size. - type: int - redistribute: - description: - - Redistribute configuration. - type: list - suboptions: - metric: - description: - - Redistribute metric setting. - type: int - name: - description: - - Redistribute name. - required: true - type: str - routemap: - description: - - Route map name. Source router.route-map.name. - type: str - status: - description: - - status - type: str - choices: - - enable - - disable - timeout_timer: - description: - - Timeout timer in seconds. - type: int - update_timer: - description: - - Update timer in seconds. - type: int - version: - description: - - RIP version. - type: str - choices: - - 1 - - 2 -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure RIP. - fortios_router_rip: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - router_rip: - default_information_originate: "enable" - default_metric: "4" - distance: - - - access_list: " (source router.access-list.name)" - distance: "7" - id: "8" - prefix: "" - distribute_list: - - - direction: "in" - id: "12" - interface: " (source system.interface.name)" - listname: " (source router.access-list.name router.prefix-list.name)" - status: "enable" - garbage_timer: "16" - interface: - - - auth_keychain: " (source router.key-chain.name)" - auth_mode: "none" - auth_string: "" - flags: "21" - name: "default_name_22 (source system.interface.name)" - receive_version: "1" - send_version: "1" - send_version2_broadcast: "disable" - split_horizon: "poisoned" - split_horizon_status: "enable" - max_out_metric: "28" - neighbor: - - - id: "30" - ip: "" - network: - - - id: "33" - prefix: "" - offset_list: - - - access_list: " (source router.access-list.name)" - direction: "in" - id: "38" - interface: " (source system.interface.name)" - offset: "40" - status: "enable" - passive_interface: - - - name: "default_name_43 (source system.interface.name)" - recv_buffer_size: "44" - redistribute: - - - metric: "46" - name: "default_name_47" - routemap: " (source router.route-map.name)" - status: "enable" - timeout_timer: "50" - update_timer: "51" - version: "1" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_router_rip_data(json): - option_list = ['default_information_originate', 'default_metric', 'distance', - 'distribute_list', 'garbage_timer', 'interface', - 'max_out_metric', 'neighbor', 'network', - 'offset_list', 'passive_interface', 'recv_buffer_size', - 'redistribute', 'timeout_timer', 'update_timer', - 'version'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def router_rip(data, fos): - vdom = data['vdom'] - router_rip_data = data['router_rip'] - filtered_data = underscore_to_hyphen(filter_router_rip_data(router_rip_data)) - - return fos.set('router', - 'rip', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_router(data, fos): - - if data['router_rip']: - resp = router_rip(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "router_rip": { - "required": False, "type": "dict", "default": None, - "options": { - "default_information_originate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "default_metric": {"required": False, "type": "int"}, - "distance": {"required": False, "type": "list", - "options": { - "access_list": {"required": False, "type": "str"}, - "distance": {"required": False, "type": "int"}, - "id": {"required": True, "type": "int"}, - "prefix": {"required": False, "type": "str"} - }}, - "distribute_list": {"required": False, "type": "list", - "options": { - "direction": {"required": False, "type": "str", - "choices": ["in", "out"]}, - "id": {"required": True, "type": "int"}, - "interface": {"required": False, "type": "str"}, - "listname": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "garbage_timer": {"required": False, "type": "int"}, - "interface": {"required": False, "type": "list", - "options": { - "auth_keychain": {"required": False, "type": "str"}, - "auth_mode": {"required": False, "type": "str", - "choices": ["none", "text", "md5"]}, - "auth_string": {"required": False, "type": "str"}, - "flags": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "receive_version": {"required": False, "type": "str", - "choices": ["1", "2"]}, - "send_version": {"required": False, "type": "str", - "choices": ["1", "2"]}, - "send_version2_broadcast": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "split_horizon": {"required": False, "type": "str", - "choices": ["poisoned", "regular"]}, - "split_horizon_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "max_out_metric": {"required": False, "type": "int"}, - "neighbor": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "ip": {"required": False, "type": "str"} - }}, - "network": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "prefix": {"required": False, "type": "str"} - }}, - "offset_list": {"required": False, "type": "list", - "options": { - "access_list": {"required": False, "type": "str"}, - "direction": {"required": False, "type": "str", - "choices": ["in", "out"]}, - "id": {"required": True, "type": "int"}, - "interface": {"required": False, "type": "str"}, - "offset": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "passive_interface": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "recv_buffer_size": {"required": False, "type": "int"}, - "redistribute": {"required": False, "type": "list", - "options": { - "metric": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "routemap": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "timeout_timer": {"required": False, "type": "int"}, - "update_timer": {"required": False, "type": "int"}, - "version": {"required": False, "type": "str", - "choices": ["1", "2"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_router(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_router(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_router_ripng.py b/lib/ansible/modules/network/fortios/fortios_router_ripng.py deleted file mode 100644 index bc57bdbfc94..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_router_ripng.py +++ /dev/null @@ -1,640 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_router_ripng -short_description: Configure RIPng in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify router feature and ripng category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - router_ripng: - description: - - Configure RIPng. - default: null - type: dict - suboptions: - aggregate_address: - description: - - Aggregate address. - type: list - suboptions: - id: - description: - - Aggregate address entry ID. - required: true - type: int - prefix6: - description: - - Aggregate address prefix. - type: str - default_information_originate: - description: - - Enable/disable generation of default route. - type: str - choices: - - enable - - disable - default_metric: - description: - - Metric that the FortiGate unit advertises to adjacent routers. - type: int - distance: - description: - - Administrative distance - type: list - suboptions: - access_list6: - description: - - Access list for route destination. Source router.access-list6.name. - type: str - distance: - description: - - Distance (1 - 255). - type: int - id: - description: - - Distance ID. - required: true - type: int - prefix6: - description: - - Distance prefix6. - type: str - distribute_list: - description: - - Use this to filter incoming or outgoing updates using an access list or a prefix list. - type: list - suboptions: - direction: - description: - - Distribute list direction. - type: str - choices: - - in - - out - id: - description: - - Distribute list ID. - required: true - type: int - interface: - description: - - Distribute list interface name. Source system.interface.name. - type: str - listname: - description: - - Distribute access/prefix list name. Source router.access-list6.name router.prefix-list6.name. - type: str - status: - description: - - Use this to activate or deactivate - type: str - choices: - - enable - - disable - garbage_timer: - description: - - Time in seconds that must elapse after the timeout interval for a route expires,. - type: int - interface: - description: - - RIPng interface configuration. - type: list - suboptions: - flags: - description: - - Configuration flags of the interface. - type: int - name: - description: - - Interface name. Source system.interface.name. - required: true - type: str - split_horizon: - description: - - Configure RIP to use either regular or poisoned split horizon on this interface. - type: str - choices: - - poisoned - - regular - split_horizon_status: - description: - - Enable/disable split horizon. - type: str - choices: - - enable - - disable - max_out_metric: - description: - - Maximum metric allowed to output(0 means 'not set'). - type: int - neighbor: - description: - - List of neighbors. - type: list - suboptions: - id: - description: - - Neighbor entry ID. - required: true - type: int - interface: - description: - - Interface name. Source system.interface.name. - type: str - ip6: - description: - - IPv6 link-local address. - type: str - network: - description: - - list of networks connected. - type: list - suboptions: - id: - description: - - Network entry ID. - required: true - type: int - prefix: - description: - - Network IPv6 link-local prefix. - type: str - offset_list: - description: - - Adds the specified offset to the metric (hop count) of a route. - type: list - suboptions: - access_list6: - description: - - IPv6 access list name. Source router.access-list6.name. - type: str - direction: - description: - - Offset list direction. - type: str - choices: - - in - - out - id: - description: - - Offset-list ID. - required: true - type: int - interface: - description: - - Interface name. Source system.interface.name. - type: str - offset: - description: - - Offset range - type: int - status: - description: - - Indicates if the offset is active or not - type: str - choices: - - enable - - disable - passive_interface: - description: - - Passive interface configuration. - type: list - suboptions: - name: - description: - - Passive interface name. Source system.interface.name. - required: true - type: str - redistribute: - description: - - Redistribute configuration. - type: list - suboptions: - metric: - description: - - Redistribute metric setting. - type: int - name: - description: - - Redistribute name. - required: true - type: str - routemap: - description: - - Route map name. Source router.route-map.name. - type: str - status: - description: - - Indicates if the redistribute is active or not - type: str - choices: - - enable - - disable - timeout_timer: - description: - - Time interval in seconds after which a route is declared unreachable. - type: int - update_timer: - description: - - The time interval in seconds between RIP updates. - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure RIPng. - fortios_router_ripng: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - router_ripng: - aggregate_address: - - - id: "4" - prefix6: "" - default_information_originate: "enable" - default_metric: "7" - distance: - - - access_list6: " (source router.access-list6.name)" - distance: "10" - id: "11" - prefix6: "" - distribute_list: - - - direction: "in" - id: "15" - interface: " (source system.interface.name)" - listname: " (source router.access-list6.name router.prefix-list6.name)" - status: "enable" - garbage_timer: "19" - interface: - - - flags: "21" - name: "default_name_22 (source system.interface.name)" - split_horizon: "poisoned" - split_horizon_status: "enable" - max_out_metric: "25" - neighbor: - - - id: "27" - interface: " (source system.interface.name)" - ip6: "" - network: - - - id: "31" - prefix: "" - offset_list: - - - access_list6: " (source router.access-list6.name)" - direction: "in" - id: "36" - interface: " (source system.interface.name)" - offset: "38" - status: "enable" - passive_interface: - - - name: "default_name_41 (source system.interface.name)" - redistribute: - - - metric: "43" - name: "default_name_44" - routemap: " (source router.route-map.name)" - status: "enable" - timeout_timer: "47" - update_timer: "48" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_router_ripng_data(json): - option_list = ['aggregate_address', 'default_information_originate', 'default_metric', - 'distance', 'distribute_list', 'garbage_timer', - 'interface', 'max_out_metric', 'neighbor', - 'network', 'offset_list', 'passive_interface', - 'redistribute', 'timeout_timer', 'update_timer'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def router_ripng(data, fos): - vdom = data['vdom'] - router_ripng_data = data['router_ripng'] - filtered_data = underscore_to_hyphen(filter_router_ripng_data(router_ripng_data)) - - return fos.set('router', - 'ripng', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_router(data, fos): - - if data['router_ripng']: - resp = router_ripng(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "router_ripng": { - "required": False, "type": "dict", "default": None, - "options": { - "aggregate_address": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "prefix6": {"required": False, "type": "str"} - }}, - "default_information_originate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "default_metric": {"required": False, "type": "int"}, - "distance": {"required": False, "type": "list", - "options": { - "access_list6": {"required": False, "type": "str"}, - "distance": {"required": False, "type": "int"}, - "id": {"required": True, "type": "int"}, - "prefix6": {"required": False, "type": "str"} - }}, - "distribute_list": {"required": False, "type": "list", - "options": { - "direction": {"required": False, "type": "str", - "choices": ["in", "out"]}, - "id": {"required": True, "type": "int"}, - "interface": {"required": False, "type": "str"}, - "listname": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "garbage_timer": {"required": False, "type": "int"}, - "interface": {"required": False, "type": "list", - "options": { - "flags": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "split_horizon": {"required": False, "type": "str", - "choices": ["poisoned", "regular"]}, - "split_horizon_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "max_out_metric": {"required": False, "type": "int"}, - "neighbor": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "interface": {"required": False, "type": "str"}, - "ip6": {"required": False, "type": "str"} - }}, - "network": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "prefix": {"required": False, "type": "str"} - }}, - "offset_list": {"required": False, "type": "list", - "options": { - "access_list6": {"required": False, "type": "str"}, - "direction": {"required": False, "type": "str", - "choices": ["in", "out"]}, - "id": {"required": True, "type": "int"}, - "interface": {"required": False, "type": "str"}, - "offset": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "passive_interface": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "redistribute": {"required": False, "type": "list", - "options": { - "metric": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "routemap": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "timeout_timer": {"required": False, "type": "int"}, - "update_timer": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_router(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_router(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_router_route_map.py b/lib/ansible/modules/network/fortios/fortios_router_route_map.py deleted file mode 100644 index c2b780ed897..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_router_route_map.py +++ /dev/null @@ -1,666 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_router_route_map -short_description: Configure route maps in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify router feature and route_map category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - router_route_map: - description: - - Configure route maps. - default: null - type: dict - suboptions: - comments: - description: - - Optional comments. - type: str - name: - description: - - Name. - required: true - type: str - rule: - description: - - Rule. - type: list - suboptions: - action: - description: - - Action. - type: str - choices: - - permit - - deny - id: - description: - - Rule ID. - required: true - type: int - match_as_path: - description: - - Match BGP AS path list. Source router.aspath-list.name. - type: str - match_community: - description: - - Match BGP community list. Source router.community-list.name. - type: str - match_community_exact: - description: - - Enable/disable exact matching of communities. - type: str - choices: - - enable - - disable - match_flags: - description: - - BGP flag value to match (0 - 65535) - type: int - match_interface: - description: - - Match interface configuration. Source system.interface.name. - type: str - match_ip_address: - description: - - Match IP address permitted by access-list or prefix-list. Source router.access-list.name router.prefix-list.name. - type: str - match_ip_nexthop: - description: - - Match next hop IP address passed by access-list or prefix-list. Source router.access-list.name router.prefix-list.name. - type: str - match_ip6_address: - description: - - Match IPv6 address permitted by access-list6 or prefix-list6. Source router.access-list6.name router.prefix-list6.name. - type: str - match_ip6_nexthop: - description: - - Match next hop IPv6 address passed by access-list6 or prefix-list6. Source router.access-list6.name router.prefix-list6.name. - type: str - match_metric: - description: - - Match metric for redistribute routes. - type: int - match_origin: - description: - - Match BGP origin code. - type: str - choices: - - none - - egp - - igp - - incomplete - match_route_type: - description: - - Match route type. - type: str - choices: - - 1 - - 2 - - none - match_tag: - description: - - Match tag. - type: int - set_aggregator_as: - description: - - BGP aggregator AS. - type: int - set_aggregator_ip: - description: - - BGP aggregator IP. - type: str - set_aspath: - description: - - Prepend BGP AS path attribute. - type: list - suboptions: - as: - description: - - AS number (0 - 42949672). - required: true - type: str - set_aspath_action: - description: - - Specify preferred action of set-aspath. - type: str - choices: - - prepend - - replace - set_atomic_aggregate: - description: - - Enable/disable BGP atomic aggregate attribute. - type: str - choices: - - enable - - disable - set_community: - description: - - BGP community attribute. - type: list - suboptions: - community: - description: - - "Attribute: AA|AA:NN|internet|local-AS|no-advertise|no-export." - required: true - type: str - set_community_additive: - description: - - Enable/disable adding set-community to existing community. - type: str - choices: - - enable - - disable - set_community_delete: - description: - - Delete communities matching community list. Source router.community-list.name. - type: str - set_dampening_max_suppress: - description: - - Maximum duration to suppress a route (1 - 255 min, 0 = unset). - type: int - set_dampening_reachability_half_life: - description: - - Reachability half-life time for the penalty (1 - 45 min, 0 = unset). - type: int - set_dampening_reuse: - description: - - Value to start reusing a route (1 - 20000, 0 = unset). - type: int - set_dampening_suppress: - description: - - Value to start suppressing a route (1 - 20000, 0 = unset). - type: int - set_dampening_unreachability_half_life: - description: - - Unreachability Half-life time for the penalty (1 - 45 min, 0 = unset) - type: int - set_extcommunity_rt: - description: - - Route Target extended community. - type: list - suboptions: - community: - description: - - Set the target extended community (in decimal notation) of a BGP route. - required: true - type: str - set_extcommunity_soo: - description: - - Site-of-Origin extended community. - type: list - suboptions: - community: - description: - - "AA:NN" - required: true - type: str - set_flags: - description: - - BGP flags value (0 - 65535) - type: int - set_ip_nexthop: - description: - - IP address of next hop. - type: str - set_ip6_nexthop: - description: - - IPv6 global address of next hop. - type: str - set_ip6_nexthop_local: - description: - - IPv6 local address of next hop. - type: str - set_local_preference: - description: - - BGP local preference path attribute. - type: int - set_metric: - description: - - Metric value. - type: int - set_metric_type: - description: - - Metric type. - type: str - choices: - - 1 - - 2 - - none - set_origin: - description: - - BGP origin code. - type: str - choices: - - none - - egp - - igp - - incomplete - set_originator_id: - description: - - BGP originator ID attribute. - type: str - set_route_tag: - description: - - Route tag for routing table. - type: int - set_tag: - description: - - Tag value. - type: int - set_weight: - description: - - BGP weight for routing table. - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure route maps. - fortios_router_route_map: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - router_route_map: - comments: "" - name: "default_name_4" - rule: - - - action: "permit" - id: "7" - match_as_path: " (source router.aspath-list.name)" - match_community: " (source router.community-list.name)" - match_community_exact: "enable" - match_flags: "11" - match_interface: " (source system.interface.name)" - match_ip_address: " (source router.access-list.name router.prefix-list.name)" - match_ip_nexthop: " (source router.access-list.name router.prefix-list.name)" - match_ip6_address: " (source router.access-list6.name router.prefix-list6.name)" - match_ip6_nexthop: " (source router.access-list6.name router.prefix-list6.name)" - match_metric: "17" - match_origin: "none" - match_route_type: "1" - match_tag: "20" - set_aggregator_as: "21" - set_aggregator_ip: "" - set_aspath: - - - as: "" - set_aspath_action: "prepend" - set_atomic_aggregate: "enable" - set_community: - - - community: "" - set_community_additive: "enable" - set_community_delete: " (source router.community-list.name)" - set_dampening_max_suppress: "31" - set_dampening_reachability_half_life: "32" - set_dampening_reuse: "33" - set_dampening_suppress: "34" - set_dampening_unreachability_half_life: "35" - set_extcommunity_rt: - - - community: "" - set_extcommunity_soo: - - - community: "" - set_flags: "40" - set_ip_nexthop: "" - set_ip6_nexthop: "" - set_ip6_nexthop_local: "" - set_local_preference: "44" - set_metric: "45" - set_metric_type: "1" - set_origin: "none" - set_originator_id: "" - set_route_tag: "49" - set_tag: "50" - set_weight: "51" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_router_route_map_data(json): - option_list = ['comments', 'name', 'rule'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def router_route_map(data, fos): - vdom = data['vdom'] - state = data['state'] - router_route_map_data = data['router_route_map'] - filtered_data = underscore_to_hyphen(filter_router_route_map_data(router_route_map_data)) - - if state == "present": - return fos.set('router', - 'route-map', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('router', - 'route-map', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_router(data, fos): - - if data['router_route_map']: - resp = router_route_map(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "router_route_map": { - "required": False, "type": "dict", "default": None, - "options": { - "comments": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "rule": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["permit", "deny"]}, - "id": {"required": True, "type": "int"}, - "match_as_path": {"required": False, "type": "str"}, - "match_community": {"required": False, "type": "str"}, - "match_community_exact": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "match_flags": {"required": False, "type": "int"}, - "match_interface": {"required": False, "type": "str"}, - "match_ip_address": {"required": False, "type": "str"}, - "match_ip_nexthop": {"required": False, "type": "str"}, - "match_ip6_address": {"required": False, "type": "str"}, - "match_ip6_nexthop": {"required": False, "type": "str"}, - "match_metric": {"required": False, "type": "int"}, - "match_origin": {"required": False, "type": "str", - "choices": ["none", "egp", "igp", - "incomplete"]}, - "match_route_type": {"required": False, "type": "str", - "choices": ["1", "2", "none"]}, - "match_tag": {"required": False, "type": "int"}, - "set_aggregator_as": {"required": False, "type": "int"}, - "set_aggregator_ip": {"required": False, "type": "str"}, - "set_aspath": {"required": False, "type": "list", - "options": { - "as": {"required": True, "type": "str"} - }}, - "set_aspath_action": {"required": False, "type": "str", - "choices": ["prepend", "replace"]}, - "set_atomic_aggregate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "set_community": {"required": False, "type": "list", - "options": { - "community": {"required": True, "type": "str"} - }}, - "set_community_additive": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "set_community_delete": {"required": False, "type": "str"}, - "set_dampening_max_suppress": {"required": False, "type": "int"}, - "set_dampening_reachability_half_life": {"required": False, "type": "int"}, - "set_dampening_reuse": {"required": False, "type": "int"}, - "set_dampening_suppress": {"required": False, "type": "int"}, - "set_dampening_unreachability_half_life": {"required": False, "type": "int"}, - "set_extcommunity_rt": {"required": False, "type": "list", - "options": { - "community": {"required": True, "type": "str"} - }}, - "set_extcommunity_soo": {"required": False, "type": "list", - "options": { - "community": {"required": True, "type": "str"} - }}, - "set_flags": {"required": False, "type": "int"}, - "set_ip_nexthop": {"required": False, "type": "str"}, - "set_ip6_nexthop": {"required": False, "type": "str"}, - "set_ip6_nexthop_local": {"required": False, "type": "str"}, - "set_local_preference": {"required": False, "type": "int"}, - "set_metric": {"required": False, "type": "int"}, - "set_metric_type": {"required": False, "type": "str", - "choices": ["1", "2", "none"]}, - "set_origin": {"required": False, "type": "str", - "choices": ["none", "egp", "igp", - "incomplete"]}, - "set_originator_id": {"required": False, "type": "str"}, - "set_route_tag": {"required": False, "type": "int"}, - "set_tag": {"required": False, "type": "int"}, - "set_weight": {"required": False, "type": "int"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_router(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_router(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_router_setting.py b/lib/ansible/modules/network/fortios/fortios_router_setting.py deleted file mode 100644 index 81032658171..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_router_setting.py +++ /dev/null @@ -1,296 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_router_setting -short_description: Configure router settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify router feature and setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - router_setting: - description: - - Configure router settings. - default: null - type: dict - suboptions: - hostname: - description: - - Hostname for this virtual domain router. - type: str - show_filter: - description: - - Prefix-list as filter for showing routes. Source router.prefix-list.name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure router settings. - fortios_router_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - router_setting: - hostname: "myhostname" - show_filter: " (source router.prefix-list.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_router_setting_data(json): - option_list = ['hostname', 'show_filter'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def router_setting(data, fos): - vdom = data['vdom'] - router_setting_data = data['router_setting'] - filtered_data = underscore_to_hyphen(filter_router_setting_data(router_setting_data)) - - return fos.set('router', - 'setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_router(data, fos): - - if data['router_setting']: - resp = router_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "router_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "hostname": {"required": False, "type": "str"}, - "show_filter": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_router(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_router(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_router_static.py b/lib/ansible/modules/network/fortios/fortios_router_static.py deleted file mode 100644 index 47a7553a487..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_router_static.py +++ /dev/null @@ -1,468 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_router_static -short_description: Configure IPv4 static routing tables in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify router feature and static category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - router_static: - description: - - Configure IPv4 static routing tables. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - bfd: - description: - - Enable/disable Bidirectional Forwarding Detection (BFD). - type: str - choices: - - enable - - disable - blackhole: - description: - - Enable/disable black hole. - type: str - choices: - - enable - - disable - comment: - description: - - Optional comments. - type: str - device: - description: - - Gateway out interface or tunnel. Source system.interface.name. - type: str - distance: - description: - - Administrative distance (1 - 255). - type: int - dst: - description: - - Destination IP and mask for this route. - type: str - dstaddr: - description: - - Name of firewall address or address group. Source firewall.address.name firewall.addrgrp.name. - type: str - dynamic_gateway: - description: - - Enable use of dynamic gateway retrieved from a DHCP or PPP server. - type: str - choices: - - enable - - disable - gateway: - description: - - Gateway IP for this route. - type: str - internet_service: - description: - - Application ID in the Internet service database. Source firewall.internet-service.id. - type: int - internet_service_custom: - description: - - Application name in the Internet service custom database. Source firewall.internet-service-custom.name. - type: str - link_monitor_exempt: - description: - - Enable/disable withdrawing this route when link monitor or health check is down. - type: str - choices: - - enable - - disable - priority: - description: - - Administrative priority (0 - 4294967295). - type: int - seq_num: - description: - - Sequence number. - type: int - src: - description: - - Source prefix for this route. - type: str - status: - description: - - Enable/disable this static route. - type: str - choices: - - enable - - disable - virtual_wan_link: - description: - - Enable/disable egress through the virtual-wan-link. - type: str - choices: - - enable - - disable - vrf: - description: - - Virtual Routing Forwarding ID. - type: int - weight: - description: - - Administrative weight (0 - 255). - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv4 static routing tables. - fortios_router_static: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - router_static: - bfd: "enable" - blackhole: "enable" - comment: "Optional comments." - device: " (source system.interface.name)" - distance: "7" - dst: "" - dstaddr: " (source firewall.address.name firewall.addrgrp.name)" - dynamic_gateway: "enable" - gateway: "" - internet_service: "12 (source firewall.internet-service.id)" - internet_service_custom: " (source firewall.internet-service-custom.name)" - link_monitor_exempt: "enable" - priority: "15" - seq_num: "16" - src: "" - status: "enable" - virtual_wan_link: "enable" - vrf: "20" - weight: "21" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_router_static_data(json): - option_list = ['bfd', 'blackhole', 'comment', - 'device', 'distance', 'dst', - 'dstaddr', 'dynamic_gateway', 'gateway', - 'internet_service', 'internet_service_custom', 'link_monitor_exempt', - 'priority', 'seq_num', 'src', - 'status', 'virtual_wan_link', 'vrf', - 'weight'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def router_static(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['router_static'] and data['router_static']: - state = data['router_static']['state'] - else: - state = True - router_static_data = data['router_static'] - filtered_data = underscore_to_hyphen(filter_router_static_data(router_static_data)) - - if state == "present": - return fos.set('router', - 'static', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('router', - 'static', - mkey=filtered_data['seq-num'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_router(data, fos): - - if data['router_static']: - resp = router_static(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "router_static": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "bfd": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "blackhole": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "comment": {"required": False, "type": "str"}, - "device": {"required": False, "type": "str"}, - "distance": {"required": False, "type": "int"}, - "dst": {"required": False, "type": "str"}, - "dstaddr": {"required": False, "type": "str"}, - "dynamic_gateway": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gateway": {"required": False, "type": "str"}, - "internet_service": {"required": False, "type": "int"}, - "internet_service_custom": {"required": False, "type": "str"}, - "link_monitor_exempt": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "priority": {"required": False, "type": "int"}, - "seq_num": {"required": False, "type": "int"}, - "src": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "virtual_wan_link": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "vrf": {"required": False, "type": "int"}, - "weight": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_router(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_router(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_router_static6.py b/lib/ansible/modules/network/fortios/fortios_router_static6.py deleted file mode 100644 index bea1945045e..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_router_static6.py +++ /dev/null @@ -1,393 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_router_static6 -short_description: Configure IPv6 static routing tables in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify router feature and static6 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - router_static6: - description: - - Configure IPv6 static routing tables. - default: null - type: dict - suboptions: - bfd: - description: - - Enable/disable Bidirectional Forwarding Detection (BFD). - type: str - choices: - - enable - - disable - blackhole: - description: - - Enable/disable black hole. - type: str - choices: - - enable - - disable - comment: - description: - - Optional comments. - type: str - device: - description: - - Gateway out interface or tunnel. Source system.interface.name. - type: str - devindex: - description: - - Device index (0 - 4294967295). - type: int - distance: - description: - - Administrative distance (1 - 255). - type: int - dst: - description: - - Destination IPv6 prefix. - type: str - gateway: - description: - - IPv6 address of the gateway. - type: str - priority: - description: - - Administrative priority (0 - 4294967295). - type: int - seq_num: - description: - - Sequence number. - type: int - status: - description: - - Enable/disable this static route. - type: str - choices: - - enable - - disable - virtual_wan_link: - description: - - Enable/disable egress through the virtual-wan-link. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv6 static routing tables. - fortios_router_static6: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - router_static6: - bfd: "enable" - blackhole: "enable" - comment: "Optional comments." - device: " (source system.interface.name)" - devindex: "7" - distance: "8" - dst: "" - gateway: "" - priority: "11" - seq_num: "12" - status: "enable" - virtual_wan_link: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_router_static6_data(json): - option_list = ['bfd', 'blackhole', 'comment', - 'device', 'devindex', 'distance', - 'dst', 'gateway', 'priority', - 'seq_num', 'status', 'virtual_wan_link'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def router_static6(data, fos): - vdom = data['vdom'] - state = data['state'] - router_static6_data = data['router_static6'] - filtered_data = underscore_to_hyphen(filter_router_static6_data(router_static6_data)) - - if state == "present": - return fos.set('router', - 'static6', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('router', - 'static6', - mkey=filtered_data['seq-num'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_router(data, fos): - - if data['router_static6']: - resp = router_static6(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "router_static6": { - "required": False, "type": "dict", "default": None, - "options": { - "bfd": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "blackhole": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "comment": {"required": False, "type": "str"}, - "device": {"required": False, "type": "str"}, - "devindex": {"required": False, "type": "int"}, - "distance": {"required": False, "type": "int"}, - "dst": {"required": False, "type": "str"}, - "gateway": {"required": False, "type": "str"}, - "priority": {"required": False, "type": "int"}, - "seq_num": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "virtual_wan_link": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_router(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_router(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_spamfilter_bwl.py b/lib/ansible/modules/network/fortios/fortios_spamfilter_bwl.py deleted file mode 100644 index b4fc747ab0b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_spamfilter_bwl.py +++ /dev/null @@ -1,408 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_spamfilter_bwl -short_description: Configure anti-spam black/white list in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify spamfilter feature and bwl category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - spamfilter_bwl: - description: - - Configure anti-spam black/white list. - default: null - type: dict - suboptions: - comment: - description: - - Optional comments. - type: str - entries: - description: - - Anti-spam black/white list entries. - type: list - suboptions: - action: - description: - - Reject, mark as spam or good email. - type: str - choices: - - reject - - spam - - clear - addr_type: - description: - - IP address type. - type: str - choices: - - ipv4 - - ipv6 - email_pattern: - description: - - Email address pattern. - type: str - id: - description: - - Entry ID. - required: true - type: int - ip4_subnet: - description: - - IPv4 network address/subnet mask bits. - type: str - ip6_subnet: - description: - - IPv6 network address/subnet mask bits. - type: str - pattern_type: - description: - - Wildcard pattern or regular expression. - type: str - choices: - - wildcard - - regexp - status: - description: - - Enable/disable status. - type: str - choices: - - enable - - disable - type: - description: - - Entry type. - type: str - choices: - - ip - - email - id: - description: - - ID. - required: true - type: int - name: - description: - - Name of table. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure anti-spam black/white list. - fortios_spamfilter_bwl: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - spamfilter_bwl: - comment: "Optional comments." - entries: - - - action: "reject" - addr_type: "ipv4" - email_pattern: "" - id: "8" - ip4_subnet: "" - ip6_subnet: "" - pattern_type: "wildcard" - status: "enable" - type: "ip" - id: "14" - name: "default_name_15" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_spamfilter_bwl_data(json): - option_list = ['comment', 'entries', 'id', - 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def spamfilter_bwl(data, fos): - vdom = data['vdom'] - state = data['state'] - spamfilter_bwl_data = data['spamfilter_bwl'] - filtered_data = underscore_to_hyphen(filter_spamfilter_bwl_data(spamfilter_bwl_data)) - - if state == "present": - return fos.set('spamfilter', - 'bwl', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('spamfilter', - 'bwl', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_spamfilter(data, fos): - - if data['spamfilter_bwl']: - resp = spamfilter_bwl(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "spamfilter_bwl": { - "required": False, "type": "dict", "default": None, - "options": { - "comment": {"required": False, "type": "str"}, - "entries": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["reject", "spam", "clear"]}, - "addr_type": {"required": False, "type": "str", - "choices": ["ipv4", "ipv6"]}, - "email_pattern": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "ip4_subnet": {"required": False, "type": "str"}, - "ip6_subnet": {"required": False, "type": "str"}, - "pattern_type": {"required": False, "type": "str", - "choices": ["wildcard", "regexp"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "type": {"required": False, "type": "str", - "choices": ["ip", "email"]} - }}, - "id": {"required": True, "type": "int"}, - "name": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_spamfilter(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_spamfilter(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_spamfilter_bword.py b/lib/ansible/modules/network/fortios/fortios_spamfilter_bword.py deleted file mode 100644 index 6cb6a843a31..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_spamfilter_bword.py +++ /dev/null @@ -1,410 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_spamfilter_bword -short_description: Configure AntiSpam banned word list in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify spamfilter feature and bword category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - spamfilter_bword: - description: - - Configure AntiSpam banned word list. - default: null - type: dict - suboptions: - comment: - description: - - Optional comments. - type: str - entries: - description: - - Spam filter banned word. - type: list - suboptions: - action: - description: - - Mark spam or good. - type: str - choices: - - spam - - clear - id: - description: - - Banned word entry ID. - required: true - type: int - language: - description: - - Language for the banned word. - type: str - choices: - - western - - simch - - trach - - japanese - - korean - - french - - thai - - spanish - pattern: - description: - - Pattern for the banned word. - type: str - pattern_type: - description: - - Wildcard pattern or regular expression. - type: str - choices: - - wildcard - - regexp - score: - description: - - Score value. - type: int - status: - description: - - Enable/disable status. - type: str - choices: - - enable - - disable - where: - description: - - Component of the email to be scanned. - type: str - choices: - - subject - - body - - all - id: - description: - - ID. - required: true - type: int - name: - description: - - Name of table. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure AntiSpam banned word list. - fortios_spamfilter_bword: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - spamfilter_bword: - comment: "Optional comments." - entries: - - - action: "spam" - id: "6" - language: "western" - pattern: "" - pattern_type: "wildcard" - score: "10" - status: "enable" - where: "subject" - id: "13" - name: "default_name_14" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_spamfilter_bword_data(json): - option_list = ['comment', 'entries', 'id', - 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def spamfilter_bword(data, fos): - vdom = data['vdom'] - state = data['state'] - spamfilter_bword_data = data['spamfilter_bword'] - filtered_data = underscore_to_hyphen(filter_spamfilter_bword_data(spamfilter_bword_data)) - - if state == "present": - return fos.set('spamfilter', - 'bword', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('spamfilter', - 'bword', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_spamfilter(data, fos): - - if data['spamfilter_bword']: - resp = spamfilter_bword(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "spamfilter_bword": { - "required": False, "type": "dict", "default": None, - "options": { - "comment": {"required": False, "type": "str"}, - "entries": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["spam", "clear"]}, - "id": {"required": True, "type": "int"}, - "language": {"required": False, "type": "str", - "choices": ["western", "simch", "trach", - "japanese", "korean", "french", - "thai", "spanish"]}, - "pattern": {"required": False, "type": "str"}, - "pattern_type": {"required": False, "type": "str", - "choices": ["wildcard", "regexp"]}, - "score": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "where": {"required": False, "type": "str", - "choices": ["subject", "body", "all"]} - }}, - "id": {"required": True, "type": "int"}, - "name": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_spamfilter(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_spamfilter(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_spamfilter_dnsbl.py b/lib/ansible/modules/network/fortios/fortios_spamfilter_dnsbl.py deleted file mode 100644 index e1168443baa..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_spamfilter_dnsbl.py +++ /dev/null @@ -1,365 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_spamfilter_dnsbl -short_description: Configure AntiSpam DNSBL/ORBL in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify spamfilter feature and dnsbl category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - spamfilter_dnsbl: - description: - - Configure AntiSpam DNSBL/ORBL. - default: null - type: dict - suboptions: - comment: - description: - - Optional comments. - type: str - entries: - description: - - Spam filter DNSBL and ORBL server. - type: list - suboptions: - action: - description: - - Reject connection or mark as spam email. - type: str - choices: - - reject - - spam - id: - description: - - DNSBL/ORBL entry ID. - required: true - type: int - server: - description: - - DNSBL or ORBL server name. - type: str - status: - description: - - Enable/disable status. - type: str - choices: - - enable - - disable - id: - description: - - ID. - required: true - type: int - name: - description: - - Name of table. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure AntiSpam DNSBL/ORBL. - fortios_spamfilter_dnsbl: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - spamfilter_dnsbl: - comment: "Optional comments." - entries: - - - action: "reject" - id: "6" - server: "192.168.100.40" - status: "enable" - id: "9" - name: "default_name_10" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_spamfilter_dnsbl_data(json): - option_list = ['comment', 'entries', 'id', - 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def spamfilter_dnsbl(data, fos): - vdom = data['vdom'] - state = data['state'] - spamfilter_dnsbl_data = data['spamfilter_dnsbl'] - filtered_data = underscore_to_hyphen(filter_spamfilter_dnsbl_data(spamfilter_dnsbl_data)) - - if state == "present": - return fos.set('spamfilter', - 'dnsbl', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('spamfilter', - 'dnsbl', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_spamfilter(data, fos): - - if data['spamfilter_dnsbl']: - resp = spamfilter_dnsbl(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "spamfilter_dnsbl": { - "required": False, "type": "dict", "default": None, - "options": { - "comment": {"required": False, "type": "str"}, - "entries": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["reject", "spam"]}, - "id": {"required": True, "type": "int"}, - "server": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "id": {"required": True, "type": "int"}, - "name": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_spamfilter(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_spamfilter(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_spamfilter_fortishield.py b/lib/ansible/modules/network/fortios/fortios_spamfilter_fortishield.py deleted file mode 100644 index c8847fbb6de..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_spamfilter_fortishield.py +++ /dev/null @@ -1,309 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_spamfilter_fortishield -short_description: Configure FortiGuard - AntiSpam in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify spamfilter feature and fortishield category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - spamfilter_fortishield: - description: - - Configure FortiGuard - AntiSpam. - default: null - type: dict - suboptions: - spam_submit_force: - description: - - Enable/disable force insertion of a new mime entity for the submission text. - type: str - choices: - - enable - - disable - spam_submit_srv: - description: - - Hostname of the spam submission server. - type: str - spam_submit_txt2htm: - description: - - Enable/disable conversion of text email to HTML email. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiGuard - AntiSpam. - fortios_spamfilter_fortishield: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - spamfilter_fortishield: - spam_submit_force: "enable" - spam_submit_srv: "" - spam_submit_txt2htm: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_spamfilter_fortishield_data(json): - option_list = ['spam_submit_force', 'spam_submit_srv', 'spam_submit_txt2htm'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def spamfilter_fortishield(data, fos): - vdom = data['vdom'] - spamfilter_fortishield_data = data['spamfilter_fortishield'] - filtered_data = underscore_to_hyphen(filter_spamfilter_fortishield_data(spamfilter_fortishield_data)) - - return fos.set('spamfilter', - 'fortishield', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_spamfilter(data, fos): - - if data['spamfilter_fortishield']: - resp = spamfilter_fortishield(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "spamfilter_fortishield": { - "required": False, "type": "dict", "default": None, - "options": { - "spam_submit_force": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "spam_submit_srv": {"required": False, "type": "str"}, - "spam_submit_txt2htm": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_spamfilter(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_spamfilter(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_spamfilter_iptrust.py b/lib/ansible/modules/network/fortios/fortios_spamfilter_iptrust.py deleted file mode 100644 index 03fdf8b9be5..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_spamfilter_iptrust.py +++ /dev/null @@ -1,371 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_spamfilter_iptrust -short_description: Configure AntiSpam IP trust in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify spamfilter feature and iptrust category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - spamfilter_iptrust: - description: - - Configure AntiSpam IP trust. - default: null - type: dict - suboptions: - comment: - description: - - Optional comments. - type: str - entries: - description: - - Spam filter trusted IP addresses. - type: list - suboptions: - addr_type: - description: - - Type of address. - type: str - choices: - - ipv4 - - ipv6 - id: - description: - - Trusted IP entry ID. - required: true - type: int - ip4_subnet: - description: - - IPv4 network address or network address/subnet mask bits. - type: str - ip6_subnet: - description: - - IPv6 network address/subnet mask bits. - type: str - status: - description: - - Enable/disable status. - type: str - choices: - - enable - - disable - id: - description: - - ID. - required: true - type: int - name: - description: - - Name of table. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure AntiSpam IP trust. - fortios_spamfilter_iptrust: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - spamfilter_iptrust: - comment: "Optional comments." - entries: - - - addr_type: "ipv4" - id: "6" - ip4_subnet: "" - ip6_subnet: "" - status: "enable" - id: "10" - name: "default_name_11" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_spamfilter_iptrust_data(json): - option_list = ['comment', 'entries', 'id', - 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def spamfilter_iptrust(data, fos): - vdom = data['vdom'] - state = data['state'] - spamfilter_iptrust_data = data['spamfilter_iptrust'] - filtered_data = underscore_to_hyphen(filter_spamfilter_iptrust_data(spamfilter_iptrust_data)) - - if state == "present": - return fos.set('spamfilter', - 'iptrust', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('spamfilter', - 'iptrust', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_spamfilter(data, fos): - - if data['spamfilter_iptrust']: - resp = spamfilter_iptrust(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "spamfilter_iptrust": { - "required": False, "type": "dict", "default": None, - "options": { - "comment": {"required": False, "type": "str"}, - "entries": {"required": False, "type": "list", - "options": { - "addr_type": {"required": False, "type": "str", - "choices": ["ipv4", "ipv6"]}, - "id": {"required": True, "type": "int"}, - "ip4_subnet": {"required": False, "type": "str"}, - "ip6_subnet": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "id": {"required": True, "type": "int"}, - "name": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_spamfilter(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_spamfilter(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_spamfilter_mheader.py b/lib/ansible/modules/network/fortios/fortios_spamfilter_mheader.py deleted file mode 100644 index 920207a9ddb..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_spamfilter_mheader.py +++ /dev/null @@ -1,381 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_spamfilter_mheader -short_description: Configure AntiSpam MIME header in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify spamfilter feature and mheader category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - spamfilter_mheader: - description: - - Configure AntiSpam MIME header. - default: null - type: dict - suboptions: - comment: - description: - - Optional comments. - type: str - entries: - description: - - Spam filter mime header content. - type: list - suboptions: - action: - description: - - Mark spam or good. - type: str - choices: - - spam - - clear - fieldbody: - description: - - Pattern for the header field body. - type: str - fieldname: - description: - - Pattern for header field name. - type: str - id: - description: - - Mime header entry ID. - required: true - type: int - pattern_type: - description: - - Wildcard pattern or regular expression. - type: str - choices: - - wildcard - - regexp - status: - description: - - Enable/disable status. - type: str - choices: - - enable - - disable - id: - description: - - ID. - required: true - type: int - name: - description: - - Name of table. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure AntiSpam MIME header. - fortios_spamfilter_mheader: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - spamfilter_mheader: - comment: "Optional comments." - entries: - - - action: "spam" - fieldbody: "" - fieldname: "" - id: "8" - pattern_type: "wildcard" - status: "enable" - id: "11" - name: "default_name_12" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_spamfilter_mheader_data(json): - option_list = ['comment', 'entries', 'id', - 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def spamfilter_mheader(data, fos): - vdom = data['vdom'] - state = data['state'] - spamfilter_mheader_data = data['spamfilter_mheader'] - filtered_data = underscore_to_hyphen(filter_spamfilter_mheader_data(spamfilter_mheader_data)) - - if state == "present": - return fos.set('spamfilter', - 'mheader', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('spamfilter', - 'mheader', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_spamfilter(data, fos): - - if data['spamfilter_mheader']: - resp = spamfilter_mheader(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "spamfilter_mheader": { - "required": False, "type": "dict", "default": None, - "options": { - "comment": {"required": False, "type": "str"}, - "entries": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["spam", "clear"]}, - "fieldbody": {"required": False, "type": "str"}, - "fieldname": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "pattern_type": {"required": False, "type": "str", - "choices": ["wildcard", "regexp"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "id": {"required": True, "type": "int"}, - "name": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_spamfilter(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_spamfilter(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_spamfilter_options.py b/lib/ansible/modules/network/fortios/fortios_spamfilter_options.py deleted file mode 100644 index ffede03151a..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_spamfilter_options.py +++ /dev/null @@ -1,289 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_spamfilter_options -short_description: Configure AntiSpam options in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify spamfilter feature and options category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - spamfilter_options: - description: - - Configure AntiSpam options. - default: null - type: dict - suboptions: - dns_timeout: - description: - - DNS query time out (1 - 30 sec). - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure AntiSpam options. - fortios_spamfilter_options: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - spamfilter_options: - dns_timeout: "3" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_spamfilter_options_data(json): - option_list = ['dns_timeout'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def spamfilter_options(data, fos): - vdom = data['vdom'] - spamfilter_options_data = data['spamfilter_options'] - filtered_data = underscore_to_hyphen(filter_spamfilter_options_data(spamfilter_options_data)) - - return fos.set('spamfilter', - 'options', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_spamfilter(data, fos): - - if data['spamfilter_options']: - resp = spamfilter_options(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "spamfilter_options": { - "required": False, "type": "dict", "default": None, - "options": { - "dns_timeout": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_spamfilter(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_spamfilter(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_spamfilter_profile.py b/lib/ansible/modules/network/fortios/fortios_spamfilter_profile.py deleted file mode 100644 index cdcb63e26e5..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_spamfilter_profile.py +++ /dev/null @@ -1,719 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_spamfilter_profile -short_description: Configure AntiSpam profiles in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify spamfilter feature and profile category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - spamfilter_profile: - description: - - Configure AntiSpam profiles. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - comment: - description: - - Comment. - type: str - external: - description: - - Enable/disable external Email inspection. - type: str - choices: - - enable - - disable - flow_based: - description: - - Enable/disable flow-based spam filtering. - type: str - choices: - - enable - - disable - gmail: - description: - - Gmail. - type: dict - suboptions: - log: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - imap: - description: - - IMAP. - type: dict - suboptions: - action: - description: - - Action for spam email. - type: str - choices: - - pass - - tag - log: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - tag_msg: - description: - - Subject text or header added to spam email. - type: str - tag_type: - description: - - Tag subject or header for spam email. - type: list - choices: - - subject - - header - - spaminfo - mapi: - description: - - MAPI. - type: dict - suboptions: - action: - description: - - Action for spam email. - type: str - choices: - - pass - - discard - log: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - msn_hotmail: - description: - - MSN Hotmail. - type: dict - suboptions: - log: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - name: - description: - - Profile name. - required: true - type: str - options: - description: - - Options. - type: list - choices: - - bannedword - - spambwl - - spamfsip - - spamfssubmit - - spamfschksum - - spamfsurl - - spamhelodns - - spamraddrdns - - spamrbl - - spamhdrcheck - - spamfsphish - pop3: - description: - - POP3. - type: dict - suboptions: - action: - description: - - Action for spam email. - type: str - choices: - - pass - - tag - log: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - tag_msg: - description: - - Subject text or header added to spam email. - type: str - tag_type: - description: - - Tag subject or header for spam email. - type: list - choices: - - subject - - header - - spaminfo - replacemsg_group: - description: - - Replacement message group. Source system.replacemsg-group.name. - type: str - smtp: - description: - - SMTP. - type: dict - suboptions: - action: - description: - - Action for spam email. - type: str - choices: - - pass - - tag - - discard - hdrip: - description: - - Enable/disable SMTP email header IP checks for spamfsip, spamrbl and spambwl filters. - type: str - choices: - - disable - - enable - local_override: - description: - - Enable/disable local filter to override SMTP remote check result. - type: str - choices: - - disable - - enable - log: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - tag_msg: - description: - - Subject text or header added to spam email. - type: str - tag_type: - description: - - Tag subject or header for spam email. - type: list - choices: - - subject - - header - - spaminfo - spam_bwl_table: - description: - - Anti-spam black/white list table ID. Source spamfilter.bwl.id. - type: int - spam_bword_table: - description: - - Anti-spam banned word table ID. Source spamfilter.bword.id. - type: int - spam_bword_threshold: - description: - - Spam banned word threshold. - type: int - spam_filtering: - description: - - Enable/disable spam filtering. - type: str - choices: - - enable - - disable - spam_iptrust_table: - description: - - Anti-spam IP trust table ID. Source spamfilter.iptrust.id. - type: int - spam_log: - description: - - Enable/disable spam logging for email filtering. - type: str - choices: - - disable - - enable - spam_log_fortiguard_response: - description: - - Enable/disable logging FortiGuard spam response. - type: str - choices: - - disable - - enable - spam_mheader_table: - description: - - Anti-spam MIME header table ID. Source spamfilter.mheader.id. - type: int - spam_rbl_table: - description: - - Anti-spam DNSBL table ID. Source spamfilter.dnsbl.id. - type: int - yahoo_mail: - description: - - Yahoo! Mail. - type: dict - suboptions: - log: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure AntiSpam profiles. - fortios_spamfilter_profile: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - spamfilter_profile: - comment: "Comment." - external: "enable" - flow_based: "enable" - gmail: - log: "enable" - imap: - action: "pass" - log: "enable" - tag_msg: "" - tag_type: "subject" - mapi: - action: "pass" - log: "enable" - msn_hotmail: - log: "enable" - name: "default_name_18" - options: "bannedword" - pop3: - action: "pass" - log: "enable" - tag_msg: "" - tag_type: "subject" - replacemsg_group: " (source system.replacemsg-group.name)" - smtp: - action: "pass" - hdrip: "disable" - local_override: "disable" - log: "enable" - tag_msg: "" - tag_type: "subject" - spam_bwl_table: "33 (source spamfilter.bwl.id)" - spam_bword_table: "34 (source spamfilter.bword.id)" - spam_bword_threshold: "35" - spam_filtering: "enable" - spam_iptrust_table: "37 (source spamfilter.iptrust.id)" - spam_log: "disable" - spam_log_fortiguard_response: "disable" - spam_mheader_table: "40 (source spamfilter.mheader.id)" - spam_rbl_table: "41 (source spamfilter.dnsbl.id)" - yahoo_mail: - log: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_spamfilter_profile_data(json): - option_list = ['comment', 'external', 'flow_based', - 'gmail', 'imap', 'mapi', - 'msn_hotmail', 'name', 'options', - 'pop3', 'replacemsg_group', 'smtp', - 'spam_bwl_table', 'spam_bword_table', 'spam_bword_threshold', - 'spam_filtering', 'spam_iptrust_table', 'spam_log', - 'spam_log_fortiguard_response', 'spam_mheader_table', 'spam_rbl_table', - 'yahoo_mail'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def flatten_multilists_attributes(data): - multilist_attrs = [[u'options'], [u'imap', u'tag_type'], [u'pop3', u'tag_type'], [u'smtp', u'tag_type']] - - for attr in multilist_attrs: - try: - path = "data['" + "']['".join(elem for elem in attr) + "']" - current_val = eval(path) - flattened_val = ' '.join(elem for elem in current_val) - exec(path + '= flattened_val') - except BaseException: - pass - - return data - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def spamfilter_profile(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['spamfilter_profile'] and data['spamfilter_profile']: - state = data['spamfilter_profile']['state'] - else: - state = True - spamfilter_profile_data = data['spamfilter_profile'] - spamfilter_profile_data = flatten_multilists_attributes(spamfilter_profile_data) - filtered_data = underscore_to_hyphen(filter_spamfilter_profile_data(spamfilter_profile_data)) - - if state == "present": - return fos.set('spamfilter', - 'profile', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('spamfilter', - 'profile', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_spamfilter(data, fos): - - if data['spamfilter_profile']: - resp = spamfilter_profile(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "spamfilter_profile": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "comment": {"required": False, "type": "str"}, - "external": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "flow_based": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gmail": {"required": False, "type": "dict", - "options": { - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "imap": {"required": False, "type": "dict", - "options": { - "action": {"required": False, "type": "str", - "choices": ["pass", "tag"]}, - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "tag_msg": {"required": False, "type": "str"}, - "tag_type": {"required": False, "type": "list", - "choices": ["subject", "header", "spaminfo"]} - }}, - "mapi": {"required": False, "type": "dict", - "options": { - "action": {"required": False, "type": "str", - "choices": ["pass", "discard"]}, - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "msn_hotmail": {"required": False, "type": "dict", - "options": { - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "name": {"required": True, "type": "str"}, - "options": {"required": False, "type": "list", - "choices": ["bannedword", "spambwl", "spamfsip", - "spamfssubmit", "spamfschksum", "spamfsurl", - "spamhelodns", "spamraddrdns", "spamrbl", - "spamhdrcheck", "spamfsphish"]}, - "pop3": {"required": False, "type": "dict", - "options": { - "action": {"required": False, "type": "str", - "choices": ["pass", "tag"]}, - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "tag_msg": {"required": False, "type": "str"}, - "tag_type": {"required": False, "type": "list", - "choices": ["subject", "header", "spaminfo"]} - }}, - "replacemsg_group": {"required": False, "type": "str"}, - "smtp": {"required": False, "type": "dict", - "options": { - "action": {"required": False, "type": "str", - "choices": ["pass", "tag", "discard"]}, - "hdrip": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "local_override": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "tag_msg": {"required": False, "type": "str"}, - "tag_type": {"required": False, "type": "list", - "choices": ["subject", "header", "spaminfo"]} - }}, - "spam_bwl_table": {"required": False, "type": "int"}, - "spam_bword_table": {"required": False, "type": "int"}, - "spam_bword_threshold": {"required": False, "type": "int"}, - "spam_filtering": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "spam_iptrust_table": {"required": False, "type": "int"}, - "spam_log": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "spam_log_fortiguard_response": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "spam_mheader_table": {"required": False, "type": "int"}, - "spam_rbl_table": {"required": False, "type": "int"}, - "yahoo_mail": {"required": False, "type": "dict", - "options": { - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_spamfilter(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_spamfilter(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_ssh_filter_profile.py b/lib/ansible/modules/network/fortios/fortios_ssh_filter_profile.py deleted file mode 100644 index 6562483ddb7..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_ssh_filter_profile.py +++ /dev/null @@ -1,452 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_ssh_filter_profile -short_description: SSH filter profile in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify ssh_filter feature and profile category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - ssh_filter_profile: - description: - - SSH filter profile. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - block: - description: - - SSH blocking options. - type: str - choices: - - x11 - - shell - - exec - - port-forward - - tun-forward - - sftp - - unknown - default_command_log: - description: - - Enable/disable logging unmatched shell commands. - type: str - choices: - - enable - - disable - log: - description: - - SSH logging options. - type: str - choices: - - x11 - - shell - - exec - - port-forward - - tun-forward - - sftp - - unknown - name: - description: - - SSH filter profile name. - required: true - type: str - shell_commands: - description: - - SSH command filter. - type: list - suboptions: - action: - description: - - Action to take for URL filter matches. - type: str - choices: - - block - - allow - alert: - description: - - Enable/disable alert. - type: str - choices: - - enable - - disable - id: - description: - - Id. - required: true - type: int - log: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - pattern: - description: - - SSH shell command pattern. - type: str - severity: - description: - - Log severity. - type: str - choices: - - low - - medium - - high - - critical - type: - description: - - Matching type. - type: str - choices: - - simple - - regex -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: SSH filter profile. - fortios_ssh_filter_profile: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - ssh_filter_profile: - block: "x11" - default_command_log: "enable" - log: "x11" - name: "default_name_6" - shell_commands: - - - action: "block" - alert: "enable" - id: "10" - log: "enable" - pattern: "" - severity: "low" - type: "simple" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_ssh_filter_profile_data(json): - option_list = ['block', 'default_command_log', 'log', - 'name', 'shell_commands'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def ssh_filter_profile(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['ssh_filter_profile'] and data['ssh_filter_profile']: - state = data['ssh_filter_profile']['state'] - else: - state = True - ssh_filter_profile_data = data['ssh_filter_profile'] - filtered_data = underscore_to_hyphen(filter_ssh_filter_profile_data(ssh_filter_profile_data)) - - if state == "present": - return fos.set('ssh-filter', - 'profile', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('ssh-filter', - 'profile', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_ssh_filter(data, fos): - - if data['ssh_filter_profile']: - resp = ssh_filter_profile(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "ssh_filter_profile": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "block": {"required": False, "type": "str", - "choices": ["x11", "shell", "exec", - "port-forward", "tun-forward", "sftp", - "unknown"]}, - "default_command_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "log": {"required": False, "type": "str", - "choices": ["x11", "shell", "exec", - "port-forward", "tun-forward", "sftp", - "unknown"]}, - "name": {"required": True, "type": "str"}, - "shell_commands": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["block", "allow"]}, - "alert": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "id": {"required": True, "type": "int"}, - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "pattern": {"required": False, "type": "str"}, - "severity": {"required": False, "type": "str", - "choices": ["low", "medium", "high", - "critical"]}, - "type": {"required": False, "type": "str", - "choices": ["simple", "regex"]} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_ssh_filter(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_ssh_filter(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_switch_controller_802_1X_settings.py b/lib/ansible/modules/network/fortios/fortios_switch_controller_802_1X_settings.py deleted file mode 100644 index d18988026c6..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_switch_controller_802_1X_settings.py +++ /dev/null @@ -1,305 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_switch_controller_802_1X_settings -short_description: Configure global 802.1X settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify switch_controller feature and 802_1X_settings category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - switch_controller_802_1X_settings: - description: - - Configure global 802.1X settings. - default: null - type: dict - suboptions: - link_down_auth: - description: - - Interface-reauthentication state to set if a link is down. - type: str - choices: - - set-unauth - - no-action - max_reauth_attempt: - description: - - Maximum number of authentication attempts (0 - 15). - type: int - reauth_period: - description: - - Period of time to allow for reauthentication (1 - 1440 sec). - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure global 802.1X settings. - fortios_switch_controller_802_1X_settings: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - switch_controller_802_1X_settings: - link_down_auth: "set-unauth" - max_reauth_attempt: "4" - reauth_period: "5" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_switch_controller_802_1X_settings_data(json): - option_list = ['link_down_auth', 'max_reauth_attempt', 'reauth_period'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def switch_controller_802_1X_settings(data, fos): - vdom = data['vdom'] - switch_controller_802_1X_settings_data = data['switch_controller_802_1X_settings'] - filtered_data = underscore_to_hyphen(filter_switch_controller_802_1X_settings_data(switch_controller_802_1X_settings_data)) - - return fos.set('switch-controller', - '802-1X-settings', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_switch_controller(data, fos): - - if data['switch_controller_802_1X_settings']: - resp = switch_controller_802_1X_settings(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "switch_controller_802_1X_settings": { - "required": False, "type": "dict", "default": None, - "options": { - "link_down_auth": {"required": False, "type": "str", - "choices": ["set-unauth", "no-action"]}, - "max_reauth_attempt": {"required": False, "type": "int"}, - "reauth_period": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_switch_controller_custom_command.py b/lib/ansible/modules/network/fortios/fortios_switch_controller_custom_command.py deleted file mode 100644 index a34b80a4bc2..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_switch_controller_custom_command.py +++ /dev/null @@ -1,321 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_switch_controller_custom_command -short_description: Configure the FortiGate switch controller to send custom commands to managed FortiSwitch devices in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify switch_controller feature and custom_command category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - switch_controller_custom_command: - description: - - Configure the FortiGate switch controller to send custom commands to managed FortiSwitch devices. - default: null - type: dict - suboptions: - command: - description: - - "String of commands to send to FortiSwitch devices (For example (%0a = return key): config switch trunk %0a edit myTrunk %0a set members - port1 port2 %0a end %0a)." - type: str - command_name: - description: - - Command name called by the FortiGate switch controller in the execute command. - type: str - description: - description: - - Description. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure the FortiGate switch controller to send custom commands to managed FortiSwitch devices. - fortios_switch_controller_custom_command: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - switch_controller_custom_command: - command: "" - command_name: "" - description: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_switch_controller_custom_command_data(json): - option_list = ['command', 'command_name', 'description'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def switch_controller_custom_command(data, fos): - vdom = data['vdom'] - state = data['state'] - switch_controller_custom_command_data = data['switch_controller_custom_command'] - filtered_data = underscore_to_hyphen(filter_switch_controller_custom_command_data(switch_controller_custom_command_data)) - - if state == "present": - return fos.set('switch-controller', - 'custom-command', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('switch-controller', - 'custom-command', - mkey=filtered_data['command-name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_switch_controller(data, fos): - - if data['switch_controller_custom_command']: - resp = switch_controller_custom_command(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "switch_controller_custom_command": { - "required": False, "type": "dict", "default": None, - "options": { - "command": {"required": False, "type": "str"}, - "command_name": {"required": False, "type": "str"}, - "description": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_switch_controller_global.py b/lib/ansible/modules/network/fortios/fortios_switch_controller_global.py deleted file mode 100644 index dc9420ec253..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_switch_controller_global.py +++ /dev/null @@ -1,357 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_switch_controller_global -short_description: Configure FortiSwitch global settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify switch_controller feature and global category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - switch_controller_global: - description: - - Configure FortiSwitch global settings. - default: null - type: dict - suboptions: - allow_multiple_interfaces: - description: - - Enable/disable multiple FortiLink interfaces for redundant connections between a managed FortiSwitch and FortiGate. - type: str - choices: - - enable - - disable - default_virtual_switch_vlan: - description: - - Default VLAN for ports when added to the virtual-switch. Source system.interface.name. - type: str - disable_discovery: - description: - - Prevent this FortiSwitch from discovering. - type: list - suboptions: - name: - description: - - Managed device ID. - required: true - type: str - https_image_push: - description: - - Enable/disable image push to FortiSwitch using HTTPS. - type: str - choices: - - enable - - disable - log_mac_limit_violations: - description: - - Enable/disable logs for Learning Limit Violations. - type: str - choices: - - enable - - disable - mac_aging_interval: - description: - - Time after which an inactive MAC is aged out (10 - 1000000 sec). - type: int - mac_retention_period: - description: - - Time in hours after which an inactive MAC is removed from client DB. - type: int - mac_violation_timer: - description: - - Set timeout for Learning Limit Violations (0 = disabled). - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiSwitch global settings. - fortios_switch_controller_global: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - switch_controller_global: - allow_multiple_interfaces: "enable" - default_virtual_switch_vlan: " (source system.interface.name)" - disable_discovery: - - - name: "default_name_6" - https_image_push: "enable" - log_mac_limit_violations: "enable" - mac_aging_interval: "9" - mac_retention_period: "10" - mac_violation_timer: "11" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_switch_controller_global_data(json): - option_list = ['allow_multiple_interfaces', 'default_virtual_switch_vlan', 'disable_discovery', - 'https_image_push', 'log_mac_limit_violations', 'mac_aging_interval', - 'mac_retention_period', 'mac_violation_timer'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def switch_controller_global(data, fos): - vdom = data['vdom'] - switch_controller_global_data = data['switch_controller_global'] - filtered_data = underscore_to_hyphen(filter_switch_controller_global_data(switch_controller_global_data)) - - return fos.set('switch-controller', - 'global', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_switch_controller(data, fos): - - if data['switch_controller_global']: - resp = switch_controller_global(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "switch_controller_global": { - "required": False, "type": "dict", "default": None, - "options": { - "allow_multiple_interfaces": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "default_virtual_switch_vlan": {"required": False, "type": "str"}, - "disable_discovery": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "https_image_push": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "log_mac_limit_violations": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "mac_aging_interval": {"required": False, "type": "int"}, - "mac_retention_period": {"required": False, "type": "int"}, - "mac_violation_timer": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_switch_controller_igmp_snooping.py b/lib/ansible/modules/network/fortios/fortios_switch_controller_igmp_snooping.py deleted file mode 100644 index c40454d215a..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_switch_controller_igmp_snooping.py +++ /dev/null @@ -1,299 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_switch_controller_igmp_snooping -short_description: Configure FortiSwitch IGMP snooping global settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify switch_controller feature and igmp_snooping category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - switch_controller_igmp_snooping: - description: - - Configure FortiSwitch IGMP snooping global settings. - default: null - type: dict - suboptions: - aging_time: - description: - - Maximum number of seconds to retain a multicast snooping entry for which no packets have been seen (15 - 3600 sec). - type: int - flood_unknown_multicast: - description: - - Enable/disable unknown multicast flooding. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiSwitch IGMP snooping global settings. - fortios_switch_controller_igmp_snooping: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - switch_controller_igmp_snooping: - aging_time: "3" - flood_unknown_multicast: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_switch_controller_igmp_snooping_data(json): - option_list = ['aging_time', 'flood_unknown_multicast'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def switch_controller_igmp_snooping(data, fos): - vdom = data['vdom'] - switch_controller_igmp_snooping_data = data['switch_controller_igmp_snooping'] - filtered_data = underscore_to_hyphen(filter_switch_controller_igmp_snooping_data(switch_controller_igmp_snooping_data)) - - return fos.set('switch-controller', - 'igmp-snooping', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_switch_controller(data, fos): - - if data['switch_controller_igmp_snooping']: - resp = switch_controller_igmp_snooping(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "switch_controller_igmp_snooping": { - "required": False, "type": "dict", "default": None, - "options": { - "aging_time": {"required": False, "type": "int"}, - "flood_unknown_multicast": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_switch_controller_lldp_profile.py b/lib/ansible/modules/network/fortios/fortios_switch_controller_lldp_profile.py deleted file mode 100644 index a6ba560d5cf..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_switch_controller_lldp_profile.py +++ /dev/null @@ -1,471 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_switch_controller_lldp_profile -short_description: Configure FortiSwitch LLDP profiles in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify switch_controller feature and lldp_profile category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - switch_controller_lldp_profile: - description: - - Configure FortiSwitch LLDP profiles. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - 802.1_tlvs: - description: - - Transmitted IEEE 802.1 TLVs. - type: str - choices: - - port-vlan-id - 802.3_tlvs: - description: - - Transmitted IEEE 802.3 TLVs. - type: str - choices: - - max-frame-size - auto_isl: - description: - - Enable/disable auto inter-switch LAG. - type: str - choices: - - disable - - enable - auto_isl_hello_timer: - description: - - Auto inter-switch LAG hello timer duration (1 - 30 sec). - type: int - auto_isl_port_group: - description: - - Auto inter-switch LAG port group ID (0 - 9). - type: int - auto_isl_receive_timeout: - description: - - Auto inter-switch LAG timeout if no response is received (3 - 90 sec). - type: int - custom_tlvs: - description: - - Configuration method to edit custom TLV entries. - type: list - suboptions: - information_string: - description: - - Organizationally defined information string (0 - 507 hexadecimal bytes). - type: str - name: - description: - - TLV name (not sent). - required: true - type: str - oui: - description: - - Organizationally unique identifier (OUI), a 3-byte hexadecimal number, for this TLV. - type: str - subtype: - description: - - Organizationally defined subtype (0 - 255). - type: int - med_network_policy: - description: - - Configuration method to edit Media Endpoint Discovery (MED) network policy type-length-value (TLV) categories. - type: list - suboptions: - dscp: - description: - - Advertised Differentiated Services Code Point (DSCP) value, a packet header value indicating the level of service requested for - traffic, such as high priority or best effort delivery. - type: int - name: - description: - - Policy type name. - required: true - type: str - priority: - description: - - Advertised Layer 2 priority (0 - 7; from lowest to highest priority). - type: int - status: - description: - - Enable or disable this TLV. - type: str - choices: - - disable - - enable - vlan: - description: - - ID of VLAN to advertise, if configured on port (0 - 4094, 0 = priority tag). - type: int - med_tlvs: - description: - - "Transmitted LLDP-MED TLVs (type-length-value descriptions): inventory management TLV and/or network policy TLV." - type: str - choices: - - inventory-management - - network-policy - name: - description: - - Profile name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiSwitch LLDP profiles. - fortios_switch_controller_lldp_profile: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - switch_controller_lldp_profile: - 802.1_tlvs: "port-vlan-id" - 802.3_tlvs: "max-frame-size" - auto_isl: "disable" - auto_isl_hello_timer: "6" - auto_isl_port_group: "7" - auto_isl_receive_timeout: "8" - custom_tlvs: - - - information_string: "" - name: "default_name_11" - oui: "" - subtype: "13" - med_network_policy: - - - dscp: "15" - name: "default_name_16" - priority: "17" - status: "disable" - vlan: "19" - med_tlvs: "inventory-management" - name: "default_name_21" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_switch_controller_lldp_profile_data(json): - option_list = ['802.1_tlvs', '802.3_tlvs', 'auto_isl', - 'auto_isl_hello_timer', 'auto_isl_port_group', 'auto_isl_receive_timeout', - 'custom_tlvs', 'med_network_policy', 'med_tlvs', - 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def switch_controller_lldp_profile(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['switch_controller_lldp_profile'] and data['switch_controller_lldp_profile']: - state = data['switch_controller_lldp_profile']['state'] - else: - state = True - switch_controller_lldp_profile_data = data['switch_controller_lldp_profile'] - filtered_data = underscore_to_hyphen(filter_switch_controller_lldp_profile_data(switch_controller_lldp_profile_data)) - - if state == "present": - return fos.set('switch-controller', - 'lldp-profile', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('switch-controller', - 'lldp-profile', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_switch_controller(data, fos): - - if data['switch_controller_lldp_profile']: - resp = switch_controller_lldp_profile(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "switch_controller_lldp_profile": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "802.1_tlvs": {"required": False, "type": "str", - "choices": ["port-vlan-id"]}, - "802.3_tlvs": {"required": False, "type": "str", - "choices": ["max-frame-size"]}, - "auto_isl": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "auto_isl_hello_timer": {"required": False, "type": "int"}, - "auto_isl_port_group": {"required": False, "type": "int"}, - "auto_isl_receive_timeout": {"required": False, "type": "int"}, - "custom_tlvs": {"required": False, "type": "list", - "options": { - "information_string": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "oui": {"required": False, "type": "str"}, - "subtype": {"required": False, "type": "int"} - }}, - "med_network_policy": {"required": False, "type": "list", - "options": { - "dscp": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "priority": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "vlan": {"required": False, "type": "int"} - }}, - "med_tlvs": {"required": False, "type": "str", - "choices": ["inventory-management", "network-policy"]}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_switch_controller_lldp_settings.py b/lib/ansible/modules/network/fortios/fortios_switch_controller_lldp_settings.py deleted file mode 100644 index 168b3c50d9d..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_switch_controller_lldp_settings.py +++ /dev/null @@ -1,323 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_switch_controller_lldp_settings -short_description: Configure FortiSwitch LLDP settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify switch_controller feature and lldp_settings category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - switch_controller_lldp_settings: - description: - - Configure FortiSwitch LLDP settings. - default: null - type: dict - suboptions: - fast_start_interval: - description: - - Frequency of LLDP PDU transmission from FortiSwitch for the first 4 packets when the link is up (2 - 5 sec). - type: int - management_interface: - description: - - Primary management interface to be advertised in LLDP and CDP PDUs. - type: str - choices: - - internal - - mgmt - status: - description: - - Enable/disable LLDP global settings. - type: str - choices: - - enable - - disable - tx_hold: - description: - - Number of tx-intervals before local LLDP data expires (1 - 16). Packet TTL is tx-hold * tx-interval. - type: int - tx_interval: - description: - - Frequency of LLDP PDU transmission from FortiSwitch (5 - 4095 sec). Packet TTL is tx-hold * tx-interval. - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiSwitch LLDP settings. - fortios_switch_controller_lldp_settings: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - switch_controller_lldp_settings: - fast_start_interval: "3" - management_interface: "internal" - status: "enable" - tx_hold: "6" - tx_interval: "7" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_switch_controller_lldp_settings_data(json): - option_list = ['fast_start_interval', 'management_interface', 'status', - 'tx_hold', 'tx_interval'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def switch_controller_lldp_settings(data, fos): - vdom = data['vdom'] - switch_controller_lldp_settings_data = data['switch_controller_lldp_settings'] - filtered_data = underscore_to_hyphen(filter_switch_controller_lldp_settings_data(switch_controller_lldp_settings_data)) - - return fos.set('switch-controller', - 'lldp-settings', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_switch_controller(data, fos): - - if data['switch_controller_lldp_settings']: - resp = switch_controller_lldp_settings(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "switch_controller_lldp_settings": { - "required": False, "type": "dict", "default": None, - "options": { - "fast_start_interval": {"required": False, "type": "int"}, - "management_interface": {"required": False, "type": "str", - "choices": ["internal", "mgmt"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "tx_hold": {"required": False, "type": "int"}, - "tx_interval": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_switch_controller_mac_sync_settings.py b/lib/ansible/modules/network/fortios/fortios_switch_controller_mac_sync_settings.py deleted file mode 100644 index d8b7b1c5a0c..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_switch_controller_mac_sync_settings.py +++ /dev/null @@ -1,290 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_switch_controller_mac_sync_settings -short_description: Configure global MAC synchronization settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify switch_controller feature and mac_sync_settings category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - switch_controller_mac_sync_settings: - description: - - Configure global MAC synchronization settings. - default: null - type: dict - suboptions: - mac_sync_interval: - description: - - Time interval between MAC synchronizations (30 - 1800 sec). - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure global MAC synchronization settings. - fortios_switch_controller_mac_sync_settings: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - switch_controller_mac_sync_settings: - mac_sync_interval: "3" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_switch_controller_mac_sync_settings_data(json): - option_list = ['mac_sync_interval'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def switch_controller_mac_sync_settings(data, fos): - vdom = data['vdom'] - switch_controller_mac_sync_settings_data = data['switch_controller_mac_sync_settings'] - filtered_data = underscore_to_hyphen(filter_switch_controller_mac_sync_settings_data(switch_controller_mac_sync_settings_data)) - - return fos.set('switch-controller', - 'mac-sync-settings', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_switch_controller(data, fos): - - if data['switch_controller_mac_sync_settings']: - resp = switch_controller_mac_sync_settings(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "switch_controller_mac_sync_settings": { - "required": False, "type": "dict", "default": None, - "options": { - "mac_sync_interval": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_switch_controller_managed_switch.py b/lib/ansible/modules/network/fortios/fortios_switch_controller_managed_switch.py deleted file mode 100644 index 7fc94dc61e3..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_switch_controller_managed_switch.py +++ /dev/null @@ -1,1417 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_switch_controller_managed_switch -short_description: Configure FortiSwitch devices that are managed by this FortiGate in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify switch_controller feature and managed_switch category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - switch_controller_managed_switch: - description: - - Configure FortiSwitch devices that are managed by this FortiGate. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - 802_1X_settings: - description: - - Configuration method to edit FortiSwitch 802.1X global settings. - type: dict - suboptions: - link_down_auth: - description: - - Authentication state to set if a link is down. - type: str - choices: - - set-unauth - - no-action - local_override: - description: - - Enable to override global 802.1X settings on individual FortiSwitches. - type: str - choices: - - enable - - disable - max_reauth_attempt: - description: - - Maximum number of authentication attempts (0 - 15). - type: int - reauth_period: - description: - - Reauthentication time interval (1 - 1440 min). - type: int - custom_command: - description: - - Configuration method to edit FortiSwitch commands to be pushed to this FortiSwitch device upon rebooting the FortiGate switch controller - or the FortiSwitch. - type: list - suboptions: - command_entry: - description: - - List of FortiSwitch commands. - type: str - command_name: - description: - - Names of commands to be pushed to this FortiSwitch device, as configured under config switch-controller custom-command. Source - switch-controller.custom-command.command-name. - type: str - delayed_restart_trigger: - description: - - Delayed restart triggered for this FortiSwitch. - type: int - description: - description: - - Description. - type: str - directly_connected: - description: - - Directly connected FortiSwitch. - type: int - dynamic_capability: - description: - - List of features this FortiSwitch supports (not configurable) that is sent to the FortiGate device for subsequent configuration - initiated by the FortiGate device. - type: int - dynamically_discovered: - description: - - Dynamically discovered FortiSwitch. - type: int - fsw_wan1_admin: - description: - - FortiSwitch WAN1 admin status; enable to authorize the FortiSwitch as a managed switch. - type: str - choices: - - discovered - - disable - - enable - fsw_wan1_peer: - description: - - Fortiswitch WAN1 peer port. - type: str - fsw_wan2_admin: - description: - - FortiSwitch WAN2 admin status; enable to authorize the FortiSwitch as a managed switch. - type: str - choices: - - discovered - - disable - - enable - fsw_wan2_peer: - description: - - FortiSwitch WAN2 peer port. - type: str - igmp_snooping: - description: - - Configure FortiSwitch IGMP snooping global settings. - type: dict - suboptions: - aging_time: - description: - - Maximum time to retain a multicast snooping entry for which no packets have been seen (15 - 3600 sec). - type: int - flood_unknown_multicast: - description: - - Enable/disable unknown multicast flooding. - type: str - choices: - - enable - - disable - local_override: - description: - - Enable/disable overriding the global IGMP snooping configuration. - type: str - choices: - - enable - - disable - max_allowed_trunk_members: - description: - - FortiSwitch maximum allowed trunk members. - type: int - mirror: - description: - - Configuration method to edit FortiSwitch packet mirror. - type: list - suboptions: - dst: - description: - - Destination port. - type: str - name: - description: - - Mirror name. - required: true - type: str - src_egress: - description: - - Source egress interfaces. - type: list - suboptions: - name: - description: - - Interface name. - required: true - type: str - src_ingress: - description: - - Source ingress interfaces. - type: list - suboptions: - name: - description: - - Interface name. - required: true - type: str - status: - description: - - Active/inactive mirror configuration. - type: str - choices: - - active - - inactive - switching_packet: - description: - - Enable/disable switching functionality when mirroring. - type: str - choices: - - enable - - disable - name: - description: - - Managed-switch name. - type: str - owner_vdom: - description: - - VDOM which owner of port belongs to. - type: str - poe_detection_type: - description: - - PoE detection type for FortiSwitch. - type: int - poe_pre_standard_detection: - description: - - Enable/disable PoE pre-standard detection. - type: str - choices: - - enable - - disable - ports: - description: - - Managed-switch port list. - type: list - suboptions: - allowed_vlans: - description: - - Configure switch port tagged vlans - type: list - suboptions: - vlan_name: - description: - - VLAN name. Source system.interface.name. - type: str - allowed_vlans_all: - description: - - Enable/disable all defined vlans on this port. - type: str - choices: - - enable - - disable - arp_inspection_trust: - description: - - Trusted or untrusted dynamic ARP inspection. - type: str - choices: - - untrusted - - trusted - bundle: - description: - - Enable/disable Link Aggregation Group (LAG) bundling for non-FortiLink interfaces. - type: str - choices: - - enable - - disable - description: - description: - - Description for port. - type: str - dhcp_snoop_option82_trust: - description: - - Enable/disable allowance of DHCP with option-82 on untrusted interface. - type: str - choices: - - enable - - disable - dhcp_snooping: - description: - - Trusted or untrusted DHCP-snooping interface. - type: str - choices: - - untrusted - - trusted - discard_mode: - description: - - Configure discard mode for port. - type: str - choices: - - none - - all-untagged - - all-tagged - edge_port: - description: - - Enable/disable this interface as an edge port, bridging connections between workstations and/or computers. - type: str - choices: - - enable - - disable - export_tags: - description: - - Switch controller export tag name. - type: list - suboptions: - tag_name: - description: - - Switch tag name. Source switch-controller.switch-interface-tag.name. - type: str - export_to: - description: - - Export managed-switch port to a tenant VDOM. Source system.vdom.name. - type: str - export_to_pool: - description: - - Switch controller export port to pool-list. Source switch-controller.virtual-port-pool.name. - type: str - export_to_pool_flag: - description: - - Switch controller export port to pool-list. - type: int - fgt_peer_device_name: - description: - - FGT peer device name. - type: str - fgt_peer_port_name: - description: - - FGT peer port name. - type: str - fiber_port: - description: - - Fiber-port. - type: int - flags: - description: - - Port properties flags. - type: int - fortilink_port: - description: - - FortiLink uplink port. - type: int - igmp_snooping: - description: - - Set IGMP snooping mode for the physical port interface. - type: str - choices: - - enable - - disable - igmps_flood_reports: - description: - - Enable/disable flooding of IGMP reports to this interface when igmp-snooping enabled. - type: str - choices: - - enable - - disable - igmps_flood_traffic: - description: - - Enable/disable flooding of IGMP snooping traffic to this interface. - type: str - choices: - - enable - - disable - isl_local_trunk_name: - description: - - ISL local trunk name. - type: str - isl_peer_device_name: - description: - - ISL peer device name. - type: str - isl_peer_port_name: - description: - - ISL peer port name. - type: str - lacp_speed: - description: - - end Link Aggregation Control Protocol (LACP) messages every 30 seconds (slow) or every second (fast). - type: str - choices: - - slow - - fast - learning_limit: - description: - - Limit the number of dynamic MAC addresses on this Port (1 - 128, 0 = no limit, default). - type: int - lldp_profile: - description: - - LLDP port TLV profile. Source switch-controller.lldp-profile.name. - type: str - lldp_status: - description: - - LLDP transmit and receive status. - type: str - choices: - - disable - - rx-only - - tx-only - - tx-rx - loop_guard: - description: - - Enable/disable loop-guard on this interface, an STP optimization used to prevent network loops. - type: str - choices: - - enabled - - disabled - loop_guard_timeout: - description: - - Loop-guard timeout (0 - 120 min). - type: int - max_bundle: - description: - - Maximum size of LAG bundle (1 - 24) - type: int - mclag: - description: - - Enable/disable multi-chassis link aggregation (MCLAG). - type: str - choices: - - enable - - disable - member_withdrawal_behavior: - description: - - Port behavior after it withdraws because of loss of control packets. - type: str - choices: - - forward - - block - members: - description: - - Aggregated LAG bundle interfaces. - type: list - suboptions: - member_name: - description: - - Interface name from available options. - type: str - min_bundle: - description: - - Minimum size of LAG bundle (1 - 24) - type: int - mode: - description: - - "LACP mode: ignore and do not send control messages, or negotiate 802.3ad aggregation passively or actively." - type: str - choices: - - static - - lacp-passive - - lacp-active - poe_capable: - description: - - PoE capable. - type: int - poe_pre_standard_detection: - description: - - Enable/disable PoE pre-standard detection. - type: str - choices: - - enable - - disable - poe_status: - description: - - Enable/disable PoE status. - type: str - choices: - - enable - - disable - port_name: - description: - - Switch port name. - type: str - port_number: - description: - - Port number. - type: int - port_owner: - description: - - Switch port name. - type: str - port_prefix_type: - description: - - Port prefix type. - type: int - port_security_policy: - description: - - Switch controller authentication policy to apply to this managed switch from available options. Source switch-controller - .security-policy.802-1X.name switch-controller.security-policy.captive-portal.name. - type: str - port_selection_criteria: - description: - - Algorithm for aggregate port selection. - type: str - choices: - - src-mac - - dst-mac - - src-dst-mac - - src-ip - - dst-ip - - src-dst-ip - qos_policy: - description: - - Switch controller QoS policy from available options. Source switch-controller.qos.qos-policy.name. - type: str - sample_direction: - description: - - sFlow sample direction. - type: str - choices: - - tx - - rx - - both - sflow_counter_interval: - description: - - sFlow sampler counter polling interval (1 - 255 sec). - type: int - sflow_sample_rate: - description: - - sFlow sampler sample rate (0 - 99999 p/sec). - type: int - sflow_sampler: - description: - - Enable/disable sFlow protocol on this interface. - type: str - choices: - - enabled - - disabled - speed: - description: - - Switch port speed; default and available settings depend on hardware. - type: str - choices: - - 10half - - 10full - - 100half - - 100full - - 1000auto - - 1000fiber - - 1000full - - 10000 - - 40000 - - auto - - auto-module - - 100FX-half - - 100FX-full - - 100000full - - 2500full - - 25000full - - 50000full - speed_mask: - description: - - Switch port speed mask. - type: int - stacking_port: - description: - - Stacking port. - type: int - status: - description: - - "Switch port admin status: up or down." - type: str - choices: - - up - - down - stp_bpdu_guard: - description: - - Enable/disable STP BPDU guard on this interface. - type: str - choices: - - enabled - - disabled - stp_bpdu_guard_timeout: - description: - - BPDU Guard disabling protection (0 - 120 min). - type: int - stp_root_guard: - description: - - Enable/disable STP root guard on this interface. - type: str - choices: - - enabled - - disabled - stp_state: - description: - - Enable/disable Spanning Tree Protocol (STP) on this interface. - type: str - choices: - - enabled - - disabled - switch_id: - description: - - Switch id. - type: str - type: - description: - - "Interface type: physical or trunk port." - type: str - choices: - - physical - - trunk - untagged_vlans: - description: - - Configure switch port untagged vlans - type: list - suboptions: - vlan_name: - description: - - VLAN name. Source system.interface.name. - type: str - virtual_port: - description: - - Virtualized switch port. - type: int - vlan: - description: - - Assign switch ports to a VLAN. Source system.interface.name. - type: str - pre_provisioned: - description: - - Pre-provisioned managed switch. - type: int - staged_image_version: - description: - - Staged image version for FortiSwitch. - type: str - storm_control: - description: - - Configuration method to edit FortiSwitch storm control for measuring traffic activity using data rates to prevent traffic disruption. - type: dict - suboptions: - broadcast: - description: - - Enable/disable storm control to drop broadcast traffic. - type: str - choices: - - enable - - disable - local_override: - description: - - Enable to override global FortiSwitch storm control settings for this FortiSwitch. - type: str - choices: - - enable - - disable - rate: - description: - - Rate in packets per second at which storm traffic is controlled (1 - 10000000). Storm control drops excess traffic data rates - beyond this threshold. - type: int - unknown_multicast: - description: - - Enable/disable storm control to drop unknown multicast traffic. - type: str - choices: - - enable - - disable - unknown_unicast: - description: - - Enable/disable storm control to drop unknown unicast traffic. - type: str - choices: - - enable - - disable - stp_settings: - description: - - Configuration method to edit Spanning Tree Protocol (STP) settings used to prevent bridge loops. - type: dict - suboptions: - forward_time: - description: - - Period of time a port is in listening and learning state (4 - 30 sec). - type: int - hello_time: - description: - - Period of time between successive STP frame Bridge Protocol Data Units (BPDUs) sent on a port (1 - 10 sec). - type: int - local_override: - description: - - Enable to configure local STP settings that override global STP settings. - type: str - choices: - - enable - - disable - max_age: - description: - - Maximum time before a bridge port saves its configuration BPDU information (6 - 40 sec). - type: int - max_hops: - description: - - Maximum number of hops between the root bridge and the furthest bridge (1- 40). - type: int - name: - description: - - Name of local STP settings configuration. - type: str - pending_timer: - description: - - Pending time (1 - 15 sec). - type: int - revision: - description: - - STP revision number (0 - 65535). - type: int - status: - description: - - Enable/disable STP. - type: str - choices: - - enable - - disable - switch_device_tag: - description: - - User definable label/tag. - type: str - switch_id: - description: - - Managed-switch id. - type: str - switch_log: - description: - - Configuration method to edit FortiSwitch logging settings (logs are transferred to and inserted into the FortiGate event log). - type: dict - suboptions: - local_override: - description: - - Enable to configure local logging settings that override global logging settings. - type: str - choices: - - enable - - disable - severity: - description: - - Severity of FortiSwitch logs that are added to the FortiGate event log. - type: str - choices: - - emergency - - alert - - critical - - error - - warning - - notification - - information - - debug - status: - description: - - Enable/disable adding FortiSwitch logs to the FortiGate event log. - type: str - choices: - - enable - - disable - switch_profile: - description: - - FortiSwitch profile. Source switch-controller.switch-profile.name. - type: str - switch_stp_settings: - description: - - Configure spanning tree protocol (STP). - type: dict - suboptions: - status: - description: - - Enable/disable STP. - type: str - choices: - - enable - - disable - type: - description: - - Indication of switch type, physical or virtual. - type: str - choices: - - virtual - - physical - version: - description: - - FortiSwitch version. - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiSwitch devices that are managed by this FortiGate. - fortios_switch_controller_managed_switch: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - switch_controller_managed_switch: - 802_1X_settings: - link_down_auth: "set-unauth" - local_override: "enable" - max_reauth_attempt: "6" - reauth_period: "7" - custom_command: - - - command_entry: "" - command_name: " (source switch-controller.custom-command.command-name)" - delayed_restart_trigger: "11" - description: "" - directly_connected: "13" - dynamic_capability: "14" - dynamically_discovered: "15" - fsw_wan1_admin: "discovered" - fsw_wan1_peer: "" - fsw_wan2_admin: "discovered" - fsw_wan2_peer: "" - igmp_snooping: - aging_time: "21" - flood_unknown_multicast: "enable" - local_override: "enable" - max_allowed_trunk_members: "24" - mirror: - - - dst: "" - name: "default_name_27" - src_egress: - - - name: "default_name_29" - src_ingress: - - - name: "default_name_31" - status: "active" - switching_packet: "enable" - name: "default_name_34" - owner_vdom: "" - poe_detection_type: "36" - poe_pre_standard_detection: "enable" - ports: - - - allowed_vlans: - - - vlan_name: " (source system.interface.name)" - allowed_vlans_all: "enable" - arp_inspection_trust: "untrusted" - bundle: "enable" - description: "" - dhcp_snoop_option82_trust: "enable" - dhcp_snooping: "untrusted" - discard_mode: "none" - edge_port: "enable" - export_tags: - - - tag_name: " (source switch-controller.switch-interface-tag.name)" - export_to: " (source system.vdom.name)" - export_to_pool: " (source switch-controller.virtual-port-pool.name)" - export_to_pool_flag: "53" - fgt_peer_device_name: "" - fgt_peer_port_name: "" - fiber_port: "56" - flags: "57" - fortilink_port: "58" - igmp_snooping: "enable" - igmps_flood_reports: "enable" - igmps_flood_traffic: "enable" - isl_local_trunk_name: "" - isl_peer_device_name: "" - isl_peer_port_name: "" - lacp_speed: "slow" - learning_limit: "66" - lldp_profile: " (source switch-controller.lldp-profile.name)" - lldp_status: "disable" - loop_guard: "enabled" - loop_guard_timeout: "70" - max_bundle: "71" - mclag: "enable" - member_withdrawal_behavior: "forward" - members: - - - member_name: "" - min_bundle: "76" - mode: "static" - poe_capable: "78" - poe_pre_standard_detection: "enable" - poe_status: "enable" - port_name: "" - port_number: "82" - port_owner: "" - port_prefix_type: "84" - port_security_policy: " (source switch-controller.security-policy.802-1X.name switch-controller.security-policy.captive-portal - .name)" - port_selection_criteria: "src-mac" - qos_policy: " (source switch-controller.qos.qos-policy.name)" - sample_direction: "tx" - sflow_counter_interval: "89" - sflow_sample_rate: "90" - sflow_sampler: "enabled" - speed: "10half" - speed_mask: "93" - stacking_port: "94" - status: "up" - stp_bpdu_guard: "enabled" - stp_bpdu_guard_timeout: "97" - stp_root_guard: "enabled" - stp_state: "enabled" - switch_id: "" - type: "physical" - untagged_vlans: - - - vlan_name: " (source system.interface.name)" - virtual_port: "104" - vlan: " (source system.interface.name)" - pre_provisioned: "106" - staged_image_version: "" - storm_control: - broadcast: "enable" - local_override: "enable" - rate: "111" - unknown_multicast: "enable" - unknown_unicast: "enable" - stp_settings: - forward_time: "115" - hello_time: "116" - local_override: "enable" - max_age: "118" - max_hops: "119" - name: "default_name_120" - pending_timer: "121" - revision: "122" - status: "enable" - switch_device_tag: "" - switch_id: "" - switch_log: - local_override: "enable" - severity: "emergency" - status: "enable" - switch_profile: " (source switch-controller.switch-profile.name)" - switch_stp_settings: - status: "enable" - type: "virtual" - version: "134" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_switch_controller_managed_switch_data(json): - option_list = ['802_1X_settings', 'custom_command', 'delayed_restart_trigger', - 'description', 'directly_connected', 'dynamic_capability', - 'dynamically_discovered', 'fsw_wan1_admin', 'fsw_wan1_peer', - 'fsw_wan2_admin', 'fsw_wan2_peer', 'igmp_snooping', - 'max_allowed_trunk_members', 'mirror', 'name', - 'owner_vdom', 'poe_detection_type', 'poe_pre_standard_detection', - 'ports', 'pre_provisioned', 'staged_image_version', - 'storm_control', 'stp_settings', 'switch_device_tag', - 'switch_id', 'switch_log', 'switch_profile', - 'switch_stp_settings', 'type', 'version'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def switch_controller_managed_switch(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['switch_controller_managed_switch'] and data['switch_controller_managed_switch']: - state = data['switch_controller_managed_switch']['state'] - else: - state = True - switch_controller_managed_switch_data = data['switch_controller_managed_switch'] - filtered_data = underscore_to_hyphen(filter_switch_controller_managed_switch_data(switch_controller_managed_switch_data)) - - if state == "present": - return fos.set('switch-controller', - 'managed-switch', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('switch-controller', - 'managed-switch', - mkey=filtered_data['switch-id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_switch_controller(data, fos): - - if data['switch_controller_managed_switch']: - resp = switch_controller_managed_switch(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "switch_controller_managed_switch": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "802_1X_settings": {"required": False, "type": "dict", - "options": { - "link_down_auth": {"required": False, "type": "str", - "choices": ["set-unauth", "no-action"]}, - "local_override": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "max_reauth_attempt": {"required": False, "type": "int"}, - "reauth_period": {"required": False, "type": "int"} - }}, - "custom_command": {"required": False, "type": "list", - "options": { - "command_entry": {"required": False, "type": "str"}, - "command_name": {"required": False, "type": "str"} - }}, - "delayed_restart_trigger": {"required": False, "type": "int"}, - "description": {"required": False, "type": "str"}, - "directly_connected": {"required": False, "type": "int"}, - "dynamic_capability": {"required": False, "type": "int"}, - "dynamically_discovered": {"required": False, "type": "int"}, - "fsw_wan1_admin": {"required": False, "type": "str", - "choices": ["discovered", "disable", "enable"]}, - "fsw_wan1_peer": {"required": False, "type": "str"}, - "fsw_wan2_admin": {"required": False, "type": "str", - "choices": ["discovered", "disable", "enable"]}, - "fsw_wan2_peer": {"required": False, "type": "str"}, - "igmp_snooping": {"required": False, "type": "dict", - "options": { - "aging_time": {"required": False, "type": "int"}, - "flood_unknown_multicast": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_override": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "max_allowed_trunk_members": {"required": False, "type": "int"}, - "mirror": {"required": False, "type": "list", - "options": { - "dst": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "src_egress": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "src_ingress": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "status": {"required": False, "type": "str", - "choices": ["active", "inactive"]}, - "switching_packet": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "name": {"required": False, "type": "str"}, - "owner_vdom": {"required": False, "type": "str"}, - "poe_detection_type": {"required": False, "type": "int"}, - "poe_pre_standard_detection": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ports": {"required": False, "type": "list", - "options": { - "allowed_vlans": {"required": False, "type": "list", - "options": { - "vlan_name": {"required": False, "type": "str"} - }}, - "allowed_vlans_all": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "arp_inspection_trust": {"required": False, "type": "str", - "choices": ["untrusted", "trusted"]}, - "bundle": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "description": {"required": False, "type": "str"}, - "dhcp_snoop_option82_trust": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dhcp_snooping": {"required": False, "type": "str", - "choices": ["untrusted", "trusted"]}, - "discard_mode": {"required": False, "type": "str", - "choices": ["none", "all-untagged", "all-tagged"]}, - "edge_port": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "export_tags": {"required": False, "type": "list", - "options": { - "tag_name": {"required": False, "type": "str"} - }}, - "export_to": {"required": False, "type": "str"}, - "export_to_pool": {"required": False, "type": "str"}, - "export_to_pool_flag": {"required": False, "type": "int"}, - "fgt_peer_device_name": {"required": False, "type": "str"}, - "fgt_peer_port_name": {"required": False, "type": "str"}, - "fiber_port": {"required": False, "type": "int"}, - "flags": {"required": False, "type": "int"}, - "fortilink_port": {"required": False, "type": "int"}, - "igmp_snooping": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "igmps_flood_reports": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "igmps_flood_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "isl_local_trunk_name": {"required": False, "type": "str"}, - "isl_peer_device_name": {"required": False, "type": "str"}, - "isl_peer_port_name": {"required": False, "type": "str"}, - "lacp_speed": {"required": False, "type": "str", - "choices": ["slow", "fast"]}, - "learning_limit": {"required": False, "type": "int"}, - "lldp_profile": {"required": False, "type": "str"}, - "lldp_status": {"required": False, "type": "str", - "choices": ["disable", "rx-only", "tx-only", - "tx-rx"]}, - "loop_guard": {"required": False, "type": "str", - "choices": ["enabled", "disabled"]}, - "loop_guard_timeout": {"required": False, "type": "int"}, - "max_bundle": {"required": False, "type": "int"}, - "mclag": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "member_withdrawal_behavior": {"required": False, "type": "str", - "choices": ["forward", "block"]}, - "members": {"required": False, "type": "list", - "options": { - "member_name": {"required": False, "type": "str"} - }}, - "min_bundle": {"required": False, "type": "int"}, - "mode": {"required": False, "type": "str", - "choices": ["static", "lacp-passive", "lacp-active"]}, - "poe_capable": {"required": False, "type": "int"}, - "poe_pre_standard_detection": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "poe_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "port_name": {"required": False, "type": "str"}, - "port_number": {"required": False, "type": "int"}, - "port_owner": {"required": False, "type": "str"}, - "port_prefix_type": {"required": False, "type": "int"}, - "port_security_policy": {"required": False, "type": "str"}, - "port_selection_criteria": {"required": False, "type": "str", - "choices": ["src-mac", "dst-mac", "src-dst-mac", - "src-ip", "dst-ip", "src-dst-ip"]}, - "qos_policy": {"required": False, "type": "str"}, - "sample_direction": {"required": False, "type": "str", - "choices": ["tx", "rx", "both"]}, - "sflow_counter_interval": {"required": False, "type": "int"}, - "sflow_sample_rate": {"required": False, "type": "int"}, - "sflow_sampler": {"required": False, "type": "str", - "choices": ["enabled", "disabled"]}, - "speed": {"required": False, "type": "str", - "choices": ["10half", "10full", "100half", - "100full", "1000auto", "1000fiber", - "1000full", "10000", "40000", - "auto", "auto-module", "100FX-half", - "100FX-full", "100000full", "2500full", - "25000full", "50000full"]}, - "speed_mask": {"required": False, "type": "int"}, - "stacking_port": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["up", "down"]}, - "stp_bpdu_guard": {"required": False, "type": "str", - "choices": ["enabled", "disabled"]}, - "stp_bpdu_guard_timeout": {"required": False, "type": "int"}, - "stp_root_guard": {"required": False, "type": "str", - "choices": ["enabled", "disabled"]}, - "stp_state": {"required": False, "type": "str", - "choices": ["enabled", "disabled"]}, - "switch_id": {"required": False, "type": "str"}, - "type": {"required": False, "type": "str", - "choices": ["physical", "trunk"]}, - "untagged_vlans": {"required": False, "type": "list", - "options": { - "vlan_name": {"required": False, "type": "str"} - }}, - "virtual_port": {"required": False, "type": "int"}, - "vlan": {"required": False, "type": "str"} - }}, - "pre_provisioned": {"required": False, "type": "int"}, - "staged_image_version": {"required": False, "type": "str"}, - "storm_control": {"required": False, "type": "dict", - "options": { - "broadcast": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_override": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "rate": {"required": False, "type": "int"}, - "unknown_multicast": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "unknown_unicast": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "stp_settings": {"required": False, "type": "dict", - "options": { - "forward_time": {"required": False, "type": "int"}, - "hello_time": {"required": False, "type": "int"}, - "local_override": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "max_age": {"required": False, "type": "int"}, - "max_hops": {"required": False, "type": "int"}, - "name": {"required": False, "type": "str"}, - "pending_timer": {"required": False, "type": "int"}, - "revision": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "switch_device_tag": {"required": False, "type": "str"}, - "switch_id": {"required": False, "type": "str"}, - "switch_log": {"required": False, "type": "dict", - "options": { - "local_override": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "severity": {"required": False, "type": "str", - "choices": ["emergency", "alert", "critical", - "error", "warning", "notification", - "information", "debug"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "switch_profile": {"required": False, "type": "str"}, - "switch_stp_settings": {"required": False, "type": "dict", - "options": { - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "type": {"required": False, "type": "str", - "choices": ["virtual", "physical"]}, - "version": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_switch_controller_network_monitor_settings.py b/lib/ansible/modules/network/fortios/fortios_switch_controller_network_monitor_settings.py deleted file mode 100644 index c4f28d17d53..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_switch_controller_network_monitor_settings.py +++ /dev/null @@ -1,294 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_switch_controller_network_monitor_settings -short_description: Configure network monitor settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify switch_controller feature and network_monitor_settings category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - switch_controller_network_monitor_settings: - description: - - Configure network monitor settings. - default: null - type: dict - suboptions: - network_monitoring: - description: - - Enable/disable passive gathering of information by FortiSwitch units concerning other network devices. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure network monitor settings. - fortios_switch_controller_network_monitor_settings: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - switch_controller_network_monitor_settings: - network_monitoring: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_switch_controller_network_monitor_settings_data(json): - option_list = ['network_monitoring'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def switch_controller_network_monitor_settings(data, fos): - vdom = data['vdom'] - switch_controller_network_monitor_settings_data = data['switch_controller_network_monitor_settings'] - filtered_data = underscore_to_hyphen(filter_switch_controller_network_monitor_settings_data(switch_controller_network_monitor_settings_data)) - - return fos.set('switch-controller', - 'network-monitor-settings', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_switch_controller(data, fos): - - if data['switch_controller_network_monitor_settings']: - resp = switch_controller_network_monitor_settings(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "switch_controller_network_monitor_settings": { - "required": False, "type": "dict", "default": None, - "options": { - "network_monitoring": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_switch_controller_qos_dot1p_map.py b/lib/ansible/modules/network/fortios/fortios_switch_controller_qos_dot1p_map.py deleted file mode 100644 index cc631fea6cc..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_switch_controller_qos_dot1p_map.py +++ /dev/null @@ -1,462 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_switch_controller_qos_dot1p_map -short_description: Configure FortiSwitch QoS 802.1p in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify switch_controller_qos feature and dot1p_map category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - switch_controller_qos_dot1p_map: - description: - - Configure FortiSwitch QoS 802.1p. - default: null - type: dict - suboptions: - description: - description: - - Description of the 802.1p name. - type: str - name: - description: - - Dot1p map name. - required: true - type: str - priority_0: - description: - - COS queue mapped to dot1p priority number. - type: str - choices: - - queue-0 - - queue-1 - - queue-2 - - queue-3 - - queue-4 - - queue-5 - - queue-6 - - queue-7 - priority_1: - description: - - COS queue mapped to dot1p priority number. - type: str - choices: - - queue-0 - - queue-1 - - queue-2 - - queue-3 - - queue-4 - - queue-5 - - queue-6 - - queue-7 - priority_2: - description: - - COS queue mapped to dot1p priority number. - type: str - choices: - - queue-0 - - queue-1 - - queue-2 - - queue-3 - - queue-4 - - queue-5 - - queue-6 - - queue-7 - priority_3: - description: - - COS queue mapped to dot1p priority number. - type: str - choices: - - queue-0 - - queue-1 - - queue-2 - - queue-3 - - queue-4 - - queue-5 - - queue-6 - - queue-7 - priority_4: - description: - - COS queue mapped to dot1p priority number. - type: str - choices: - - queue-0 - - queue-1 - - queue-2 - - queue-3 - - queue-4 - - queue-5 - - queue-6 - - queue-7 - priority_5: - description: - - COS queue mapped to dot1p priority number. - type: str - choices: - - queue-0 - - queue-1 - - queue-2 - - queue-3 - - queue-4 - - queue-5 - - queue-6 - - queue-7 - priority_6: - description: - - COS queue mapped to dot1p priority number. - type: str - choices: - - queue-0 - - queue-1 - - queue-2 - - queue-3 - - queue-4 - - queue-5 - - queue-6 - - queue-7 - priority_7: - description: - - COS queue mapped to dot1p priority number. - type: str - choices: - - queue-0 - - queue-1 - - queue-2 - - queue-3 - - queue-4 - - queue-5 - - queue-6 - - queue-7 -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiSwitch QoS 802.1p. - fortios_switch_controller_qos_dot1p_map: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - switch_controller_qos_dot1p_map: - description: "" - name: "default_name_4" - priority_0: "queue-0" - priority_1: "queue-0" - priority_2: "queue-0" - priority_3: "queue-0" - priority_4: "queue-0" - priority_5: "queue-0" - priority_6: "queue-0" - priority_7: "queue-0" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_switch_controller_qos_dot1p_map_data(json): - option_list = ['description', 'name', 'priority_0', - 'priority_1', 'priority_2', 'priority_3', - 'priority_4', 'priority_5', 'priority_6', - 'priority_7'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def switch_controller_qos_dot1p_map(data, fos): - vdom = data['vdom'] - state = data['state'] - switch_controller_qos_dot1p_map_data = data['switch_controller_qos_dot1p_map'] - filtered_data = underscore_to_hyphen(filter_switch_controller_qos_dot1p_map_data(switch_controller_qos_dot1p_map_data)) - - if state == "present": - return fos.set('switch-controller.qos', - 'dot1p-map', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('switch-controller.qos', - 'dot1p-map', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_switch_controller_qos(data, fos): - - if data['switch_controller_qos_dot1p_map']: - resp = switch_controller_qos_dot1p_map(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "switch_controller_qos_dot1p_map": { - "required": False, "type": "dict", "default": None, - "options": { - "description": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "priority_0": {"required": False, "type": "str", - "choices": ["queue-0", "queue-1", "queue-2", - "queue-3", "queue-4", "queue-5", - "queue-6", "queue-7"]}, - "priority_1": {"required": False, "type": "str", - "choices": ["queue-0", "queue-1", "queue-2", - "queue-3", "queue-4", "queue-5", - "queue-6", "queue-7"]}, - "priority_2": {"required": False, "type": "str", - "choices": ["queue-0", "queue-1", "queue-2", - "queue-3", "queue-4", "queue-5", - "queue-6", "queue-7"]}, - "priority_3": {"required": False, "type": "str", - "choices": ["queue-0", "queue-1", "queue-2", - "queue-3", "queue-4", "queue-5", - "queue-6", "queue-7"]}, - "priority_4": {"required": False, "type": "str", - "choices": ["queue-0", "queue-1", "queue-2", - "queue-3", "queue-4", "queue-5", - "queue-6", "queue-7"]}, - "priority_5": {"required": False, "type": "str", - "choices": ["queue-0", "queue-1", "queue-2", - "queue-3", "queue-4", "queue-5", - "queue-6", "queue-7"]}, - "priority_6": {"required": False, "type": "str", - "choices": ["queue-0", "queue-1", "queue-2", - "queue-3", "queue-4", "queue-5", - "queue-6", "queue-7"]}, - "priority_7": {"required": False, "type": "str", - "choices": ["queue-0", "queue-1", "queue-2", - "queue-3", "queue-4", "queue-5", - "queue-6", "queue-7"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_switch_controller_qos(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_switch_controller_qos(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_switch_controller_qos_ip_dscp_map.py b/lib/ansible/modules/network/fortios/fortios_switch_controller_qos_ip_dscp_map.py deleted file mode 100644 index 32e45ee9f59..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_switch_controller_qos_ip_dscp_map.py +++ /dev/null @@ -1,397 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_switch_controller_qos_ip_dscp_map -short_description: Configure FortiSwitch QoS IP precedence/DSCP in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify switch_controller_qos feature and ip_dscp_map category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - switch_controller_qos_ip_dscp_map: - description: - - Configure FortiSwitch QoS IP precedence/DSCP. - default: null - type: dict - suboptions: - description: - description: - - Description of the ip-dscp map name. - type: str - map: - description: - - Maps between IP-DSCP value to COS queue. - type: list - suboptions: - cos_queue: - description: - - COS queue number. - type: int - diffserv: - description: - - Differentiated service. - type: str - choices: - - CS0 - - CS1 - - AF11 - - AF12 - - AF13 - - CS2 - - AF21 - - AF22 - - AF23 - - CS3 - - AF31 - - AF32 - - AF33 - - CS4 - - AF41 - - AF42 - - AF43 - - CS5 - - EF - - CS6 - - CS7 - ip_precedence: - description: - - IP Precedence. - type: str - choices: - - network-control - - internetwork-control - - critic-ecp - - flashoverride - - flash - - immediate - - priority - - routine - name: - description: - - Dscp mapping entry name. - required: true - type: str - value: - description: - - Raw values of DSCP (0 - 63). - type: str - name: - description: - - Dscp map name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiSwitch QoS IP precedence/DSCP. - fortios_switch_controller_qos_ip_dscp_map: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - switch_controller_qos_ip_dscp_map: - description: "" - map: - - - cos_queue: "5" - diffserv: "CS0" - ip_precedence: "network-control" - name: "default_name_8" - value: "" - name: "default_name_10" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_switch_controller_qos_ip_dscp_map_data(json): - option_list = ['description', 'map', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def switch_controller_qos_ip_dscp_map(data, fos): - vdom = data['vdom'] - state = data['state'] - switch_controller_qos_ip_dscp_map_data = data['switch_controller_qos_ip_dscp_map'] - filtered_data = underscore_to_hyphen(filter_switch_controller_qos_ip_dscp_map_data(switch_controller_qos_ip_dscp_map_data)) - - if state == "present": - return fos.set('switch-controller.qos', - 'ip-dscp-map', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('switch-controller.qos', - 'ip-dscp-map', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_switch_controller_qos(data, fos): - - if data['switch_controller_qos_ip_dscp_map']: - resp = switch_controller_qos_ip_dscp_map(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "switch_controller_qos_ip_dscp_map": { - "required": False, "type": "dict", "default": None, - "options": { - "description": {"required": False, "type": "str"}, - "map": {"required": False, "type": "list", - "options": { - "cos_queue": {"required": False, "type": "int"}, - "diffserv": {"required": False, "type": "str", - "choices": ["CS0", "CS1", "AF11", - "AF12", "AF13", "CS2", - "AF21", "AF22", "AF23", - "CS3", "AF31", "AF32", - "AF33", "CS4", "AF41", - "AF42", "AF43", "CS5", - "EF", "CS6", "CS7"]}, - "ip_precedence": {"required": False, "type": "str", - "choices": ["network-control", "internetwork-control", "critic-ecp", - "flashoverride", "flash", "immediate", - "priority", "routine"]}, - "name": {"required": True, "type": "str"}, - "value": {"required": False, "type": "str"} - }}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_switch_controller_qos(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_switch_controller_qos(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_switch_controller_qos_qos_policy.py b/lib/ansible/modules/network/fortios/fortios_switch_controller_qos_qos_policy.py deleted file mode 100644 index c984294b187..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_switch_controller_qos_qos_policy.py +++ /dev/null @@ -1,334 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_switch_controller_qos_qos_policy -short_description: Configure FortiSwitch QoS policy in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify switch_controller_qos feature and qos_policy category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - switch_controller_qos_qos_policy: - description: - - Configure FortiSwitch QoS policy. - default: null - type: dict - suboptions: - default_cos: - description: - - Default cos queue for untagged packets. - type: int - name: - description: - - QoS policy name. - required: true - type: str - queue_policy: - description: - - QoS egress queue policy. Source switch-controller.qos.queue-policy.name. - type: str - trust_dot1p_map: - description: - - QoS trust 802.1p map. Source switch-controller.qos.dot1p-map.name. - type: str - trust_ip_dscp_map: - description: - - QoS trust ip dscp map. Source switch-controller.qos.ip-dscp-map.name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiSwitch QoS policy. - fortios_switch_controller_qos_qos_policy: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - switch_controller_qos_qos_policy: - default_cos: "3" - name: "default_name_4" - queue_policy: " (source switch-controller.qos.queue-policy.name)" - trust_dot1p_map: " (source switch-controller.qos.dot1p-map.name)" - trust_ip_dscp_map: " (source switch-controller.qos.ip-dscp-map.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_switch_controller_qos_qos_policy_data(json): - option_list = ['default_cos', 'name', 'queue_policy', - 'trust_dot1p_map', 'trust_ip_dscp_map'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def switch_controller_qos_qos_policy(data, fos): - vdom = data['vdom'] - state = data['state'] - switch_controller_qos_qos_policy_data = data['switch_controller_qos_qos_policy'] - filtered_data = underscore_to_hyphen(filter_switch_controller_qos_qos_policy_data(switch_controller_qos_qos_policy_data)) - - if state == "present": - return fos.set('switch-controller.qos', - 'qos-policy', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('switch-controller.qos', - 'qos-policy', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_switch_controller_qos(data, fos): - - if data['switch_controller_qos_qos_policy']: - resp = switch_controller_qos_qos_policy(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "switch_controller_qos_qos_policy": { - "required": False, "type": "dict", "default": None, - "options": { - "default_cos": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "queue_policy": {"required": False, "type": "str"}, - "trust_dot1p_map": {"required": False, "type": "str"}, - "trust_ip_dscp_map": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_switch_controller_qos(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_switch_controller_qos(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_switch_controller_qos_queue_policy.py b/lib/ansible/modules/network/fortios/fortios_switch_controller_qos_queue_policy.py deleted file mode 100644 index 52d7e96e8b9..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_switch_controller_qos_queue_policy.py +++ /dev/null @@ -1,371 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_switch_controller_qos_queue_policy -short_description: Configure FortiSwitch QoS egress queue policy in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify switch_controller_qos feature and queue_policy category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - switch_controller_qos_queue_policy: - description: - - Configure FortiSwitch QoS egress queue policy. - default: null - type: dict - suboptions: - cos_queue: - description: - - COS queue configuration. - type: list - suboptions: - description: - description: - - Description of the COS queue. - type: str - drop_policy: - description: - - COS queue drop policy. - type: str - choices: - - taildrop - - weighted-random-early-detection - max_rate: - description: - - Maximum rate (0 - 4294967295 kbps, 0 to disable). - type: int - min_rate: - description: - - Minimum rate (0 - 4294967295 kbps, 0 to disable). - type: int - name: - description: - - Cos queue ID. - required: true - type: str - weight: - description: - - Weight of weighted round robin scheduling. - type: int - name: - description: - - QoS policy name - required: true - type: str - schedule: - description: - - COS queue scheduling. - type: str - choices: - - strict - - round-robin - - weighted -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiSwitch QoS egress queue policy. - fortios_switch_controller_qos_queue_policy: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - switch_controller_qos_queue_policy: - cos_queue: - - - description: "" - drop_policy: "taildrop" - max_rate: "6" - min_rate: "7" - name: "default_name_8" - weight: "9" - name: "default_name_10" - schedule: "strict" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_switch_controller_qos_queue_policy_data(json): - option_list = ['cos_queue', 'name', 'schedule'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def switch_controller_qos_queue_policy(data, fos): - vdom = data['vdom'] - state = data['state'] - switch_controller_qos_queue_policy_data = data['switch_controller_qos_queue_policy'] - filtered_data = underscore_to_hyphen(filter_switch_controller_qos_queue_policy_data(switch_controller_qos_queue_policy_data)) - - if state == "present": - return fos.set('switch-controller.qos', - 'queue-policy', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('switch-controller.qos', - 'queue-policy', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_switch_controller_qos(data, fos): - - if data['switch_controller_qos_queue_policy']: - resp = switch_controller_qos_queue_policy(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "switch_controller_qos_queue_policy": { - "required": False, "type": "dict", "default": None, - "options": { - "cos_queue": {"required": False, "type": "list", - "options": { - "description": {"required": False, "type": "str"}, - "drop_policy": {"required": False, "type": "str", - "choices": ["taildrop", "weighted-random-early-detection"]}, - "max_rate": {"required": False, "type": "int"}, - "min_rate": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "weight": {"required": False, "type": "int"} - }}, - "name": {"required": True, "type": "str"}, - "schedule": {"required": False, "type": "str", - "choices": ["strict", "round-robin", "weighted"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_switch_controller_qos(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_switch_controller_qos(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_switch_controller_quarantine.py b/lib/ansible/modules/network/fortios/fortios_switch_controller_quarantine.py deleted file mode 100644 index 366be5eebb5..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_switch_controller_quarantine.py +++ /dev/null @@ -1,339 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_switch_controller_quarantine -short_description: Configure FortiSwitch quarantine support in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify switch_controller feature and quarantine category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - switch_controller_quarantine: - description: - - Configure FortiSwitch quarantine support. - default: null - type: dict - suboptions: - quarantine: - description: - - Enable/disable quarantine. - type: str - choices: - - enable - - disable - targets: - description: - - Quarantine MACs. - type: list - suboptions: - description: - description: - - Description for the quarantine MAC. - type: str - entry_id: - description: - - FSW entry id for the quarantine MAC. - type: int - mac: - description: - - Quarantine MAC. - required: true - type: str - tag: - description: - - Tags for the quarantine MAC. - type: list - suboptions: - tags: - description: - - Tag string(eg. string1 string2 string3). - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiSwitch quarantine support. - fortios_switch_controller_quarantine: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - switch_controller_quarantine: - quarantine: "enable" - targets: - - - description: "" - entry_id: "6" - mac: "" - tag: - - - tags: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_switch_controller_quarantine_data(json): - option_list = ['quarantine', 'targets'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def switch_controller_quarantine(data, fos): - vdom = data['vdom'] - switch_controller_quarantine_data = data['switch_controller_quarantine'] - filtered_data = underscore_to_hyphen(filter_switch_controller_quarantine_data(switch_controller_quarantine_data)) - - return fos.set('switch-controller', - 'quarantine', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_switch_controller(data, fos): - - if data['switch_controller_quarantine']: - resp = switch_controller_quarantine(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "switch_controller_quarantine": { - "required": False, "type": "dict", "default": None, - "options": { - "quarantine": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "targets": {"required": False, "type": "list", - "options": { - "description": {"required": False, "type": "str"}, - "entry_id": {"required": False, "type": "int"}, - "mac": {"required": True, "type": "str"}, - "tag": {"required": False, "type": "list", - "options": { - "tags": {"required": True, "type": "str"} - }} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_switch_controller_security_policy_802_1X.py b/lib/ansible/modules/network/fortios/fortios_switch_controller_security_policy_802_1X.py deleted file mode 100644 index abb53d1020f..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_switch_controller_security_policy_802_1X.py +++ /dev/null @@ -1,439 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_switch_controller_security_policy_802_1X -short_description: Configure 802.1x MAC Authentication Bypass (MAB) policies in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify switch_controller_security_policy feature and 802_1X category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - switch_controller_security_policy_802_1X: - description: - - Configure 802.1x MAC Authentication Bypass (MAB) policies. - default: null - type: dict - suboptions: - auth_fail_vlan: - description: - - Enable to allow limited access to clients that cannot authenticate. - type: str - choices: - - disable - - enable - auth_fail_vlan_id: - description: - - VLAN ID on which authentication failed. Source system.interface.name. - type: str - auth_fail_vlanid: - description: - - VLAN ID on which authentication failed. - type: int - eap_passthru: - description: - - Enable/disable EAP pass-through mode, allowing protocols (such as LLDP) to pass through ports for more flexible authentication. - type: str - choices: - - disable - - enable - guest_auth_delay: - description: - - Guest authentication delay (1 - 900 sec). - type: int - guest_vlan: - description: - - Enable the guest VLAN feature to allow limited access to non-802.1X-compliant clients. - type: str - choices: - - disable - - enable - guest_vlan_id: - description: - - Guest VLAN name. Source system.interface.name. - type: str - guest_vlanid: - description: - - Guest VLAN ID. - type: int - mac_auth_bypass: - description: - - Enable/disable MAB for this policy. - type: str - choices: - - disable - - enable - name: - description: - - Policy name. - required: true - type: str - open_auth: - description: - - Enable/disable open authentication for this policy. - type: str - choices: - - disable - - enable - policy_type: - description: - - Policy type. - type: str - choices: - - 802.1X - radius_timeout_overwrite: - description: - - Enable to override the global RADIUS session timeout. - type: str - choices: - - disable - - enable - security_mode: - description: - - Port or MAC based 802.1X security mode. - type: str - choices: - - 802.1X - - 802.1X-mac-based - user_group: - description: - - Name of user-group to assign to this MAC Authentication Bypass (MAB) policy. - type: list - suboptions: - name: - description: - - Group name. Source user.group.name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure 802.1x MAC Authentication Bypass (MAB) policies. - fortios_switch_controller_security_policy_802_1X: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - switch_controller_security_policy_802_1X: - auth_fail_vlan: "disable" - auth_fail_vlan_id: " (source system.interface.name)" - auth_fail_vlanid: "5" - eap_passthru: "disable" - guest_auth_delay: "7" - guest_vlan: "disable" - guest_vlan_id: " (source system.interface.name)" - guest_vlanid: "10" - mac_auth_bypass: "disable" - name: "default_name_12" - open_auth: "disable" - policy_type: "802.1X" - radius_timeout_overwrite: "disable" - security_mode: "802.1X" - user_group: - - - name: "default_name_18 (source user.group.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_switch_controller_security_policy_802_1X_data(json): - option_list = ['auth_fail_vlan', 'auth_fail_vlan_id', 'auth_fail_vlanid', - 'eap_passthru', 'guest_auth_delay', 'guest_vlan', - 'guest_vlan_id', 'guest_vlanid', 'mac_auth_bypass', - 'name', 'open_auth', 'policy_type', - 'radius_timeout_overwrite', 'security_mode', 'user_group'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def switch_controller_security_policy_802_1X(data, fos): - vdom = data['vdom'] - state = data['state'] - switch_controller_security_policy_802_1X_data = data['switch_controller_security_policy_802_1X'] - filtered_data = underscore_to_hyphen(filter_switch_controller_security_policy_802_1X_data(switch_controller_security_policy_802_1X_data)) - - if state == "present": - return fos.set('switch-controller.security-policy', - '802-1X', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('switch-controller.security-policy', - '802-1X', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_switch_controller_security_policy(data, fos): - - if data['switch_controller_security_policy_802_1X']: - resp = switch_controller_security_policy_802_1X(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "switch_controller_security_policy_802_1X": { - "required": False, "type": "dict", "default": None, - "options": { - "auth_fail_vlan": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "auth_fail_vlan_id": {"required": False, "type": "str"}, - "auth_fail_vlanid": {"required": False, "type": "int"}, - "eap_passthru": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "guest_auth_delay": {"required": False, "type": "int"}, - "guest_vlan": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "guest_vlan_id": {"required": False, "type": "str"}, - "guest_vlanid": {"required": False, "type": "int"}, - "mac_auth_bypass": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "name": {"required": True, "type": "str"}, - "open_auth": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "policy_type": {"required": False, "type": "str", - "choices": ["802.1X"]}, - "radius_timeout_overwrite": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "security_mode": {"required": False, "type": "str", - "choices": ["802.1X", "802.1X-mac-based"]}, - "user_group": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_switch_controller_security_policy(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_switch_controller_security_policy(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_switch_controller_security_policy_captive_portal.py b/lib/ansible/modules/network/fortios/fortios_switch_controller_security_policy_captive_portal.py deleted file mode 100644 index 88da0d5ea87..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_switch_controller_security_policy_captive_portal.py +++ /dev/null @@ -1,324 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_switch_controller_security_policy_captive_portal -short_description: Names of VLANs that use captive portal authentication in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify switch_controller_security_policy feature and captive_portal category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - switch_controller_security_policy_captive_portal: - description: - - Names of VLANs that use captive portal authentication. - default: null - type: dict - suboptions: - name: - description: - - Policy name. - required: true - type: str - policy_type: - description: - - Policy type. - type: str - choices: - - captive-portal - vlan: - description: - - Names of VLANs that use captive portal authentication. Source system.interface.name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Names of VLANs that use captive portal authentication. - fortios_switch_controller_security_policy_captive_portal: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - switch_controller_security_policy_captive_portal: - name: "default_name_3" - policy_type: "captive-portal" - vlan: " (source system.interface.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_switch_controller_security_policy_captive_portal_data(json): - option_list = ['name', 'policy_type', 'vlan'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def switch_controller_security_policy_captive_portal(data, fos): - vdom = data['vdom'] - state = data['state'] - switch_controller_security_policy_captive_portal_data = data['switch_controller_security_policy_captive_portal'] - filtered_data = underscore_to_hyphen(filter_switch_controller_security_policy_captive_portal_data(switch_controller_security_policy_captive_portal_data)) - - if state == "present": - return fos.set('switch-controller.security-policy', - 'captive-portal', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('switch-controller.security-policy', - 'captive-portal', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_switch_controller_security_policy(data, fos): - - if data['switch_controller_security_policy_captive_portal']: - resp = switch_controller_security_policy_captive_portal(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "switch_controller_security_policy_captive_portal": { - "required": False, "type": "dict", "default": None, - "options": { - "name": {"required": True, "type": "str"}, - "policy_type": {"required": False, "type": "str", - "choices": ["captive-portal"]}, - "vlan": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_switch_controller_security_policy(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_switch_controller_security_policy(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_switch_controller_sflow.py b/lib/ansible/modules/network/fortios/fortios_switch_controller_sflow.py deleted file mode 100644 index b17cbfbfa2b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_switch_controller_sflow.py +++ /dev/null @@ -1,295 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_switch_controller_sflow -short_description: Configure FortiSwitch sFlow in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify switch_controller feature and sflow category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - switch_controller_sflow: - description: - - Configure FortiSwitch sFlow. - default: null - type: dict - suboptions: - collector_ip: - description: - - Collector IP. - type: str - collector_port: - description: - - SFlow collector port (0 - 65535). - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiSwitch sFlow. - fortios_switch_controller_sflow: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - switch_controller_sflow: - collector_ip: "" - collector_port: "4" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_switch_controller_sflow_data(json): - option_list = ['collector_ip', 'collector_port'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def switch_controller_sflow(data, fos): - vdom = data['vdom'] - switch_controller_sflow_data = data['switch_controller_sflow'] - filtered_data = underscore_to_hyphen(filter_switch_controller_sflow_data(switch_controller_sflow_data)) - - return fos.set('switch-controller', - 'sflow', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_switch_controller(data, fos): - - if data['switch_controller_sflow']: - resp = switch_controller_sflow(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "switch_controller_sflow": { - "required": False, "type": "dict", "default": None, - "options": { - "collector_ip": {"required": False, "type": "str"}, - "collector_port": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_switch_controller_storm_control.py b/lib/ansible/modules/network/fortios/fortios_switch_controller_storm_control.py deleted file mode 100644 index dde2bdd2679..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_switch_controller_storm_control.py +++ /dev/null @@ -1,321 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_switch_controller_storm_control -short_description: Configure FortiSwitch storm control in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify switch_controller feature and storm_control category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - switch_controller_storm_control: - description: - - Configure FortiSwitch storm control. - default: null - type: dict - suboptions: - broadcast: - description: - - Enable/disable storm control to drop broadcast traffic. - type: str - choices: - - enable - - disable - rate: - description: - - Rate in packets per second at which storm traffic is controlled (1 - 10000000). Storm control drops excess traffic data rates beyond - this threshold. - type: int - unknown_multicast: - description: - - Enable/disable storm control to drop unknown multicast traffic. - type: str - choices: - - enable - - disable - unknown_unicast: - description: - - Enable/disable storm control to drop unknown unicast traffic. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiSwitch storm control. - fortios_switch_controller_storm_control: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - switch_controller_storm_control: - broadcast: "enable" - rate: "4" - unknown_multicast: "enable" - unknown_unicast: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_switch_controller_storm_control_data(json): - option_list = ['broadcast', 'rate', 'unknown_multicast', - 'unknown_unicast'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def switch_controller_storm_control(data, fos): - vdom = data['vdom'] - switch_controller_storm_control_data = data['switch_controller_storm_control'] - filtered_data = underscore_to_hyphen(filter_switch_controller_storm_control_data(switch_controller_storm_control_data)) - - return fos.set('switch-controller', - 'storm-control', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_switch_controller(data, fos): - - if data['switch_controller_storm_control']: - resp = switch_controller_storm_control(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "switch_controller_storm_control": { - "required": False, "type": "dict", "default": None, - "options": { - "broadcast": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "rate": {"required": False, "type": "int"}, - "unknown_multicast": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "unknown_unicast": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_switch_controller_stp_settings.py b/lib/ansible/modules/network/fortios/fortios_switch_controller_stp_settings.py deleted file mode 100644 index f94be228fc4..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_switch_controller_stp_settings.py +++ /dev/null @@ -1,337 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_switch_controller_stp_settings -short_description: Configure FortiSwitch spanning tree protocol (STP) in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify switch_controller feature and stp_settings category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - switch_controller_stp_settings: - description: - - Configure FortiSwitch spanning tree protocol (STP). - default: null - type: dict - suboptions: - forward_time: - description: - - Period of time a port is in listening and learning state (4 - 30 sec). - type: int - hello_time: - description: - - Period of time between successive STP frame Bridge Protocol Data Units (BPDUs) sent on a port (1 - 10 sec). - type: int - max_age: - description: - - Maximum time before a bridge port saves its configuration BPDU information (6 - 40 sec). - type: int - max_hops: - description: - - Maximum number of hops between the root bridge and the furthest bridge (1- 40). - type: int - name: - description: - - Name of global STP settings configuration. - type: str - pending_timer: - description: - - Pending time (1 - 15 sec). - type: int - revision: - description: - - STP revision number (0 - 65535). - type: int - status: - description: - - Enable/disable STP. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiSwitch spanning tree protocol (STP). - fortios_switch_controller_stp_settings: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - switch_controller_stp_settings: - forward_time: "3" - hello_time: "4" - max_age: "5" - max_hops: "6" - name: "default_name_7" - pending_timer: "8" - revision: "9" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_switch_controller_stp_settings_data(json): - option_list = ['forward_time', 'hello_time', 'max_age', - 'max_hops', 'name', 'pending_timer', - 'revision', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def switch_controller_stp_settings(data, fos): - vdom = data['vdom'] - switch_controller_stp_settings_data = data['switch_controller_stp_settings'] - filtered_data = underscore_to_hyphen(filter_switch_controller_stp_settings_data(switch_controller_stp_settings_data)) - - return fos.set('switch-controller', - 'stp-settings', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_switch_controller(data, fos): - - if data['switch_controller_stp_settings']: - resp = switch_controller_stp_settings(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "switch_controller_stp_settings": { - "required": False, "type": "dict", "default": None, - "options": { - "forward_time": {"required": False, "type": "int"}, - "hello_time": {"required": False, "type": "int"}, - "max_age": {"required": False, "type": "int"}, - "max_hops": {"required": False, "type": "int"}, - "name": {"required": False, "type": "str"}, - "pending_timer": {"required": False, "type": "int"}, - "revision": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_switch_controller_switch_group.py b/lib/ansible/modules/network/fortios/fortios_switch_controller_switch_group.py deleted file mode 100644 index ed9b9d6390c..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_switch_controller_switch_group.py +++ /dev/null @@ -1,332 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_switch_controller_switch_group -short_description: Configure FortiSwitch switch groups in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify switch_controller feature and switch_group category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - switch_controller_switch_group: - description: - - Configure FortiSwitch switch groups. - default: null - type: dict - suboptions: - description: - description: - - Optional switch group description. - type: str - members: - description: - - FortiSwitch members belonging to this switch group. - type: list - suboptions: - name: - description: - - Managed device ID. Source switch-controller.managed-switch.switch-id. - required: true - type: str - name: - description: - - Switch group name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiSwitch switch groups. - fortios_switch_controller_switch_group: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - switch_controller_switch_group: - description: "" - members: - - - name: "default_name_5 (source switch-controller.managed-switch.switch-id)" - name: "default_name_6" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_switch_controller_switch_group_data(json): - option_list = ['description', 'members', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def switch_controller_switch_group(data, fos): - vdom = data['vdom'] - state = data['state'] - switch_controller_switch_group_data = data['switch_controller_switch_group'] - filtered_data = underscore_to_hyphen(filter_switch_controller_switch_group_data(switch_controller_switch_group_data)) - - if state == "present": - return fos.set('switch-controller', - 'switch-group', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('switch-controller', - 'switch-group', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_switch_controller(data, fos): - - if data['switch_controller_switch_group']: - resp = switch_controller_switch_group(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "switch_controller_switch_group": { - "required": False, "type": "dict", "default": None, - "options": { - "description": {"required": False, "type": "str"}, - "members": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_switch_controller_switch_interface_tag.py b/lib/ansible/modules/network/fortios/fortios_switch_controller_switch_interface_tag.py deleted file mode 100644 index 1f05068647c..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_switch_controller_switch_interface_tag.py +++ /dev/null @@ -1,309 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_switch_controller_switch_interface_tag -short_description: Configure switch object tags in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify switch_controller feature and switch_interface_tag category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - switch_controller_switch_interface_tag: - description: - - Configure switch object tags. - default: null - type: dict - suboptions: - name: - description: - - Tag name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure switch object tags. - fortios_switch_controller_switch_interface_tag: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - switch_controller_switch_interface_tag: - name: "default_name_3" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_switch_controller_switch_interface_tag_data(json): - option_list = ['name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def switch_controller_switch_interface_tag(data, fos): - vdom = data['vdom'] - state = data['state'] - switch_controller_switch_interface_tag_data = data['switch_controller_switch_interface_tag'] - filtered_data = underscore_to_hyphen(filter_switch_controller_switch_interface_tag_data(switch_controller_switch_interface_tag_data)) - - if state == "present": - return fos.set('switch-controller', - 'switch-interface-tag', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('switch-controller', - 'switch-interface-tag', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_switch_controller(data, fos): - - if data['switch_controller_switch_interface_tag']: - resp = switch_controller_switch_interface_tag(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "switch_controller_switch_interface_tag": { - "required": False, "type": "dict", "default": None, - "options": { - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_switch_controller_switch_log.py b/lib/ansible/modules/network/fortios/fortios_switch_controller_switch_log.py deleted file mode 100644 index b355045848a..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_switch_controller_switch_log.py +++ /dev/null @@ -1,311 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_switch_controller_switch_log -short_description: Configure FortiSwitch logging (logs are transferred to and inserted into FortiGate event log) in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify switch_controller feature and switch_log category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - switch_controller_switch_log: - description: - - Configure FortiSwitch logging (logs are transferred to and inserted into FortiGate event log). - default: null - type: dict - suboptions: - severity: - description: - - Severity of FortiSwitch logs that are added to the FortiGate event log. - type: str - choices: - - emergency - - alert - - critical - - error - - warning - - notification - - information - - debug - status: - description: - - Enable/disable adding FortiSwitch logs to FortiGate event log. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiSwitch logging (logs are transferred to and inserted into FortiGate event log). - fortios_switch_controller_switch_log: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - switch_controller_switch_log: - severity: "emergency" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_switch_controller_switch_log_data(json): - option_list = ['severity', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def switch_controller_switch_log(data, fos): - vdom = data['vdom'] - switch_controller_switch_log_data = data['switch_controller_switch_log'] - filtered_data = underscore_to_hyphen(filter_switch_controller_switch_log_data(switch_controller_switch_log_data)) - - return fos.set('switch-controller', - 'switch-log', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_switch_controller(data, fos): - - if data['switch_controller_switch_log']: - resp = switch_controller_switch_log(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "switch_controller_switch_log": { - "required": False, "type": "dict", "default": None, - "options": { - "severity": {"required": False, "type": "str", - "choices": ["emergency", "alert", "critical", - "error", "warning", "notification", - "information", "debug"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_switch_controller_switch_profile.py b/lib/ansible/modules/network/fortios/fortios_switch_controller_switch_profile.py deleted file mode 100644 index 73028c07fa4..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_switch_controller_switch_profile.py +++ /dev/null @@ -1,326 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_switch_controller_switch_profile -short_description: Configure FortiSwitch switch profile in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify switch_controller feature and switch_profile category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - switch_controller_switch_profile: - description: - - Configure FortiSwitch switch profile. - default: null - type: dict - suboptions: - login_passwd: - description: - - Login password of managed FortiSwitch. - type: str - login_passwd_override: - description: - - Enable/disable overriding the admin administrator password for a managed FortiSwitch with the FortiGate admin administrator account - password. - type: str - choices: - - enable - - disable - name: - description: - - FortiSwitch Profile name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiSwitch switch profile. - fortios_switch_controller_switch_profile: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - switch_controller_switch_profile: - login_passwd: "" - login_passwd_override: "enable" - name: "default_name_5" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_switch_controller_switch_profile_data(json): - option_list = ['login_passwd', 'login_passwd_override', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def switch_controller_switch_profile(data, fos): - vdom = data['vdom'] - state = data['state'] - switch_controller_switch_profile_data = data['switch_controller_switch_profile'] - filtered_data = underscore_to_hyphen(filter_switch_controller_switch_profile_data(switch_controller_switch_profile_data)) - - if state == "present": - return fos.set('switch-controller', - 'switch-profile', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('switch-controller', - 'switch-profile', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_switch_controller(data, fos): - - if data['switch_controller_switch_profile']: - resp = switch_controller_switch_profile(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "switch_controller_switch_profile": { - "required": False, "type": "dict", "default": None, - "options": { - "login_passwd": {"required": False, "type": "str"}, - "login_passwd_override": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_switch_controller_system.py b/lib/ansible/modules/network/fortios/fortios_switch_controller_system.py deleted file mode 100644 index 6a94f86e4c5..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_switch_controller_system.py +++ /dev/null @@ -1,299 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_switch_controller_system -short_description: Configure system-wide switch controller settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify switch_controller feature and system category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - switch_controller_system: - description: - - Configure system-wide switch controller settings. - default: null - type: dict - suboptions: - parallel_process: - description: - - Maximum number of parallel processes (1 - 300). - type: int - parallel_process_override: - description: - - Enable/disable parallel process override. - type: str - choices: - - disable - - enable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure system-wide switch controller settings. - fortios_switch_controller_system: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - switch_controller_system: - parallel_process: "3" - parallel_process_override: "disable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_switch_controller_system_data(json): - option_list = ['parallel_process', 'parallel_process_override'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def switch_controller_system(data, fos): - vdom = data['vdom'] - switch_controller_system_data = data['switch_controller_system'] - filtered_data = underscore_to_hyphen(filter_switch_controller_system_data(switch_controller_system_data)) - - return fos.set('switch-controller', - 'system', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_switch_controller(data, fos): - - if data['switch_controller_system']: - resp = switch_controller_system(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "switch_controller_system": { - "required": False, "type": "dict", "default": None, - "options": { - "parallel_process": {"required": False, "type": "int"}, - "parallel_process_override": {"required": False, "type": "str", - "choices": ["disable", "enable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_switch_controller_virtual_port_pool.py b/lib/ansible/modules/network/fortios/fortios_switch_controller_virtual_port_pool.py deleted file mode 100644 index f5b31efd81a..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_switch_controller_virtual_port_pool.py +++ /dev/null @@ -1,315 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_switch_controller_virtual_port_pool -short_description: Configure virtual pool in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify switch_controller feature and virtual_port_pool category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - switch_controller_virtual_port_pool: - description: - - Configure virtual pool. - default: null - type: dict - suboptions: - description: - description: - - Virtual switch pool description. - type: str - name: - description: - - Virtual switch pool name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure virtual pool. - fortios_switch_controller_virtual_port_pool: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - switch_controller_virtual_port_pool: - description: "" - name: "default_name_4" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_switch_controller_virtual_port_pool_data(json): - option_list = ['description', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def switch_controller_virtual_port_pool(data, fos): - vdom = data['vdom'] - state = data['state'] - switch_controller_virtual_port_pool_data = data['switch_controller_virtual_port_pool'] - filtered_data = underscore_to_hyphen(filter_switch_controller_virtual_port_pool_data(switch_controller_virtual_port_pool_data)) - - if state == "present": - return fos.set('switch-controller', - 'virtual-port-pool', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('switch-controller', - 'virtual-port-pool', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_switch_controller(data, fos): - - if data['switch_controller_virtual_port_pool']: - resp = switch_controller_virtual_port_pool(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "switch_controller_virtual_port_pool": { - "required": False, "type": "dict", "default": None, - "options": { - "description": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_switch_controller_vlan.py b/lib/ansible/modules/network/fortios/fortios_switch_controller_vlan.py deleted file mode 100644 index cb44cc9694c..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_switch_controller_vlan.py +++ /dev/null @@ -1,425 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_switch_controller_vlan -short_description: Configure VLANs for switch controller in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify switch_controller feature and vlan category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - switch_controller_vlan: - description: - - Configure VLANs for switch controller. - default: null - type: dict - suboptions: - auth: - description: - - Authentication. - type: str - choices: - - radius - - usergroup - color: - description: - - Color of icon on the GUI. - type: int - comments: - description: - - Comment. - type: str - name: - description: - - Switch VLAN name. - required: true - type: str - portal_message_override_group: - description: - - Specify captive portal replacement message override group. - type: str - portal_message_overrides: - description: - - Individual message overrides. - type: dict - suboptions: - auth_disclaimer_page: - description: - - Override auth-disclaimer-page message with message from portal-message-overrides group. - type: str - auth_login_failed_page: - description: - - Override auth-login-failed-page message with message from portal-message-overrides group. - type: str - auth_login_page: - description: - - Override auth-login-page message with message from portal-message-overrides group. - type: str - auth_reject_page: - description: - - Override auth-reject-page message with message from portal-message-overrides group. - type: str - radius_server: - description: - - Authentication radius server. Source user.radius.name. - type: str - security: - description: - - Security. - type: str - choices: - - open - - captive-portal - - 8021x - selected_usergroups: - description: - - Selected user group. - type: list - suboptions: - name: - description: - - User group name. Source user.group.name. - required: true - type: str - usergroup: - description: - - Authentication usergroup. Source user.group.name. - type: str - vdom: - description: - - Virtual domain, - type: str - vlanid: - description: - - VLAN ID. - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure VLANs for switch controller. - fortios_switch_controller_vlan: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - switch_controller_vlan: - auth: "radius" - color: "4" - comments: "" - name: "default_name_6" - portal_message_override_group: "" - portal_message_overrides: - auth_disclaimer_page: "" - auth_login_failed_page: "" - auth_login_page: "" - auth_reject_page: "" - radius_server: " (source user.radius.name)" - security: "open" - selected_usergroups: - - - name: "default_name_16 (source user.group.name)" - usergroup: " (source user.group.name)" - vdom: "" - vlanid: "19" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_switch_controller_vlan_data(json): - option_list = ['auth', 'color', 'comments', - 'name', 'portal_message_override_group', 'portal_message_overrides', - 'radius_server', 'security', 'selected_usergroups', - 'usergroup', 'vdom', 'vlanid'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def switch_controller_vlan(data, fos): - vdom = data['vdom'] - state = data['state'] - switch_controller_vlan_data = data['switch_controller_vlan'] - filtered_data = underscore_to_hyphen(filter_switch_controller_vlan_data(switch_controller_vlan_data)) - - if state == "present": - return fos.set('switch-controller', - 'vlan', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('switch-controller', - 'vlan', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_switch_controller(data, fos): - - if data['switch_controller_vlan']: - resp = switch_controller_vlan(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "switch_controller_vlan": { - "required": False, "type": "dict", "default": None, - "options": { - "auth": {"required": False, "type": "str", - "choices": ["radius", "usergroup"]}, - "color": {"required": False, "type": "int"}, - "comments": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "portal_message_override_group": {"required": False, "type": "str"}, - "portal_message_overrides": {"required": False, "type": "dict", - "options": { - "auth_disclaimer_page": {"required": False, "type": "str"}, - "auth_login_failed_page": {"required": False, "type": "str"}, - "auth_login_page": {"required": False, "type": "str"}, - "auth_reject_page": {"required": False, "type": "str"} - }}, - "radius_server": {"required": False, "type": "str"}, - "security": {"required": False, "type": "str", - "choices": ["open", "captive-portal", "8021x"]}, - "selected_usergroups": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "usergroup": {"required": False, "type": "str"}, - "vdom": {"required": False, "type": "str"}, - "vlanid": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_switch_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_accprofile.py b/lib/ansible/modules/network/fortios/fortios_system_accprofile.py deleted file mode 100644 index 804c2437bb9..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_accprofile.py +++ /dev/null @@ -1,831 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_accprofile -short_description: Configure access profiles for system administrators in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and accprofile category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - system_accprofile: - description: - - Configure access profiles for system administrators. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - admintimeout: - description: - - Administrator timeout for this access profile (0 - 480 min). - type: int - admintimeout_override: - description: - - Enable/disable overriding the global administrator idle timeout. - type: str - choices: - - enable - - disable - authgrp: - description: - - Administrator access to Users and Devices. - type: str - choices: - - none - - read - - read-write - comments: - description: - - Comment. - type: str - ftviewgrp: - description: - - FortiView. - type: str - choices: - - none - - read - - read-write - fwgrp: - description: - - Administrator access to the Firewall configuration. - type: str - choices: - - none - - read - - read-write - - custom - fwgrp_permission: - description: - - Custom firewall permission. - type: dict - suboptions: - address: - description: - - Address Configuration. - type: str - choices: - - none - - read - - read-write - policy: - description: - - Policy Configuration. - type: str - choices: - - none - - read - - read-write - schedule: - description: - - Schedule Configuration. - type: str - choices: - - none - - read - - read-write - service: - description: - - Service Configuration. - type: str - choices: - - none - - read - - read-write - loggrp: - description: - - Administrator access to Logging and Reporting including viewing log messages. - type: str - choices: - - none - - read - - read-write - - custom - loggrp_permission: - description: - - Custom Log & Report permission. - type: dict - suboptions: - config: - description: - - Log & Report configuration. - type: str - choices: - - none - - read - - read-write - data_access: - description: - - Log & Report Data Access. - type: str - choices: - - none - - read - - read-write - report_access: - description: - - Log & Report Report Access. - type: str - choices: - - none - - read - - read-write - threat_weight: - description: - - Log & Report Threat Weight. - type: str - choices: - - none - - read - - read-write - name: - description: - - Profile name. - required: true - type: str - netgrp: - description: - - Network Configuration. - type: str - choices: - - none - - read - - read-write - - custom - netgrp_permission: - description: - - Custom network permission. - type: dict - suboptions: - cfg: - description: - - Network Configuration. - type: str - choices: - - none - - read - - read-write - packet_capture: - description: - - Packet Capture Configuration. - type: str - choices: - - none - - read - - read-write - route_cfg: - description: - - Router Configuration. - type: str - choices: - - none - - read - - read-write - scope: - description: - - "Scope of admin access: global or specific VDOM(s)." - type: str - choices: - - vdom - - global - secfabgrp: - description: - - Security Fabric. - type: str - choices: - - none - - read - - read-write - sysgrp: - description: - - System Configuration. - type: str - choices: - - none - - read - - read-write - - custom - sysgrp_permission: - description: - - Custom system permission. - type: dict - suboptions: - admin: - description: - - Administrator Users. - type: str - choices: - - none - - read - - read-write - cfg: - description: - - System Configuration. - type: str - choices: - - none - - read - - read-write - mnt: - description: - - Maintenance. - type: str - choices: - - none - - read - - read-write - upd: - description: - - FortiGuard Updates. - type: str - choices: - - none - - read - - read-write - utmgrp: - description: - - Administrator access to Security Profiles. - type: str - choices: - - none - - read - - read-write - - custom - utmgrp_permission: - description: - - Custom Security Profile permissions. - type: dict - suboptions: - antivirus: - description: - - Antivirus profiles and settings. - type: str - choices: - - none - - read - - read-write - application_control: - description: - - Application Control profiles and settings. - type: str - choices: - - none - - read - - read-write - data_loss_prevention: - description: - - DLP profiles and settings. - type: str - choices: - - none - - read - - read-write - dnsfilter: - description: - - DNS Filter profiles and settings. - type: str - choices: - - none - - read - - read-write - endpoint_control: - description: - - FortiClient Profiles. - type: str - choices: - - none - - read - - read-write - icap: - description: - - ICAP profiles and settings. - type: str - choices: - - none - - read - - read-write - ips: - description: - - IPS profiles and settings. - type: str - choices: - - none - - read - - read-write - spamfilter: - description: - - AntiSpam filter and settings. - type: str - choices: - - none - - read - - read-write - voip: - description: - - VoIP profiles and settings. - type: str - choices: - - none - - read - - read-write - waf: - description: - - Web Application Firewall profiles and settings. - type: str - choices: - - none - - read - - read-write - webfilter: - description: - - Web Filter profiles and settings. - type: str - choices: - - none - - read - - read-write - vpngrp: - description: - - Administrator access to IPsec, SSL, PPTP, and L2TP VPN. - type: str - choices: - - none - - read - - read-write - wanoptgrp: - description: - - Administrator access to WAN Opt & Cache. - type: str - choices: - - none - - read - - read-write - wifi: - description: - - Administrator access to the WiFi controller and Switch controller. - type: str - choices: - - none - - read - - read-write -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure access profiles for system administrators. - fortios_system_accprofile: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_accprofile: - admintimeout: "3" - admintimeout_override: "enable" - authgrp: "none" - comments: "" - ftviewgrp: "none" - fwgrp: "none" - fwgrp_permission: - address: "none" - policy: "none" - schedule: "none" - service: "none" - loggrp: "none" - loggrp_permission: - config: "none" - data_access: "none" - report_access: "none" - threat_weight: "none" - name: "default_name_20" - netgrp: "none" - netgrp_permission: - cfg: "none" - packet_capture: "none" - route_cfg: "none" - scope: "vdom" - secfabgrp: "none" - sysgrp: "none" - sysgrp_permission: - admin: "none" - cfg: "none" - mnt: "none" - upd: "none" - utmgrp: "none" - utmgrp_permission: - antivirus: "none" - application_control: "none" - data_loss_prevention: "none" - dnsfilter: "none" - endpoint_control: "none" - icap: "none" - ips: "none" - spamfilter: "none" - voip: "none" - waf: "none" - webfilter: "none" - vpngrp: "none" - wanoptgrp: "none" - wifi: "none" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_accprofile_data(json): - option_list = ['admintimeout', 'admintimeout_override', 'authgrp', - 'comments', 'ftviewgrp', 'fwgrp', - 'fwgrp_permission', 'loggrp', 'loggrp_permission', - 'name', 'netgrp', 'netgrp_permission', - 'scope', 'secfabgrp', 'sysgrp', - 'sysgrp_permission', 'utmgrp', 'utmgrp_permission', - 'vpngrp', 'wanoptgrp', 'wifi'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_accprofile(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['system_accprofile'] and data['system_accprofile']: - state = data['system_accprofile']['state'] - else: - state = True - system_accprofile_data = data['system_accprofile'] - filtered_data = underscore_to_hyphen(filter_system_accprofile_data(system_accprofile_data)) - - if state == "present": - return fos.set('system', - 'accprofile', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'accprofile', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_accprofile']: - resp = system_accprofile(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "system_accprofile": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "admintimeout": {"required": False, "type": "int"}, - "admintimeout_override": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "authgrp": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]}, - "comments": {"required": False, "type": "str"}, - "ftviewgrp": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]}, - "fwgrp": {"required": False, "type": "str", - "choices": ["none", "read", "read-write", - "custom"]}, - "fwgrp_permission": {"required": False, "type": "dict", - "options": { - "address": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]}, - "policy": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]}, - "schedule": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]}, - "service": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]} - }}, - "loggrp": {"required": False, "type": "str", - "choices": ["none", "read", "read-write", - "custom"]}, - "loggrp_permission": {"required": False, "type": "dict", - "options": { - "config": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]}, - "data_access": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]}, - "report_access": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]}, - "threat_weight": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]} - }}, - "name": {"required": True, "type": "str"}, - "netgrp": {"required": False, "type": "str", - "choices": ["none", "read", "read-write", - "custom"]}, - "netgrp_permission": {"required": False, "type": "dict", - "options": { - "cfg": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]}, - "packet_capture": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]}, - "route_cfg": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]} - }}, - "scope": {"required": False, "type": "str", - "choices": ["vdom", "global"]}, - "secfabgrp": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]}, - "sysgrp": {"required": False, "type": "str", - "choices": ["none", "read", "read-write", - "custom"]}, - "sysgrp_permission": {"required": False, "type": "dict", - "options": { - "admin": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]}, - "cfg": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]}, - "mnt": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]}, - "upd": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]} - }}, - "utmgrp": {"required": False, "type": "str", - "choices": ["none", "read", "read-write", - "custom"]}, - "utmgrp_permission": {"required": False, "type": "dict", - "options": { - "antivirus": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]}, - "application_control": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]}, - "data_loss_prevention": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]}, - "dnsfilter": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]}, - "endpoint_control": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]}, - "icap": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]}, - "ips": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]}, - "spamfilter": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]}, - "voip": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]}, - "waf": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]}, - "webfilter": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]} - }}, - "vpngrp": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]}, - "wanoptgrp": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]}, - "wifi": {"required": False, "type": "str", - "choices": ["none", "read", "read-write"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_admin.py b/lib/ansible/modules/network/fortios/fortios_system_admin.py deleted file mode 100644 index 35546318f82..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_admin.py +++ /dev/null @@ -1,1015 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_admin -short_description: Configure admin users in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and admin category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - system_admin: - description: - - Configure admin users. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - accprofile: - description: - - Access profile for this administrator. Access profiles control administrator access to FortiGate features. Source system.accprofile.name. - type: str - accprofile_override: - description: - - Enable to use the name of an access profile provided by the remote authentication server to control the FortiGate features that this - administrator can access. - type: str - choices: - - enable - - disable - allow_remove_admin_session: - description: - - Enable/disable allow admin session to be removed by privileged admin users. - type: str - choices: - - enable - - disable - comments: - description: - - Comment. - type: str - email_to: - description: - - This administrator's email address. - type: str - force_password_change: - description: - - Enable/disable force password change on next login. - type: str - choices: - - enable - - disable - fortitoken: - description: - - This administrator's FortiToken serial number. - type: str - guest_auth: - description: - - Enable/disable guest authentication. - type: str - choices: - - disable - - enable - guest_lang: - description: - - Guest management portal language. Source system.custom-language.name. - type: str - guest_usergroups: - description: - - Select guest user groups. - type: list - suboptions: - name: - description: - - Select guest user groups. - required: true - type: str - gui_dashboard: - description: - - GUI dashboards. - type: list - suboptions: - columns: - description: - - Number of columns. - type: int - id: - description: - - Dashboard ID. - required: true - type: int - layout_type: - description: - - Layout type. - type: str - choices: - - responsive - - fixed - name: - description: - - Dashboard name. - type: str - scope: - description: - - Dashboard scope. - type: str - choices: - - global - - vdom - widget: - description: - - Dashboard widgets. - type: list - suboptions: - fabric_device: - description: - - Fabric device to monitor. - type: str - fortiview_filters: - description: - - FortiView filters. - type: list - suboptions: - id: - description: - - FortiView Filter ID. - required: true - type: int - key: - description: - - Filter key. - type: str - value: - description: - - Filter value. - type: str - fortiview_sort_by: - description: - - FortiView sort by. - type: str - fortiview_timeframe: - description: - - FortiView timeframe. - type: str - fortiview_type: - description: - - FortiView type. - type: str - fortiview_visualization: - description: - - FortiView visualization. - type: str - height: - description: - - Height. - type: int - id: - description: - - Widget ID. - required: true - type: int - industry: - description: - - Security Audit Rating industry. - type: str - choices: - - default - - custom - interface: - description: - - Interface to monitor. Source system.interface.name. - type: str - region: - description: - - Security Audit Rating region. - type: str - choices: - - default - - custom - title: - description: - - Widget title. - type: str - type: - description: - - Widget type. - type: str - choices: - - sysinfo - - licinfo - - vminfo - - forticloud - - cpu-usage - - memory-usage - - disk-usage - - log-rate - - sessions - - session-rate - - tr-history - - analytics - - usb-modem - - admins - - security-fabric - - security-fabric-ranking - - ha-status - - vulnerability-summary - - host-scan-summary - - fortiview - - botnet-activity - - fortimail - width: - description: - - Width. - type: int - x_pos: - description: - - X position. - type: int - y_pos: - description: - - Y position. - type: int - gui_global_menu_favorites: - description: - - Favorite GUI menu IDs for the global VDOM. - type: list - suboptions: - id: - description: - - Select menu ID. - required: true - type: str - gui_vdom_menu_favorites: - description: - - Favorite GUI menu IDs for VDOMs. - type: list - suboptions: - id: - description: - - Select menu ID. - required: true - type: str - hidden: - description: - - Admin user hidden attribute. - type: int - history0: - description: - - history0 - type: str - history1: - description: - - history1 - type: str - ip6_trusthost1: - description: - - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. - type: str - ip6_trusthost10: - description: - - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. - type: str - ip6_trusthost2: - description: - - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. - type: str - ip6_trusthost3: - description: - - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. - type: str - ip6_trusthost4: - description: - - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. - type: str - ip6_trusthost5: - description: - - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. - type: str - ip6_trusthost6: - description: - - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. - type: str - ip6_trusthost7: - description: - - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. - type: str - ip6_trusthost8: - description: - - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. - type: str - ip6_trusthost9: - description: - - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. - type: str - login_time: - description: - - Record user login time. - type: list - suboptions: - last_failed_login: - description: - - Last failed login time. - type: str - last_login: - description: - - Last successful login time. - type: str - usr_name: - description: - - User name. - type: str - name: - description: - - User name. - required: true - type: str - password: - description: - - Admin user password. - type: str - password_expire: - description: - - Password expire time. - type: str - peer_auth: - description: - - Set to enable peer certificate authentication (for HTTPS admin access). - type: str - choices: - - enable - - disable - peer_group: - description: - - Name of peer group defined under config user group which has PKI members. Used for peer certificate authentication (for HTTPS admin - access). - type: str - radius_vdom_override: - description: - - Enable to use the names of VDOMs provided by the remote authentication server to control the VDOMs that this administrator can access. - type: str - choices: - - enable - - disable - remote_auth: - description: - - Enable/disable authentication using a remote RADIUS, LDAP, or TACACS+ server. - type: str - choices: - - enable - - disable - remote_group: - description: - - User group name used for remote auth. - type: str - schedule: - description: - - Firewall schedule used to restrict when the administrator can log in. No schedule means no restrictions. - type: str - sms_custom_server: - description: - - Custom SMS server to send SMS messages to. Source system.sms-server.name. - type: str - sms_phone: - description: - - Phone number on which the administrator receives SMS messages. - type: str - sms_server: - description: - - Send SMS messages using the FortiGuard SMS server or a custom server. - type: str - choices: - - fortiguard - - custom - ssh_certificate: - description: - - Select the certificate to be used by the FortiGate for authentication with an SSH client. Source certificate.local.name. - type: str - ssh_public_key1: - description: - - Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the - SSH client application. - type: str - ssh_public_key2: - description: - - Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the - SSH client application. - type: str - ssh_public_key3: - description: - - Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the - SSH client application. - type: str - trusthost1: - description: - - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access - from any IPv4 address. - type: str - trusthost10: - description: - - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access - from any IPv4 address. - type: str - trusthost2: - description: - - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access - from any IPv4 address. - type: str - trusthost3: - description: - - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access - from any IPv4 address. - type: str - trusthost4: - description: - - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access - from any IPv4 address. - type: str - trusthost5: - description: - - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access - from any IPv4 address. - type: str - trusthost6: - description: - - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access - from any IPv4 address. - type: str - trusthost7: - description: - - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access - from any IPv4 address. - type: str - trusthost8: - description: - - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access - from any IPv4 address. - type: str - trusthost9: - description: - - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access - from any IPv4 address. - type: str - two_factor: - description: - - Enable/disable two-factor authentication. - type: str - choices: - - disable - - fortitoken - - email - - sms - vdom: - description: - - Virtual domain(s) that the administrator can access. - type: list - suboptions: - name: - description: - - Virtual domain name. Source system.vdom.name. - required: true - type: str - wildcard: - description: - - Enable/disable wildcard RADIUS authentication. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure admin users. - fortios_system_admin: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_admin: - accprofile: " (source system.accprofile.name)" - accprofile_override: "enable" - allow_remove_admin_session: "enable" - comments: "" - email_to: "" - force_password_change: "enable" - fortitoken: "" - guest_auth: "disable" - guest_lang: " (source system.custom-language.name)" - guest_usergroups: - - - name: "default_name_13" - gui_dashboard: - - - columns: "15" - id: "16" - layout_type: "responsive" - name: "default_name_18" - scope: "global" - widget: - - - fabric_device: "" - fortiview_filters: - - - id: "23" - key: "" - value: "" - fortiview_sort_by: "" - fortiview_timeframe: "" - fortiview_type: "" - fortiview_visualization: "" - height: "30" - id: "31" - industry: "default" - interface: " (source system.interface.name)" - region: "default" - title: "" - type: "sysinfo" - width: "37" - x_pos: "38" - y_pos: "39" - gui_global_menu_favorites: - - - id: "41" - gui_vdom_menu_favorites: - - - id: "43" - hidden: "44" - history0: "" - history1: "" - ip6_trusthost1: "" - ip6_trusthost10: "" - ip6_trusthost2: "" - ip6_trusthost3: "" - ip6_trusthost4: "" - ip6_trusthost5: "" - ip6_trusthost6: "" - ip6_trusthost7: "" - ip6_trusthost8: "" - ip6_trusthost9: "" - login_time: - - - last_failed_login: "" - last_login: "" - usr_name: "" - name: "default_name_61" - password: "" - password_expire: "" - peer_auth: "enable" - peer_group: "" - radius_vdom_override: "enable" - remote_auth: "enable" - remote_group: "" - schedule: "" - sms_custom_server: " (source system.sms-server.name)" - sms_phone: "" - sms_server: "fortiguard" - ssh_certificate: " (source certificate.local.name)" - ssh_public_key1: "" - ssh_public_key2: "" - ssh_public_key3: "" - trusthost1: "" - trusthost10: "" - trusthost2: "" - trusthost3: "" - trusthost4: "" - trusthost5: "" - trusthost6: "" - trusthost7: "" - trusthost8: "" - trusthost9: "" - two_factor: "disable" - vdom: - - - name: "default_name_89 (source system.vdom.name)" - wildcard: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_admin_data(json): - option_list = ['accprofile', 'accprofile_override', 'allow_remove_admin_session', - 'comments', 'email_to', 'force_password_change', - 'fortitoken', 'guest_auth', 'guest_lang', - 'guest_usergroups', 'gui_dashboard', 'gui_global_menu_favorites', - 'gui_vdom_menu_favorites', 'hidden', 'history0', - 'history1', 'ip6_trusthost1', 'ip6_trusthost10', - 'ip6_trusthost2', 'ip6_trusthost3', 'ip6_trusthost4', - 'ip6_trusthost5', 'ip6_trusthost6', 'ip6_trusthost7', - 'ip6_trusthost8', 'ip6_trusthost9', 'login_time', - 'name', 'password', 'password_expire', - 'peer_auth', 'peer_group', 'radius_vdom_override', - 'remote_auth', 'remote_group', 'schedule', - 'sms_custom_server', 'sms_phone', 'sms_server', - 'ssh_certificate', 'ssh_public_key1', 'ssh_public_key2', - 'ssh_public_key3', 'trusthost1', 'trusthost10', - 'trusthost2', 'trusthost3', 'trusthost4', - 'trusthost5', 'trusthost6', 'trusthost7', - 'trusthost8', 'trusthost9', 'two_factor', - 'vdom', 'wildcard'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_admin(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['system_admin'] and data['system_admin']: - state = data['system_admin']['state'] - else: - state = True - system_admin_data = data['system_admin'] - filtered_data = underscore_to_hyphen(filter_system_admin_data(system_admin_data)) - - if state == "present": - return fos.set('system', - 'admin', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'admin', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_admin']: - resp = system_admin(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "system_admin": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "accprofile": {"required": False, "type": "str"}, - "accprofile_override": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "allow_remove_admin_session": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "comments": {"required": False, "type": "str"}, - "email_to": {"required": False, "type": "str"}, - "force_password_change": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "fortitoken": {"required": False, "type": "str"}, - "guest_auth": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "guest_lang": {"required": False, "type": "str"}, - "guest_usergroups": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "gui_dashboard": {"required": False, "type": "list", - "options": { - "columns": {"required": False, "type": "int"}, - "id": {"required": True, "type": "int"}, - "layout_type": {"required": False, "type": "str", - "choices": ["responsive", "fixed"]}, - "name": {"required": False, "type": "str"}, - "scope": {"required": False, "type": "str", - "choices": ["global", "vdom"]}, - "widget": {"required": False, "type": "list", - "options": { - "fabric_device": {"required": False, "type": "str"}, - "fortiview_filters": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "key": {"required": False, "type": "str"}, - "value": {"required": False, "type": "str"} - }}, - "fortiview_sort_by": {"required": False, "type": "str"}, - "fortiview_timeframe": {"required": False, "type": "str"}, - "fortiview_type": {"required": False, "type": "str"}, - "fortiview_visualization": {"required": False, "type": "str"}, - "height": {"required": False, "type": "int"}, - "id": {"required": True, "type": "int"}, - "industry": {"required": False, "type": "str", - "choices": ["default", "custom"]}, - "interface": {"required": False, "type": "str"}, - "region": {"required": False, "type": "str", - "choices": ["default", "custom"]}, - "title": {"required": False, "type": "str"}, - "type": {"required": False, "type": "str", - "choices": ["sysinfo", "licinfo", "vminfo", - "forticloud", "cpu-usage", "memory-usage", - "disk-usage", "log-rate", "sessions", - "session-rate", "tr-history", "analytics", - "usb-modem", "admins", "security-fabric", - "security-fabric-ranking", "ha-status", "vulnerability-summary", - "host-scan-summary", "fortiview", "botnet-activity", - "fortimail"]}, - "width": {"required": False, "type": "int"}, - "x_pos": {"required": False, "type": "int"}, - "y_pos": {"required": False, "type": "int"} - }} - }}, - "gui_global_menu_favorites": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "str"} - }}, - "gui_vdom_menu_favorites": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "str"} - }}, - "hidden": {"required": False, "type": "int"}, - "history0": {"required": False, "type": "str"}, - "history1": {"required": False, "type": "str"}, - "ip6_trusthost1": {"required": False, "type": "str"}, - "ip6_trusthost10": {"required": False, "type": "str"}, - "ip6_trusthost2": {"required": False, "type": "str"}, - "ip6_trusthost3": {"required": False, "type": "str"}, - "ip6_trusthost4": {"required": False, "type": "str"}, - "ip6_trusthost5": {"required": False, "type": "str"}, - "ip6_trusthost6": {"required": False, "type": "str"}, - "ip6_trusthost7": {"required": False, "type": "str"}, - "ip6_trusthost8": {"required": False, "type": "str"}, - "ip6_trusthost9": {"required": False, "type": "str"}, - "login_time": {"required": False, "type": "list", - "options": { - "last_failed_login": {"required": False, "type": "str"}, - "last_login": {"required": False, "type": "str"}, - "usr_name": {"required": False, "type": "str"} - }}, - "name": {"required": True, "type": "str"}, - "password": {"required": False, "type": "str"}, - "password_expire": {"required": False, "type": "str"}, - "peer_auth": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "peer_group": {"required": False, "type": "str"}, - "radius_vdom_override": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "remote_auth": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "remote_group": {"required": False, "type": "str"}, - "schedule": {"required": False, "type": "str"}, - "sms_custom_server": {"required": False, "type": "str"}, - "sms_phone": {"required": False, "type": "str"}, - "sms_server": {"required": False, "type": "str", - "choices": ["fortiguard", "custom"]}, - "ssh_certificate": {"required": False, "type": "str"}, - "ssh_public_key1": {"required": False, "type": "str"}, - "ssh_public_key2": {"required": False, "type": "str"}, - "ssh_public_key3": {"required": False, "type": "str"}, - "trusthost1": {"required": False, "type": "str"}, - "trusthost10": {"required": False, "type": "str"}, - "trusthost2": {"required": False, "type": "str"}, - "trusthost3": {"required": False, "type": "str"}, - "trusthost4": {"required": False, "type": "str"}, - "trusthost5": {"required": False, "type": "str"}, - "trusthost6": {"required": False, "type": "str"}, - "trusthost7": {"required": False, "type": "str"}, - "trusthost8": {"required": False, "type": "str"}, - "trusthost9": {"required": False, "type": "str"}, - "two_factor": {"required": False, "type": "str", - "choices": ["disable", "fortitoken", "email", - "sms"]}, - "vdom": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "wildcard": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_affinity_interrupt.py b/lib/ansible/modules/network/fortios/fortios_system_affinity_interrupt.py deleted file mode 100644 index 3d05340c176..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_affinity_interrupt.py +++ /dev/null @@ -1,321 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_affinity_interrupt -short_description: Configure interrupt affinity in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and affinity_interrupt category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_affinity_interrupt: - description: - - Configure interrupt affinity. - default: null - type: dict - suboptions: - affinity_cpumask: - description: - - Affinity setting for VM throughput (64-bit hexadecimal value in the format of 0xxxxxxxxxxxxxxxxx). - type: str - id: - description: - - ID of the interrupt affinity setting. - required: true - type: int - interrupt: - description: - - Interrupt name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure interrupt affinity. - fortios_system_affinity_interrupt: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_affinity_interrupt: - affinity_cpumask: "" - id: "4" - interrupt: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_affinity_interrupt_data(json): - option_list = ['affinity_cpumask', 'id', 'interrupt'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_affinity_interrupt(data, fos): - vdom = data['vdom'] - state = data['state'] - system_affinity_interrupt_data = data['system_affinity_interrupt'] - filtered_data = underscore_to_hyphen(filter_system_affinity_interrupt_data(system_affinity_interrupt_data)) - - if state == "present": - return fos.set('system', - 'affinity-interrupt', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'affinity-interrupt', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_affinity_interrupt']: - resp = system_affinity_interrupt(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_affinity_interrupt": { - "required": False, "type": "dict", "default": None, - "options": { - "affinity_cpumask": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "interrupt": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_affinity_packet_redistribution.py b/lib/ansible/modules/network/fortios/fortios_system_affinity_packet_redistribution.py deleted file mode 100644 index 95108b3b2c9..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_affinity_packet_redistribution.py +++ /dev/null @@ -1,328 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_affinity_packet_redistribution -short_description: Configure packet redistribution in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and affinity_packet_redistribution category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_affinity_packet_redistribution: - description: - - Configure packet redistribution. - default: null - type: dict - suboptions: - affinity_cpumask: - description: - - Affinity setting for VM throughput (64-bit hexadecimal value in the format of 0xxxxxxxxxxxxxxxxx). - type: str - id: - description: - - ID of the packet redistribution setting. - required: true - type: int - interface: - description: - - Physical interface name on which to perform packet redistribution. Source system.interface.name. - type: str - rxqid: - description: - - ID of the receive queue (when the interface has multiple queues) on which to perform packet redistribution. - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure packet redistribution. - fortios_system_affinity_packet_redistribution: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_affinity_packet_redistribution: - affinity_cpumask: "" - id: "4" - interface: " (source system.interface.name)" - rxqid: "6" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_affinity_packet_redistribution_data(json): - option_list = ['affinity_cpumask', 'id', 'interface', - 'rxqid'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_affinity_packet_redistribution(data, fos): - vdom = data['vdom'] - state = data['state'] - system_affinity_packet_redistribution_data = data['system_affinity_packet_redistribution'] - filtered_data = underscore_to_hyphen(filter_system_affinity_packet_redistribution_data(system_affinity_packet_redistribution_data)) - - if state == "present": - return fos.set('system', - 'affinity-packet-redistribution', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'affinity-packet-redistribution', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_affinity_packet_redistribution']: - resp = system_affinity_packet_redistribution(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_affinity_packet_redistribution": { - "required": False, "type": "dict", "default": None, - "options": { - "affinity_cpumask": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "interface": {"required": False, "type": "str"}, - "rxqid": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_alarm.py b/lib/ansible/modules/network/fortios/fortios_system_alarm.py deleted file mode 100644 index 1312189af3f..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_alarm.py +++ /dev/null @@ -1,439 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_alarm -short_description: Configure alarm in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and alarm category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_alarm: - description: - - Configure alarm. - default: null - type: dict - suboptions: - audible: - description: - - Enable/disable audible alarm. - type: str - choices: - - enable - - disable - groups: - description: - - Alarm groups. - type: list - suboptions: - admin_auth_failure_threshold: - description: - - Admin authentication failure threshold. - type: int - admin_auth_lockout_threshold: - description: - - Admin authentication lockout threshold. - type: int - decryption_failure_threshold: - description: - - Decryption failure threshold. - type: int - encryption_failure_threshold: - description: - - Encryption failure threshold. - type: int - fw_policy_id: - description: - - Firewall policy ID. - type: int - fw_policy_id_threshold: - description: - - Firewall policy ID threshold. - type: int - fw_policy_violations: - description: - - Firewall policy violations. - type: list - suboptions: - dst_ip: - description: - - Destination IP (0=all). - type: str - dst_port: - description: - - Destination port (0=all). - type: int - id: - description: - - Firewall policy violations ID. - required: true - type: int - src_ip: - description: - - Source IP (0=all). - type: str - src_port: - description: - - Source port (0=all). - type: int - threshold: - description: - - Firewall policy violation threshold. - type: int - id: - description: - - Group ID. - required: true - type: int - log_full_warning_threshold: - description: - - Log full warning threshold. - type: int - period: - description: - - Time period in seconds (0 = from start up). - type: int - replay_attempt_threshold: - description: - - Replay attempt threshold. - type: int - self_test_failure_threshold: - description: - - Self-test failure threshold. - type: int - user_auth_failure_threshold: - description: - - User authentication failure threshold. - type: int - user_auth_lockout_threshold: - description: - - User authentication lockout threshold. - type: int - status: - description: - - Enable/disable alarm. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure alarm. - fortios_system_alarm: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_alarm: - audible: "enable" - groups: - - - admin_auth_failure_threshold: "5" - admin_auth_lockout_threshold: "6" - decryption_failure_threshold: "7" - encryption_failure_threshold: "8" - fw_policy_id: "9" - fw_policy_id_threshold: "10" - fw_policy_violations: - - - dst_ip: "" - dst_port: "13" - id: "14" - src_ip: "" - src_port: "16" - threshold: "17" - id: "18" - log_full_warning_threshold: "19" - period: "20" - replay_attempt_threshold: "21" - self_test_failure_threshold: "22" - user_auth_failure_threshold: "23" - user_auth_lockout_threshold: "24" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_alarm_data(json): - option_list = ['audible', 'groups', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_alarm(data, fos): - vdom = data['vdom'] - system_alarm_data = data['system_alarm'] - filtered_data = underscore_to_hyphen(filter_system_alarm_data(system_alarm_data)) - - return fos.set('system', - 'alarm', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_alarm']: - resp = system_alarm(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_alarm": { - "required": False, "type": "dict", "default": None, - "options": { - "audible": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "groups": {"required": False, "type": "list", - "options": { - "admin_auth_failure_threshold": {"required": False, "type": "int"}, - "admin_auth_lockout_threshold": {"required": False, "type": "int"}, - "decryption_failure_threshold": {"required": False, "type": "int"}, - "encryption_failure_threshold": {"required": False, "type": "int"}, - "fw_policy_id": {"required": False, "type": "int"}, - "fw_policy_id_threshold": {"required": False, "type": "int"}, - "fw_policy_violations": {"required": False, "type": "list", - "options": { - "dst_ip": {"required": False, "type": "str"}, - "dst_port": {"required": False, "type": "int"}, - "id": {"required": True, "type": "int"}, - "src_ip": {"required": False, "type": "str"}, - "src_port": {"required": False, "type": "int"}, - "threshold": {"required": False, "type": "int"} - }}, - "id": {"required": True, "type": "int"}, - "log_full_warning_threshold": {"required": False, "type": "int"}, - "period": {"required": False, "type": "int"}, - "replay_attempt_threshold": {"required": False, "type": "int"}, - "self_test_failure_threshold": {"required": False, "type": "int"}, - "user_auth_failure_threshold": {"required": False, "type": "int"}, - "user_auth_lockout_threshold": {"required": False, "type": "int"} - }}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_alias.py b/lib/ansible/modules/network/fortios/fortios_system_alias.py deleted file mode 100644 index a679efe871a..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_alias.py +++ /dev/null @@ -1,315 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_alias -short_description: Configure alias command in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and alias category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_alias: - description: - - Configure alias command. - default: null - type: dict - suboptions: - command: - description: - - Command list to execute. - type: str - name: - description: - - Alias command name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure alias command. - fortios_system_alias: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_alias: - command: "" - name: "default_name_4" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_alias_data(json): - option_list = ['command', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_alias(data, fos): - vdom = data['vdom'] - state = data['state'] - system_alias_data = data['system_alias'] - filtered_data = underscore_to_hyphen(filter_system_alias_data(system_alias_data)) - - if state == "present": - return fos.set('system', - 'alias', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'alias', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_alias']: - resp = system_alias(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_alias": { - "required": False, "type": "dict", "default": None, - "options": { - "command": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_api_user.py b/lib/ansible/modules/network/fortios/fortios_system_api_user.py deleted file mode 100644 index d578b598f65..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_api_user.py +++ /dev/null @@ -1,436 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_api_user -short_description: Configure API users in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and api_user category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - system_api_user: - description: - - Configure API users. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - accprofile: - description: - - Admin user access profile. Source system.accprofile.name. - type: str - api_key: - description: - - Admin user password. - type: str - comments: - description: - - Comment. - type: str - cors_allow_origin: - description: - - Value for Access-Control-Allow-Origin on API responses. Avoid using '*' if possible. - type: str - name: - description: - - User name. - required: true - type: str - peer_auth: - description: - - Enable/disable peer authentication. - type: str - choices: - - enable - - disable - peer_group: - description: - - Peer group name. - type: str - schedule: - description: - - Schedule name. - type: str - trusthost: - description: - - Trusthost. - type: list - suboptions: - id: - description: - - Table ID. - required: true - type: int - ipv4_trusthost: - description: - - IPv4 trusted host address. - type: str - ipv6_trusthost: - description: - - IPv6 trusted host address. - type: str - type: - description: - - Trusthost type. - type: str - choices: - - ipv4-trusthost - - ipv6-trusthost - vdom: - description: - - Virtual domains. - type: list - suboptions: - name: - description: - - Virtual domain name. Source system.vdom.name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure API users. - fortios_system_api_user: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_api_user: - accprofile: " (source system.accprofile.name)" - api_key: "" - comments: "" - cors_allow_origin: "" - name: "default_name_7" - peer_auth: "enable" - peer_group: "" - schedule: "" - trusthost: - - - id: "12" - ipv4_trusthost: "" - ipv6_trusthost: "" - type: "ipv4-trusthost" - vdom: - - - name: "default_name_17 (source system.vdom.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_api_user_data(json): - option_list = ['accprofile', 'api_key', 'comments', - 'cors_allow_origin', 'name', 'peer_auth', - 'peer_group', 'schedule', 'trusthost', - 'vdom'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_api_user(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['system_api_user'] and data['system_api_user']: - state = data['system_api_user']['state'] - else: - state = True - system_api_user_data = data['system_api_user'] - filtered_data = underscore_to_hyphen(filter_system_api_user_data(system_api_user_data)) - - if state == "present": - return fos.set('system', - 'api-user', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'api-user', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_api_user']: - resp = system_api_user(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "system_api_user": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "accprofile": {"required": False, "type": "str"}, - "api_key": {"required": False, "type": "str"}, - "comments": {"required": False, "type": "str"}, - "cors_allow_origin": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "peer_auth": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "peer_group": {"required": False, "type": "str"}, - "schedule": {"required": False, "type": "str"}, - "trusthost": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "ipv4_trusthost": {"required": False, "type": "str"}, - "ipv6_trusthost": {"required": False, "type": "str"}, - "type": {"required": False, "type": "str", - "choices": ["ipv4-trusthost", "ipv6-trusthost"]} - }}, - "vdom": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_arp_table.py b/lib/ansible/modules/network/fortios/fortios_system_arp_table.py deleted file mode 100644 index 78b03355fe6..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_arp_table.py +++ /dev/null @@ -1,328 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_arp_table -short_description: Configure ARP table in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and arp_table category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_arp_table: - description: - - Configure ARP table. - default: null - type: dict - suboptions: - id: - description: - - Unique integer ID of the entry. - required: true - type: int - interface: - description: - - Interface name. Source system.interface.name. - type: str - ip: - description: - - IP address. - type: str - mac: - description: - - MAC address. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure ARP table. - fortios_system_arp_table: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_arp_table: - id: "3" - interface: " (source system.interface.name)" - ip: "" - mac: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_arp_table_data(json): - option_list = ['id', 'interface', 'ip', - 'mac'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_arp_table(data, fos): - vdom = data['vdom'] - state = data['state'] - system_arp_table_data = data['system_arp_table'] - filtered_data = underscore_to_hyphen(filter_system_arp_table_data(system_arp_table_data)) - - if state == "present": - return fos.set('system', - 'arp-table', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'arp-table', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_arp_table']: - resp = system_arp_table(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_arp_table": { - "required": False, "type": "dict", "default": None, - "options": { - "id": {"required": True, "type": "int"}, - "interface": {"required": False, "type": "str"}, - "ip": {"required": False, "type": "str"}, - "mac": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_auto_install.py b/lib/ansible/modules/network/fortios/fortios_system_auto_install.py deleted file mode 100644 index c71bfc3cf24..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_auto_install.py +++ /dev/null @@ -1,316 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_auto_install -short_description: Configure USB auto installation in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and auto_install category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_auto_install: - description: - - Configure USB auto installation. - default: null - type: dict - suboptions: - auto_install_config: - description: - - Enable/disable auto install the config in USB disk. - type: str - choices: - - enable - - disable - auto_install_image: - description: - - Enable/disable auto install the image in USB disk. - type: str - choices: - - enable - - disable - default_config_file: - description: - - Default config file name in USB disk. - type: str - default_image_file: - description: - - Default image file name in USB disk. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure USB auto installation. - fortios_system_auto_install: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_auto_install: - auto_install_config: "enable" - auto_install_image: "enable" - default_config_file: "" - default_image_file: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_auto_install_data(json): - option_list = ['auto_install_config', 'auto_install_image', 'default_config_file', - 'default_image_file'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_auto_install(data, fos): - vdom = data['vdom'] - system_auto_install_data = data['system_auto_install'] - filtered_data = underscore_to_hyphen(filter_system_auto_install_data(system_auto_install_data)) - - return fos.set('system', - 'auto-install', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_auto_install']: - resp = system_auto_install(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_auto_install": { - "required": False, "type": "dict", "default": None, - "options": { - "auto_install_config": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "auto_install_image": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "default_config_file": {"required": False, "type": "str"}, - "default_image_file": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_auto_script.py b/lib/ansible/modules/network/fortios/fortios_system_auto_script.py deleted file mode 100644 index a63e73926d2..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_auto_script.py +++ /dev/null @@ -1,344 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_auto_script -short_description: Configure auto script in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and auto_script category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_auto_script: - description: - - Configure auto script. - default: null - type: dict - suboptions: - interval: - description: - - Repeat interval in seconds. - type: int - name: - description: - - Auto script name. - required: true - type: str - output_size: - description: - - Number of megabytes to limit script output to (10 - 1024). - type: int - repeat: - description: - - Number of times to repeat this script (0 = infinite). - type: int - script: - description: - - List of FortiOS CLI commands to repeat. - type: str - start: - description: - - Script starting mode. - type: str - choices: - - manual - - auto -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure auto script. - fortios_system_auto_script: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_auto_script: - interval: "3" - name: "default_name_4" - output_size: "5" - repeat: "6" - script: "" - start: "manual" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_auto_script_data(json): - option_list = ['interval', 'name', 'output_size', - 'repeat', 'script', 'start'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_auto_script(data, fos): - vdom = data['vdom'] - state = data['state'] - system_auto_script_data = data['system_auto_script'] - filtered_data = underscore_to_hyphen(filter_system_auto_script_data(system_auto_script_data)) - - if state == "present": - return fos.set('system', - 'auto-script', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'auto-script', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_auto_script']: - resp = system_auto_script(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_auto_script": { - "required": False, "type": "dict", "default": None, - "options": { - "interval": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "output_size": {"required": False, "type": "int"}, - "repeat": {"required": False, "type": "int"}, - "script": {"required": False, "type": "str"}, - "start": {"required": False, "type": "str", - "choices": ["manual", "auto"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_automation_action.py b/lib/ansible/modules/network/fortios/fortios_system_automation_action.py deleted file mode 100644 index 9b906d6b41b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_automation_action.py +++ /dev/null @@ -1,471 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_automation_action -short_description: Action for automation stitches in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and automation_action category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_automation_action: - description: - - Action for automation stitches. - default: null - type: dict - suboptions: - action_type: - description: - - Action type. - type: str - choices: - - email - - ios-notification - - alert - - disable-ssid - - quarantine - - quarantine-forticlient - - ban-ip - - aws-lambda - - webhook - aws_api_id: - description: - - AWS API Gateway ID. - type: str - aws_api_key: - description: - - AWS API Gateway API key. - type: str - aws_api_path: - description: - - AWS API Gateway path. - type: str - aws_api_stage: - description: - - AWS API Gateway deployment stage name. - type: str - aws_domain: - description: - - AWS domain. - type: str - aws_region: - description: - - AWS region. - type: str - delay: - description: - - Delay before execution (in seconds). - type: int - email_subject: - description: - - Email subject. - type: str - email_to: - description: - - Email addresses. - type: list - suboptions: - name: - description: - - Email address. - required: true - type: str - headers: - description: - - Request headers. - type: list - suboptions: - header: - description: - - Request header. - required: true - type: str - http_body: - description: - - Request body (if necessary). Should be serialized json string. - type: str - method: - description: - - Request method (GET, POST or PUT). - type: str - choices: - - post - - put - - get - minimum_interval: - description: - - Limit execution to no more than once in this interval (in seconds). - type: int - name: - description: - - Name. - required: true - type: str - port: - description: - - Protocol port. - type: int - protocol: - description: - - Request protocol. - type: str - choices: - - http - - https - required: - description: - - Required in action chain. - type: str - choices: - - enable - - disable - uri: - description: - - Request API URI. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Action for automation stitches. - fortios_system_automation_action: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_automation_action: - action_type: "email" - aws_api_id: "" - aws_api_key: "" - aws_api_path: "" - aws_api_stage: "" - aws_domain: "" - aws_region: "" - delay: "10" - email_subject: "" - email_to: - - - name: "default_name_13" - headers: - - - header: "" - http_body: "" - method: "post" - minimum_interval: "18" - name: "default_name_19" - port: "20" - protocol: "http" - required: "enable" - uri: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_automation_action_data(json): - option_list = ['action_type', 'aws_api_id', 'aws_api_key', - 'aws_api_path', 'aws_api_stage', 'aws_domain', - 'aws_region', 'delay', 'email_subject', - 'email_to', 'headers', 'http_body', - 'method', 'minimum_interval', 'name', - 'port', 'protocol', 'required', - 'uri'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_automation_action(data, fos): - vdom = data['vdom'] - state = data['state'] - system_automation_action_data = data['system_automation_action'] - filtered_data = underscore_to_hyphen(filter_system_automation_action_data(system_automation_action_data)) - - if state == "present": - return fos.set('system', - 'automation-action', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'automation-action', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_automation_action']: - resp = system_automation_action(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_automation_action": { - "required": False, "type": "dict", "default": None, - "options": { - "action_type": {"required": False, "type": "str", - "choices": ["email", "ios-notification", "alert", - "disable-ssid", "quarantine", "quarantine-forticlient", - "ban-ip", "aws-lambda", "webhook"]}, - "aws_api_id": {"required": False, "type": "str"}, - "aws_api_key": {"required": False, "type": "str"}, - "aws_api_path": {"required": False, "type": "str"}, - "aws_api_stage": {"required": False, "type": "str"}, - "aws_domain": {"required": False, "type": "str"}, - "aws_region": {"required": False, "type": "str"}, - "delay": {"required": False, "type": "int"}, - "email_subject": {"required": False, "type": "str"}, - "email_to": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "headers": {"required": False, "type": "list", - "options": { - "header": {"required": True, "type": "str"} - }}, - "http_body": {"required": False, "type": "str"}, - "method": {"required": False, "type": "str", - "choices": ["post", "put", "get"]}, - "minimum_interval": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "port": {"required": False, "type": "int"}, - "protocol": {"required": False, "type": "str", - "choices": ["http", "https"]}, - "required": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "uri": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_automation_destination.py b/lib/ansible/modules/network/fortios/fortios_system_automation_destination.py deleted file mode 100644 index e88e8a16359..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_automation_destination.py +++ /dev/null @@ -1,343 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_automation_destination -short_description: Automation destinations in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and automation_destination category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_automation_destination: - description: - - Automation destinations. - default: null - type: dict - suboptions: - destination: - description: - - Destinations. - type: list - suboptions: - name: - description: - - Destination. - required: true - type: str - ha_group_id: - description: - - Cluster group ID set for this destination . - type: int - name: - description: - - Name. - required: true - type: str - type: - description: - - Destination type. - type: str - choices: - - fortigate - - ha-cluster -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Automation destinations. - fortios_system_automation_destination: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_automation_destination: - destination: - - - name: "default_name_4" - ha_group_id: "5" - name: "default_name_6" - type: "fortigate" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_automation_destination_data(json): - option_list = ['destination', 'ha_group_id', 'name', - 'type'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_automation_destination(data, fos): - vdom = data['vdom'] - state = data['state'] - system_automation_destination_data = data['system_automation_destination'] - filtered_data = underscore_to_hyphen(filter_system_automation_destination_data(system_automation_destination_data)) - - if state == "present": - return fos.set('system', - 'automation-destination', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'automation-destination', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_automation_destination']: - resp = system_automation_destination(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_automation_destination": { - "required": False, "type": "dict", "default": None, - "options": { - "destination": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "ha_group_id": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "type": {"required": False, "type": "str", - "choices": ["fortigate", "ha-cluster"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_automation_stitch.py b/lib/ansible/modules/network/fortios/fortios_system_automation_stitch.py deleted file mode 100644 index 5d8b9909e6a..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_automation_stitch.py +++ /dev/null @@ -1,360 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_automation_stitch -short_description: Automation stitches in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and automation_stitch category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_automation_stitch: - description: - - Automation stitches. - default: null - type: dict - suboptions: - action: - description: - - Action names. - type: list - suboptions: - name: - description: - - Action name. Source system.automation-action.name. - required: true - type: str - destination: - description: - - Serial number/HA group-name of destination devices. - type: list - suboptions: - name: - description: - - Destination name. Source system.automation-destination.name. - required: true - type: str - name: - description: - - Name. - required: true - type: str - status: - description: - - Enable/disable this stitch. - type: str - choices: - - enable - - disable - trigger: - description: - - Trigger name. Source system.automation-trigger.name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Automation stitches. - fortios_system_automation_stitch: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_automation_stitch: - action: - - - name: "default_name_4 (source system.automation-action.name)" - destination: - - - name: "default_name_6 (source system.automation-destination.name)" - name: "default_name_7" - status: "enable" - trigger: " (source system.automation-trigger.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_automation_stitch_data(json): - option_list = ['action', 'destination', 'name', - 'status', 'trigger'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_automation_stitch(data, fos): - vdom = data['vdom'] - state = data['state'] - system_automation_stitch_data = data['system_automation_stitch'] - filtered_data = underscore_to_hyphen(filter_system_automation_stitch_data(system_automation_stitch_data)) - - if state == "present": - return fos.set('system', - 'automation-stitch', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'automation-stitch', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_automation_stitch']: - resp = system_automation_stitch(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_automation_stitch": { - "required": False, "type": "dict", "default": None, - "options": { - "action": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "destination": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "name": {"required": True, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "trigger": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_automation_trigger.py b/lib/ansible/modules/network/fortios/fortios_system_automation_trigger.py deleted file mode 100644 index 2cce1977b92..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_automation_trigger.py +++ /dev/null @@ -1,424 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_automation_trigger -short_description: Trigger for automation stitches in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and automation_trigger category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_automation_trigger: - description: - - Trigger for automation stitches. - default: null - type: dict - suboptions: - event_type: - description: - - Event type. - type: str - choices: - - ioc - - event-log - - reboot - - low-memory - - high-cpu - - license-near-expiry - - ha-failover - - config-change - - security-rating-summary - - virus-ips-db-updated - ioc_level: - description: - - IOC threat level. - type: str - choices: - - medium - - high - license_type: - description: - - License type. - type: str - choices: - - forticare-support - - fortiguard-webfilter - - fortiguard-antispam - - fortiguard-antivirus - - fortiguard-ips - - fortiguard-management - - forticloud - logid: - description: - - Log ID to trigger event. - type: int - name: - description: - - Name. - required: true - type: str - trigger_day: - description: - - Day within a month to trigger. - type: int - trigger_frequency: - description: - - Scheduled trigger frequency . - type: str - choices: - - hourly - - daily - - weekly - - monthly - trigger_hour: - description: - - Hour of the day on which to trigger (0 - 23). - type: int - trigger_minute: - description: - - Minute of the hour on which to trigger (0 - 59, 60 to randomize). - type: int - trigger_type: - description: - - Trigger type. - type: str - choices: - - event-based - - scheduled - trigger_weekday: - description: - - Day of week for trigger. - type: str - choices: - - sunday - - monday - - tuesday - - wednesday - - thursday - - friday - - saturday -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Trigger for automation stitches. - fortios_system_automation_trigger: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_automation_trigger: - event_type: "ioc" - ioc_level: "medium" - license_type: "forticare-support" - logid: "6" - name: "default_name_7" - trigger_day: "8" - trigger_frequency: "hourly" - trigger_hour: "10" - trigger_minute: "11" - trigger_type: "event-based" - trigger_weekday: "sunday" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_automation_trigger_data(json): - option_list = ['event_type', 'ioc_level', 'license_type', - 'logid', 'name', 'trigger_day', - 'trigger_frequency', 'trigger_hour', 'trigger_minute', - 'trigger_type', 'trigger_weekday'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_automation_trigger(data, fos): - vdom = data['vdom'] - state = data['state'] - system_automation_trigger_data = data['system_automation_trigger'] - filtered_data = underscore_to_hyphen(filter_system_automation_trigger_data(system_automation_trigger_data)) - - if state == "present": - return fos.set('system', - 'automation-trigger', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'automation-trigger', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_automation_trigger']: - resp = system_automation_trigger(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_automation_trigger": { - "required": False, "type": "dict", "default": None, - "options": { - "event_type": {"required": False, "type": "str", - "choices": ["ioc", "event-log", "reboot", - "low-memory", "high-cpu", "license-near-expiry", - "ha-failover", "config-change", "security-rating-summary", - "virus-ips-db-updated"]}, - "ioc_level": {"required": False, "type": "str", - "choices": ["medium", "high"]}, - "license_type": {"required": False, "type": "str", - "choices": ["forticare-support", "fortiguard-webfilter", "fortiguard-antispam", - "fortiguard-antivirus", "fortiguard-ips", "fortiguard-management", - "forticloud"]}, - "logid": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "trigger_day": {"required": False, "type": "int"}, - "trigger_frequency": {"required": False, "type": "str", - "choices": ["hourly", "daily", "weekly", - "monthly"]}, - "trigger_hour": {"required": False, "type": "int"}, - "trigger_minute": {"required": False, "type": "int"}, - "trigger_type": {"required": False, "type": "str", - "choices": ["event-based", "scheduled"]}, - "trigger_weekday": {"required": False, "type": "str", - "choices": ["sunday", "monday", "tuesday", - "wednesday", "thursday", "friday", - "saturday"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_autoupdate_push_update.py b/lib/ansible/modules/network/fortios/fortios_system_autoupdate_push_update.py deleted file mode 100644 index 48001d7b61e..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_autoupdate_push_update.py +++ /dev/null @@ -1,316 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_autoupdate_push_update -short_description: Configure push updates in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system_autoupdate feature and push_update category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_autoupdate_push_update: - description: - - Configure push updates. - default: null - type: dict - suboptions: - address: - description: - - Push update override server. - type: str - override: - description: - - Enable/disable push update override server. - type: str - choices: - - enable - - disable - port: - description: - - Push update override port. (Do not overlap with other service ports) - type: int - status: - description: - - Enable/disable push updates. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure push updates. - fortios_system_autoupdate_push_update: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_autoupdate_push_update: - address: "" - override: "enable" - port: "5" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_autoupdate_push_update_data(json): - option_list = ['address', 'override', 'port', - 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_autoupdate_push_update(data, fos): - vdom = data['vdom'] - system_autoupdate_push_update_data = data['system_autoupdate_push_update'] - filtered_data = underscore_to_hyphen(filter_system_autoupdate_push_update_data(system_autoupdate_push_update_data)) - - return fos.set('system.autoupdate', - 'push-update', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system_autoupdate(data, fos): - - if data['system_autoupdate_push_update']: - resp = system_autoupdate_push_update(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_autoupdate_push_update": { - "required": False, "type": "dict", "default": None, - "options": { - "address": {"required": False, "type": "str"}, - "override": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "port": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system_autoupdate(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system_autoupdate(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_autoupdate_schedule.py b/lib/ansible/modules/network/fortios/fortios_system_autoupdate_schedule.py deleted file mode 100644 index 8870d221c83..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_autoupdate_schedule.py +++ /dev/null @@ -1,328 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_autoupdate_schedule -short_description: Configure update schedule in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system_autoupdate feature and schedule category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_autoupdate_schedule: - description: - - Configure update schedule. - default: null - type: dict - suboptions: - day: - description: - - Update day. - type: str - choices: - - Sunday - - Monday - - Tuesday - - Wednesday - - Thursday - - Friday - - Saturday - frequency: - description: - - Update frequency. - type: str - choices: - - every - - daily - - weekly - status: - description: - - Enable/disable scheduled updates. - type: str - choices: - - enable - - disable - time: - description: - - Update time. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure update schedule. - fortios_system_autoupdate_schedule: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_autoupdate_schedule: - day: "Sunday" - frequency: "every" - status: "enable" - time: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_autoupdate_schedule_data(json): - option_list = ['day', 'frequency', 'status', - 'time'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_autoupdate_schedule(data, fos): - vdom = data['vdom'] - system_autoupdate_schedule_data = data['system_autoupdate_schedule'] - filtered_data = underscore_to_hyphen(filter_system_autoupdate_schedule_data(system_autoupdate_schedule_data)) - - return fos.set('system.autoupdate', - 'schedule', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system_autoupdate(data, fos): - - if data['system_autoupdate_schedule']: - resp = system_autoupdate_schedule(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_autoupdate_schedule": { - "required": False, "type": "dict", "default": None, - "options": { - "day": {"required": False, "type": "str", - "choices": ["Sunday", "Monday", "Tuesday", - "Wednesday", "Thursday", "Friday", - "Saturday"]}, - "frequency": {"required": False, "type": "str", - "choices": ["every", "daily", "weekly"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "time": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system_autoupdate(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system_autoupdate(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_autoupdate_tunneling.py b/lib/ansible/modules/network/fortios/fortios_system_autoupdate_tunneling.py deleted file mode 100644 index 4f95371f06b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_autoupdate_tunneling.py +++ /dev/null @@ -1,318 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_autoupdate_tunneling -short_description: Configure web proxy tunnelling for the FDN in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system_autoupdate feature and tunneling category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_autoupdate_tunneling: - description: - - Configure web proxy tunnelling for the FDN. - default: null - type: dict - suboptions: - address: - description: - - Web proxy IP address or FQDN. - type: str - password: - description: - - Web proxy password. - type: str - port: - description: - - Web proxy port. - type: int - status: - description: - - Enable/disable web proxy tunnelling. - type: str - choices: - - enable - - disable - username: - description: - - Web proxy username. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure web proxy tunnelling for the FDN. - fortios_system_autoupdate_tunneling: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_autoupdate_tunneling: - address: "" - password: "" - port: "5" - status: "enable" - username: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_autoupdate_tunneling_data(json): - option_list = ['address', 'password', 'port', - 'status', 'username'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_autoupdate_tunneling(data, fos): - vdom = data['vdom'] - system_autoupdate_tunneling_data = data['system_autoupdate_tunneling'] - filtered_data = underscore_to_hyphen(filter_system_autoupdate_tunneling_data(system_autoupdate_tunneling_data)) - - return fos.set('system.autoupdate', - 'tunneling', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system_autoupdate(data, fos): - - if data['system_autoupdate_tunneling']: - resp = system_autoupdate_tunneling(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_autoupdate_tunneling": { - "required": False, "type": "dict", "default": None, - "options": { - "address": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str"}, - "port": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "username": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system_autoupdate(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system_autoupdate(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_central_management.py b/lib/ansible/modules/network/fortios/fortios_system_central_management.py deleted file mode 100644 index d7faff31c08..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_central_management.py +++ /dev/null @@ -1,478 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_central_management -short_description: Configure central management in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and central_management category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - system_central_management: - description: - - Configure central management. - default: null - type: dict - suboptions: - allow_monitor: - description: - - Enable/disable allowing the central management server to remotely monitor this FortiGate - type: str - choices: - - enable - - disable - allow_push_configuration: - description: - - Enable/disable allowing the central management server to push configuration changes to this FortiGate. - type: str - choices: - - enable - - disable - allow_push_firmware: - description: - - Enable/disable allowing the central management server to push firmware updates to this FortiGate. - type: str - choices: - - enable - - disable - allow_remote_firmware_upgrade: - description: - - Enable/disable remotely upgrading the firmware on this FortiGate from the central management server. - type: str - choices: - - enable - - disable - enc_algorithm: - description: - - Encryption strength for communications between the FortiGate and central management. - type: str - choices: - - default - - high - - low - fmg: - description: - - IP address or FQDN of the FortiManager. - type: str - fmg_source_ip: - description: - - IPv4 source address that this FortiGate uses when communicating with FortiManager. - type: str - fmg_source_ip6: - description: - - IPv6 source address that this FortiGate uses when communicating with FortiManager. - type: str - include_default_servers: - description: - - Enable/disable inclusion of public FortiGuard servers in the override server list. - type: str - choices: - - enable - - disable - mode: - description: - - Central management mode. - type: str - choices: - - normal - - backup - schedule_config_restore: - description: - - Enable/disable allowing the central management server to restore the configuration of this FortiGate. - type: str - choices: - - enable - - disable - schedule_script_restore: - description: - - Enable/disable allowing the central management server to restore the scripts stored on this FortiGate. - type: str - choices: - - enable - - disable - serial_number: - description: - - Serial number. - type: str - server_list: - description: - - Additional servers that the FortiGate can use for updates (for AV, IPS, updates) and ratings (for web filter and antispam ratings) - servers. - type: list - suboptions: - addr_type: - description: - - Indicate whether the FortiGate communicates with the override server using an IPv4 address, an IPv6 address or a FQDN. - type: str - choices: - - ipv4 - - ipv6 - - fqdn - fqdn: - description: - - FQDN address of override server. - type: str - id: - description: - - ID. - required: true - type: int - server_address: - description: - - IPv4 address of override server. - type: str - server_address6: - description: - - IPv6 address of override server. - type: str - server_type: - description: - - FortiGuard service type. - type: str - choices: - - update - - rating - type: - description: - - Central management type. - type: str - choices: - - fortimanager - - fortiguard - - none - vdom: - description: - - Virtual domain (VDOM) name to use when communicating with FortiManager. Source system.vdom.name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure central management. - fortios_system_central_management: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_central_management: - allow_monitor: "enable" - allow_push_configuration: "enable" - allow_push_firmware: "enable" - allow_remote_firmware_upgrade: "enable" - enc_algorithm: "default" - fmg: "" - fmg_source_ip: "" - fmg_source_ip6: "" - include_default_servers: "enable" - mode: "normal" - schedule_config_restore: "enable" - schedule_script_restore: "enable" - serial_number: "" - server_list: - - - addr_type: "ipv4" - fqdn: "" - id: "19" - server_address: "" - server_address6: "" - server_type: "update" - type: "fortimanager" - vdom: " (source system.vdom.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_central_management_data(json): - option_list = ['allow_monitor', 'allow_push_configuration', 'allow_push_firmware', - 'allow_remote_firmware_upgrade', 'enc_algorithm', 'fmg', - 'fmg_source_ip', 'fmg_source_ip6', 'include_default_servers', - 'mode', 'schedule_config_restore', 'schedule_script_restore', - 'serial_number', 'server_list', 'type', - 'vdom'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_central_management(data, fos): - vdom = data['vdom'] - system_central_management_data = data['system_central_management'] - filtered_data = underscore_to_hyphen(filter_system_central_management_data(system_central_management_data)) - - return fos.set('system', - 'central-management', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_central_management']: - resp = system_central_management(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_central_management": { - "required": False, "type": "dict", "default": None, - "options": { - "allow_monitor": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "allow_push_configuration": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "allow_push_firmware": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "allow_remote_firmware_upgrade": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "enc_algorithm": {"required": False, "type": "str", - "choices": ["default", "high", "low"]}, - "fmg": {"required": False, "type": "str"}, - "fmg_source_ip": {"required": False, "type": "str"}, - "fmg_source_ip6": {"required": False, "type": "str"}, - "include_default_servers": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "mode": {"required": False, "type": "str", - "choices": ["normal", "backup"]}, - "schedule_config_restore": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "schedule_script_restore": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "serial_number": {"required": False, "type": "str"}, - "server_list": {"required": False, "type": "list", - "options": { - "addr_type": {"required": False, "type": "str", - "choices": ["ipv4", "ipv6", "fqdn"]}, - "fqdn": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "server_address": {"required": False, "type": "str"}, - "server_address6": {"required": False, "type": "str"}, - "server_type": {"required": False, "type": "str", - "choices": ["update", "rating"]} - }}, - "type": {"required": False, "type": "str", - "choices": ["fortimanager", "fortiguard", "none"]}, - "vdom": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_cluster_sync.py b/lib/ansible/modules/network/fortios/fortios_system_cluster_sync.py deleted file mode 100644 index aea156e8817..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_cluster_sync.py +++ /dev/null @@ -1,460 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_cluster_sync -short_description: Configure FortiGate Session Life Support Protocol (FGSP) session synchronization in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and cluster_sync category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_cluster_sync: - description: - - Configure FortiGate Session Life Support Protocol (FGSP) session synchronization. - default: null - type: dict - suboptions: - down_intfs_before_sess_sync: - description: - - List of interfaces to be turned down before session synchronization is complete. - type: list - suboptions: - name: - description: - - Interface name. Source system.interface.name. - required: true - type: str - hb_interval: - description: - - Heartbeat interval (1 - 10 sec). - type: int - hb_lost_threshold: - description: - - Lost heartbeat threshold (1 - 10). - type: int - peerip: - description: - - IP address of the interface on the peer unit that is used for the session synchronization link. - type: str - peervd: - description: - - VDOM that contains the session synchronization link interface on the peer unit. Usually both peers would have the same peervd. Source - system.vdom.name. - type: str - session_sync_filter: - description: - - Add one or more filters if you only want to synchronize some sessions. Use the filter to configure the types of sessions to synchronize. - type: dict - suboptions: - custom_service: - description: - - Only sessions using these custom services are synchronized. Use source and destination port ranges to define these custom - services. - type: list - suboptions: - dst_port_range: - description: - - Custom service destination port range. - type: str - id: - description: - - Custom service ID. - required: true - type: int - src_port_range: - description: - - Custom service source port range. - type: str - dstaddr: - description: - - Only sessions to this IPv4 address are synchronized. You can only enter one address. To synchronize sessions for multiple - destination addresses, add multiple filters. - type: str - dstaddr6: - description: - - Only sessions to this IPv6 address are synchronized. You can only enter one address. To synchronize sessions for multiple - destination addresses, add multiple filters. - type: str - dstintf: - description: - - Only sessions to this interface are synchronized. You can only enter one interface name. To synchronize sessions to multiple - destination interfaces, add multiple filters. Source system.interface.name. - type: str - srcaddr: - description: - - Only sessions from this IPv4 address are synchronized. You can only enter one address. To synchronize sessions from multiple - source addresses, add multiple filters. - type: str - srcaddr6: - description: - - Only sessions from this IPv6 address are synchronized. You can only enter one address. To synchronize sessions from multiple - source addresses, add multiple filters. - type: str - srcintf: - description: - - Only sessions from this interface are synchronized. You can only enter one interface name. To synchronize sessions for multiple - source interfaces, add multiple filters. Source system.interface.name. - type: str - slave_add_ike_routes: - description: - - Enable/disable IKE route announcement on the backup unit. - type: str - choices: - - enable - - disable - sync_id: - description: - - Sync ID. - type: int - syncvd: - description: - - Sessions from these VDOMs are synchronized using this session synchronization configuration. - type: list - suboptions: - name: - description: - - VDOM name. Source system.vdom.name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiGate Session Life Support Protocol (FGSP) session synchronization. - fortios_system_cluster_sync: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_cluster_sync: - down_intfs_before_sess_sync: - - - name: "default_name_4 (source system.interface.name)" - hb_interval: "5" - hb_lost_threshold: "6" - peerip: "" - peervd: " (source system.vdom.name)" - session_sync_filter: - custom_service: - - - dst_port_range: "" - id: "12" - src_port_range: "" - dstaddr: "" - dstaddr6: "" - dstintf: " (source system.interface.name)" - srcaddr: "" - srcaddr6: "" - srcintf: " (source system.interface.name)" - slave_add_ike_routes: "enable" - sync_id: "21" - syncvd: - - - name: "default_name_23 (source system.vdom.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_cluster_sync_data(json): - option_list = ['down_intfs_before_sess_sync', 'hb_interval', 'hb_lost_threshold', - 'peerip', 'peervd', 'session_sync_filter', - 'slave_add_ike_routes', 'sync_id', 'syncvd'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_cluster_sync(data, fos): - vdom = data['vdom'] - state = data['state'] - system_cluster_sync_data = data['system_cluster_sync'] - filtered_data = underscore_to_hyphen(filter_system_cluster_sync_data(system_cluster_sync_data)) - - if state == "present": - return fos.set('system', - 'cluster-sync', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'cluster-sync', - mkey=filtered_data['sync-id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_cluster_sync']: - resp = system_cluster_sync(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_cluster_sync": { - "required": False, "type": "dict", "default": None, - "options": { - "down_intfs_before_sess_sync": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "hb_interval": {"required": False, "type": "int"}, - "hb_lost_threshold": {"required": False, "type": "int"}, - "peerip": {"required": False, "type": "str"}, - "peervd": {"required": False, "type": "str"}, - "session_sync_filter": {"required": False, "type": "dict", - "options": { - "custom_service": {"required": False, "type": "list", - "options": { - "dst_port_range": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "src_port_range": {"required": False, "type": "str"} - }}, - "dstaddr": {"required": False, "type": "str"}, - "dstaddr6": {"required": False, "type": "str"}, - "dstintf": {"required": False, "type": "str"}, - "srcaddr": {"required": False, "type": "str"}, - "srcaddr6": {"required": False, "type": "str"}, - "srcintf": {"required": False, "type": "str"} - }}, - "slave_add_ike_routes": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sync_id": {"required": False, "type": "int"}, - "syncvd": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_console.py b/lib/ansible/modules/network/fortios/fortios_system_console.py deleted file mode 100644 index 62b92e66d57..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_console.py +++ /dev/null @@ -1,328 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_console -short_description: Configure console in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and console category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_console: - description: - - Configure console. - default: null - type: dict - suboptions: - baudrate: - description: - - Console baud rate. - type: str - choices: - - 9600 - - 19200 - - 38400 - - 57600 - - 115200 - login: - description: - - Enable/disable serial console and FortiExplorer. - type: str - choices: - - enable - - disable - mode: - description: - - Console mode. - type: str - choices: - - batch - - line - output: - description: - - Console output mode. - type: str - choices: - - standard - - more -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure console. - fortios_system_console: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_console: - baudrate: "9600" - login: "enable" - mode: "batch" - output: "standard" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_console_data(json): - option_list = ['baudrate', 'login', 'mode', - 'output'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_console(data, fos): - vdom = data['vdom'] - system_console_data = data['system_console'] - filtered_data = underscore_to_hyphen(filter_system_console_data(system_console_data)) - - return fos.set('system', - 'console', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_console']: - resp = system_console(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_console": { - "required": False, "type": "dict", "default": None, - "options": { - "baudrate": {"required": False, "type": "str", - "choices": ["9600", "19200", "38400", - "57600", "115200"]}, - "login": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "mode": {"required": False, "type": "str", - "choices": ["batch", "line"]}, - "output": {"required": False, "type": "str", - "choices": ["standard", "more"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_csf.py b/lib/ansible/modules/network/fortios/fortios_system_csf.py deleted file mode 100644 index 414a89ec7ee..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_csf.py +++ /dev/null @@ -1,435 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_csf -short_description: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and csf category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_csf: - description: - - Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate. - default: null - type: dict - suboptions: - configuration_sync: - description: - - Configuration sync mode. - type: str - choices: - - default - - local - fabric_device: - description: - - Fabric device configuration. - type: list - suboptions: - device_ip: - description: - - Device IP. - type: str - device_type: - description: - - Device type. - type: str - choices: - - fortimail - login: - description: - - Device login name. - type: str - name: - description: - - Device name. - required: true - type: str - password: - description: - - Device login password. - type: str - fixed_key: - description: - - Auto-generated fixed key used when this device is the root. (Will automatically be generated if not set.) - type: str - group_name: - description: - - Security Fabric group name. All FortiGates in a Security Fabric must have the same group name. - type: str - group_password: - description: - - Security Fabric group password. All FortiGates in a Security Fabric must have the same group password. - type: str - management_ip: - description: - - Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric. - type: str - management_port: - description: - - Overriding port for management connection (Overrides admin port). - type: int - status: - description: - - Enable/disable Security Fabric. - type: str - choices: - - enable - - disable - trusted_list: - description: - - Pre-authorized and blocked security fabric nodes. - type: list - suboptions: - action: - description: - - Security fabric authorization action. - type: str - choices: - - accept - - deny - downstream_authorization: - description: - - Trust authorizations by this node's administrator. - type: str - choices: - - enable - - disable - ha_members: - description: - - HA members. - type: str - serial: - description: - - Serial. - required: true - type: str - upstream_ip: - description: - - IP address of the FortiGate upstream from this FortiGate in the Security Fabric. - type: str - upstream_port: - description: - - The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric . - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate. - fortios_system_csf: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_csf: - configuration_sync: "default" - fabric_device: - - - device_ip: "" - device_type: "fortimail" - login: "" - name: "default_name_8" - password: "" - fixed_key: "" - group_name: "" - group_password: "" - management_ip: "" - management_port: "14" - status: "enable" - trusted_list: - - - action: "accept" - downstream_authorization: "enable" - ha_members: "" - serial: "" - upstream_ip: "" - upstream_port: "22" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_csf_data(json): - option_list = ['configuration_sync', 'fabric_device', 'fixed_key', - 'group_name', 'group_password', 'management_ip', - 'management_port', 'status', 'trusted_list', - 'upstream_ip', 'upstream_port'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_csf(data, fos): - vdom = data['vdom'] - system_csf_data = data['system_csf'] - filtered_data = underscore_to_hyphen(filter_system_csf_data(system_csf_data)) - - return fos.set('system', - 'csf', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_csf']: - resp = system_csf(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_csf": { - "required": False, "type": "dict", "default": None, - "options": { - "configuration_sync": {"required": False, "type": "str", - "choices": ["default", "local"]}, - "fabric_device": {"required": False, "type": "list", - "options": { - "device_ip": {"required": False, "type": "str"}, - "device_type": {"required": False, "type": "str", - "choices": ["fortimail"]}, - "login": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "password": {"required": False, "type": "str"} - }}, - "fixed_key": {"required": False, "type": "str"}, - "group_name": {"required": False, "type": "str"}, - "group_password": {"required": False, "type": "str"}, - "management_ip": {"required": False, "type": "str"}, - "management_port": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "trusted_list": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["accept", "deny"]}, - "downstream_authorization": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ha_members": {"required": False, "type": "str"}, - "serial": {"required": True, "type": "str"} - }}, - "upstream_ip": {"required": False, "type": "str"}, - "upstream_port": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_custom_language.py b/lib/ansible/modules/network/fortios/fortios_system_custom_language.py deleted file mode 100644 index de454f88788..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_custom_language.py +++ /dev/null @@ -1,321 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_custom_language -short_description: Configure custom languages in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and custom_language category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_custom_language: - description: - - Configure custom languages. - default: null - type: dict - suboptions: - comments: - description: - - Comment. - type: str - filename: - description: - - Custom language file path. - type: str - name: - description: - - Name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure custom languages. - fortios_system_custom_language: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_custom_language: - comments: "" - filename: "" - name: "default_name_5" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_custom_language_data(json): - option_list = ['comments', 'filename', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_custom_language(data, fos): - vdom = data['vdom'] - state = data['state'] - system_custom_language_data = data['system_custom_language'] - filtered_data = underscore_to_hyphen(filter_system_custom_language_data(system_custom_language_data)) - - if state == "present": - return fos.set('system', - 'custom-language', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'custom-language', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_custom_language']: - resp = system_custom_language(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_custom_language": { - "required": False, "type": "dict", "default": None, - "options": { - "comments": {"required": False, "type": "str"}, - "filename": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_ddns.py b/lib/ansible/modules/network/fortios/fortios_system_ddns.py deleted file mode 100644 index 4464e12a02b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_ddns.py +++ /dev/null @@ -1,454 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_ddns -short_description: Configure DDNS in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and ddns category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_ddns: - description: - - Configure DDNS. - default: null - type: dict - suboptions: - bound_ip: - description: - - Bound IP address. - type: str - clear_text: - description: - - Enable/disable use of clear text connections. - type: str - choices: - - disable - - enable - ddns_auth: - description: - - Enable/disable TSIG authentication for your DDNS server. - type: str - choices: - - disable - - tsig - ddns_domain: - description: - - Your fully qualified domain name (for example, yourname.DDNS.com). - type: str - ddns_key: - description: - - DDNS update key (base 64 encoding). - type: str - ddns_keyname: - description: - - DDNS update key name. - type: str - ddns_password: - description: - - DDNS password. - type: str - ddns_server: - description: - - Select a DDNS service provider. - type: str - choices: - - dyndns.org - - dyns.net - - tzo.com - - vavic.com - - dipdns.net - - now.net.cn - - dhs.org - - easydns.com - - genericDDNS - - FortiGuardDDNS - - noip.com - ddns_server_ip: - description: - - Generic DDNS server IP. - type: str - ddns_sn: - description: - - DDNS Serial Number. - type: str - ddns_ttl: - description: - - Time-to-live for DDNS packets. - type: int - ddns_username: - description: - - DDNS user name. - type: str - ddns_zone: - description: - - Zone of your domain name (for example, DDNS.com). - type: str - ddnsid: - description: - - DDNS ID. - required: true - type: int - monitor_interface: - description: - - Monitored interface. - type: list - suboptions: - interface_name: - description: - - Interface name. Source system.interface.name. - type: str - ssl_certificate: - description: - - Name of local certificate for SSL connections. Source certificate.local.name. - type: str - update_interval: - description: - - DDNS update interval (60 - 2592000 sec). - type: int - use_public_ip: - description: - - Enable/disable use of public IP address. - type: str - choices: - - disable - - enable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure DDNS. - fortios_system_ddns: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_ddns: - bound_ip: "" - clear_text: "disable" - ddns_auth: "disable" - ddns_domain: "" - ddns_key: "" - ddns_keyname: "" - ddns_password: "" - ddns_server: "dyndns.org" - ddns_server_ip: "" - ddns_sn: "" - ddns_ttl: "13" - ddns_username: "" - ddns_zone: "" - ddnsid: "16" - monitor_interface: - - - interface_name: " (source system.interface.name)" - ssl_certificate: " (source certificate.local.name)" - update_interval: "20" - use_public_ip: "disable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_ddns_data(json): - option_list = ['bound_ip', 'clear_text', 'ddns_auth', - 'ddns_domain', 'ddns_key', 'ddns_keyname', - 'ddns_password', 'ddns_server', 'ddns_server_ip', - 'ddns_sn', 'ddns_ttl', 'ddns_username', - 'ddns_zone', 'ddnsid', 'monitor_interface', - 'ssl_certificate', 'update_interval', 'use_public_ip'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_ddns(data, fos): - vdom = data['vdom'] - state = data['state'] - system_ddns_data = data['system_ddns'] - filtered_data = underscore_to_hyphen(filter_system_ddns_data(system_ddns_data)) - - if state == "present": - return fos.set('system', - 'ddns', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'ddns', - mkey=filtered_data['ddnsid'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_ddns']: - resp = system_ddns(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_ddns": { - "required": False, "type": "dict", "default": None, - "options": { - "bound_ip": {"required": False, "type": "str"}, - "clear_text": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "ddns_auth": {"required": False, "type": "str", - "choices": ["disable", "tsig"]}, - "ddns_domain": {"required": False, "type": "str"}, - "ddns_key": {"required": False, "type": "str"}, - "ddns_keyname": {"required": False, "type": "str"}, - "ddns_password": {"required": False, "type": "str"}, - "ddns_server": {"required": False, "type": "str", - "choices": ["dyndns.org", "dyns.net", "tzo.com", - "vavic.com", "dipdns.net", "now.net.cn", - "dhs.org", "easydns.com", "genericDDNS", - "FortiGuardDDNS", "noip.com"]}, - "ddns_server_ip": {"required": False, "type": "str"}, - "ddns_sn": {"required": False, "type": "str"}, - "ddns_ttl": {"required": False, "type": "int"}, - "ddns_username": {"required": False, "type": "str"}, - "ddns_zone": {"required": False, "type": "str"}, - "ddnsid": {"required": True, "type": "int"}, - "monitor_interface": {"required": False, "type": "list", - "options": { - "interface_name": {"required": False, "type": "str"} - }}, - "ssl_certificate": {"required": False, "type": "str"}, - "update_interval": {"required": False, "type": "int"}, - "use_public_ip": {"required": False, "type": "str", - "choices": ["disable", "enable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_dedicated_mgmt.py b/lib/ansible/modules/network/fortios/fortios_system_dedicated_mgmt.py deleted file mode 100644 index 224a7f3cb10..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_dedicated_mgmt.py +++ /dev/null @@ -1,335 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_dedicated_mgmt -short_description: Configure dedicated management in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and dedicated_mgmt category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_dedicated_mgmt: - description: - - Configure dedicated management. - default: null - type: dict - suboptions: - default_gateway: - description: - - Default gateway for dedicated management interface. - type: str - dhcp_end_ip: - description: - - DHCP end IP for dedicated management. - type: str - dhcp_netmask: - description: - - DHCP netmask. - type: str - dhcp_server: - description: - - Enable/disable DHCP server on management interface. - type: str - choices: - - enable - - disable - dhcp_start_ip: - description: - - DHCP start IP for dedicated management. - type: str - interface: - description: - - Dedicated management interface. Source system.interface.name. - type: str - status: - description: - - Enable/disable dedicated management. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure dedicated management. - fortios_system_dedicated_mgmt: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_dedicated_mgmt: - default_gateway: "" - dhcp_end_ip: "" - dhcp_netmask: "" - dhcp_server: "enable" - dhcp_start_ip: "" - interface: " (source system.interface.name)" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_dedicated_mgmt_data(json): - option_list = ['default_gateway', 'dhcp_end_ip', 'dhcp_netmask', - 'dhcp_server', 'dhcp_start_ip', 'interface', - 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_dedicated_mgmt(data, fos): - vdom = data['vdom'] - system_dedicated_mgmt_data = data['system_dedicated_mgmt'] - filtered_data = underscore_to_hyphen(filter_system_dedicated_mgmt_data(system_dedicated_mgmt_data)) - - return fos.set('system', - 'dedicated-mgmt', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_dedicated_mgmt']: - resp = system_dedicated_mgmt(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_dedicated_mgmt": { - "required": False, "type": "dict", "default": None, - "options": { - "default_gateway": {"required": False, "type": "str"}, - "dhcp_end_ip": {"required": False, "type": "str"}, - "dhcp_netmask": {"required": False, "type": "str"}, - "dhcp_server": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dhcp_start_ip": {"required": False, "type": "str"}, - "interface": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_dhcp6_server.py b/lib/ansible/modules/network/fortios/fortios_system_dhcp6_server.py deleted file mode 100644 index ac44d45ca78..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_dhcp6_server.py +++ /dev/null @@ -1,496 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_dhcp6_server -short_description: Configure DHCPv6 servers in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system_dhcp6 feature and server category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_dhcp6_server: - description: - - Configure DHCPv6 servers. - default: null - type: dict - suboptions: - dns_search_list: - description: - - DNS search list options. - type: str - choices: - - delegated - - specify - dns_server1: - description: - - DNS server 1. - type: str - dns_server2: - description: - - DNS server 2. - type: str - dns_server3: - description: - - DNS server 3. - type: str - dns_service: - description: - - Options for assigning DNS servers to DHCPv6 clients. - type: str - choices: - - delegated - - default - - specify - domain: - description: - - Domain name suffix for the IP addresses that the DHCP server assigns to clients. - type: str - id: - description: - - ID. - required: true - type: int - interface: - description: - - DHCP server can assign IP configurations to clients connected to this interface. Source system.interface.name. - type: str - ip_mode: - description: - - Method used to assign client IP. - type: str - choices: - - range - - delegated - ip_range: - description: - - DHCP IP range configuration. - type: list - suboptions: - end_ip: - description: - - End of IP range. - type: str - id: - description: - - ID. - required: true - type: int - start_ip: - description: - - Start of IP range. - type: str - lease_time: - description: - - Lease time in seconds, 0 means unlimited. - type: int - option1: - description: - - Option 1. - type: str - option2: - description: - - Option 2. - type: str - option3: - description: - - Option 3. - type: str - prefix_range: - description: - - DHCP prefix configuration. - type: list - suboptions: - end_prefix: - description: - - End of prefix range. - type: str - id: - description: - - ID. - required: true - type: int - prefix_length: - description: - - Prefix length. - type: int - start_prefix: - description: - - Start of prefix range. - type: str - rapid_commit: - description: - - Enable/disable allow/disallow rapid commit. - type: str - choices: - - disable - - enable - status: - description: - - Enable/disable this DHCPv6 configuration. - type: str - choices: - - disable - - enable - subnet: - description: - - Subnet or subnet-id if the IP mode is delegated. - type: str - upstream_interface: - description: - - Interface name from where delegated information is provided. Source system.interface.name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure DHCPv6 servers. - fortios_system_dhcp6_server: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_dhcp6_server: - dns_search_list: "delegated" - dns_server1: "" - dns_server2: "" - dns_server3: "" - dns_service: "delegated" - domain: "" - id: "9" - interface: " (source system.interface.name)" - ip_mode: "range" - ip_range: - - - end_ip: "" - id: "14" - start_ip: "" - lease_time: "16" - option1: "" - option2: "" - option3: "" - prefix_range: - - - end_prefix: "" - id: "22" - prefix_length: "23" - start_prefix: "" - rapid_commit: "disable" - status: "disable" - subnet: "" - upstream_interface: " (source system.interface.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_dhcp6_server_data(json): - option_list = ['dns_search_list', 'dns_server1', 'dns_server2', - 'dns_server3', 'dns_service', 'domain', - 'id', 'interface', 'ip_mode', - 'ip_range', 'lease_time', 'option1', - 'option2', 'option3', 'prefix_range', - 'rapid_commit', 'status', 'subnet', - 'upstream_interface'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_dhcp6_server(data, fos): - vdom = data['vdom'] - state = data['state'] - system_dhcp6_server_data = data['system_dhcp6_server'] - filtered_data = underscore_to_hyphen(filter_system_dhcp6_server_data(system_dhcp6_server_data)) - - if state == "present": - return fos.set('system.dhcp6', - 'server', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system.dhcp6', - 'server', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system_dhcp6(data, fos): - - if data['system_dhcp6_server']: - resp = system_dhcp6_server(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_dhcp6_server": { - "required": False, "type": "dict", "default": None, - "options": { - "dns_search_list": {"required": False, "type": "str", - "choices": ["delegated", "specify"]}, - "dns_server1": {"required": False, "type": "str"}, - "dns_server2": {"required": False, "type": "str"}, - "dns_server3": {"required": False, "type": "str"}, - "dns_service": {"required": False, "type": "str", - "choices": ["delegated", "default", "specify"]}, - "domain": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "interface": {"required": False, "type": "str"}, - "ip_mode": {"required": False, "type": "str", - "choices": ["range", "delegated"]}, - "ip_range": {"required": False, "type": "list", - "options": { - "end_ip": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "start_ip": {"required": False, "type": "str"} - }}, - "lease_time": {"required": False, "type": "int"}, - "option1": {"required": False, "type": "str"}, - "option2": {"required": False, "type": "str"}, - "option3": {"required": False, "type": "str"}, - "prefix_range": {"required": False, "type": "list", - "options": { - "end_prefix": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "prefix_length": {"required": False, "type": "int"}, - "start_prefix": {"required": False, "type": "str"} - }}, - "rapid_commit": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "status": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "subnet": {"required": False, "type": "str"}, - "upstream_interface": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system_dhcp6(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system_dhcp6(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_dhcp_server.py b/lib/ansible/modules/network/fortios/fortios_system_dhcp_server.py deleted file mode 100644 index ac6c0eb9abe..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_dhcp_server.py +++ /dev/null @@ -1,938 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_dhcp_server -short_description: Configure DHCP servers in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system_dhcp feature and server category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - system_dhcp_server: - description: - - Configure DHCP servers. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - auto_configuration: - description: - - Enable/disable auto configuration. - type: str - choices: - - disable - - enable - conflicted_ip_timeout: - description: - - Time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused. - type: int - ddns_auth: - description: - - DDNS authentication mode. - type: str - choices: - - disable - - tsig - ddns_key: - description: - - DDNS update key (base 64 encoding). - type: str - ddns_keyname: - description: - - DDNS update key name. - type: str - ddns_server_ip: - description: - - DDNS server IP. - type: str - ddns_ttl: - description: - - TTL. - type: int - ddns_update: - description: - - Enable/disable DDNS update for DHCP. - type: str - choices: - - disable - - enable - ddns_update_override: - description: - - Enable/disable DDNS update override for DHCP. - type: str - choices: - - disable - - enable - ddns_zone: - description: - - Zone of your domain name (ex. DDNS.com). - type: str - default_gateway: - description: - - Default gateway IP address assigned by the DHCP server. - type: str - dns_server1: - description: - - DNS server 1. - type: str - dns_server2: - description: - - DNS server 2. - type: str - dns_server3: - description: - - DNS server 3. - type: str - dns_service: - description: - - Options for assigning DNS servers to DHCP clients. - type: str - choices: - - local - - default - - specify - domain: - description: - - Domain name suffix for the IP addresses that the DHCP server assigns to clients. - type: str - exclude_range: - description: - - Exclude one or more ranges of IP addresses from being assigned to clients. - type: list - suboptions: - end_ip: - description: - - End of IP range. - type: str - id: - description: - - ID. - required: true - type: int - start_ip: - description: - - Start of IP range. - type: str - filename: - description: - - Name of the boot file on the TFTP server. - type: str - forticlient_on_net_status: - description: - - Enable/disable FortiClient-On-Net service for this DHCP server. - type: str - choices: - - disable - - enable - id: - description: - - ID. - required: true - type: int - interface: - description: - - DHCP server can assign IP configurations to clients connected to this interface. Source system.interface.name. - type: str - ip_mode: - description: - - Method used to assign client IP. - type: str - choices: - - range - - usrgrp - ip_range: - description: - - DHCP IP range configuration. - type: list - suboptions: - end_ip: - description: - - End of IP range. - type: str - id: - description: - - ID. - required: true - type: int - start_ip: - description: - - Start of IP range. - type: str - ipsec_lease_hold: - description: - - DHCP over IPsec leases expire this many seconds after tunnel down (0 to disable forced-expiry). - type: int - lease_time: - description: - - Lease time in seconds, 0 means unlimited. - type: int - mac_acl_default_action: - description: - - MAC access control default action (allow or block assigning IP settings). - type: str - choices: - - assign - - block - netmask: - description: - - Netmask assigned by the DHCP server. - type: str - next_server: - description: - - IP address of a server (for example, a TFTP sever) that DHCP clients can download a boot file from. - type: str - ntp_server1: - description: - - NTP server 1. - type: str - ntp_server2: - description: - - NTP server 2. - type: str - ntp_server3: - description: - - NTP server 3. - type: str - ntp_service: - description: - - Options for assigning Network Time Protocol (NTP) servers to DHCP clients. - type: str - choices: - - local - - default - - specify - options: - description: - - DHCP options. - type: list - suboptions: - code: - description: - - DHCP option code. - type: int - id: - description: - - ID. - required: true - type: int - ip: - description: - - DHCP option IPs. - type: str - type: - description: - - DHCP option type. - type: str - choices: - - hex - - string - - ip - - fqdn - value: - description: - - DHCP option value. - type: str - reserved_address: - description: - - Options for the DHCP server to assign IP settings to specific MAC addresses. - type: list - suboptions: - action: - description: - - Options for the DHCP server to configure the client with the reserved MAC address. - type: str - choices: - - assign - - block - - reserved - description: - description: - - Description. - type: str - id: - description: - - ID. - required: true - type: int - ip: - description: - - IP address to be reserved for the MAC address. - type: str - mac: - description: - - MAC address of the client that will get the reserved IP address. - type: str - server_type: - description: - - DHCP server can be a normal DHCP server or an IPsec DHCP server. - type: str - choices: - - regular - - ipsec - status: - description: - - Enable/disable this DHCP configuration. - type: str - choices: - - disable - - enable - tftp_server: - description: - - One or more hostnames or IP addresses of the TFTP servers in quotes separated by spaces. - type: list - suboptions: - tftp_server: - description: - - TFTP server. - type: str - timezone: - description: - - Select the time zone to be assigned to DHCP clients. - type: str - choices: - - 01 - - 02 - - 03 - - 04 - - 05 - - 81 - - 06 - - 07 - - 08 - - 09 - - 10 - - 11 - - 12 - - 13 - - 74 - - 14 - - 77 - - 15 - - 87 - - 16 - - 17 - - 18 - - 19 - - 20 - - 75 - - 21 - - 22 - - 23 - - 24 - - 80 - - 79 - - 25 - - 26 - - 27 - - 28 - - 78 - - 29 - - 30 - - 31 - - 32 - - 33 - - 34 - - 35 - - 36 - - 37 - - 38 - - 83 - - 84 - - 40 - - 85 - - 41 - - 42 - - 43 - - 39 - - 44 - - 46 - - 47 - - 51 - - 48 - - 45 - - 49 - - 50 - - 52 - - 53 - - 54 - - 55 - - 56 - - 57 - - 58 - - 59 - - 60 - - 62 - - 63 - - 61 - - 64 - - 65 - - 66 - - 67 - - 68 - - 69 - - 70 - - 71 - - 72 - - 00 - - 82 - - 73 - - 86 - - 76 - timezone_option: - description: - - Options for the DHCP server to set the client's time zone. - type: str - choices: - - disable - - default - - specify - vci_match: - description: - - Enable/disable vendor class identifier (VCI) matching. When enabled only DHCP requests with a matching VCI are served. - type: str - choices: - - disable - - enable - vci_string: - description: - - One or more VCI strings in quotes separated by spaces. - type: list - suboptions: - vci_string: - description: - - VCI strings. - type: str - wifi_ac1: - description: - - WiFi Access Controller 1 IP address (DHCP option 138, RFC 5417). - type: str - wifi_ac2: - description: - - WiFi Access Controller 2 IP address (DHCP option 138, RFC 5417). - type: str - wifi_ac3: - description: - - WiFi Access Controller 3 IP address (DHCP option 138, RFC 5417). - type: str - wins_server1: - description: - - WINS server 1. - type: str - wins_server2: - description: - - WINS server 2. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure DHCP servers. - fortios_system_dhcp_server: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_dhcp_server: - auto_configuration: "disable" - conflicted_ip_timeout: "4" - ddns_auth: "disable" - ddns_key: "" - ddns_keyname: "" - ddns_server_ip: "" - ddns_ttl: "9" - ddns_update: "disable" - ddns_update_override: "disable" - ddns_zone: "" - default_gateway: "" - dns_server1: "" - dns_server2: "" - dns_server3: "" - dns_service: "local" - domain: "" - exclude_range: - - - end_ip: "" - id: "21" - start_ip: "" - filename: "" - forticlient_on_net_status: "disable" - id: "25" - interface: " (source system.interface.name)" - ip_mode: "range" - ip_range: - - - end_ip: "" - id: "30" - start_ip: "" - ipsec_lease_hold: "32" - lease_time: "33" - mac_acl_default_action: "assign" - netmask: "" - next_server: "" - ntp_server1: "" - ntp_server2: "" - ntp_server3: "" - ntp_service: "local" - options: - - - code: "42" - id: "43" - ip: "" - type: "hex" - value: "" - reserved_address: - - - action: "assign" - description: "" - id: "50" - ip: "" - mac: "" - server_type: "regular" - status: "disable" - tftp_server: - - - tftp_server: "" - timezone: "01" - timezone_option: "disable" - vci_match: "disable" - vci_string: - - - vci_string: "" - wifi_ac1: "" - wifi_ac2: "" - wifi_ac3: "" - wins_server1: "" - wins_server2: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_dhcp_server_data(json): - option_list = ['auto_configuration', 'conflicted_ip_timeout', 'ddns_auth', - 'ddns_key', 'ddns_keyname', 'ddns_server_ip', - 'ddns_ttl', 'ddns_update', 'ddns_update_override', - 'ddns_zone', 'default_gateway', 'dns_server1', - 'dns_server2', 'dns_server3', 'dns_service', - 'domain', 'exclude_range', 'filename', - 'forticlient_on_net_status', 'id', 'interface', - 'ip_mode', 'ip_range', 'ipsec_lease_hold', - 'lease_time', 'mac_acl_default_action', 'netmask', - 'next_server', 'ntp_server1', 'ntp_server2', - 'ntp_server3', 'ntp_service', 'options', - 'reserved_address', 'server_type', 'status', - 'tftp_server', 'timezone', 'timezone_option', - 'vci_match', 'vci_string', 'wifi_ac1', - 'wifi_ac2', 'wifi_ac3', 'wins_server1', - 'wins_server2'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_dhcp_server(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['system_dhcp_server'] and data['system_dhcp_server']: - state = data['system_dhcp_server']['state'] - else: - state = True - system_dhcp_server_data = data['system_dhcp_server'] - filtered_data = underscore_to_hyphen(filter_system_dhcp_server_data(system_dhcp_server_data)) - - if state == "present": - return fos.set('system.dhcp', - 'server', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system.dhcp', - 'server', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system_dhcp(data, fos): - - if data['system_dhcp_server']: - resp = system_dhcp_server(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "system_dhcp_server": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "auto_configuration": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "conflicted_ip_timeout": {"required": False, "type": "int"}, - "ddns_auth": {"required": False, "type": "str", - "choices": ["disable", "tsig"]}, - "ddns_key": {"required": False, "type": "str"}, - "ddns_keyname": {"required": False, "type": "str"}, - "ddns_server_ip": {"required": False, "type": "str"}, - "ddns_ttl": {"required": False, "type": "int"}, - "ddns_update": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "ddns_update_override": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "ddns_zone": {"required": False, "type": "str"}, - "default_gateway": {"required": False, "type": "str"}, - "dns_server1": {"required": False, "type": "str"}, - "dns_server2": {"required": False, "type": "str"}, - "dns_server3": {"required": False, "type": "str"}, - "dns_service": {"required": False, "type": "str", - "choices": ["local", "default", "specify"]}, - "domain": {"required": False, "type": "str"}, - "exclude_range": {"required": False, "type": "list", - "options": { - "end_ip": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "start_ip": {"required": False, "type": "str"} - }}, - "filename": {"required": False, "type": "str"}, - "forticlient_on_net_status": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "id": {"required": True, "type": "int"}, - "interface": {"required": False, "type": "str"}, - "ip_mode": {"required": False, "type": "str", - "choices": ["range", "usrgrp"]}, - "ip_range": {"required": False, "type": "list", - "options": { - "end_ip": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "start_ip": {"required": False, "type": "str"} - }}, - "ipsec_lease_hold": {"required": False, "type": "int"}, - "lease_time": {"required": False, "type": "int"}, - "mac_acl_default_action": {"required": False, "type": "str", - "choices": ["assign", "block"]}, - "netmask": {"required": False, "type": "str"}, - "next_server": {"required": False, "type": "str"}, - "ntp_server1": {"required": False, "type": "str"}, - "ntp_server2": {"required": False, "type": "str"}, - "ntp_server3": {"required": False, "type": "str"}, - "ntp_service": {"required": False, "type": "str", - "choices": ["local", "default", "specify"]}, - "options": {"required": False, "type": "list", - "options": { - "code": {"required": False, "type": "int"}, - "id": {"required": True, "type": "int"}, - "ip": {"required": False, "type": "str"}, - "type": {"required": False, "type": "str", - "choices": ["hex", "string", "ip", - "fqdn"]}, - "value": {"required": False, "type": "str"} - }}, - "reserved_address": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["assign", "block", "reserved"]}, - "description": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "ip": {"required": False, "type": "str"}, - "mac": {"required": False, "type": "str"} - }}, - "server_type": {"required": False, "type": "str", - "choices": ["regular", "ipsec"]}, - "status": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "tftp_server": {"required": False, "type": "list", - "options": { - "tftp_server": {"required": False, "type": "str"} - }}, - "timezone": {"required": False, "type": "str", - "choices": ["01", "02", "03", - "04", "05", "81", - "06", "07", "08", - "09", "10", "11", - "12", "13", "74", - "14", "77", "15", - "87", "16", "17", - "18", "19", "20", - "75", "21", "22", - "23", "24", "80", - "79", "25", "26", - "27", "28", "78", - "29", "30", "31", - "32", "33", "34", - "35", "36", "37", - "38", "83", "84", - "40", "85", "41", - "42", "43", "39", - "44", "46", "47", - "51", "48", "45", - "49", "50", "52", - "53", "54", "55", - "56", "57", "58", - "59", "60", "62", - "63", "61", "64", - "65", "66", "67", - "68", "69", "70", - "71", "72", "00", - "82", "73", "86", - "76"]}, - "timezone_option": {"required": False, "type": "str", - "choices": ["disable", "default", "specify"]}, - "vci_match": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "vci_string": {"required": False, "type": "list", - "options": { - "vci_string": {"required": False, "type": "str"} - }}, - "wifi_ac1": {"required": False, "type": "str"}, - "wifi_ac2": {"required": False, "type": "str"}, - "wifi_ac3": {"required": False, "type": "str"}, - "wins_server1": {"required": False, "type": "str"}, - "wins_server2": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system_dhcp(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system_dhcp(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_dns.py b/lib/ansible/modules/network/fortios/fortios_system_dns.py deleted file mode 100644 index e7b0984c152..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_dns.py +++ /dev/null @@ -1,368 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_dns -short_description: Configure DNS in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and dns category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - system_dns: - description: - - Configure DNS. - default: null - type: dict - suboptions: - cache_notfound_responses: - description: - - Enable/disable response from the DNS server when a record is not in cache. - type: str - choices: - - disable - - enable - dns_cache_limit: - description: - - Maximum number of records in the DNS cache. - type: int - dns_cache_ttl: - description: - - Duration in seconds that the DNS cache retains information. - type: int - domain: - description: - - Search suffix list for hostname lookup. - type: list - suboptions: - domain: - description: - - DNS search domain list separated by space (maximum 8 domains) - required: true - type: str - ip6_primary: - description: - - Primary DNS server IPv6 address. - type: str - ip6_secondary: - description: - - Secondary DNS server IPv6 address. - type: str - primary: - description: - - Primary DNS server IP address. - type: str - retry: - description: - - Number of times to retry (0 - 5). - type: int - secondary: - description: - - Secondary DNS server IP address. - type: str - source_ip: - description: - - IP address used by the DNS server as its source IP. - type: str - timeout: - description: - - DNS query timeout interval in seconds (1 - 10). - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure DNS. - fortios_system_dns: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_dns: - cache_notfound_responses: "disable" - dns_cache_limit: "4" - dns_cache_ttl: "5" - domain: - - - domain: "" - ip6_primary: "" - ip6_secondary: "" - primary: "" - retry: "11" - secondary: "" - source_ip: "84.230.14.43" - timeout: "14" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_dns_data(json): - option_list = ['cache_notfound_responses', 'dns_cache_limit', 'dns_cache_ttl', - 'domain', 'ip6_primary', 'ip6_secondary', - 'primary', 'retry', 'secondary', - 'source_ip', 'timeout'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_dns(data, fos): - vdom = data['vdom'] - system_dns_data = data['system_dns'] - filtered_data = underscore_to_hyphen(filter_system_dns_data(system_dns_data)) - - return fos.set('system', - 'dns', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_dns']: - resp = system_dns(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_dns": { - "required": False, "type": "dict", "default": None, - "options": { - "cache_notfound_responses": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "dns_cache_limit": {"required": False, "type": "int"}, - "dns_cache_ttl": {"required": False, "type": "int"}, - "domain": {"required": False, "type": "list", - "options": { - "domain": {"required": True, "type": "str"} - }}, - "ip6_primary": {"required": False, "type": "str"}, - "ip6_secondary": {"required": False, "type": "str"}, - "primary": {"required": False, "type": "str"}, - "retry": {"required": False, "type": "int"}, - "secondary": {"required": False, "type": "str"}, - "source_ip": {"required": False, "type": "str"}, - "timeout": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_dns_database.py b/lib/ansible/modules/network/fortios/fortios_system_dns_database.py deleted file mode 100644 index 3166ad1eb0b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_dns_database.py +++ /dev/null @@ -1,483 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_dns_database -short_description: Configure DNS databases in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and dns_database category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_dns_database: - description: - - Configure DNS databases. - default: null - type: dict - suboptions: - allow_transfer: - description: - - DNS zone transfer IP address list. - type: str - authoritative: - description: - - Enable/disable authoritative zone. - type: str - choices: - - enable - - disable - contact: - description: - - Email address of the administrator for this zone. - You can specify only the username (e.g. admin) or full email address (e.g. admin@test.com) - When using a simple username, the domain of the email will be this zone. - type: str - dns_entry: - description: - - DNS entry. - type: list - suboptions: - canonical_name: - description: - - Canonical name of the host. - type: str - hostname: - description: - - Name of the host. - type: str - id: - description: - - DNS entry ID. - required: true - type: int - ip: - description: - - IPv4 address of the host. - type: str - ipv6: - description: - - IPv6 address of the host. - type: str - preference: - description: - - DNS entry preference, 0 is the highest preference (0 - 65535) - type: int - status: - description: - - Enable/disable resource record status. - type: str - choices: - - enable - - disable - ttl: - description: - - Time-to-live for this entry (0 to 2147483647 sec). - type: int - type: - description: - - Resource record type. - type: str - choices: - - A - - NS - - CNAME - - MX - - AAAA - - PTR - - PTR_V6 - domain: - description: - - Domain name. - type: str - forwarder: - description: - - DNS zone forwarder IP address list. - type: str - ip_master: - description: - - IP address of master DNS server. Entries in this master DNS server and imported into the DNS zone. - type: str - name: - description: - - Zone name. - required: true - type: str - primary_name: - description: - - Domain name of the default DNS server for this zone. - type: str - source_ip: - description: - - Source IP for forwarding to DNS server. - type: str - status: - description: - - Enable/disable this DNS zone. - type: str - choices: - - enable - - disable - ttl: - description: - - Default time-to-live value for the entries of this DNS zone (0 - 2147483647 sec). - type: int - type: - description: - - Zone type (master to manage entries directly, slave to import entries from other zones). - type: str - choices: - - master - - slave - view: - description: - - Zone view (public to serve public clients, shadow to serve internal clients). - type: str - choices: - - shadow - - public -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure DNS databases. - fortios_system_dns_database: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_dns_database: - allow_transfer: "" - authoritative: "enable" - contact: "" - dns_entry: - - - canonical_name: "" - hostname: "myhostname" - id: "9" - ip: "" - ipv6: "" - preference: "12" - status: "enable" - ttl: "14" - type: "A" - domain: "" - forwarder: "" - ip_master: "" - name: "default_name_19" - primary_name: "" - source_ip: "84.230.14.43" - status: "enable" - ttl: "23" - type: "master" - view: "shadow" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_dns_database_data(json): - option_list = ['allow_transfer', 'authoritative', 'contact', - 'dns_entry', 'domain', 'forwarder', - 'ip_master', 'name', 'primary_name', - 'source_ip', 'status', 'ttl', - 'type', 'view'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_dns_database(data, fos): - vdom = data['vdom'] - state = data['state'] - system_dns_database_data = data['system_dns_database'] - filtered_data = underscore_to_hyphen(filter_system_dns_database_data(system_dns_database_data)) - - if state == "present": - return fos.set('system', - 'dns-database', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'dns-database', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_dns_database']: - resp = system_dns_database(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_dns_database": { - "required": False, "type": "dict", "default": None, - "options": { - "allow_transfer": {"required": False, "type": "str"}, - "authoritative": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "contact": {"required": False, "type": "str"}, - "dns_entry": {"required": False, "type": "list", - "options": { - "canonical_name": {"required": False, "type": "str"}, - "hostname": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "ip": {"required": False, "type": "str"}, - "ipv6": {"required": False, "type": "str"}, - "preference": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ttl": {"required": False, "type": "int"}, - "type": {"required": False, "type": "str", - "choices": ["A", "NS", "CNAME", - "MX", "AAAA", "PTR", - "PTR_V6"]} - }}, - "domain": {"required": False, "type": "str"}, - "forwarder": {"required": False, "type": "str"}, - "ip_master": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "primary_name": {"required": False, "type": "str"}, - "source_ip": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ttl": {"required": False, "type": "int"}, - "type": {"required": False, "type": "str", - "choices": ["master", "slave"]}, - "view": {"required": False, "type": "str", - "choices": ["shadow", "public"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_dns_server.py b/lib/ansible/modules/network/fortios/fortios_system_dns_server.py deleted file mode 100644 index fec29cb6469..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_dns_server.py +++ /dev/null @@ -1,326 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_dns_server -short_description: Configure DNS servers in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and dns_server category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_dns_server: - description: - - Configure DNS servers. - default: null - type: dict - suboptions: - dnsfilter_profile: - description: - - DNS filter profile. Source dnsfilter.profile.name. - type: str - mode: - description: - - DNS server mode. - type: str - choices: - - recursive - - non-recursive - - forward-only - name: - description: - - DNS server name. Source system.interface.name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure DNS servers. - fortios_system_dns_server: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_dns_server: - dnsfilter_profile: " (source dnsfilter.profile.name)" - mode: "recursive" - name: "default_name_5 (source system.interface.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_dns_server_data(json): - option_list = ['dnsfilter_profile', 'mode', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_dns_server(data, fos): - vdom = data['vdom'] - state = data['state'] - system_dns_server_data = data['system_dns_server'] - filtered_data = underscore_to_hyphen(filter_system_dns_server_data(system_dns_server_data)) - - if state == "present": - return fos.set('system', - 'dns-server', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'dns-server', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_dns_server']: - resp = system_dns_server(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_dns_server": { - "required": False, "type": "dict", "default": None, - "options": { - "dnsfilter_profile": {"required": False, "type": "str"}, - "mode": {"required": False, "type": "str", - "choices": ["recursive", "non-recursive", "forward-only"]}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_dscp_based_priority.py b/lib/ansible/modules/network/fortios/fortios_system_dscp_based_priority.py deleted file mode 100644 index 98e109571e7..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_dscp_based_priority.py +++ /dev/null @@ -1,326 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_dscp_based_priority -short_description: Configure DSCP based priority table in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and dscp_based_priority category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_dscp_based_priority: - description: - - Configure DSCP based priority table. - default: null - type: dict - suboptions: - ds: - description: - - DSCP(DiffServ) DS value (0 - 63). - type: int - id: - description: - - Item ID. - required: true - type: int - priority: - description: - - DSCP based priority level. - type: str - choices: - - low - - medium - - high -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure DSCP based priority table. - fortios_system_dscp_based_priority: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_dscp_based_priority: - ds: "3" - id: "4" - priority: "low" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_dscp_based_priority_data(json): - option_list = ['ds', 'id', 'priority'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_dscp_based_priority(data, fos): - vdom = data['vdom'] - state = data['state'] - system_dscp_based_priority_data = data['system_dscp_based_priority'] - filtered_data = underscore_to_hyphen(filter_system_dscp_based_priority_data(system_dscp_based_priority_data)) - - if state == "present": - return fos.set('system', - 'dscp-based-priority', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'dscp-based-priority', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_dscp_based_priority']: - resp = system_dscp_based_priority(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_dscp_based_priority": { - "required": False, "type": "dict", "default": None, - "options": { - "ds": {"required": False, "type": "int"}, - "id": {"required": True, "type": "int"}, - "priority": {"required": False, "type": "str", - "choices": ["low", "medium", "high"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_email_server.py b/lib/ansible/modules/network/fortios/fortios_system_email_server.py deleted file mode 100644 index 078aebd5dbe..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_email_server.py +++ /dev/null @@ -1,385 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_email_server -short_description: Configure the email server used by the FortiGate various things. For example, for sending email messages to users to support user - authentication features in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and email_server category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_email_server: - description: - - Configure the email server used by the FortiGate various things. For example, for sending email messages to users to support user authentication - features. - default: null - type: dict - suboptions: - authenticate: - description: - - Enable/disable authentication. - type: str - choices: - - enable - - disable - password: - description: - - SMTP server user password for authentication. - type: str - port: - description: - - SMTP server port. - type: int - reply_to: - description: - - Reply-To email address. - type: str - security: - description: - - Connection security used by the email server. - type: str - choices: - - none - - starttls - - smtps - server: - description: - - SMTP server IP address or hostname. - type: str - source_ip: - description: - - SMTP server IPv4 source IP. - type: str - source_ip6: - description: - - SMTP server IPv6 source IP. - type: str - ssl_min_proto_version: - description: - - Minimum supported protocol version for SSL/TLS connections . - type: str - choices: - - default - - SSLv3 - - TLSv1 - - TLSv1-1 - - TLSv1-2 - type: - description: - - Use FortiGuard Message service or custom email server. - type: str - choices: - - custom - username: - description: - - SMTP server user name for authentication. - type: str - validate_server: - description: - - Enable/disable validation of server certificate. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure the email server used by the FortiGate various things. For example, for sending email messages to users to support user authentication - features. - fortios_system_email_server: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_email_server: - authenticate: "enable" - password: "" - port: "5" - reply_to: "" - security: "none" - server: "192.168.100.40" - source_ip: "84.230.14.43" - source_ip6: "" - ssl_min_proto_version: "default" - type: "custom" - username: "" - validate_server: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_email_server_data(json): - option_list = ['authenticate', 'password', 'port', - 'reply_to', 'security', 'server', - 'source_ip', 'source_ip6', 'ssl_min_proto_version', - 'type', 'username', 'validate_server'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_email_server(data, fos): - vdom = data['vdom'] - system_email_server_data = data['system_email_server'] - filtered_data = underscore_to_hyphen(filter_system_email_server_data(system_email_server_data)) - - return fos.set('system', - 'email-server', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_email_server']: - resp = system_email_server(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_email_server": { - "required": False, "type": "dict", "default": None, - "options": { - "authenticate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "password": {"required": False, "type": "str"}, - "port": {"required": False, "type": "int"}, - "reply_to": {"required": False, "type": "str"}, - "security": {"required": False, "type": "str", - "choices": ["none", "starttls", "smtps"]}, - "server": {"required": False, "type": "str"}, - "source_ip": {"required": False, "type": "str"}, - "source_ip6": {"required": False, "type": "str"}, - "ssl_min_proto_version": {"required": False, "type": "str", - "choices": ["default", "SSLv3", "TLSv1", - "TLSv1-1", "TLSv1-2"]}, - "type": {"required": False, "type": "str", - "choices": ["custom"]}, - "username": {"required": False, "type": "str"}, - "validate_server": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_external_resource.py b/lib/ansible/modules/network/fortios/fortios_system_external_resource.py deleted file mode 100644 index d37b984b4f8..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_external_resource.py +++ /dev/null @@ -1,356 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_external_resource -short_description: Configure external resource in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and external_resource category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_external_resource: - description: - - Configure external resource. - default: null - type: dict - suboptions: - category: - description: - - User resource category. - type: int - comments: - description: - - Comment. - type: str - name: - description: - - External resource name. - required: true - type: str - refresh_rate: - description: - - Time interval to refresh external resource (1 - 43200 min). - type: int - resource: - description: - - URI of external resource. - type: str - status: - description: - - Enable/disable user resource. - type: str - choices: - - enable - - disable - type: - description: - - User resource type. - type: str - choices: - - category - - address - - domain -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure external resource. - fortios_system_external_resource: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_external_resource: - category: "3" - comments: "" - name: "default_name_5" - refresh_rate: "6" - resource: "" - status: "enable" - type: "category" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_external_resource_data(json): - option_list = ['category', 'comments', 'name', - 'refresh_rate', 'resource', 'status', - 'type'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_external_resource(data, fos): - vdom = data['vdom'] - state = data['state'] - system_external_resource_data = data['system_external_resource'] - filtered_data = underscore_to_hyphen(filter_system_external_resource_data(system_external_resource_data)) - - if state == "present": - return fos.set('system', - 'external-resource', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'external-resource', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_external_resource']: - resp = system_external_resource(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_external_resource": { - "required": False, "type": "dict", "default": None, - "options": { - "category": {"required": False, "type": "int"}, - "comments": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "refresh_rate": {"required": False, "type": "int"}, - "resource": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "type": {"required": False, "type": "str", - "choices": ["category", "address", "domain"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_fips_cc.py b/lib/ansible/modules/network/fortios/fortios_system_fips_cc.py deleted file mode 100644 index 816138bc045..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_fips_cc.py +++ /dev/null @@ -1,310 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_fips_cc -short_description: Configure FIPS-CC mode in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and fips_cc category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_fips_cc: - description: - - Configure FIPS-CC mode. - default: null - type: dict - suboptions: - entropy_token: - description: - - Enable/disable/dynamic entropy token. - type: str - choices: - - enable - - disable - - dynamic - key_generation_self_test: - description: - - Enable/disable self tests after key generation. - type: str - choices: - - enable - - disable - self_test_period: - description: - - Self test period. - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FIPS-CC mode. - fortios_system_fips_cc: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_fips_cc: - entropy_token: "enable" - key_generation_self_test: "enable" - self_test_period: "5" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_fips_cc_data(json): - option_list = ['entropy_token', 'key_generation_self_test', 'self_test_period'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_fips_cc(data, fos): - vdom = data['vdom'] - system_fips_cc_data = data['system_fips_cc'] - filtered_data = underscore_to_hyphen(filter_system_fips_cc_data(system_fips_cc_data)) - - return fos.set('system', - 'fips-cc', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_fips_cc']: - resp = system_fips_cc(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_fips_cc": { - "required": False, "type": "dict", "default": None, - "options": { - "entropy_token": {"required": False, "type": "str", - "choices": ["enable", "disable", "dynamic"]}, - "key_generation_self_test": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "self_test_period": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_firmware_upgrade.py b/lib/ansible/modules/network/fortios/fortios_system_firmware_upgrade.py deleted file mode 100644 index 6f17299ee9b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_firmware_upgrade.py +++ /dev/null @@ -1,358 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_firmware_upgrade -short_description: Perform firmware upgrade on FortiGate or FortiOS (FOS) device. -description: - - This module is able to perform firmware upgrade on FortiGate or FortiOS (FOS) device by specifying - firmware upgrade source, filename and whether format boot partition before upgrade. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.2 -version_added: "2.9" -author: - - Don Yao (@fortinetps) - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - required: false - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - required: false - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - required: false - system_firmware: - description: - - Possible parameters to go in the body for the request. - Specify firmware upgrade source, filename and whether - format boot partition before upgrade - default: null - type: dict - required: true - suboptions: - file_content: - description: - - "Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be - included in HTTP body." - type: str - required: false - filename: - description: - - Name and path of the local firmware file. - type: str - required: true - format_partition: - description: - - Set to true to format boot partition before upgrade. - type: bool - required: false - source: - description: - - Firmware file data source [upload|usb|fortiguard]. - type: str - required: true - choices: - - upload - - usb - - fortiguard -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Perform firmware upgrade with local firmware file. - fortios_system_firmware: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - ssl_verify: "False" - system_firmware: - file_content: "" - filename: "" - format_partition: "" - source: "upload" - register: fortios_system_firmware_upgrade_result - - - debug: - var: - # please check the following status to confirm - fortios_system_firmware_upgrade_result.meta.results.status - - - name: Perform firmware upgrade with firmware file on USB. - fortios_system_firmware_upgrade: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - ssl_verify: "False" - system_firmware: - filename: "" - format_partition: "" - source: "usb" - register: fortios_system_firmware_upgrade_result - - - debug: - var: - # please check the following status to confirm - fortios_system_firmware_upgrade_result.meta.results.status - - - name: Perform firmware upgrade from FortiGuard. - fortios_system_firmware_upgrade: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - ssl_verify: "False" - system_firmware: - filename: "" - format_partition: "" - source: "fortiguard" - register: fortios_system_firmware_upgrade_result - - - debug: - var: - # please check the following status to confirm - fortios_system_firmware_upgrade_result.meta.results.status -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'POST' -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "firmware" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "system" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG -import os -import base64 - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, timeout=300, verify=ssl_verify) - - -def filter_system_firmware_data(json): - option_list = ['file_content', 'filename', 'format_partition', - 'source'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def system_firmware(data, fos, check_mode=False): - vdom = data['vdom'] - - system_firmware_data = data['system_firmware'] - - filtered_data = {} - filtered_data['source'] = system_firmware_data['source'] - if hasattr(system_firmware_data, 'format_partition'): - filtered_data['format_partition'] = system_firmware_data['format_partition'] - if filtered_data['source'] == 'upload': - try: - filtered_data['file_content'] = base64.b64encode(open(system_firmware_data['filename'], 'rb').read()).decode('utf-8') - except Exception: - filtered_data['file_content'] = '' - else: - filtered_data['filename'] = system_firmware_data['filename'] - - return fos.execute('system', - 'firmware/upgrade', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_firmware']: - resp = system_firmware(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_firmware": { - "required": True, "type": "dict", - "options": { - "file_content": {"required": False, "type": "str"}, - "filename": {"required": True, "type": "str"}, - "format_partition": {"required": False, "type": "bool"}, - "source": {"required": True, "type": "str", - "choices": ["upload", "usb", "fortiguard"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_fm.py b/lib/ansible/modules/network/fortios/fortios_system_fm.py deleted file mode 100644 index 78c57064726..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_fm.py +++ /dev/null @@ -1,343 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_fm -short_description: Configure FM in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and fm category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_fm: - description: - - Configure FM. - default: null - type: dict - suboptions: - auto_backup: - description: - - Enable/disable automatic backup. - type: str - choices: - - enable - - disable - id: - description: - - ID. - type: str - ip: - description: - - IP address. - type: str - ipsec: - description: - - Enable/disable IPsec. - type: str - choices: - - enable - - disable - scheduled_config_restore: - description: - - Enable/disable scheduled configuration restore. - type: str - choices: - - enable - - disable - status: - description: - - Enable/disable FM. - type: str - choices: - - enable - - disable - vdom: - description: - - VDOM. Source system.vdom.name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FM. - fortios_system_fm: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_fm: - auto_backup: "enable" - id: "4" - ip: "" - ipsec: "enable" - scheduled_config_restore: "enable" - status: "enable" - vdom: " (source system.vdom.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_fm_data(json): - option_list = ['auto_backup', 'id', 'ip', - 'ipsec', 'scheduled_config_restore', 'status', - 'vdom'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_fm(data, fos): - vdom = data['vdom'] - system_fm_data = data['system_fm'] - filtered_data = underscore_to_hyphen(filter_system_fm_data(system_fm_data)) - - return fos.set('system', - 'fm', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_fm']: - resp = system_fm(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_fm": { - "required": False, "type": "dict", "default": None, - "options": { - "auto_backup": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "id": {"required": False, "type": "str"}, - "ip": {"required": False, "type": "str"}, - "ipsec": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "scheduled_config_restore": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "vdom": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_fortiguard.py b/lib/ansible/modules/network/fortios/fortios_system_fortiguard.py deleted file mode 100644 index 6bfb1115d5f..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_fortiguard.py +++ /dev/null @@ -1,517 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_fortiguard -short_description: Configure FortiGuard services in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and fortiguard category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_fortiguard: - description: - - Configure FortiGuard services. - default: null - type: dict - suboptions: - antispam_cache: - description: - - Enable/disable FortiGuard antispam request caching. Uses a small amount of memory but improves performance. - type: str - choices: - - enable - - disable - antispam_cache_mpercent: - description: - - Maximum percent of FortiGate memory the antispam cache is allowed to use (1 - 15%). - type: int - antispam_cache_ttl: - description: - - Time-to-live for antispam cache entries in seconds (300 - 86400). Lower times reduce the cache size. Higher times may improve - performance since the cache will have more entries. - type: int - antispam_expiration: - description: - - Expiration date of the FortiGuard antispam contract. - type: int - antispam_force_off: - description: - - Enable/disable turning off the FortiGuard antispam service. - type: str - choices: - - enable - - disable - antispam_license: - description: - - Interval of time between license checks for the FortiGuard antispam contract. - type: int - antispam_timeout: - description: - - Antispam query time out (1 - 30 sec). - type: int - auto_join_forticloud: - description: - - Automatically connect to and login to FortiCloud. - type: str - choices: - - enable - - disable - ddns_server_ip: - description: - - IP address of the FortiDDNS server. - type: str - ddns_server_port: - description: - - Port used to communicate with FortiDDNS servers. - type: int - load_balance_servers: - description: - - Number of servers to alternate between as first FortiGuard option. - type: int - outbreak_prevention_cache: - description: - - Enable/disable FortiGuard Virus Outbreak Prevention cache. - type: str - choices: - - enable - - disable - outbreak_prevention_cache_mpercent: - description: - - Maximum percent of memory FortiGuard Virus Outbreak Prevention cache can use (1 - 15%). - type: int - outbreak_prevention_cache_ttl: - description: - - Time-to-live for FortiGuard Virus Outbreak Prevention cache entries (300 - 86400 sec). - type: int - outbreak_prevention_expiration: - description: - - Expiration date of FortiGuard Virus Outbreak Prevention contract. - type: int - outbreak_prevention_force_off: - description: - - Turn off FortiGuard Virus Outbreak Prevention service. - type: str - choices: - - enable - - disable - outbreak_prevention_license: - description: - - Interval of time between license checks for FortiGuard Virus Outbreak Prevention contract. - type: int - outbreak_prevention_timeout: - description: - - FortiGuard Virus Outbreak Prevention time out (1 - 30 sec). - type: int - port: - description: - - Port used to communicate with the FortiGuard servers. - type: str - choices: - - 53 - - 8888 - - 80 - sdns_server_ip: - description: - - IP address of the FortiDNS server. - type: str - sdns_server_port: - description: - - Port used to communicate with FortiDNS servers. - type: int - service_account_id: - description: - - Service account ID. - type: str - source_ip: - description: - - Source IPv4 address used to communicate with FortiGuard. - type: str - source_ip6: - description: - - Source IPv6 address used to communicate with FortiGuard. - type: str - update_server_location: - description: - - Signature update server location. - type: str - choices: - - usa - - any - webfilter_cache: - description: - - Enable/disable FortiGuard web filter caching. - type: str - choices: - - enable - - disable - webfilter_cache_ttl: - description: - - Time-to-live for web filter cache entries in seconds (300 - 86400). - type: int - webfilter_expiration: - description: - - Expiration date of the FortiGuard web filter contract. - type: int - webfilter_force_off: - description: - - Enable/disable turning off the FortiGuard web filtering service. - type: str - choices: - - enable - - disable - webfilter_license: - description: - - Interval of time between license checks for the FortiGuard web filter contract. - type: int - webfilter_timeout: - description: - - Web filter query time out (1 - 30 sec). - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiGuard services. - fortios_system_fortiguard: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_fortiguard: - antispam_cache: "enable" - antispam_cache_mpercent: "4" - antispam_cache_ttl: "5" - antispam_expiration: "6" - antispam_force_off: "enable" - antispam_license: "8" - antispam_timeout: "9" - auto_join_forticloud: "enable" - ddns_server_ip: "" - ddns_server_port: "12" - load_balance_servers: "13" - outbreak_prevention_cache: "enable" - outbreak_prevention_cache_mpercent: "15" - outbreak_prevention_cache_ttl: "16" - outbreak_prevention_expiration: "17" - outbreak_prevention_force_off: "enable" - outbreak_prevention_license: "19" - outbreak_prevention_timeout: "20" - port: "53" - sdns_server_ip: "" - sdns_server_port: "23" - service_account_id: "" - source_ip: "84.230.14.43" - source_ip6: "" - update_server_location: "usa" - webfilter_cache: "enable" - webfilter_cache_ttl: "29" - webfilter_expiration: "30" - webfilter_force_off: "enable" - webfilter_license: "32" - webfilter_timeout: "33" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_fortiguard_data(json): - option_list = ['antispam_cache', 'antispam_cache_mpercent', 'antispam_cache_ttl', - 'antispam_expiration', 'antispam_force_off', 'antispam_license', - 'antispam_timeout', 'auto_join_forticloud', 'ddns_server_ip', - 'ddns_server_port', 'load_balance_servers', 'outbreak_prevention_cache', - 'outbreak_prevention_cache_mpercent', 'outbreak_prevention_cache_ttl', 'outbreak_prevention_expiration', - 'outbreak_prevention_force_off', 'outbreak_prevention_license', 'outbreak_prevention_timeout', - 'port', 'sdns_server_ip', 'sdns_server_port', - 'service_account_id', 'source_ip', 'source_ip6', - 'update_server_location', 'webfilter_cache', 'webfilter_cache_ttl', - 'webfilter_expiration', 'webfilter_force_off', 'webfilter_license', - 'webfilter_timeout'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_fortiguard(data, fos): - vdom = data['vdom'] - system_fortiguard_data = data['system_fortiguard'] - filtered_data = underscore_to_hyphen(filter_system_fortiguard_data(system_fortiguard_data)) - - return fos.set('system', - 'fortiguard', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_fortiguard']: - resp = system_fortiguard(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_fortiguard": { - "required": False, "type": "dict", "default": None, - "options": { - "antispam_cache": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "antispam_cache_mpercent": {"required": False, "type": "int"}, - "antispam_cache_ttl": {"required": False, "type": "int"}, - "antispam_expiration": {"required": False, "type": "int"}, - "antispam_force_off": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "antispam_license": {"required": False, "type": "int"}, - "antispam_timeout": {"required": False, "type": "int"}, - "auto_join_forticloud": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ddns_server_ip": {"required": False, "type": "str"}, - "ddns_server_port": {"required": False, "type": "int"}, - "load_balance_servers": {"required": False, "type": "int"}, - "outbreak_prevention_cache": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "outbreak_prevention_cache_mpercent": {"required": False, "type": "int"}, - "outbreak_prevention_cache_ttl": {"required": False, "type": "int"}, - "outbreak_prevention_expiration": {"required": False, "type": "int"}, - "outbreak_prevention_force_off": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "outbreak_prevention_license": {"required": False, "type": "int"}, - "outbreak_prevention_timeout": {"required": False, "type": "int"}, - "port": {"required": False, "type": "str", - "choices": ["53", "8888", "80"]}, - "sdns_server_ip": {"required": False, "type": "str"}, - "sdns_server_port": {"required": False, "type": "int"}, - "service_account_id": {"required": False, "type": "str"}, - "source_ip": {"required": False, "type": "str"}, - "source_ip6": {"required": False, "type": "str"}, - "update_server_location": {"required": False, "type": "str", - "choices": ["usa", "any"]}, - "webfilter_cache": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "webfilter_cache_ttl": {"required": False, "type": "int"}, - "webfilter_expiration": {"required": False, "type": "int"}, - "webfilter_force_off": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "webfilter_license": {"required": False, "type": "int"}, - "webfilter_timeout": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_fortimanager.py b/lib/ansible/modules/network/fortios/fortios_system_fortimanager.py deleted file mode 100644 index b7065af7ec6..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_fortimanager.py +++ /dev/null @@ -1,347 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_fortimanager -short_description: Configure FortiManager in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and fortimanager category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_fortimanager: - description: - - Configure FortiManager. - default: null - type: dict - suboptions: - central_management: - description: - - Enable/disable FortiManager central management. - type: str - choices: - - enable - - disable - central_mgmt_auto_backup: - description: - - Enable/disable central management auto backup. - type: str - choices: - - enable - - disable - central_mgmt_schedule_config_restore: - description: - - Enable/disable central management schedule config restore. - type: str - choices: - - enable - - disable - central_mgmt_schedule_script_restore: - description: - - Enable/disable central management schedule script restore. - type: str - choices: - - enable - - disable - ip: - description: - - IP address. - type: str - ipsec: - description: - - Enable/disable FortiManager IPsec tunnel. - type: str - choices: - - enable - - disable - vdom: - description: - - Virtual domain name. Source system.vdom.name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiManager. - fortios_system_fortimanager: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_fortimanager: - central_management: "enable" - central_mgmt_auto_backup: "enable" - central_mgmt_schedule_config_restore: "enable" - central_mgmt_schedule_script_restore: "enable" - ip: "" - ipsec: "enable" - vdom: " (source system.vdom.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_fortimanager_data(json): - option_list = ['central_management', 'central_mgmt_auto_backup', 'central_mgmt_schedule_config_restore', - 'central_mgmt_schedule_script_restore', 'ip', 'ipsec', - 'vdom'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_fortimanager(data, fos): - vdom = data['vdom'] - system_fortimanager_data = data['system_fortimanager'] - filtered_data = underscore_to_hyphen(filter_system_fortimanager_data(system_fortimanager_data)) - - return fos.set('system', - 'fortimanager', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_fortimanager']: - resp = system_fortimanager(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_fortimanager": { - "required": False, "type": "dict", "default": None, - "options": { - "central_management": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "central_mgmt_auto_backup": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "central_mgmt_schedule_config_restore": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "central_mgmt_schedule_script_restore": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ip": {"required": False, "type": "str"}, - "ipsec": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "vdom": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_fortisandbox.py b/lib/ansible/modules/network/fortios/fortios_system_fortisandbox.py deleted file mode 100644 index c066635e61b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_fortisandbox.py +++ /dev/null @@ -1,337 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_fortisandbox -short_description: Configure FortiSandbox in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and fortisandbox category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_fortisandbox: - description: - - Configure FortiSandbox. - default: null - type: dict - suboptions: - email: - description: - - Notifier email address. - type: str - enc_algorithm: - description: - - Configure the level of SSL protection for secure communication with FortiSandbox. - type: str - choices: - - default - - high - - low - server: - description: - - IPv4 or IPv6 address of the remote FortiSandbox. - type: str - source_ip: - description: - - Source IP address for communications to FortiSandbox. - type: str - ssl_min_proto_version: - description: - - Minimum supported protocol version for SSL/TLS connections . - type: str - choices: - - default - - SSLv3 - - TLSv1 - - TLSv1-1 - - TLSv1-2 - status: - description: - - Enable/disable FortiSandbox. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiSandbox. - fortios_system_fortisandbox: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_fortisandbox: - email: "" - enc_algorithm: "default" - server: "192.168.100.40" - source_ip: "84.230.14.43" - ssl_min_proto_version: "default" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_fortisandbox_data(json): - option_list = ['email', 'enc_algorithm', 'server', - 'source_ip', 'ssl_min_proto_version', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_fortisandbox(data, fos): - vdom = data['vdom'] - system_fortisandbox_data = data['system_fortisandbox'] - filtered_data = underscore_to_hyphen(filter_system_fortisandbox_data(system_fortisandbox_data)) - - return fos.set('system', - 'fortisandbox', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_fortisandbox']: - resp = system_fortisandbox(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_fortisandbox": { - "required": False, "type": "dict", "default": None, - "options": { - "email": {"required": False, "type": "str"}, - "enc_algorithm": {"required": False, "type": "str", - "choices": ["default", "high", "low"]}, - "server": {"required": False, "type": "str"}, - "source_ip": {"required": False, "type": "str"}, - "ssl_min_proto_version": {"required": False, "type": "str", - "choices": ["default", "SSLv3", "TLSv1", - "TLSv1-1", "TLSv1-2"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_fsso_polling.py b/lib/ansible/modules/network/fortios/fortios_system_fsso_polling.py deleted file mode 100644 index aff4049eaa9..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_fsso_polling.py +++ /dev/null @@ -1,316 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_fsso_polling -short_description: Configure Fortinet Single Sign On (FSSO) server in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and fsso_polling category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_fsso_polling: - description: - - Configure Fortinet Single Sign On (FSSO) server. - default: null - type: dict - suboptions: - auth_password: - description: - - Password to connect to FSSO Agent. - type: str - authentication: - description: - - Enable/disable FSSO Agent Authentication. - type: str - choices: - - enable - - disable - listening_port: - description: - - Listening port to accept clients (1 - 65535). - type: int - status: - description: - - Enable/disable FSSO Polling Mode. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure Fortinet Single Sign On (FSSO) server. - fortios_system_fsso_polling: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_fsso_polling: - auth_password: "" - authentication: "enable" - listening_port: "5" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_fsso_polling_data(json): - option_list = ['auth_password', 'authentication', 'listening_port', - 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_fsso_polling(data, fos): - vdom = data['vdom'] - system_fsso_polling_data = data['system_fsso_polling'] - filtered_data = underscore_to_hyphen(filter_system_fsso_polling_data(system_fsso_polling_data)) - - return fos.set('system', - 'fsso-polling', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_fsso_polling']: - resp = system_fsso_polling(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_fsso_polling": { - "required": False, "type": "dict", "default": None, - "options": { - "auth_password": {"required": False, "type": "str"}, - "authentication": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "listening_port": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_ftm_push.py b/lib/ansible/modules/network/fortios/fortios_system_ftm_push.py deleted file mode 100644 index fffb56bb57a..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_ftm_push.py +++ /dev/null @@ -1,305 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_ftm_push -short_description: Configure FortiToken Mobile push services in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and ftm_push category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_ftm_push: - description: - - Configure FortiToken Mobile push services. - default: null - type: dict - suboptions: - server_ip: - description: - - "IPv4 address of FortiToken Mobile push services server (format: xxx.xxx.xxx.xxx)." - type: str - server_port: - description: - - Port to communicate with FortiToken Mobile push services server (1 - 65535). - type: int - status: - description: - - Enable/disable the use of FortiToken Mobile push services. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiToken Mobile push services. - fortios_system_ftm_push: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_ftm_push: - server_ip: "" - server_port: "4" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_ftm_push_data(json): - option_list = ['server_ip', 'server_port', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_ftm_push(data, fos): - vdom = data['vdom'] - system_ftm_push_data = data['system_ftm_push'] - filtered_data = underscore_to_hyphen(filter_system_ftm_push_data(system_ftm_push_data)) - - return fos.set('system', - 'ftm-push', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_ftm_push']: - resp = system_ftm_push(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_ftm_push": { - "required": False, "type": "dict", "default": None, - "options": { - "server_ip": {"required": False, "type": "str"}, - "server_port": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_geoip_override.py b/lib/ansible/modules/network/fortios/fortios_system_geoip_override.py deleted file mode 100644 index 7a1784e2b64..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_geoip_override.py +++ /dev/null @@ -1,351 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_geoip_override -short_description: Configure geographical location mapping for IP address(es) to override mappings from FortiGuard in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and geoip_override category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_geoip_override: - description: - - Configure geographical location mapping for IP address(es) to override mappings from FortiGuard. - default: null - type: dict - suboptions: - country_id: - description: - - Two character Country ID code. - type: str - description: - description: - - Description. - type: str - ip_range: - description: - - Table of IP ranges assigned to country. - type: list - suboptions: - end_ip: - description: - - "Final IP address, inclusive, of the address range (format: xxx.xxx.xxx.xxx)." - type: str - id: - description: - - ID number for individual entry in the IP-Range table. - required: true - type: int - start_ip: - description: - - "Starting IP address, inclusive, of the address range (format: xxx.xxx.xxx.xxx)." - type: str - name: - description: - - Location name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure geographical location mapping for IP address(es) to override mappings from FortiGuard. - fortios_system_geoip_override: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_geoip_override: - country_id: "" - description: "" - ip_range: - - - end_ip: "" - id: "7" - start_ip: "" - name: "default_name_9" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_geoip_override_data(json): - option_list = ['country_id', 'description', 'ip_range', - 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_geoip_override(data, fos): - vdom = data['vdom'] - state = data['state'] - system_geoip_override_data = data['system_geoip_override'] - filtered_data = underscore_to_hyphen(filter_system_geoip_override_data(system_geoip_override_data)) - - if state == "present": - return fos.set('system', - 'geoip-override', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'geoip-override', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_geoip_override']: - resp = system_geoip_override(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_geoip_override": { - "required": False, "type": "dict", "default": None, - "options": { - "country_id": {"required": False, "type": "str"}, - "description": {"required": False, "type": "str"}, - "ip_range": {"required": False, "type": "list", - "options": { - "end_ip": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "start_ip": {"required": False, "type": "str"} - }}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_global.py b/lib/ansible/modules/network/fortios/fortios_system_global.py deleted file mode 100644 index fe485d4577b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_global.py +++ /dev/null @@ -1,2011 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_global -short_description: Configure global attributes in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and global category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - system_global: - description: - - Configure global attributes. - default: null - type: dict - suboptions: - admin_concurrent: - description: - - Enable/disable concurrent administrator logins. (Use policy-auth-concurrent for firewall authenticated users.) - type: str - choices: - - enable - - disable - admin_console_timeout: - description: - - Console login timeout that overrides the admintimeout value. (15 - 300 seconds) (15 seconds to 5 minutes). 0 the default, disables this - timeout. - type: int - admin_hsts_max_age: - description: - - HTTPS Strict-Transport-Security header max-age in seconds. A value of 0 will reset any HSTS records in the browser.When - admin-https-redirect is disabled the header max-age will be 0. - type: int - admin_https_pki_required: - description: - - Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to - allow administrators to log in with a certificate or password. - type: str - choices: - - enable - - disable - admin_https_redirect: - description: - - Enable/disable redirection of HTTP administration access to HTTPS. - type: str - choices: - - enable - - disable - admin_https_ssl_versions: - description: - - Allowed TLS versions for web administration. - type: list - choices: - - tlsv1-0 - - tlsv1-1 - - tlsv1-2 - admin_lockout_duration: - description: - - Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed - login attempts. - type: int - admin_lockout_threshold: - description: - - Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration. - type: int - admin_login_max: - description: - - Maximum number of administrators who can be logged in at the same time (1 - 100) - type: int - admin_maintainer: - description: - - Enable/disable maintainer administrator login. When enabled, the maintainer account can be used to log in from the console after a hard - reboot. The password is "bcpb" followed by the FortiGate unit serial number. You have limited time to complete this login. - type: str - choices: - - enable - - disable - admin_port: - description: - - Administrative access port for HTTP. (1 - 65535). - type: int - admin_restrict_local: - description: - - Enable/disable local admin authentication restriction when remote authenticator is up and running. - type: str - choices: - - enable - - disable - admin_scp: - description: - - Enable/disable using SCP to download the system configuration. You can use SCP as an alternative method for backing up the configuration. - type: str - choices: - - enable - - disable - admin_server_cert: - description: - - Server certificate that the FortiGate uses for HTTPS administrative connections. Source certificate.local.name. - type: str - admin_sport: - description: - - Administrative access port for HTTPS. (1 - 65535). - type: int - admin_ssh_grace_time: - description: - - Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating (10 - 3600 sec (1 hour)). - type: int - admin_ssh_password: - description: - - Enable/disable password authentication for SSH admin access. - type: str - choices: - - enable - - disable - admin_ssh_port: - description: - - Administrative access port for SSH. (1 - 65535). - type: int - admin_ssh_v1: - description: - - Enable/disable SSH v1 compatibility. - type: str - choices: - - enable - - disable - admin_telnet_port: - description: - - Administrative access port for TELNET. (1 - 65535). - type: int - admintimeout: - description: - - Number of minutes before an idle administrator session times out (5 - 480 minutes (8 hours)). A shorter idle timeout is more secure. - type: int - alias: - description: - - Alias for your FortiGate unit. - type: str - allow_traffic_redirect: - description: - - Disable to allow traffic to be routed back on a different interface. - type: str - choices: - - enable - - disable - anti_replay: - description: - - Level of checking for packet replay and TCP sequence checking. - type: str - choices: - - disable - - loose - - strict - arp_max_entry: - description: - - Maximum number of dynamically learned MAC addresses that can be added to the ARP table (131072 - 2147483647). - type: int - asymroute: - description: - - Enable/disable asymmetric route. - type: str - choices: - - enable - - disable - auth_cert: - description: - - Server certificate that the FortiGate uses for HTTPS firewall authentication connections. Source certificate.local.name. - type: str - auth_http_port: - description: - - User authentication HTTP port. (1 - 65535). - type: int - auth_https_port: - description: - - User authentication HTTPS port. (1 - 65535). - type: int - auth_keepalive: - description: - - Enable to prevent user authentication sessions from timing out when idle. - type: str - choices: - - enable - - disable - auth_session_limit: - description: - - Action to take when the number of allowed user authenticated sessions is reached. - type: str - choices: - - block-new - - logout-inactive - auto_auth_extension_device: - description: - - Enable/disable automatic authorization of dedicated Fortinet extension devices. - type: str - choices: - - enable - - disable - av_affinity: - description: - - Affinity setting for AV scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). - type: str - av_failopen: - description: - - Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached. - type: str - choices: - - pass - - off - - one-shot - av_failopen_session: - description: - - When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the - action specified by av-failopen. - type: str - choices: - - enable - - disable - batch_cmdb: - description: - - Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded. - type: str - choices: - - enable - - disable - block_session_timer: - description: - - Duration in seconds for blocked sessions (1 - 300 sec (5 minutes)). - type: int - br_fdb_max_entry: - description: - - Maximum number of bridge forwarding database (FDB) entries. - type: int - cert_chain_max: - description: - - Maximum number of certificates that can be traversed in a certificate chain. - type: int - cfg_revert_timeout: - description: - - Time-out for reverting to the last saved configuration. - type: int - cfg_save: - description: - - Configuration file save mode for CLI changes. - type: str - choices: - - automatic - - manual - - revert - check_protocol_header: - description: - - Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is ok in - most cases. - type: str - choices: - - loose - - strict - check_reset_range: - description: - - Configure ICMP error message verification. You can either apply strict RST range checking or disable it. - type: str - choices: - - strict - - disable - cli_audit_log: - description: - - Enable/disable CLI audit log. - type: str - choices: - - enable - - disable - clt_cert_req: - description: - - Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS. - type: str - choices: - - enable - - disable - compliance_check: - description: - - Enable/disable global PCI DSS compliance check. - type: str - choices: - - enable - - disable - compliance_check_time: - description: - - Time of day to run scheduled PCI DSS compliance checks. - type: str - cpu_use_threshold: - description: - - Threshold at which CPU usage is reported. (% of total CPU). - type: int - csr_ca_attribute: - description: - - Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute. - type: str - choices: - - enable - - disable - daily_restart: - description: - - Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart. - type: str - choices: - - enable - - disable - device_identification_active_scan_delay: - description: - - Number of seconds to passively scan a device before performing an active scan. (20 - 3600 sec, (20 sec to 1 hour)). - type: int - device_idle_timeout: - description: - - Time in seconds that a device must be idle to automatically log the device user out. (30 - 31536000 sec (30 sec to 1 year)). - type: int - dh_params: - description: - - Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols. - type: str - choices: - - 1024 - - 1536 - - 2048 - - 3072 - - 4096 - - 6144 - - 8192 - dnsproxy_worker_count: - description: - - DNS proxy worker count. - type: int - dst: - description: - - Enable/disable daylight saving time. - type: str - choices: - - enable - - disable - endpoint_control_fds_access: - description: - - Enable/disable access to the FortiGuard network for non-compliant endpoints. - type: str - choices: - - enable - - disable - endpoint_control_portal_port: - description: - - Endpoint control portal port (1 - 65535). - type: int - failtime: - description: - - Fail-time for server lost. - type: int - fds_statistics: - description: - - Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and - is not shared with external parties and is protected by Fortinet's privacy policy. - type: str - choices: - - enable - - disable - fds_statistics_period: - description: - - FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours)). - type: int - fgd_alert_subscription: - description: - - Type of alert to retrieve from FortiGuard. - type: list - choices: - - advisory - - latest-threat - - latest-virus - - latest-attack - - new-antivirus-db - - new-attack-db - fortiextender: - description: - - Enable/disable FortiExtender. - type: str - choices: - - enable - - disable - fortiextender_data_port: - description: - - FortiExtender data port (1024 - 49150). - type: int - fortiextender_vlan_mode: - description: - - Enable/disable FortiExtender VLAN mode. - type: str - choices: - - enable - - disable - fortiservice_port: - description: - - FortiService port (1 - 65535). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port. - type: int - gui_certificates: - description: - - Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI. - type: str - choices: - - enable - - disable - gui_custom_language: - description: - - Enable/disable custom languages in GUI. - type: str - choices: - - enable - - disable - gui_date_format: - description: - - Default date format used throughout GUI. - type: str - choices: - - yyyy/MM/dd - - dd/MM/yyyy - - MM/dd/yyyy - - yyyy-MM-dd - - dd-MM-yyyy - - MM-dd-yyyy - gui_device_latitude: - description: - - Add the latitude of the location of this FortiGate to position it on the Threat Map. - type: str - gui_device_longitude: - description: - - Add the longitude of the location of this FortiGate to position it on the Threat Map. - type: str - gui_display_hostname: - description: - - Enable/disable displaying the FortiGate's hostname on the GUI login page. - type: str - choices: - - enable - - disable - gui_ipv6: - description: - - Enable/disable IPv6 settings on the GUI. - type: str - choices: - - enable - - disable - gui_lines_per_page: - description: - - Number of lines to display per page for web administration. - type: int - gui_theme: - description: - - Color scheme for the administration GUI. - type: str - choices: - - green - - red - - blue - - melongene - - mariner - gui_wireless_opensecurity: - description: - - Enable/disable wireless open security option on the GUI. - type: str - choices: - - enable - - disable - honor_df: - description: - - Enable/disable honoring of Don't-Fragment (DF) flag. - type: str - choices: - - enable - - disable - hostname: - description: - - FortiGate unit's hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters. - type: str - igmp_state_limit: - description: - - Maximum number of IGMP memberships (96 - 64000). - type: int - interval: - description: - - Dead gateway detection interval. - type: int - ip_src_port_range: - description: - - IP source port range used for traffic originating from the FortiGate unit. - type: str - ips_affinity: - description: - - Affinity setting for IPS (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total - number of IPS engine daemons). - type: str - ipsec_asic_offload: - description: - - Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and - accelerate encryption and decryption. - type: str - choices: - - enable - - disable - ipsec_hmac_offload: - description: - - Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN. - type: str - choices: - - enable - - disable - ipsec_soft_dec_async: - description: - - Enable/disable software decryption asynchronization (using multiple CPUs to do decryption) for IPsec VPN traffic. - type: str - choices: - - enable - - disable - ipv6_accept_dad: - description: - - Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD). - type: int - ipv6_allow_anycast_probe: - description: - - Enable/disable IPv6 address probe through Anycast. - type: str - choices: - - enable - - disable - language: - description: - - GUI display language. - type: str - choices: - - english - - french - - spanish - - portuguese - - japanese - - trach - - simch - - korean - ldapconntimeout: - description: - - Global timeout for connections with remote LDAP servers in milliseconds (1 - 300000). - type: int - lldp_transmission: - description: - - Enable/disable Link Layer Discovery Protocol (LLDP) transmission. - type: str - choices: - - enable - - disable - log_ssl_connection: - description: - - Enable/disable logging of SSL connection events. - type: str - choices: - - enable - - disable - log_uuid: - description: - - Whether UUIDs are added to traffic logs. You can disable UUIDs, add firewall policy UUIDs to traffic logs, or add all UUIDs to traffic - logs. - type: str - choices: - - disable - - policy-only - - extended - login_timestamp: - description: - - Enable/disable login time recording. - type: str - choices: - - enable - - disable - long_vdom_name: - description: - - Enable/disable long VDOM name support. - type: str - choices: - - enable - - disable - management_vdom: - description: - - Management virtual domain name. Source system.vdom.name. - type: str - max_dlpstat_memory: - description: - - Maximum DLP stat memory (0 - 4294967295). - type: int - max_route_cache_size: - description: - - Maximum number of IP route cache entries (0 - 2147483647). - type: int - mc_ttl_notchange: - description: - - Enable/disable no modification of multicast TTL. - type: str - choices: - - enable - - disable - memory_use_threshold_extreme: - description: - - Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total RAM). - type: int - memory_use_threshold_green: - description: - - Threshold at which memory usage forces the FortiGate to exit conserve mode (% of total RAM). - type: int - memory_use_threshold_red: - description: - - Threshold at which memory usage forces the FortiGate to enter conserve mode (% of total RAM). - type: int - miglog_affinity: - description: - - Affinity setting for logging (64-bit hexadecimal value in the format of xxxxxxxxxxxxxxxx). - type: str - miglogd_children: - description: - - Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing - time. No logs will be dropped or lost if the number is changed. - type: int - multi_factor_authentication: - description: - - Enforce all login methods to require an additional authentication factor . - type: str - choices: - - optional - - mandatory - multicast_forward: - description: - - Enable/disable multicast forwarding. - type: str - choices: - - enable - - disable - ndp_max_entry: - description: - - Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries). - type: int - per_user_bwl: - description: - - Enable/disable per-user black/white list filter. - type: str - choices: - - enable - - disable - policy_auth_concurrent: - description: - - Number of concurrent firewall use logins from the same user (1 - 100). - type: int - post_login_banner: - description: - - Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in. - type: str - choices: - - disable - - enable - pre_login_banner: - description: - - Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in. - type: str - choices: - - enable - - disable - private_data_encryption: - description: - - Enable/disable private data encryption using an AES 128-bit key. - type: str - choices: - - disable - - enable - proxy_auth_lifetime: - description: - - Enable/disable authenticated users lifetime control. This is a cap on the total time a proxy user can be authenticated for after which - re-authentication will take place. - type: str - choices: - - enable - - disable - proxy_auth_lifetime_timeout: - description: - - Lifetime timeout in minutes for authenticated users (5 - 65535 min). - type: int - proxy_auth_timeout: - description: - - Authentication timeout in minutes for authenticated users (1 - 300 min). - type: int - proxy_cipher_hardware_acceleration: - description: - - Enable/disable using content processor (CP8 or CP9) hardware acceleration to encrypt and decrypt IPsec and SSL traffic. - type: str - choices: - - disable - - enable - proxy_kxp_hardware_acceleration: - description: - - Enable/disable using the content processor to accelerate KXP traffic. - type: str - choices: - - disable - - enable - proxy_re_authentication_mode: - description: - - Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first - created. - type: str - choices: - - session - - traffic - - absolute - proxy_worker_count: - description: - - Proxy worker count. - type: int - radius_port: - description: - - RADIUS service port number. - type: int - reboot_upon_config_restore: - description: - - Enable/disable reboot of system upon restoring configuration. - type: str - choices: - - enable - - disable - refresh: - description: - - Statistics refresh interval in GUI. - type: int - remoteauthtimeout: - description: - - Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (0-300 sec). - type: int - reset_sessionless_tcp: - description: - - Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode - only. - type: str - choices: - - enable - - disable - restart_time: - description: - - "Daily restart time (hh:mm)." - type: str - revision_backup_on_logout: - description: - - Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI. - type: str - choices: - - enable - - disable - revision_image_auto_backup: - description: - - Enable/disable back-up of the latest configuration revision after the firmware is upgraded. - type: str - choices: - - enable - - disable - scanunit_count: - description: - - Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs. - type: int - security_rating_result_submission: - description: - - Enable/disable the submission of Security Rating results to FortiGuard. - type: str - choices: - - enable - - disable - security_rating_run_on_schedule: - description: - - Enable/disable scheduled runs of Security Rating. - type: str - choices: - - enable - - disable - send_pmtu_icmp: - description: - - Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on - your network to reduce fragmentation of packets. - type: str - choices: - - enable - - disable - snat_route_change: - description: - - Enable/disable the ability to change the static NAT route. - type: str - choices: - - enable - - disable - special_file_23_support: - description: - - Enable/disable IPS detection of HIBUN format files when using Data Leak Protection. - type: str - choices: - - disable - - enable - ssd_trim_date: - description: - - Date within a month to run ssd trim. - type: int - ssd_trim_freq: - description: - - How often to run SSD Trim . SSD Trim prevents SSD drive data loss by finding and isolating errors. - type: str - choices: - - never - - hourly - - daily - - weekly - - monthly - ssd_trim_hour: - description: - - Hour of the day on which to run SSD Trim (0 - 23). - type: int - ssd_trim_min: - description: - - Minute of the hour on which to run SSD Trim (0 - 59, 60 for random). - type: int - ssd_trim_weekday: - description: - - Day of week to run SSD Trim. - type: str - choices: - - sunday - - monday - - tuesday - - wednesday - - thursday - - friday - - saturday - ssh_cbc_cipher: - description: - - Enable/disable CBC cipher for SSH access. - type: str - choices: - - enable - - disable - ssh_hmac_md5: - description: - - Enable/disable HMAC-MD5 for SSH access. - type: str - choices: - - enable - - disable - ssh_kex_sha1: - description: - - Enable/disable SHA1 key exchange for SSH access. - type: str - choices: - - enable - - disable - ssl_min_proto_version: - description: - - Minimum supported protocol version for SSL/TLS connections . - type: str - choices: - - SSLv3 - - TLSv1 - - TLSv1-1 - - TLSv1-2 - ssl_static_key_ciphers: - description: - - Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256). - type: str - choices: - - enable - - disable - sslvpn_cipher_hardware_acceleration: - description: - - Enable/disable SSL VPN hardware acceleration. - type: str - choices: - - enable - - disable - sslvpn_kxp_hardware_acceleration: - description: - - Enable/disable SSL VPN KXP hardware acceleration. - type: str - choices: - - enable - - disable - sslvpn_max_worker_count: - description: - - Maximum number of SSL VPN processes. Upper limit for this value is the number of CPUs and depends on the model. - type: int - sslvpn_plugin_version_check: - description: - - Enable/disable checking browser's plugin version by SSL VPN. - type: str - choices: - - enable - - disable - strict_dirty_session_check: - description: - - Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when - web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or - policy change causes the session to no longer match the policy that originally allowed the session. - type: str - choices: - - enable - - disable - strong_crypto: - description: - - Enable to use strong encryption and only allow strong ciphers (AES, 3DES) and digest (SHA1) for HTTPS/SSH/TLS/SSL functions. - type: str - choices: - - enable - - disable - switch_controller: - description: - - Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself. - type: str - choices: - - disable - - enable - switch_controller_reserved_network: - description: - - Enable reserved network subnet for controlled switches. This is available when the switch controller is enabled. - type: str - sys_perf_log_interval: - description: - - Time in minutes between updates of performance statistics logging. (1 - 15 min). - type: int - tcp_halfclose_timer: - description: - - Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded - (1 - 86400 sec (1 day)). - type: int - tcp_halfopen_timer: - description: - - Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not - responded (1 - 86400 sec (1 day)). - type: int - tcp_option: - description: - - Enable SACK, timestamp and MSS TCP options. - type: str - choices: - - enable - - disable - tcp_timewait_timer: - description: - - Length of the TCP TIME-WAIT state in seconds. - type: int - tftp: - description: - - Enable/disable TFTP. - type: str - choices: - - enable - - disable - timezone: - description: - - Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent - them. - type: str - choices: - - 01 - - 02 - - 03 - - 04 - - 05 - - 81 - - 06 - - 07 - - 08 - - 09 - - 10 - - 11 - - 12 - - 13 - - 74 - - 14 - - 77 - - 15 - - 87 - - 16 - - 17 - - 18 - - 19 - - 20 - - 75 - - 21 - - 22 - - 23 - - 24 - - 80 - - 79 - - 25 - - 26 - - 27 - - 28 - - 78 - - 29 - - 30 - - 31 - - 32 - - 33 - - 34 - - 35 - - 36 - - 37 - - 38 - - 83 - - 84 - - 40 - - 85 - - 41 - - 42 - - 43 - - 39 - - 44 - - 46 - - 47 - - 51 - - 48 - - 45 - - 49 - - 50 - - 52 - - 53 - - 54 - - 55 - - 56 - - 57 - - 58 - - 59 - - 60 - - 62 - - 63 - - 61 - - 64 - - 65 - - 66 - - 67 - - 68 - - 69 - - 70 - - 71 - - 72 - - 00 - - 82 - - 73 - - 86 - - 76 - tp_mc_skip_policy: - description: - - Enable/disable skip policy check and allow multicast through. - type: str - choices: - - enable - - disable - traffic_priority: - description: - - Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping. - type: str - choices: - - tos - - dscp - traffic_priority_level: - description: - - Default system-wide level of priority for traffic prioritization. - type: str - choices: - - low - - medium - - high - two_factor_email_expiry: - description: - - Email-based two-factor authentication session timeout (30 - 300 seconds (5 minutes)). - type: int - two_factor_fac_expiry: - description: - - FortiAuthenticator token authentication session timeout (10 - 3600 seconds (1 hour)). - type: int - two_factor_ftk_expiry: - description: - - FortiToken authentication session timeout (60 - 600 sec (10 minutes)). - type: int - two_factor_ftm_expiry: - description: - - FortiToken Mobile session timeout (1 - 168 hours (7 days)). - type: int - two_factor_sms_expiry: - description: - - SMS-based two-factor authentication session timeout (30 - 300 sec). - type: int - udp_idle_timer: - description: - - UDP connection session timeout. This command can be useful in managing CPU and memory resources (1 - 86400 seconds (1 day)). - type: int - user_server_cert: - description: - - Certificate to use for https user authentication. Source certificate.local.name. - type: str - vdom_admin: - description: - - Enable/disable support for multiple virtual domains (VDOMs). - type: str - choices: - - enable - - disable - vip_arp_range: - description: - - Controls the number of ARPs that the FortiGate sends for a Virtual IP (VIP) address range. - type: str - choices: - - unlimited - - restricted - virtual_server_count: - description: - - Maximum number of virtual server processes to create. The maximum is the number of CPU cores. This is not available on single-core CPUs. - type: int - virtual_server_hardware_acceleration: - description: - - Enable/disable virtual server hardware acceleration. - type: str - choices: - - disable - - enable - wad_affinity: - description: - - Affinity setting for wad (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). - type: str - wad_csvc_cs_count: - description: - - Number of concurrent WAD-cache-service object-cache processes. - type: int - wad_csvc_db_count: - description: - - Number of concurrent WAD-cache-service byte-cache processes. - type: int - wad_source_affinity: - description: - - Enable/disable dispatching traffic to WAD workers based on source affinity. - type: str - choices: - - disable - - enable - wad_worker_count: - description: - - Number of explicit proxy WAN optimization daemon (WAD) processes. By default WAN optimization, explicit proxy, and web caching is - handled by all of the CPU cores in a FortiGate unit. - type: int - wifi_ca_certificate: - description: - - CA certificate that verifies the WiFi certificate. Source certificate.ca.name. - type: str - wifi_certificate: - description: - - Certificate to use for WiFi authentication. Source certificate.local.name. - type: str - wimax_4g_usb: - description: - - Enable/disable comparability with WiMAX 4G USB devices. - type: str - choices: - - enable - - disable - wireless_controller: - description: - - Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs. - type: str - choices: - - enable - - disable - wireless_controller_port: - description: - - Port used for the control channel in wireless controller mode (wireless-mode is ac). The data channel port is the control channel port - number plus one (1024 - 49150). - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure global attributes. - fortios_system_global: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_global: - admin_concurrent: "enable" - admin_console_timeout: "4" - admin_hsts_max_age: "5" - admin_https_pki_required: "enable" - admin_https_redirect: "enable" - admin_https_ssl_versions: "tlsv1-0" - admin_lockout_duration: "9" - admin_lockout_threshold: "10" - admin_login_max: "11" - admin_maintainer: "enable" - admin_port: "13" - admin_restrict_local: "enable" - admin_scp: "enable" - admin_server_cert: " (source certificate.local.name)" - admin_sport: "17" - admin_ssh_grace_time: "18" - admin_ssh_password: "enable" - admin_ssh_port: "20" - admin_ssh_v1: "enable" - admin_telnet_port: "22" - admintimeout: "23" - alias: "" - allow_traffic_redirect: "enable" - anti_replay: "disable" - arp_max_entry: "27" - asymroute: "enable" - auth_cert: " (source certificate.local.name)" - auth_http_port: "30" - auth_https_port: "31" - auth_keepalive: "enable" - auth_session_limit: "block-new" - auto_auth_extension_device: "enable" - av_affinity: "" - av_failopen: "pass" - av_failopen_session: "enable" - batch_cmdb: "enable" - block_session_timer: "39" - br_fdb_max_entry: "40" - cert_chain_max: "41" - cfg_revert_timeout: "42" - cfg_save: "automatic" - check_protocol_header: "loose" - check_reset_range: "strict" - cli_audit_log: "enable" - clt_cert_req: "enable" - compliance_check: "enable" - compliance_check_time: "" - cpu_use_threshold: "50" - csr_ca_attribute: "enable" - daily_restart: "enable" - device_identification_active_scan_delay: "53" - device_idle_timeout: "54" - dh_params: "1024" - dnsproxy_worker_count: "56" - dst: "enable" - endpoint_control_fds_access: "enable" - endpoint_control_portal_port: "59" - failtime: "60" - fds_statistics: "enable" - fds_statistics_period: "62" - fgd_alert_subscription: "advisory" - fortiextender: "enable" - fortiextender_data_port: "65" - fortiextender_vlan_mode: "enable" - fortiservice_port: "67" - gui_certificates: "enable" - gui_custom_language: "enable" - gui_date_format: "yyyy/MM/dd" - gui_device_latitude: "" - gui_device_longitude: "" - gui_display_hostname: "enable" - gui_ipv6: "enable" - gui_lines_per_page: "75" - gui_theme: "green" - gui_wireless_opensecurity: "enable" - honor_df: "enable" - hostname: "myhostname" - igmp_state_limit: "80" - interval: "81" - ip_src_port_range: "" - ips_affinity: "" - ipsec_asic_offload: "enable" - ipsec_hmac_offload: "enable" - ipsec_soft_dec_async: "enable" - ipv6_accept_dad: "87" - ipv6_allow_anycast_probe: "enable" - language: "english" - ldapconntimeout: "90" - lldp_transmission: "enable" - log_ssl_connection: "enable" - log_uuid: "disable" - login_timestamp: "enable" - long_vdom_name: "enable" - management_vdom: " (source system.vdom.name)" - max_dlpstat_memory: "97" - max_route_cache_size: "98" - mc_ttl_notchange: "enable" - memory_use_threshold_extreme: "100" - memory_use_threshold_green: "101" - memory_use_threshold_red: "102" - miglog_affinity: "" - miglogd_children: "104" - multi_factor_authentication: "optional" - multicast_forward: "enable" - ndp_max_entry: "107" - per_user_bwl: "enable" - policy_auth_concurrent: "109" - post_login_banner: "disable" - pre_login_banner: "enable" - private_data_encryption: "disable" - proxy_auth_lifetime: "enable" - proxy_auth_lifetime_timeout: "114" - proxy_auth_timeout: "115" - proxy_cipher_hardware_acceleration: "disable" - proxy_kxp_hardware_acceleration: "disable" - proxy_re_authentication_mode: "session" - proxy_worker_count: "119" - radius_port: "120" - reboot_upon_config_restore: "enable" - refresh: "122" - remoteauthtimeout: "123" - reset_sessionless_tcp: "enable" - restart_time: "" - revision_backup_on_logout: "enable" - revision_image_auto_backup: "enable" - scanunit_count: "128" - security_rating_result_submission: "enable" - security_rating_run_on_schedule: "enable" - send_pmtu_icmp: "enable" - snat_route_change: "enable" - special_file_23_support: "disable" - ssd_trim_date: "134" - ssd_trim_freq: "never" - ssd_trim_hour: "136" - ssd_trim_min: "137" - ssd_trim_weekday: "sunday" - ssh_cbc_cipher: "enable" - ssh_hmac_md5: "enable" - ssh_kex_sha1: "enable" - ssl_min_proto_version: "SSLv3" - ssl_static_key_ciphers: "enable" - sslvpn_cipher_hardware_acceleration: "enable" - sslvpn_kxp_hardware_acceleration: "enable" - sslvpn_max_worker_count: "146" - sslvpn_plugin_version_check: "enable" - strict_dirty_session_check: "enable" - strong_crypto: "enable" - switch_controller: "disable" - switch_controller_reserved_network: "" - sys_perf_log_interval: "152" - tcp_halfclose_timer: "153" - tcp_halfopen_timer: "154" - tcp_option: "enable" - tcp_timewait_timer: "156" - tftp: "enable" - timezone: "01" - tp_mc_skip_policy: "enable" - traffic_priority: "tos" - traffic_priority_level: "low" - two_factor_email_expiry: "162" - two_factor_fac_expiry: "163" - two_factor_ftk_expiry: "164" - two_factor_ftm_expiry: "165" - two_factor_sms_expiry: "166" - udp_idle_timer: "167" - user_server_cert: " (source certificate.local.name)" - vdom_admin: "enable" - vip_arp_range: "unlimited" - virtual_server_count: "171" - virtual_server_hardware_acceleration: "disable" - wad_affinity: "" - wad_csvc_cs_count: "174" - wad_csvc_db_count: "175" - wad_source_affinity: "disable" - wad_worker_count: "177" - wifi_ca_certificate: " (source certificate.ca.name)" - wifi_certificate: " (source certificate.local.name)" - wimax_4g_usb: "enable" - wireless_controller: "enable" - wireless_controller_port: "182" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_global_data(json): - option_list = ['admin_concurrent', 'admin_console_timeout', 'admin_hsts_max_age', - 'admin_https_pki_required', 'admin_https_redirect', 'admin_https_ssl_versions', - 'admin_lockout_duration', 'admin_lockout_threshold', 'admin_login_max', - 'admin_maintainer', 'admin_port', 'admin_restrict_local', - 'admin_scp', 'admin_server_cert', 'admin_sport', - 'admin_ssh_grace_time', 'admin_ssh_password', 'admin_ssh_port', - 'admin_ssh_v1', 'admin_telnet_port', 'admintimeout', - 'alias', 'allow_traffic_redirect', 'anti_replay', - 'arp_max_entry', 'asymroute', 'auth_cert', - 'auth_http_port', 'auth_https_port', 'auth_keepalive', - 'auth_session_limit', 'auto_auth_extension_device', 'av_affinity', - 'av_failopen', 'av_failopen_session', 'batch_cmdb', - 'block_session_timer', 'br_fdb_max_entry', 'cert_chain_max', - 'cfg_revert_timeout', 'cfg_save', 'check_protocol_header', - 'check_reset_range', 'cli_audit_log', 'clt_cert_req', - 'compliance_check', 'compliance_check_time', 'cpu_use_threshold', - 'csr_ca_attribute', 'daily_restart', 'device_identification_active_scan_delay', - 'device_idle_timeout', 'dh_params', 'dnsproxy_worker_count', - 'dst', 'endpoint_control_fds_access', 'endpoint_control_portal_port', - 'failtime', 'fds_statistics', 'fds_statistics_period', - 'fgd_alert_subscription', 'fortiextender', 'fortiextender_data_port', - 'fortiextender_vlan_mode', 'fortiservice_port', 'gui_certificates', - 'gui_custom_language', 'gui_date_format', 'gui_device_latitude', - 'gui_device_longitude', 'gui_display_hostname', 'gui_ipv6', - 'gui_lines_per_page', 'gui_theme', 'gui_wireless_opensecurity', - 'honor_df', 'hostname', 'igmp_state_limit', - 'interval', 'ip_src_port_range', 'ips_affinity', - 'ipsec_asic_offload', 'ipsec_hmac_offload', 'ipsec_soft_dec_async', - 'ipv6_accept_dad', 'ipv6_allow_anycast_probe', 'language', - 'ldapconntimeout', 'lldp_transmission', 'log_ssl_connection', - 'log_uuid', 'login_timestamp', 'long_vdom_name', - 'management_vdom', 'max_dlpstat_memory', 'max_route_cache_size', - 'mc_ttl_notchange', 'memory_use_threshold_extreme', 'memory_use_threshold_green', - 'memory_use_threshold_red', 'miglog_affinity', 'miglogd_children', - 'multi_factor_authentication', 'multicast_forward', 'ndp_max_entry', - 'per_user_bwl', 'policy_auth_concurrent', 'post_login_banner', - 'pre_login_banner', 'private_data_encryption', 'proxy_auth_lifetime', - 'proxy_auth_lifetime_timeout', 'proxy_auth_timeout', 'proxy_cipher_hardware_acceleration', - 'proxy_kxp_hardware_acceleration', 'proxy_re_authentication_mode', 'proxy_worker_count', - 'radius_port', 'reboot_upon_config_restore', 'refresh', - 'remoteauthtimeout', 'reset_sessionless_tcp', 'restart_time', - 'revision_backup_on_logout', 'revision_image_auto_backup', 'scanunit_count', - 'security_rating_result_submission', 'security_rating_run_on_schedule', 'send_pmtu_icmp', - 'snat_route_change', 'special_file_23_support', 'ssd_trim_date', - 'ssd_trim_freq', 'ssd_trim_hour', 'ssd_trim_min', - 'ssd_trim_weekday', 'ssh_cbc_cipher', 'ssh_hmac_md5', - 'ssh_kex_sha1', 'ssl_min_proto_version', 'ssl_static_key_ciphers', - 'sslvpn_cipher_hardware_acceleration', 'sslvpn_kxp_hardware_acceleration', 'sslvpn_max_worker_count', - 'sslvpn_plugin_version_check', 'strict_dirty_session_check', 'strong_crypto', - 'switch_controller', 'switch_controller_reserved_network', 'sys_perf_log_interval', - 'tcp_halfclose_timer', 'tcp_halfopen_timer', 'tcp_option', - 'tcp_timewait_timer', 'tftp', 'timezone', - 'tp_mc_skip_policy', 'traffic_priority', 'traffic_priority_level', - 'two_factor_email_expiry', 'two_factor_fac_expiry', 'two_factor_ftk_expiry', - 'two_factor_ftm_expiry', 'two_factor_sms_expiry', 'udp_idle_timer', - 'user_server_cert', 'vdom_admin', 'vip_arp_range', - 'virtual_server_count', 'virtual_server_hardware_acceleration', 'wad_affinity', - 'wad_csvc_cs_count', 'wad_csvc_db_count', 'wad_source_affinity', - 'wad_worker_count', 'wifi_ca_certificate', 'wifi_certificate', - 'wimax_4g_usb', 'wireless_controller', 'wireless_controller_port'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def flatten_multilists_attributes(data): - multilist_attrs = [[u'admin_https_ssl_versions'], [u'fgd_alert_subscription']] - - for attr in multilist_attrs: - try: - path = "data['" + "']['".join(elem for elem in attr) + "']" - current_val = eval(path) - flattened_val = ' '.join(elem for elem in current_val) - exec(path + '= flattened_val') - except BaseException: - pass - - return data - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_global(data, fos): - vdom = data['vdom'] - system_global_data = data['system_global'] - system_global_data = flatten_multilists_attributes(system_global_data) - filtered_data = underscore_to_hyphen(filter_system_global_data(system_global_data)) - - return fos.set('system', - 'global', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_global']: - resp = system_global(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_global": { - "required": False, "type": "dict", "default": None, - "options": { - "admin_concurrent": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "admin_console_timeout": {"required": False, "type": "int"}, - "admin_hsts_max_age": {"required": False, "type": "int"}, - "admin_https_pki_required": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "admin_https_redirect": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "admin_https_ssl_versions": {"required": False, "type": "list", - "choices": ["tlsv1-0", "tlsv1-1", "tlsv1-2"]}, - "admin_lockout_duration": {"required": False, "type": "int"}, - "admin_lockout_threshold": {"required": False, "type": "int"}, - "admin_login_max": {"required": False, "type": "int"}, - "admin_maintainer": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "admin_port": {"required": False, "type": "int"}, - "admin_restrict_local": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "admin_scp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "admin_server_cert": {"required": False, "type": "str"}, - "admin_sport": {"required": False, "type": "int"}, - "admin_ssh_grace_time": {"required": False, "type": "int"}, - "admin_ssh_password": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "admin_ssh_port": {"required": False, "type": "int"}, - "admin_ssh_v1": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "admin_telnet_port": {"required": False, "type": "int"}, - "admintimeout": {"required": False, "type": "int"}, - "alias": {"required": False, "type": "str"}, - "allow_traffic_redirect": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "anti_replay": {"required": False, "type": "str", - "choices": ["disable", "loose", "strict"]}, - "arp_max_entry": {"required": False, "type": "int"}, - "asymroute": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "auth_cert": {"required": False, "type": "str"}, - "auth_http_port": {"required": False, "type": "int"}, - "auth_https_port": {"required": False, "type": "int"}, - "auth_keepalive": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "auth_session_limit": {"required": False, "type": "str", - "choices": ["block-new", "logout-inactive"]}, - "auto_auth_extension_device": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "av_affinity": {"required": False, "type": "str"}, - "av_failopen": {"required": False, "type": "str", - "choices": ["pass", "off", "one-shot"]}, - "av_failopen_session": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "batch_cmdb": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "block_session_timer": {"required": False, "type": "int"}, - "br_fdb_max_entry": {"required": False, "type": "int"}, - "cert_chain_max": {"required": False, "type": "int"}, - "cfg_revert_timeout": {"required": False, "type": "int"}, - "cfg_save": {"required": False, "type": "str", - "choices": ["automatic", "manual", "revert"]}, - "check_protocol_header": {"required": False, "type": "str", - "choices": ["loose", "strict"]}, - "check_reset_range": {"required": False, "type": "str", - "choices": ["strict", "disable"]}, - "cli_audit_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "clt_cert_req": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "compliance_check": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "compliance_check_time": {"required": False, "type": "str"}, - "cpu_use_threshold": {"required": False, "type": "int"}, - "csr_ca_attribute": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "daily_restart": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "device_identification_active_scan_delay": {"required": False, "type": "int"}, - "device_idle_timeout": {"required": False, "type": "int"}, - "dh_params": {"required": False, "type": "str", - "choices": ["1024", "1536", "2048", - "3072", "4096", "6144", - "8192"]}, - "dnsproxy_worker_count": {"required": False, "type": "int"}, - "dst": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "endpoint_control_fds_access": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "endpoint_control_portal_port": {"required": False, "type": "int"}, - "failtime": {"required": False, "type": "int"}, - "fds_statistics": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "fds_statistics_period": {"required": False, "type": "int"}, - "fgd_alert_subscription": {"required": False, "type": "list", - "choices": ["advisory", "latest-threat", "latest-virus", - "latest-attack", "new-antivirus-db", "new-attack-db"]}, - "fortiextender": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "fortiextender_data_port": {"required": False, "type": "int"}, - "fortiextender_vlan_mode": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "fortiservice_port": {"required": False, "type": "int"}, - "gui_certificates": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_custom_language": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_date_format": {"required": False, "type": "str", - "choices": ["yyyy/MM/dd", "dd/MM/yyyy", "MM/dd/yyyy", - "yyyy-MM-dd", "dd-MM-yyyy", "MM-dd-yyyy"]}, - "gui_device_latitude": {"required": False, "type": "str"}, - "gui_device_longitude": {"required": False, "type": "str"}, - "gui_display_hostname": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_ipv6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_lines_per_page": {"required": False, "type": "int"}, - "gui_theme": {"required": False, "type": "str", - "choices": ["green", "red", "blue", - "melongene", "mariner"]}, - "gui_wireless_opensecurity": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "honor_df": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "hostname": {"required": False, "type": "str"}, - "igmp_state_limit": {"required": False, "type": "int"}, - "interval": {"required": False, "type": "int"}, - "ip_src_port_range": {"required": False, "type": "str"}, - "ips_affinity": {"required": False, "type": "str"}, - "ipsec_asic_offload": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ipsec_hmac_offload": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ipsec_soft_dec_async": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ipv6_accept_dad": {"required": False, "type": "int"}, - "ipv6_allow_anycast_probe": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "language": {"required": False, "type": "str", - "choices": ["english", "french", "spanish", - "portuguese", "japanese", "trach", - "simch", "korean"]}, - "ldapconntimeout": {"required": False, "type": "int"}, - "lldp_transmission": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "log_ssl_connection": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "log_uuid": {"required": False, "type": "str", - "choices": ["disable", "policy-only", "extended"]}, - "login_timestamp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "long_vdom_name": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "management_vdom": {"required": False, "type": "str"}, - "max_dlpstat_memory": {"required": False, "type": "int"}, - "max_route_cache_size": {"required": False, "type": "int"}, - "mc_ttl_notchange": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "memory_use_threshold_extreme": {"required": False, "type": "int"}, - "memory_use_threshold_green": {"required": False, "type": "int"}, - "memory_use_threshold_red": {"required": False, "type": "int"}, - "miglog_affinity": {"required": False, "type": "str"}, - "miglogd_children": {"required": False, "type": "int"}, - "multi_factor_authentication": {"required": False, "type": "str", - "choices": ["optional", "mandatory"]}, - "multicast_forward": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ndp_max_entry": {"required": False, "type": "int"}, - "per_user_bwl": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "policy_auth_concurrent": {"required": False, "type": "int"}, - "post_login_banner": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "pre_login_banner": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "private_data_encryption": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "proxy_auth_lifetime": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "proxy_auth_lifetime_timeout": {"required": False, "type": "int"}, - "proxy_auth_timeout": {"required": False, "type": "int"}, - "proxy_cipher_hardware_acceleration": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "proxy_kxp_hardware_acceleration": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "proxy_re_authentication_mode": {"required": False, "type": "str", - "choices": ["session", "traffic", "absolute"]}, - "proxy_worker_count": {"required": False, "type": "int"}, - "radius_port": {"required": False, "type": "int"}, - "reboot_upon_config_restore": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "refresh": {"required": False, "type": "int"}, - "remoteauthtimeout": {"required": False, "type": "int"}, - "reset_sessionless_tcp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "restart_time": {"required": False, "type": "str"}, - "revision_backup_on_logout": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "revision_image_auto_backup": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "scanunit_count": {"required": False, "type": "int"}, - "security_rating_result_submission": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "security_rating_run_on_schedule": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "send_pmtu_icmp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "snat_route_change": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "special_file_23_support": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "ssd_trim_date": {"required": False, "type": "int"}, - "ssd_trim_freq": {"required": False, "type": "str", - "choices": ["never", "hourly", "daily", - "weekly", "monthly"]}, - "ssd_trim_hour": {"required": False, "type": "int"}, - "ssd_trim_min": {"required": False, "type": "int"}, - "ssd_trim_weekday": {"required": False, "type": "str", - "choices": ["sunday", "monday", "tuesday", - "wednesday", "thursday", "friday", - "saturday"]}, - "ssh_cbc_cipher": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssh_hmac_md5": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssh_kex_sha1": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssl_min_proto_version": {"required": False, "type": "str", - "choices": ["SSLv3", "TLSv1", "TLSv1-1", - "TLSv1-2"]}, - "ssl_static_key_ciphers": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sslvpn_cipher_hardware_acceleration": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sslvpn_kxp_hardware_acceleration": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sslvpn_max_worker_count": {"required": False, "type": "int"}, - "sslvpn_plugin_version_check": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "strict_dirty_session_check": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "strong_crypto": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "switch_controller": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "switch_controller_reserved_network": {"required": False, "type": "str"}, - "sys_perf_log_interval": {"required": False, "type": "int"}, - "tcp_halfclose_timer": {"required": False, "type": "int"}, - "tcp_halfopen_timer": {"required": False, "type": "int"}, - "tcp_option": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "tcp_timewait_timer": {"required": False, "type": "int"}, - "tftp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "timezone": {"required": False, "type": "str", - "choices": ["01", "02", "03", - "04", "05", "81", - "06", "07", "08", - "09", "10", "11", - "12", "13", "74", - "14", "77", "15", - "87", "16", "17", - "18", "19", "20", - "75", "21", "22", - "23", "24", "80", - "79", "25", "26", - "27", "28", "78", - "29", "30", "31", - "32", "33", "34", - "35", "36", "37", - "38", "83", "84", - "40", "85", "41", - "42", "43", "39", - "44", "46", "47", - "51", "48", "45", - "49", "50", "52", - "53", "54", "55", - "56", "57", "58", - "59", "60", "62", - "63", "61", "64", - "65", "66", "67", - "68", "69", "70", - "71", "72", "00", - "82", "73", "86", - "76"]}, - "tp_mc_skip_policy": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "traffic_priority": {"required": False, "type": "str", - "choices": ["tos", "dscp"]}, - "traffic_priority_level": {"required": False, "type": "str", - "choices": ["low", "medium", "high"]}, - "two_factor_email_expiry": {"required": False, "type": "int"}, - "two_factor_fac_expiry": {"required": False, "type": "int"}, - "two_factor_ftk_expiry": {"required": False, "type": "int"}, - "two_factor_ftm_expiry": {"required": False, "type": "int"}, - "two_factor_sms_expiry": {"required": False, "type": "int"}, - "udp_idle_timer": {"required": False, "type": "int"}, - "user_server_cert": {"required": False, "type": "str"}, - "vdom_admin": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "vip_arp_range": {"required": False, "type": "str", - "choices": ["unlimited", "restricted"]}, - "virtual_server_count": {"required": False, "type": "int"}, - "virtual_server_hardware_acceleration": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "wad_affinity": {"required": False, "type": "str"}, - "wad_csvc_cs_count": {"required": False, "type": "int"}, - "wad_csvc_db_count": {"required": False, "type": "int"}, - "wad_source_affinity": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "wad_worker_count": {"required": False, "type": "int"}, - "wifi_ca_certificate": {"required": False, "type": "str"}, - "wifi_certificate": {"required": False, "type": "str"}, - "wimax_4g_usb": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "wireless_controller": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "wireless_controller_port": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_gre_tunnel.py b/lib/ansible/modules/network/fortios/fortios_system_gre_tunnel.py deleted file mode 100644 index 7aeb44992d3..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_gre_tunnel.py +++ /dev/null @@ -1,428 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_gre_tunnel -short_description: Configure GRE tunnel in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and gre_tunnel category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_gre_tunnel: - description: - - Configure GRE tunnel. - default: null - type: dict - suboptions: - checksum_reception: - description: - - Enable/disable validating checksums in received GRE packets. - type: str - choices: - - disable - - enable - checksum_transmission: - description: - - Enable/disable including checksums in transmitted GRE packets. - type: str - choices: - - disable - - enable - dscp_copying: - description: - - Enable/disable DSCP copying. - type: str - choices: - - disable - - enable - interface: - description: - - Interface name. Source system.interface.name. - type: str - ip_version: - description: - - IP version to use for VPN interface. - type: str - choices: - - 4 - - 6 - keepalive_failtimes: - description: - - Number of consecutive unreturned keepalive messages before a GRE connection is considered down (1 - 255). - type: int - keepalive_interval: - description: - - Keepalive message interval (0 - 32767, 0 = disabled). - type: int - key_inbound: - description: - - Require received GRE packets contain this key (0 - 4294967295). - type: int - key_outbound: - description: - - Include this key in transmitted GRE packets (0 - 4294967295). - type: int - local_gw: - description: - - IP address of the local gateway. - type: str - local_gw6: - description: - - IPv6 address of the local gateway. - type: str - name: - description: - - Tunnel name. - required: true - type: str - remote_gw: - description: - - IP address of the remote gateway. - type: str - remote_gw6: - description: - - IPv6 address of the remote gateway. - type: str - sequence_number_reception: - description: - - Enable/disable validating sequence numbers in received GRE packets. - type: str - choices: - - disable - - enable - sequence_number_transmission: - description: - - Enable/disable including of sequence numbers in transmitted GRE packets. - type: str - choices: - - disable - - enable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure GRE tunnel. - fortios_system_gre_tunnel: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_gre_tunnel: - checksum_reception: "disable" - checksum_transmission: "disable" - dscp_copying: "disable" - interface: " (source system.interface.name)" - ip_version: "4" - keepalive_failtimes: "8" - keepalive_interval: "9" - key_inbound: "10" - key_outbound: "11" - local_gw: "" - local_gw6: "" - name: "default_name_14" - remote_gw: "" - remote_gw6: "" - sequence_number_reception: "disable" - sequence_number_transmission: "disable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_gre_tunnel_data(json): - option_list = ['checksum_reception', 'checksum_transmission', 'dscp_copying', - 'interface', 'ip_version', 'keepalive_failtimes', - 'keepalive_interval', 'key_inbound', 'key_outbound', - 'local_gw', 'local_gw6', 'name', - 'remote_gw', 'remote_gw6', 'sequence_number_reception', - 'sequence_number_transmission'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_gre_tunnel(data, fos): - vdom = data['vdom'] - state = data['state'] - system_gre_tunnel_data = data['system_gre_tunnel'] - filtered_data = underscore_to_hyphen(filter_system_gre_tunnel_data(system_gre_tunnel_data)) - - if state == "present": - return fos.set('system', - 'gre-tunnel', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'gre-tunnel', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_gre_tunnel']: - resp = system_gre_tunnel(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_gre_tunnel": { - "required": False, "type": "dict", "default": None, - "options": { - "checksum_reception": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "checksum_transmission": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "dscp_copying": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "interface": {"required": False, "type": "str"}, - "ip_version": {"required": False, "type": "str", - "choices": ["4", "6"]}, - "keepalive_failtimes": {"required": False, "type": "int"}, - "keepalive_interval": {"required": False, "type": "int"}, - "key_inbound": {"required": False, "type": "int"}, - "key_outbound": {"required": False, "type": "int"}, - "local_gw": {"required": False, "type": "str"}, - "local_gw6": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "remote_gw": {"required": False, "type": "str"}, - "remote_gw6": {"required": False, "type": "str"}, - "sequence_number_reception": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "sequence_number_transmission": {"required": False, "type": "str", - "choices": ["disable", "enable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_ha.py b/lib/ansible/modules/network/fortios/fortios_system_ha.py deleted file mode 100644 index 4f34290f1ad..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_ha.py +++ /dev/null @@ -1,903 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_ha -short_description: Configure HA in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and ha category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_ha: - description: - - Configure HA. - default: null - type: dict - suboptions: - arps: - description: - - Number of gratuitous ARPs (1 - 60). Lower to reduce traffic. Higher to reduce failover time. - type: int - arps_interval: - description: - - Time between gratuitous ARPs (1 - 20 sec). Lower to reduce failover time. Higher to reduce traffic. - type: int - authentication: - description: - - Enable/disable heartbeat message authentication. - type: str - choices: - - enable - - disable - cpu_threshold: - description: - - Dynamic weighted load balancing CPU usage weight and high and low thresholds. - type: str - encryption: - description: - - Enable/disable heartbeat message encryption. - type: str - choices: - - enable - - disable - ftp_proxy_threshold: - description: - - Dynamic weighted load balancing weight and high and low number of FTP proxy sessions. - type: str - gratuitous_arps: - description: - - Enable/disable gratuitous ARPs. Disable if link-failed-signal enabled. - type: str - choices: - - enable - - disable - group_id: - description: - - Cluster group ID (0 - 255). Must be the same for all members. - type: int - group_name: - description: - - Cluster group name. Must be the same for all members. - type: str - ha_direct: - description: - - Enable/disable using ha-mgmt interface for syslog, SNMP, remote authentication (RADIUS), FortiAnalyzer, and FortiSandbox. - type: str - choices: - - enable - - disable - ha_eth_type: - description: - - HA heartbeat packet Ethertype (4-digit hex). - type: str - ha_mgmt_interfaces: - description: - - Reserve interfaces to manage individual cluster units. - type: list - suboptions: - dst: - description: - - Default route destination for reserved HA management interface. - type: str - gateway: - description: - - Default route gateway for reserved HA management interface. - type: str - gateway6: - description: - - Default IPv6 gateway for reserved HA management interface. - type: str - id: - description: - - Table ID. - required: true - type: int - interface: - description: - - Interface to reserve for HA management. Source system.interface.name. - type: str - ha_mgmt_status: - description: - - Enable to reserve interfaces to manage individual cluster units. - type: str - choices: - - enable - - disable - ha_uptime_diff_margin: - description: - - Normally you would only reduce this value for failover testing. - type: int - hb_interval: - description: - - Time between sending heartbeat packets (1 - 20 (100*ms)). Increase to reduce false positives. - type: int - hb_lost_threshold: - description: - - Number of lost heartbeats to signal a failure (1 - 60). Increase to reduce false positives. - type: int - hbdev: - description: - - Heartbeat interfaces. Must be the same for all members. - type: str - hc_eth_type: - description: - - Transparent mode HA heartbeat packet Ethertype (4-digit hex). - type: str - hello_holddown: - description: - - Time to wait before changing from hello to work state (5 - 300 sec). - type: int - http_proxy_threshold: - description: - - Dynamic weighted load balancing weight and high and low number of HTTP proxy sessions. - type: str - imap_proxy_threshold: - description: - - Dynamic weighted load balancing weight and high and low number of IMAP proxy sessions. - type: str - inter_cluster_session_sync: - description: - - Enable/disable synchronization of sessions among HA clusters. - type: str - choices: - - enable - - disable - key: - description: - - key - type: str - l2ep_eth_type: - description: - - Telnet session HA heartbeat packet Ethertype (4-digit hex). - type: str - link_failed_signal: - description: - - Enable to shut down all interfaces for 1 sec after a failover. Use if gratuitous ARPs do not update network. - type: str - choices: - - enable - - disable - load_balance_all: - description: - - Enable to load balance TCP sessions. Disable to load balance proxy sessions only. - type: str - choices: - - enable - - disable - memory_compatible_mode: - description: - - Enable/disable memory compatible mode. - type: str - choices: - - enable - - disable - memory_threshold: - description: - - Dynamic weighted load balancing memory usage weight and high and low thresholds. - type: str - mode: - description: - - HA mode. Must be the same for all members. FGSP requires standalone. - type: str - choices: - - standalone - - a-a - - a-p - monitor: - description: - - Interfaces to check for port monitoring (or link failure). Source system.interface.name. - type: str - multicast_ttl: - description: - - HA multicast TTL on master (5 - 3600 sec). - type: int - nntp_proxy_threshold: - description: - - Dynamic weighted load balancing weight and high and low number of NNTP proxy sessions. - type: str - override: - description: - - Enable and increase the priority of the unit that should always be primary (master). - type: str - choices: - - enable - - disable - override_wait_time: - description: - - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates. - type: int - password: - description: - - Cluster password. Must be the same for all members. - type: str - pingserver_failover_threshold: - description: - - Remote IP monitoring failover threshold (0 - 50). - type: int - pingserver_flip_timeout: - description: - - Time to wait in minutes before renegotiating after a remote IP monitoring failover. - type: int - pingserver_monitor_interface: - description: - - Interfaces to check for remote IP monitoring. Source system.interface.name. - type: str - pingserver_slave_force_reset: - description: - - Enable to force the cluster to negotiate after a remote IP monitoring failover. - type: str - choices: - - enable - - disable - pop3_proxy_threshold: - description: - - Dynamic weighted load balancing weight and high and low number of POP3 proxy sessions. - type: str - priority: - description: - - Increase the priority to select the primary unit (0 - 255). - type: int - route_hold: - description: - - Time to wait between routing table updates to the cluster (0 - 3600 sec). - type: int - route_ttl: - description: - - TTL for primary unit routes (5 - 3600 sec). Increase to maintain active routes during failover. - type: int - route_wait: - description: - - Time to wait before sending new routes to the cluster (0 - 3600 sec). - type: int - schedule: - description: - - Type of A-A load balancing. Use none if you have external load balancers. - type: str - choices: - - none - - hub - - leastconnection - - round-robin - - weight-round-robin - - random - - ip - - ipport - secondary_vcluster: - description: - - Configure virtual cluster 2. - type: dict - suboptions: - monitor: - description: - - Interfaces to check for port monitoring (or link failure). Source system.interface.name. - type: str - override: - description: - - Enable and increase the priority of the unit that should always be primary (master). - type: str - choices: - - enable - - disable - override_wait_time: - description: - - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates. - type: int - pingserver_failover_threshold: - description: - - Remote IP monitoring failover threshold (0 - 50). - type: int - pingserver_monitor_interface: - description: - - Interfaces to check for remote IP monitoring. Source system.interface.name. - type: str - pingserver_slave_force_reset: - description: - - Enable to force the cluster to negotiate after a remote IP monitoring failover. - type: str - choices: - - enable - - disable - priority: - description: - - Increase the priority to select the primary unit (0 - 255). - type: int - vcluster_id: - description: - - Cluster ID. - type: int - vdom: - description: - - VDOMs in virtual cluster 2. - type: str - session_pickup: - description: - - Enable/disable session pickup. Enabling it can reduce session down time when fail over happens. - type: str - choices: - - enable - - disable - session_pickup_connectionless: - description: - - Enable/disable UDP and ICMP session sync for FGSP. - type: str - choices: - - enable - - disable - session_pickup_delay: - description: - - Enable to sync sessions longer than 30 sec. Only longer lived sessions need to be synced. - type: str - choices: - - enable - - disable - session_pickup_expectation: - description: - - Enable/disable session helper expectation session sync for FGSP. - type: str - choices: - - enable - - disable - session_pickup_nat: - description: - - Enable/disable NAT session sync for FGSP. - type: str - choices: - - enable - - disable - session_sync_dev: - description: - - Offload session sync to one or more interfaces to distribute traffic and prevent delays if needed. Source system.interface.name. - type: str - smtp_proxy_threshold: - description: - - Dynamic weighted load balancing weight and high and low number of SMTP proxy sessions. - type: str - standalone_config_sync: - description: - - Enable/disable FGSP configuration synchronization. - type: str - choices: - - enable - - disable - standalone_mgmt_vdom: - description: - - Enable/disable standalone management VDOM. - type: str - choices: - - enable - - disable - sync_config: - description: - - Enable/disable configuration synchronization. - type: str - choices: - - enable - - disable - sync_packet_balance: - description: - - Enable/disable HA packet distribution to multiple CPUs. - type: str - choices: - - enable - - disable - unicast_hb: - description: - - Enable/disable unicast heartbeat. - type: str - choices: - - enable - - disable - unicast_hb_netmask: - description: - - Unicast heartbeat netmask. - type: str - unicast_hb_peerip: - description: - - Unicast heartbeat peer IP. - type: str - uninterruptible_upgrade: - description: - - Enable to upgrade a cluster without blocking network traffic. - type: str - choices: - - enable - - disable - vcluster_id: - description: - - Cluster ID. - type: int - vcluster2: - description: - - Enable/disable virtual cluster 2 for virtual clustering. - type: str - choices: - - enable - - disable - vdom: - description: - - VDOMs in virtual cluster 1. - type: str - weight: - description: - - Weight-round-robin weight for each cluster unit. Syntax . - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure HA. - fortios_system_ha: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_ha: - arps: "3" - arps_interval: "4" - authentication: "enable" - cpu_threshold: "" - encryption: "enable" - ftp_proxy_threshold: "" - gratuitous_arps: "enable" - group_id: "10" - group_name: "" - ha_direct: "enable" - ha_eth_type: "" - ha_mgmt_interfaces: - - - dst: "" - gateway: "" - gateway6: "" - id: "18" - interface: " (source system.interface.name)" - ha_mgmt_status: "enable" - ha_uptime_diff_margin: "21" - hb_interval: "22" - hb_lost_threshold: "23" - hbdev: "" - hc_eth_type: "" - hello_holddown: "26" - http_proxy_threshold: "" - imap_proxy_threshold: "" - inter_cluster_session_sync: "enable" - key: "" - l2ep_eth_type: "" - link_failed_signal: "enable" - load_balance_all: "enable" - memory_compatible_mode: "enable" - memory_threshold: "" - mode: "standalone" - monitor: " (source system.interface.name)" - multicast_ttl: "38" - nntp_proxy_threshold: "" - override: "enable" - override_wait_time: "41" - password: "" - pingserver_failover_threshold: "43" - pingserver_flip_timeout: "44" - pingserver_monitor_interface: " (source system.interface.name)" - pingserver_slave_force_reset: "enable" - pop3_proxy_threshold: "" - priority: "48" - route_hold: "49" - route_ttl: "50" - route_wait: "51" - schedule: "none" - secondary_vcluster: - monitor: " (source system.interface.name)" - override: "enable" - override_wait_time: "56" - pingserver_failover_threshold: "57" - pingserver_monitor_interface: " (source system.interface.name)" - pingserver_slave_force_reset: "enable" - priority: "60" - vcluster_id: "61" - vdom: "" - session_pickup: "enable" - session_pickup_connectionless: "enable" - session_pickup_delay: "enable" - session_pickup_expectation: "enable" - session_pickup_nat: "enable" - session_sync_dev: " (source system.interface.name)" - smtp_proxy_threshold: "" - standalone_config_sync: "enable" - standalone_mgmt_vdom: "enable" - sync_config: "enable" - sync_packet_balance: "enable" - unicast_hb: "enable" - unicast_hb_netmask: "" - unicast_hb_peerip: "" - uninterruptible_upgrade: "enable" - vcluster_id: "78" - vcluster2: "enable" - vdom: "" - weight: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_ha_data(json): - option_list = ['arps', 'arps_interval', 'authentication', - 'cpu_threshold', 'encryption', 'ftp_proxy_threshold', - 'gratuitous_arps', 'group_id', 'group_name', - 'ha_direct', 'ha_eth_type', 'ha_mgmt_interfaces', - 'ha_mgmt_status', 'ha_uptime_diff_margin', 'hb_interval', - 'hb_lost_threshold', 'hbdev', 'hc_eth_type', - 'hello_holddown', 'http_proxy_threshold', 'imap_proxy_threshold', - 'inter_cluster_session_sync', 'key', 'l2ep_eth_type', - 'link_failed_signal', 'load_balance_all', 'memory_compatible_mode', - 'memory_threshold', 'mode', 'monitor', - 'multicast_ttl', 'nntp_proxy_threshold', 'override', - 'override_wait_time', 'password', 'pingserver_failover_threshold', - 'pingserver_flip_timeout', 'pingserver_monitor_interface', 'pingserver_slave_force_reset', - 'pop3_proxy_threshold', 'priority', 'route_hold', - 'route_ttl', 'route_wait', 'schedule', - 'secondary_vcluster', 'session_pickup', 'session_pickup_connectionless', - 'session_pickup_delay', 'session_pickup_expectation', 'session_pickup_nat', - 'session_sync_dev', 'smtp_proxy_threshold', 'standalone_config_sync', - 'standalone_mgmt_vdom', 'sync_config', 'sync_packet_balance', - 'unicast_hb', 'unicast_hb_netmask', 'unicast_hb_peerip', - 'uninterruptible_upgrade', 'vcluster_id', 'vcluster2', - 'vdom', 'weight'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_ha(data, fos): - vdom = data['vdom'] - system_ha_data = data['system_ha'] - filtered_data = underscore_to_hyphen(filter_system_ha_data(system_ha_data)) - - return fos.set('system', - 'ha', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_ha']: - resp = system_ha(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_ha": { - "required": False, "type": "dict", "default": None, - "options": { - "arps": {"required": False, "type": "int"}, - "arps_interval": {"required": False, "type": "int"}, - "authentication": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "cpu_threshold": {"required": False, "type": "str"}, - "encryption": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ftp_proxy_threshold": {"required": False, "type": "str"}, - "gratuitous_arps": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "group_id": {"required": False, "type": "int"}, - "group_name": {"required": False, "type": "str"}, - "ha_direct": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ha_eth_type": {"required": False, "type": "str"}, - "ha_mgmt_interfaces": {"required": False, "type": "list", - "options": { - "dst": {"required": False, "type": "str"}, - "gateway": {"required": False, "type": "str"}, - "gateway6": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "interface": {"required": False, "type": "str"} - }}, - "ha_mgmt_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ha_uptime_diff_margin": {"required": False, "type": "int"}, - "hb_interval": {"required": False, "type": "int"}, - "hb_lost_threshold": {"required": False, "type": "int"}, - "hbdev": {"required": False, "type": "str"}, - "hc_eth_type": {"required": False, "type": "str"}, - "hello_holddown": {"required": False, "type": "int"}, - "http_proxy_threshold": {"required": False, "type": "str"}, - "imap_proxy_threshold": {"required": False, "type": "str"}, - "inter_cluster_session_sync": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "key": {"required": False, "type": "str"}, - "l2ep_eth_type": {"required": False, "type": "str"}, - "link_failed_signal": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "load_balance_all": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "memory_compatible_mode": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "memory_threshold": {"required": False, "type": "str"}, - "mode": {"required": False, "type": "str", - "choices": ["standalone", "a-a", "a-p"]}, - "monitor": {"required": False, "type": "str"}, - "multicast_ttl": {"required": False, "type": "int"}, - "nntp_proxy_threshold": {"required": False, "type": "str"}, - "override": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "override_wait_time": {"required": False, "type": "int"}, - "password": {"required": False, "type": "str"}, - "pingserver_failover_threshold": {"required": False, "type": "int"}, - "pingserver_flip_timeout": {"required": False, "type": "int"}, - "pingserver_monitor_interface": {"required": False, "type": "str"}, - "pingserver_slave_force_reset": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "pop3_proxy_threshold": {"required": False, "type": "str"}, - "priority": {"required": False, "type": "int"}, - "route_hold": {"required": False, "type": "int"}, - "route_ttl": {"required": False, "type": "int"}, - "route_wait": {"required": False, "type": "int"}, - "schedule": {"required": False, "type": "str", - "choices": ["none", "hub", "leastconnection", - "round-robin", "weight-round-robin", "random", - "ip", "ipport"]}, - "secondary_vcluster": {"required": False, "type": "dict", - "options": { - "monitor": {"required": False, "type": "str"}, - "override": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "override_wait_time": {"required": False, "type": "int"}, - "pingserver_failover_threshold": {"required": False, "type": "int"}, - "pingserver_monitor_interface": {"required": False, "type": "str"}, - "pingserver_slave_force_reset": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "priority": {"required": False, "type": "int"}, - "vcluster_id": {"required": False, "type": "int"}, - "vdom": {"required": False, "type": "str"} - }}, - "session_pickup": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "session_pickup_connectionless": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "session_pickup_delay": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "session_pickup_expectation": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "session_pickup_nat": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "session_sync_dev": {"required": False, "type": "str"}, - "smtp_proxy_threshold": {"required": False, "type": "str"}, - "standalone_config_sync": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "standalone_mgmt_vdom": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sync_config": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sync_packet_balance": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "unicast_hb": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "unicast_hb_netmask": {"required": False, "type": "str"}, - "unicast_hb_peerip": {"required": False, "type": "str"}, - "uninterruptible_upgrade": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "vcluster_id": {"required": False, "type": "int"}, - "vcluster2": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "vdom": {"required": False, "type": "str"}, - "weight": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_ha_monitor.py b/lib/ansible/modules/network/fortios/fortios_system_ha_monitor.py deleted file mode 100644 index c1b0eea33fe..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_ha_monitor.py +++ /dev/null @@ -1,305 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_ha_monitor -short_description: Configure HA monitor in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and ha_monitor category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_ha_monitor: - description: - - Configure HA monitor. - default: null - type: dict - suboptions: - monitor_vlan: - description: - - Enable/disable monitor VLAN interfaces. - type: str - choices: - - enable - - disable - vlan_hb_interval: - description: - - Configure heartbeat interval (seconds). - type: int - vlan_hb_lost_threshold: - description: - - VLAN lost heartbeat threshold (1 - 60). - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure HA monitor. - fortios_system_ha_monitor: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_ha_monitor: - monitor_vlan: "enable" - vlan_hb_interval: "4" - vlan_hb_lost_threshold: "5" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_ha_monitor_data(json): - option_list = ['monitor_vlan', 'vlan_hb_interval', 'vlan_hb_lost_threshold'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_ha_monitor(data, fos): - vdom = data['vdom'] - system_ha_monitor_data = data['system_ha_monitor'] - filtered_data = underscore_to_hyphen(filter_system_ha_monitor_data(system_ha_monitor_data)) - - return fos.set('system', - 'ha-monitor', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_ha_monitor']: - resp = system_ha_monitor(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_ha_monitor": { - "required": False, "type": "dict", "default": None, - "options": { - "monitor_vlan": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "vlan_hb_interval": {"required": False, "type": "int"}, - "vlan_hb_lost_threshold": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_interface.py b/lib/ansible/modules/network/fortios/fortios_system_interface.py deleted file mode 100644 index 210824df2b2..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_interface.py +++ /dev/null @@ -1,2573 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_interface -short_description: Configure interfaces in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and interface category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - system_interface: - description: - - Configure interfaces. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - ac_name: - description: - - PPPoE server name. - type: str - aggregate: - description: - - Aggregate interface. - type: str - algorithm: - description: - - Frame distribution algorithm. - type: str - choices: - - L2 - - L3 - - L4 - alias: - description: - - Alias will be displayed with the interface name to make it easier to distinguish. - type: str - allowaccess: - description: - - Permitted types of management access to this interface. - type: list - choices: - - ping - - https - - ssh - - snmp - - http - - telnet - - fgfm - - radius-acct - - probe-response - - capwap - - ftm - ap_discover: - description: - - Enable/disable automatic registration of unknown FortiAP devices. - type: str - choices: - - enable - - disable - arpforward: - description: - - Enable/disable ARP forwarding. - type: str - choices: - - enable - - disable - auth_type: - description: - - PPP authentication type to use. - type: str - choices: - - auto - - pap - - chap - - mschapv1 - - mschapv2 - auto_auth_extension_device: - description: - - Enable/disable automatic authorization of dedicated Fortinet extension device on this interface. - type: str - choices: - - enable - - disable - bfd: - description: - - Bidirectional Forwarding Detection (BFD) settings. - type: str - choices: - - global - - enable - - disable - bfd_desired_min_tx: - description: - - BFD desired minimal transmit interval. - type: int - bfd_detect_mult: - description: - - BFD detection multiplier. - type: int - bfd_required_min_rx: - description: - - BFD required minimal receive interval. - type: int - broadcast_forticlient_discovery: - description: - - Enable/disable broadcasting FortiClient discovery messages. - type: str - choices: - - enable - - disable - broadcast_forward: - description: - - Enable/disable broadcast forwarding. - type: str - choices: - - enable - - disable - captive_portal: - description: - - Enable/disable captive portal. - type: int - cli_conn_status: - description: - - CLI connection status. - type: int - color: - description: - - Color of icon on the GUI. - type: int - dedicated_to: - description: - - Configure interface for single purpose. - type: str - choices: - - none - - management - defaultgw: - description: - - Enable to get the gateway IP from the DHCP or PPPoE server. - type: str - choices: - - enable - - disable - description: - description: - - Description. - type: str - detected_peer_mtu: - description: - - MTU of detected peer (0 - 4294967295). - type: int - detectprotocol: - description: - - Protocols used to detect the server. - type: str - choices: - - ping - - tcp-echo - - udp-echo - detectserver: - description: - - Gateway's ping server for this IP. - type: str - device_access_list: - description: - - Device access list. - type: str - device_identification: - description: - - Enable/disable passively gathering of device identity information about the devices on the network connected to this interface. - type: str - choices: - - enable - - disable - device_identification_active_scan: - description: - - Enable/disable active gathering of device identity information about the devices on the network connected to this interface. - type: str - choices: - - enable - - disable - device_netscan: - description: - - Enable/disable inclusion of devices detected on this interface in network vulnerability scans. - type: str - choices: - - disable - - enable - device_user_identification: - description: - - Enable/disable passive gathering of user identity information about users on this interface. - type: str - choices: - - enable - - disable - devindex: - description: - - Device Index. - type: int - dhcp_client_identifier: - description: - - DHCP client identifier. - type: str - dhcp_relay_agent_option: - description: - - Enable/disable DHCP relay agent option. - type: str - choices: - - enable - - disable - dhcp_relay_ip: - description: - - DHCP relay IP address. - type: str - dhcp_relay_service: - description: - - Enable/disable allowing this interface to act as a DHCP relay. - type: str - choices: - - disable - - enable - dhcp_relay_type: - description: - - DHCP relay type (regular or IPsec). - type: str - choices: - - regular - - ipsec - dhcp_renew_time: - description: - - DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server. - type: int - disc_retry_timeout: - description: - - Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout. - type: int - disconnect_threshold: - description: - - Time in milliseconds to wait before sending a notification that this interface is down or disconnected. - type: int - distance: - description: - - Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route. - type: int - dns_server_override: - description: - - Enable/disable use DNS acquired by DHCP or PPPoE. - type: str - choices: - - enable - - disable - drop_fragment: - description: - - Enable/disable drop fragment packets. - type: str - choices: - - enable - - disable - drop_overlapped_fragment: - description: - - Enable/disable drop overlapped fragment packets. - type: str - choices: - - enable - - disable - egress_shaping_profile: - description: - - Outgoing traffic shaping profile. - type: str - endpoint_compliance: - description: - - Enable/disable endpoint compliance enforcement. - type: str - choices: - - enable - - disable - estimated_downstream_bandwidth: - description: - - Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization. - type: int - estimated_upstream_bandwidth: - description: - - Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization. - type: int - explicit_ftp_proxy: - description: - - Enable/disable the explicit FTP proxy on this interface. - type: str - choices: - - enable - - disable - explicit_web_proxy: - description: - - Enable/disable the explicit web proxy on this interface. - type: str - choices: - - enable - - disable - external: - description: - - Enable/disable identifying the interface as an external interface (which usually means it's connected to the Internet). - type: str - choices: - - enable - - disable - fail_action_on_extender: - description: - - Action on extender when interface fail . - type: str - choices: - - soft-restart - - hard-restart - - reboot - fail_alert_interfaces: - description: - - Names of the FortiGate interfaces from which the link failure alert is sent for this interface. - type: list - suboptions: - name: - description: - - Names of the physical interfaces belonging to the aggregate or redundant interface. Source system.interface.name. - required: true - type: str - fail_alert_method: - description: - - Select link-failed-signal or link-down method to alert about a failed link. - type: str - choices: - - link-failed-signal - - link-down - fail_detect: - description: - - Enable/disable fail detection features for this interface. - type: str - choices: - - enable - - disable - fail_detect_option: - description: - - Options for detecting that this interface has failed. - type: str - choices: - - detectserver - - link-down - fortiheartbeat: - description: - - Enable/disable FortiHeartBeat (FortiTelemetry on GUI). - type: str - choices: - - enable - - disable - fortilink: - description: - - Enable FortiLink to dedicate this interface to manage other Fortinet devices. - type: str - choices: - - enable - - disable - fortilink_backup_link: - description: - - fortilink split interface backup link. - type: int - fortilink_split_interface: - description: - - Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy (maximum 2 - interfaces in the "members" command). - type: str - choices: - - enable - - disable - fortilink_stacking: - description: - - Enable/disable FortiLink switch-stacking on this interface. - type: str - choices: - - enable - - disable - forward_domain: - description: - - Transparent mode forward domain. - type: int - gwdetect: - description: - - Enable/disable detect gateway alive for first. - type: str - choices: - - enable - - disable - ha_priority: - description: - - HA election priority for the PING server. - type: int - icmp_accept_redirect: - description: - - Enable/disable ICMP accept redirect. - type: str - choices: - - enable - - disable - icmp_send_redirect: - description: - - Enable/disable ICMP send redirect. - type: str - choices: - - enable - - disable - ident_accept: - description: - - Enable/disable authentication for this interface. - type: str - choices: - - enable - - disable - idle_timeout: - description: - - PPPoE auto disconnect after idle timeout seconds, 0 means no timeout. - type: int - inbandwidth: - description: - - Bandwidth limit for incoming traffic (0 - 16776000 kbps), 0 means unlimited. - type: int - ingress_spillover_threshold: - description: - - Ingress Spillover threshold (0 - 16776000 kbps). - type: int - interface: - description: - - Interface name. Source system.interface.name. - type: str - internal: - description: - - Implicitly created. - type: int - ip: - description: - - "Interface IPv4 address and subnet mask, syntax: X.X.X.X/24." - type: str - ipmac: - description: - - Enable/disable IP/MAC binding. - type: str - choices: - - enable - - disable - ips_sniffer_mode: - description: - - Enable/disable the use of this interface as a one-armed sniffer. - type: str - choices: - - enable - - disable - ipunnumbered: - description: - - Unnumbered IP used for PPPoE interfaces for which no unique local address is provided. - type: str - ipv6: - description: - - IPv6 of interface. - type: dict - suboptions: - autoconf: - description: - - Enable/disable address auto config. - type: str - choices: - - enable - - disable - dhcp6_client_options: - description: - - DHCPv6 client options. - type: str - choices: - - rapid - - iapd - - iana - dhcp6_information_request: - description: - - Enable/disable DHCPv6 information request. - type: str - choices: - - enable - - disable - dhcp6_prefix_delegation: - description: - - Enable/disable DHCPv6 prefix delegation. - type: str - choices: - - enable - - disable - dhcp6_prefix_hint: - description: - - DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server. - type: str - dhcp6_prefix_hint_plt: - description: - - DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time. - type: int - dhcp6_prefix_hint_vlt: - description: - - DHCPv6 prefix hint valid life time (sec). - type: int - dhcp6_relay_ip: - description: - - DHCPv6 relay IP address. - type: str - dhcp6_relay_service: - description: - - Enable/disable DHCPv6 relay. - type: str - choices: - - disable - - enable - dhcp6_relay_type: - description: - - DHCPv6 relay type. - type: str - choices: - - regular - ip6_address: - description: - - "Primary IPv6 address prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx" - type: str - ip6_allowaccess: - description: - - Allow management access to the interface. - type: list - choices: - - ping - - https - - ssh - - snmp - - http - - telnet - - fgfm - - capwap - ip6_default_life: - description: - - Default life (sec). - type: int - ip6_delegated_prefix_list: - description: - - Advertised IPv6 delegated prefix list. - type: list - suboptions: - autonomous_flag: - description: - - Enable/disable the autonomous flag. - type: str - choices: - - enable - - disable - onlink_flag: - description: - - Enable/disable the onlink flag. - type: str - choices: - - enable - - disable - prefix_id: - description: - - Prefix ID. - type: int - rdnss: - description: - - Recursive DNS server option. - type: str - rdnss_service: - description: - - Recursive DNS service option. - type: str - choices: - - delegated - - default - - specify - subnet: - description: - - Add subnet ID to routing prefix. - type: str - upstream_interface: - description: - - Name of the interface that provides delegated information. Source system.interface.name. - type: str - ip6_dns_server_override: - description: - - Enable/disable using the DNS server acquired by DHCP. - type: str - choices: - - enable - - disable - ip6_extra_addr: - description: - - Extra IPv6 address prefixes of interface. - type: list - suboptions: - prefix: - description: - - IPv6 address prefix. - required: true - type: str - ip6_hop_limit: - description: - - Hop limit (0 means unspecified). - type: int - ip6_link_mtu: - description: - - IPv6 link MTU. - type: int - ip6_manage_flag: - description: - - Enable/disable the managed flag. - type: str - choices: - - enable - - disable - ip6_max_interval: - description: - - IPv6 maximum interval (4 to 1800 sec). - type: int - ip6_min_interval: - description: - - IPv6 minimum interval (3 to 1350 sec). - type: int - ip6_mode: - description: - - Addressing mode (static, DHCP, delegated). - type: str - choices: - - static - - dhcp - - pppoe - - delegated - ip6_other_flag: - description: - - Enable/disable the other IPv6 flag. - type: str - choices: - - enable - - disable - ip6_prefix_list: - description: - - Advertised prefix list. - type: list - suboptions: - autonomous_flag: - description: - - Enable/disable the autonomous flag. - type: str - choices: - - enable - - disable - dnssl: - description: - - DNS search list option. - type: list - suboptions: - domain: - description: - - Domain name. - required: true - type: str - onlink_flag: - description: - - Enable/disable the onlink flag. - type: str - choices: - - enable - - disable - preferred_life_time: - description: - - Preferred life time (sec). - type: int - prefix: - description: - - IPv6 prefix. - required: true - type: str - rdnss: - description: - - Recursive DNS server option. - type: str - valid_life_time: - description: - - Valid life time (sec). - type: int - ip6_reachable_time: - description: - - IPv6 reachable time (milliseconds; 0 means unspecified). - type: int - ip6_retrans_time: - description: - - IPv6 retransmit time (milliseconds; 0 means unspecified). - type: int - ip6_send_adv: - description: - - Enable/disable sending advertisements about the interface. - type: str - choices: - - enable - - disable - ip6_subnet: - description: - - " Subnet to routing prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx" - type: str - ip6_upstream_interface: - description: - - Interface name providing delegated information. Source system.interface.name. - type: str - nd_cert: - description: - - Neighbor discovery certificate. Source certificate.local.name. - type: str - nd_cga_modifier: - description: - - Neighbor discovery CGA modifier. - type: str - nd_mode: - description: - - Neighbor discovery mode. - type: str - choices: - - basic - - SEND-compatible - nd_security_level: - description: - - Neighbor discovery security level (0 - 7; 0 = least secure). - type: int - nd_timestamp_delta: - description: - - Neighbor discovery timestamp delta value (1 - 3600 sec; ). - type: int - nd_timestamp_fuzz: - description: - - Neighbor discovery timestamp fuzz factor (1 - 60 sec; ). - type: int - vrip6_link_local: - description: - - Link-local IPv6 address of virtual router. - type: str - vrrp_virtual_mac6: - description: - - Enable/disable virtual MAC for VRRP. - type: str - choices: - - enable - - disable - vrrp6: - description: - - IPv6 VRRP configuration. - type: list - suboptions: - accept_mode: - description: - - Enable/disable accept mode. - type: str - choices: - - enable - - disable - adv_interval: - description: - - Advertisement interval (1 - 255 seconds). - type: int - preempt: - description: - - Enable/disable preempt mode. - type: str - choices: - - enable - - disable - priority: - description: - - Priority of the virtual router (1 - 255). - type: int - start_time: - description: - - Startup time (1 - 255 seconds). - type: int - status: - description: - - Enable/disable VRRP. - type: str - choices: - - enable - - disable - vrdst6: - description: - - Monitor the route to this destination. - type: str - vrgrp: - description: - - VRRP group ID (1 - 65535). - type: int - vrid: - description: - - Virtual router identifier (1 - 255). - required: true - type: int - vrip6: - description: - - IPv6 address of the virtual router. - type: str - l2forward: - description: - - Enable/disable l2 forwarding. - type: str - choices: - - enable - - disable - lacp_ha_slave: - description: - - LACP HA slave. - type: str - choices: - - enable - - disable - lacp_mode: - description: - - LACP mode. - type: str - choices: - - static - - passive - - active - lacp_speed: - description: - - How often the interface sends LACP messages. - type: str - choices: - - slow - - fast - lcp_echo_interval: - description: - - Time in seconds between PPPoE Link Control Protocol (LCP) echo requests. - type: int - lcp_max_echo_fails: - description: - - Maximum missed LCP echo messages before disconnect. - type: int - link_up_delay: - description: - - Number of milliseconds to wait before considering a link is up. - type: int - lldp_transmission: - description: - - Enable/disable Link Layer Discovery Protocol (LLDP) transmission. - type: str - choices: - - enable - - disable - - vdom - macaddr: - description: - - Change the interface's MAC address. - type: str - managed_device: - description: - - Available when FortiLink is enabled, used for managed devices through FortiLink interface. - type: list - suboptions: - name: - description: - - Managed dev identifier. - required: true - type: str - management_ip: - description: - - High Availability in-band management IP address of this interface. - type: str - member: - description: - - Physical interfaces that belong to the aggregate or redundant interface. - type: list - suboptions: - interface_name: - description: - - Physical interface name. Source system.interface.name. - type: str - min_links: - description: - - Minimum number of aggregated ports that must be up. - type: int - min_links_down: - description: - - Action to take when less than the configured minimum number of links are active. - type: str - choices: - - operational - - administrative - mode: - description: - - Addressing mode (static, DHCP, PPPoE). - type: str - choices: - - static - - dhcp - - pppoe - mtu: - description: - - MTU value for this interface. - type: int - mtu_override: - description: - - Enable to set a custom MTU for this interface. - type: str - choices: - - enable - - disable - name: - description: - - Name. - required: true - type: str - ndiscforward: - description: - - Enable/disable NDISC forwarding. - type: str - choices: - - enable - - disable - netbios_forward: - description: - - Enable/disable NETBIOS forwarding. - type: str - choices: - - disable - - enable - netflow_sampler: - description: - - Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both). - type: str - choices: - - disable - - tx - - rx - - both - outbandwidth: - description: - - Bandwidth limit for outgoing traffic (0 - 16776000 kbps). - type: int - padt_retry_timeout: - description: - - PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time. - type: int - password: - description: - - PPPoE account's password. - type: str - ping_serv_status: - description: - - PING server status. - type: int - polling_interval: - description: - - sFlow polling interval (1 - 255 sec). - type: int - pppoe_unnumbered_negotiate: - description: - - Enable/disable PPPoE unnumbered negotiation. - type: str - choices: - - enable - - disable - pptp_auth_type: - description: - - PPTP authentication type. - type: str - choices: - - auto - - pap - - chap - - mschapv1 - - mschapv2 - pptp_client: - description: - - Enable/disable PPTP client. - type: str - choices: - - enable - - disable - pptp_password: - description: - - PPTP password. - type: str - pptp_server_ip: - description: - - PPTP server IP address. - type: str - pptp_timeout: - description: - - Idle timer in minutes (0 for disabled). - type: int - pptp_user: - description: - - PPTP user name. - type: str - preserve_session_route: - description: - - Enable/disable preservation of session route when dirty. - type: str - choices: - - enable - - disable - priority: - description: - - Priority of learned routes. - type: int - priority_override: - description: - - Enable/disable fail back to higher priority port once recovered. - type: str - choices: - - enable - - disable - proxy_captive_portal: - description: - - Enable/disable proxy captive portal on this interface. - type: str - choices: - - enable - - disable - redundant_interface: - description: - - Redundant interface. - type: str - remote_ip: - description: - - Remote IP address of tunnel. - type: str - replacemsg_override_group: - description: - - Replacement message override group. - type: str - role: - description: - - Interface role. - type: str - choices: - - lan - - wan - - dmz - - undefined - sample_direction: - description: - - Data that NetFlow collects (rx, tx, or both). - type: str - choices: - - tx - - rx - - both - sample_rate: - description: - - sFlow sample rate (10 - 99999). - type: int - scan_botnet_connections: - description: - - Enable monitoring or blocking connections to Botnet servers through this interface. - type: str - choices: - - disable - - block - - monitor - secondary_IP: - description: - - Enable/disable adding a secondary IP to this interface. - type: str - choices: - - enable - - disable - secondaryip: - description: - - Second IP address of interface. - type: list - suboptions: - allowaccess: - description: - - Management access settings for the secondary IP address. - type: str - choices: - - ping - - https - - ssh - - snmp - - http - - telnet - - fgfm - - radius-acct - - probe-response - - capwap - - ftm - detectprotocol: - description: - - Protocols used to detect the server. - type: str - choices: - - ping - - tcp-echo - - udp-echo - detectserver: - description: - - Gateway's ping server for this IP. - type: str - gwdetect: - description: - - Enable/disable detect gateway alive for first. - type: str - choices: - - enable - - disable - ha_priority: - description: - - HA election priority for the PING server. - type: int - id: - description: - - ID. - required: true - type: int - ip: - description: - - Secondary IP address of the interface. - type: str - ping_serv_status: - description: - - PING server status. - type: int - security_exempt_list: - description: - - Name of security-exempt-list. - type: str - security_external_logout: - description: - - URL of external authentication logout server. - type: str - security_external_web: - description: - - URL of external authentication web server. - type: str - security_groups: - description: - - User groups that can authenticate with the captive portal. - type: list - suboptions: - name: - description: - - Names of user groups that can authenticate with the captive portal. - required: true - type: str - security_mac_auth_bypass: - description: - - Enable/disable MAC authentication bypass. - type: str - choices: - - enable - - disable - security_mode: - description: - - Turn on captive portal authentication for this interface. - type: str - choices: - - none - - captive-portal - - 802.1X - security_redirect_url: - description: - - URL redirection after disclaimer/authentication. - type: str - service_name: - description: - - PPPoE service name. - type: str - sflow_sampler: - description: - - Enable/disable sFlow on this interface. - type: str - choices: - - enable - - disable - snmp_index: - description: - - Permanent SNMP Index of the interface. - type: int - speed: - description: - - Interface speed. The default setting and the options available depend on the interface hardware. - type: str - choices: - - auto - - 10full - - 10half - - 100full - - 100half - - 1000full - - 1000half - - 1000auto - spillover_threshold: - description: - - Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited. - type: int - src_check: - description: - - Enable/disable source IP check. - type: str - choices: - - enable - - disable - status: - description: - - Bring the interface up or shut the interface down. - type: str - choices: - - up - - down - stpforward: - description: - - Enable/disable STP forwarding. - type: str - choices: - - enable - - disable - stpforward_mode: - description: - - Configure STP forwarding mode. - type: str - choices: - - rpl-all-ext-id - - rpl-bridge-ext-id - - rpl-nothing - subst: - description: - - Enable to always send packets from this interface to a destination MAC address. - type: str - choices: - - enable - - disable - substitute_dst_mac: - description: - - Destination MAC address that all packets are sent to from this interface. - type: str - switch: - description: - - Contained in switch. - type: str - switch_controller_access_vlan: - description: - - Block FortiSwitch port-to-port traffic. - type: str - choices: - - enable - - disable - switch_controller_arp_inspection: - description: - - Enable/disable FortiSwitch ARP inspection. - type: str - choices: - - enable - - disable - switch_controller_dhcp_snooping: - description: - - Switch controller DHCP snooping. - type: str - choices: - - enable - - disable - switch_controller_dhcp_snooping_option82: - description: - - Switch controller DHCP snooping option82. - type: str - choices: - - enable - - disable - switch_controller_dhcp_snooping_verify_mac: - description: - - Switch controller DHCP snooping verify MAC. - type: str - choices: - - enable - - disable - switch_controller_igmp_snooping: - description: - - Switch controller IGMP snooping. - type: str - choices: - - enable - - disable - switch_controller_learning_limit: - description: - - Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default). - type: int - tagging: - description: - - Config object tagging. - type: list - suboptions: - category: - description: - - Tag category. Source system.object-tagging.category. - type: str - name: - description: - - Tagging entry name. - required: true - type: str - tags: - description: - - Tags. - type: list - suboptions: - name: - description: - - Tag name. Source system.object-tagging.tags.name. - required: true - type: str - tcp_mss: - description: - - TCP maximum segment size. 0 means do not change segment size. - type: int - trust_ip_1: - description: - - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). - type: str - trust_ip_2: - description: - - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). - type: str - trust_ip_3: - description: - - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). - type: str - trust_ip6_1: - description: - - "Trusted IPv6 host for dedicated management traffic (::/0 for all hosts)." - type: str - trust_ip6_2: - description: - - "Trusted IPv6 host for dedicated management traffic (::/0 for all hosts)." - type: str - trust_ip6_3: - description: - - "Trusted IPv6 host for dedicated management traffic (::/0 for all hosts)." - type: str - type: - description: - - Interface type. - type: str - choices: - - physical - - vlan - - aggregate - - redundant - - tunnel - - vdom-link - - loopback - - switch - - hard-switch - - vap-switch - - wl-mesh - - fext-wan - - vxlan - - hdlc - - switch-vlan - username: - description: - - Username of the PPPoE account, provided by your ISP. - type: str - vdom: - description: - - Interface is in this virtual domain (VDOM). Source system.vdom.name. - type: str - vindex: - description: - - Switch control interface VLAN ID. - type: int - vlanforward: - description: - - Enable/disable traffic forwarding between VLANs on this interface. - type: str - choices: - - enable - - disable - vlanid: - description: - - VLAN ID (1 - 4094). - type: int - vrf: - description: - - Virtual Routing Forwarding ID. - type: int - vrrp: - description: - - VRRP configuration. - type: list - suboptions: - accept_mode: - description: - - Enable/disable accept mode. - type: str - choices: - - enable - - disable - adv_interval: - description: - - Advertisement interval (1 - 255 seconds). - type: int - ignore_default_route: - description: - - Enable/disable ignoring of default route when checking destination. - type: str - choices: - - enable - - disable - preempt: - description: - - Enable/disable preempt mode. - type: str - choices: - - enable - - disable - priority: - description: - - Priority of the virtual router (1 - 255). - type: int - proxy_arp: - description: - - VRRP Proxy ARP configuration. - type: list - suboptions: - id: - description: - - ID. - required: true - type: int - ip: - description: - - Set IP addresses of proxy ARP. - type: str - start_time: - description: - - Startup time (1 - 255 seconds). - type: int - status: - description: - - Enable/disable this VRRP configuration. - type: str - choices: - - enable - - disable - version: - description: - - VRRP version. - type: str - choices: - - 2 - - 3 - vrdst: - description: - - Monitor the route to this destination. - type: str - vrdst_priority: - description: - - Priority of the virtual router when the virtual router destination becomes unreachable (0 - 254). - type: int - vrgrp: - description: - - VRRP group ID (1 - 65535). - type: int - vrid: - description: - - Virtual router identifier (1 - 255). - required: true - type: int - vrip: - description: - - IP address of the virtual router. - type: str - vrrp_virtual_mac: - description: - - Enable/disable use of virtual MAC for VRRP. - type: str - choices: - - enable - - disable - wccp: - description: - - Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers. - type: str - choices: - - enable - - disable - weight: - description: - - Default weight for static routes (if route has no weight configured). - type: int - wins_ip: - description: - - WINS server IP. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure interfaces. - fortios_system_interface: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_interface: - ac_name: "" - aggregate: "" - algorithm: "L2" - alias: "" - allowaccess: "ping" - ap_discover: "enable" - arpforward: "enable" - auth_type: "auto" - auto_auth_extension_device: "enable" - bfd: "global" - bfd_desired_min_tx: "13" - bfd_detect_mult: "14" - bfd_required_min_rx: "15" - broadcast_forticlient_discovery: "enable" - broadcast_forward: "enable" - captive_portal: "18" - cli_conn_status: "19" - color: "20" - dedicated_to: "none" - defaultgw: "enable" - description: "" - detected_peer_mtu: "24" - detectprotocol: "ping" - detectserver: "" - device_access_list: "" - device_identification: "enable" - device_identification_active_scan: "enable" - device_netscan: "disable" - device_user_identification: "enable" - devindex: "32" - dhcp_client_identifier: "myId_33" - dhcp_relay_agent_option: "enable" - dhcp_relay_ip: "" - dhcp_relay_service: "disable" - dhcp_relay_type: "regular" - dhcp_renew_time: "38" - disc_retry_timeout: "39" - disconnect_threshold: "40" - distance: "41" - dns_server_override: "enable" - drop_fragment: "enable" - drop_overlapped_fragment: "enable" - egress_shaping_profile: "" - endpoint_compliance: "enable" - estimated_downstream_bandwidth: "47" - estimated_upstream_bandwidth: "48" - explicit_ftp_proxy: "enable" - explicit_web_proxy: "enable" - external: "enable" - fail_action_on_extender: "soft-restart" - fail_alert_interfaces: - - - name: "default_name_54 (source system.interface.name)" - fail_alert_method: "link-failed-signal" - fail_detect: "enable" - fail_detect_option: "detectserver" - fortiheartbeat: "enable" - fortilink: "enable" - fortilink_backup_link: "60" - fortilink_split_interface: "enable" - fortilink_stacking: "enable" - forward_domain: "63" - gwdetect: "enable" - ha_priority: "65" - icmp_accept_redirect: "enable" - icmp_send_redirect: "enable" - ident_accept: "enable" - idle_timeout: "69" - inbandwidth: "70" - ingress_spillover_threshold: "71" - interface: " (source system.interface.name)" - internal: "73" - ip: "" - ipmac: "enable" - ips_sniffer_mode: "enable" - ipunnumbered: "" - ipv6: - autoconf: "enable" - dhcp6_client_options: "rapid" - dhcp6_information_request: "enable" - dhcp6_prefix_delegation: "enable" - dhcp6_prefix_hint: "" - dhcp6_prefix_hint_plt: "84" - dhcp6_prefix_hint_vlt: "85" - dhcp6_relay_ip: "" - dhcp6_relay_service: "disable" - dhcp6_relay_type: "regular" - ip6_address: "" - ip6_allowaccess: "ping" - ip6_default_life: "91" - ip6_delegated_prefix_list: - - - autonomous_flag: "enable" - onlink_flag: "enable" - prefix_id: "95" - rdnss: "" - rdnss_service: "delegated" - subnet: "" - upstream_interface: " (source system.interface.name)" - ip6_dns_server_override: "enable" - ip6_extra_addr: - - - prefix: "" - ip6_hop_limit: "103" - ip6_link_mtu: "104" - ip6_manage_flag: "enable" - ip6_max_interval: "106" - ip6_min_interval: "107" - ip6_mode: "static" - ip6_other_flag: "enable" - ip6_prefix_list: - - - autonomous_flag: "enable" - dnssl: - - - domain: "" - onlink_flag: "enable" - preferred_life_time: "115" - prefix: "" - rdnss: "" - valid_life_time: "118" - ip6_reachable_time: "119" - ip6_retrans_time: "120" - ip6_send_adv: "enable" - ip6_subnet: "" - ip6_upstream_interface: " (source system.interface.name)" - nd_cert: " (source certificate.local.name)" - nd_cga_modifier: "" - nd_mode: "basic" - nd_security_level: "127" - nd_timestamp_delta: "128" - nd_timestamp_fuzz: "129" - vrip6_link_local: "" - vrrp_virtual_mac6: "enable" - vrrp6: - - - accept_mode: "enable" - adv_interval: "134" - preempt: "enable" - priority: "136" - start_time: "137" - status: "enable" - vrdst6: "" - vrgrp: "140" - vrid: "141" - vrip6: "" - l2forward: "enable" - lacp_ha_slave: "enable" - lacp_mode: "static" - lacp_speed: "slow" - lcp_echo_interval: "147" - lcp_max_echo_fails: "148" - link_up_delay: "149" - lldp_transmission: "enable" - macaddr: "" - managed_device: - - - name: "default_name_153" - management_ip: "" - member: - - - interface_name: " (source system.interface.name)" - min_links: "157" - min_links_down: "operational" - mode: "static" - mtu: "160" - mtu_override: "enable" - name: "default_name_162" - ndiscforward: "enable" - netbios_forward: "disable" - netflow_sampler: "disable" - outbandwidth: "166" - padt_retry_timeout: "167" - password: "" - ping_serv_status: "169" - polling_interval: "170" - pppoe_unnumbered_negotiate: "enable" - pptp_auth_type: "auto" - pptp_client: "enable" - pptp_password: "" - pptp_server_ip: "" - pptp_timeout: "176" - pptp_user: "" - preserve_session_route: "enable" - priority: "179" - priority_override: "enable" - proxy_captive_portal: "enable" - redundant_interface: "" - remote_ip: "" - replacemsg_override_group: "" - role: "lan" - sample_direction: "tx" - sample_rate: "187" - scan_botnet_connections: "disable" - secondary_IP: "enable" - secondaryip: - - - allowaccess: "ping" - detectprotocol: "ping" - detectserver: "" - gwdetect: "enable" - ha_priority: "195" - id: "196" - ip: "" - ping_serv_status: "198" - security_exempt_list: "" - security_external_logout: "" - security_external_web: "" - security_groups: - - - name: "default_name_203" - security_mac_auth_bypass: "enable" - security_mode: "none" - security_redirect_url: "" - service_name: "" - sflow_sampler: "enable" - snmp_index: "209" - speed: "auto" - spillover_threshold: "211" - src_check: "enable" - status: "up" - stpforward: "enable" - stpforward_mode: "rpl-all-ext-id" - subst: "enable" - substitute_dst_mac: "" - switch: "" - switch_controller_access_vlan: "enable" - switch_controller_arp_inspection: "enable" - switch_controller_dhcp_snooping: "enable" - switch_controller_dhcp_snooping_option82: "enable" - switch_controller_dhcp_snooping_verify_mac: "enable" - switch_controller_igmp_snooping: "enable" - switch_controller_learning_limit: "225" - tagging: - - - category: " (source system.object-tagging.category)" - name: "default_name_228" - tags: - - - name: "default_name_230 (source system.object-tagging.tags.name)" - tcp_mss: "231" - trust_ip_1: "" - trust_ip_2: "" - trust_ip_3: "" - trust_ip6_1: "" - trust_ip6_2: "" - trust_ip6_3: "" - type: "physical" - username: "" - vdom: " (source system.vdom.name)" - vindex: "241" - vlanforward: "enable" - vlanid: "243" - vrf: "244" - vrrp: - - - accept_mode: "enable" - adv_interval: "247" - ignore_default_route: "enable" - preempt: "enable" - priority: "250" - proxy_arp: - - - id: "252" - ip: "" - start_time: "254" - status: "enable" - version: "2" - vrdst: "" - vrdst_priority: "258" - vrgrp: "259" - vrid: "260" - vrip: "" - vrrp_virtual_mac: "enable" - wccp: "enable" - weight: "264" - wins_ip: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_interface_data(json): - option_list = ['ac_name', 'aggregate', 'algorithm', - 'alias', 'allowaccess', 'ap_discover', - 'arpforward', 'auth_type', 'auto_auth_extension_device', - 'bfd', 'bfd_desired_min_tx', 'bfd_detect_mult', - 'bfd_required_min_rx', 'broadcast_forticlient_discovery', 'broadcast_forward', - 'captive_portal', 'cli_conn_status', 'color', - 'dedicated_to', 'defaultgw', 'description', - 'detected_peer_mtu', 'detectprotocol', 'detectserver', - 'device_access_list', 'device_identification', 'device_identification_active_scan', - 'device_netscan', 'device_user_identification', 'devindex', - 'dhcp_client_identifier', 'dhcp_relay_agent_option', 'dhcp_relay_ip', - 'dhcp_relay_service', 'dhcp_relay_type', 'dhcp_renew_time', - 'disc_retry_timeout', 'disconnect_threshold', 'distance', - 'dns_server_override', 'drop_fragment', 'drop_overlapped_fragment', - 'egress_shaping_profile', 'endpoint_compliance', 'estimated_downstream_bandwidth', - 'estimated_upstream_bandwidth', 'explicit_ftp_proxy', 'explicit_web_proxy', - 'external', 'fail_action_on_extender', 'fail_alert_interfaces', - 'fail_alert_method', 'fail_detect', 'fail_detect_option', - 'fortiheartbeat', 'fortilink', 'fortilink_backup_link', - 'fortilink_split_interface', 'fortilink_stacking', 'forward_domain', - 'gwdetect', 'ha_priority', 'icmp_accept_redirect', - 'icmp_send_redirect', 'ident_accept', 'idle_timeout', - 'inbandwidth', 'ingress_spillover_threshold', 'interface', - 'internal', 'ip', 'ipmac', - 'ips_sniffer_mode', 'ipunnumbered', 'ipv6', - 'l2forward', 'lacp_ha_slave', 'lacp_mode', - 'lacp_speed', 'lcp_echo_interval', 'lcp_max_echo_fails', - 'link_up_delay', 'lldp_transmission', 'macaddr', - 'managed_device', 'management_ip', 'member', - 'min_links', 'min_links_down', 'mode', - 'mtu', 'mtu_override', 'name', - 'ndiscforward', 'netbios_forward', 'netflow_sampler', - 'outbandwidth', 'padt_retry_timeout', 'password', - 'ping_serv_status', 'polling_interval', 'pppoe_unnumbered_negotiate', - 'pptp_auth_type', 'pptp_client', 'pptp_password', - 'pptp_server_ip', 'pptp_timeout', 'pptp_user', - 'preserve_session_route', 'priority', 'priority_override', - 'proxy_captive_portal', 'redundant_interface', 'remote_ip', - 'replacemsg_override_group', 'role', 'sample_direction', - 'sample_rate', 'scan_botnet_connections', 'secondary_IP', - 'secondaryip', 'security_exempt_list', 'security_external_logout', - 'security_external_web', 'security_groups', 'security_mac_auth_bypass', - 'security_mode', 'security_redirect_url', 'service_name', - 'sflow_sampler', 'snmp_index', 'speed', - 'spillover_threshold', 'src_check', 'status', - 'stpforward', 'stpforward_mode', 'subst', - 'substitute_dst_mac', 'switch', 'switch_controller_access_vlan', - 'switch_controller_arp_inspection', 'switch_controller_dhcp_snooping', 'switch_controller_dhcp_snooping_option82', - 'switch_controller_dhcp_snooping_verify_mac', 'switch_controller_igmp_snooping', 'switch_controller_learning_limit', - 'tagging', 'tcp_mss', 'trust_ip_1', - 'trust_ip_2', 'trust_ip_3', 'trust_ip6_1', - 'trust_ip6_2', 'trust_ip6_3', 'type', - 'username', 'vdom', 'vindex', - 'vlanforward', 'vlanid', 'vrf', - 'vrrp', 'vrrp_virtual_mac', 'wccp', - 'weight', 'wins_ip'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def flatten_multilists_attributes(data): - multilist_attrs = [[u'allowaccess'], [u'ipv6', u'ip6_allowaccess']] - - for attr in multilist_attrs: - try: - path = "data['" + "']['".join(elem for elem in attr) + "']" - current_val = eval(path) - flattened_val = ' '.join(elem for elem in current_val) - exec(path + '= flattened_val') - except BaseException: - pass - - return data - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_interface(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['system_interface'] and data['system_interface']: - state = data['system_interface']['state'] - else: - state = True - system_interface_data = data['system_interface'] - system_interface_data = flatten_multilists_attributes(system_interface_data) - filtered_data = underscore_to_hyphen(filter_system_interface_data(system_interface_data)) - - if state == "present": - return fos.set('system', - 'interface', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'interface', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_interface']: - resp = system_interface(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "system_interface": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "ac_name": {"required": False, "type": "str"}, - "aggregate": {"required": False, "type": "str"}, - "algorithm": {"required": False, "type": "str", - "choices": ["L2", "L3", "L4"]}, - "alias": {"required": False, "type": "str"}, - "allowaccess": {"required": False, "type": "list", - "choices": ["ping", "https", "ssh", - "snmp", "http", "telnet", - "fgfm", "radius-acct", "probe-response", - "capwap", "ftm"]}, - "ap_discover": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "arpforward": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "auth_type": {"required": False, "type": "str", - "choices": ["auto", "pap", "chap", - "mschapv1", "mschapv2"]}, - "auto_auth_extension_device": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "bfd": {"required": False, "type": "str", - "choices": ["global", "enable", "disable"]}, - "bfd_desired_min_tx": {"required": False, "type": "int"}, - "bfd_detect_mult": {"required": False, "type": "int"}, - "bfd_required_min_rx": {"required": False, "type": "int"}, - "broadcast_forticlient_discovery": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "broadcast_forward": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "captive_portal": {"required": False, "type": "int"}, - "cli_conn_status": {"required": False, "type": "int"}, - "color": {"required": False, "type": "int"}, - "dedicated_to": {"required": False, "type": "str", - "choices": ["none", "management"]}, - "defaultgw": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "description": {"required": False, "type": "str"}, - "detected_peer_mtu": {"required": False, "type": "int"}, - "detectprotocol": {"required": False, "type": "str", - "choices": ["ping", "tcp-echo", "udp-echo"]}, - "detectserver": {"required": False, "type": "str"}, - "device_access_list": {"required": False, "type": "str"}, - "device_identification": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "device_identification_active_scan": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "device_netscan": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "device_user_identification": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "devindex": {"required": False, "type": "int"}, - "dhcp_client_identifier": {"required": False, "type": "str"}, - "dhcp_relay_agent_option": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dhcp_relay_ip": {"required": False, "type": "str"}, - "dhcp_relay_service": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "dhcp_relay_type": {"required": False, "type": "str", - "choices": ["regular", "ipsec"]}, - "dhcp_renew_time": {"required": False, "type": "int"}, - "disc_retry_timeout": {"required": False, "type": "int"}, - "disconnect_threshold": {"required": False, "type": "int"}, - "distance": {"required": False, "type": "int"}, - "dns_server_override": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "drop_fragment": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "drop_overlapped_fragment": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "egress_shaping_profile": {"required": False, "type": "str"}, - "endpoint_compliance": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "estimated_downstream_bandwidth": {"required": False, "type": "int"}, - "estimated_upstream_bandwidth": {"required": False, "type": "int"}, - "explicit_ftp_proxy": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "explicit_web_proxy": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "external": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "fail_action_on_extender": {"required": False, "type": "str", - "choices": ["soft-restart", "hard-restart", "reboot"]}, - "fail_alert_interfaces": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "fail_alert_method": {"required": False, "type": "str", - "choices": ["link-failed-signal", "link-down"]}, - "fail_detect": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "fail_detect_option": {"required": False, "type": "str", - "choices": ["detectserver", "link-down"]}, - "fortiheartbeat": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "fortilink": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "fortilink_backup_link": {"required": False, "type": "int"}, - "fortilink_split_interface": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "fortilink_stacking": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "forward_domain": {"required": False, "type": "int"}, - "gwdetect": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ha_priority": {"required": False, "type": "int"}, - "icmp_accept_redirect": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "icmp_send_redirect": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ident_accept": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "idle_timeout": {"required": False, "type": "int"}, - "inbandwidth": {"required": False, "type": "int"}, - "ingress_spillover_threshold": {"required": False, "type": "int"}, - "interface": {"required": False, "type": "str"}, - "internal": {"required": False, "type": "int"}, - "ip": {"required": False, "type": "str"}, - "ipmac": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ips_sniffer_mode": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ipunnumbered": {"required": False, "type": "str"}, - "ipv6": {"required": False, "type": "dict", - "options": { - "autoconf": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dhcp6_client_options": {"required": False, "type": "str", - "choices": ["rapid", "iapd", "iana"]}, - "dhcp6_information_request": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dhcp6_prefix_delegation": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dhcp6_prefix_hint": {"required": False, "type": "str"}, - "dhcp6_prefix_hint_plt": {"required": False, "type": "int"}, - "dhcp6_prefix_hint_vlt": {"required": False, "type": "int"}, - "dhcp6_relay_ip": {"required": False, "type": "str"}, - "dhcp6_relay_service": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "dhcp6_relay_type": {"required": False, "type": "str", - "choices": ["regular"]}, - "ip6_address": {"required": False, "type": "str"}, - "ip6_allowaccess": {"required": False, "type": "list", - "choices": ["ping", "https", "ssh", - "snmp", "http", "telnet", - "fgfm", "capwap"]}, - "ip6_default_life": {"required": False, "type": "int"}, - "ip6_delegated_prefix_list": {"required": False, "type": "list", - "options": { - "autonomous_flag": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "onlink_flag": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "prefix_id": {"required": False, "type": "int"}, - "rdnss": {"required": False, "type": "str"}, - "rdnss_service": {"required": False, "type": "str", - "choices": ["delegated", "default", "specify"]}, - "subnet": {"required": False, "type": "str"}, - "upstream_interface": {"required": False, "type": "str"} - }}, - "ip6_dns_server_override": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ip6_extra_addr": {"required": False, "type": "list", - "options": { - "prefix": {"required": True, "type": "str"} - }}, - "ip6_hop_limit": {"required": False, "type": "int"}, - "ip6_link_mtu": {"required": False, "type": "int"}, - "ip6_manage_flag": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ip6_max_interval": {"required": False, "type": "int"}, - "ip6_min_interval": {"required": False, "type": "int"}, - "ip6_mode": {"required": False, "type": "str", - "choices": ["static", "dhcp", "pppoe", - "delegated"]}, - "ip6_other_flag": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ip6_prefix_list": {"required": False, "type": "list", - "options": { - "autonomous_flag": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dnssl": {"required": False, "type": "list", - "options": { - "domain": {"required": True, "type": "str"} - }}, - "onlink_flag": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "preferred_life_time": {"required": False, "type": "int"}, - "prefix": {"required": True, "type": "str"}, - "rdnss": {"required": False, "type": "str"}, - "valid_life_time": {"required": False, "type": "int"} - }}, - "ip6_reachable_time": {"required": False, "type": "int"}, - "ip6_retrans_time": {"required": False, "type": "int"}, - "ip6_send_adv": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ip6_subnet": {"required": False, "type": "str"}, - "ip6_upstream_interface": {"required": False, "type": "str"}, - "nd_cert": {"required": False, "type": "str"}, - "nd_cga_modifier": {"required": False, "type": "str"}, - "nd_mode": {"required": False, "type": "str", - "choices": ["basic", "SEND-compatible"]}, - "nd_security_level": {"required": False, "type": "int"}, - "nd_timestamp_delta": {"required": False, "type": "int"}, - "nd_timestamp_fuzz": {"required": False, "type": "int"}, - "vrip6_link_local": {"required": False, "type": "str"}, - "vrrp_virtual_mac6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "vrrp6": {"required": False, "type": "list", - "options": { - "accept_mode": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "adv_interval": {"required": False, "type": "int"}, - "preempt": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "priority": {"required": False, "type": "int"}, - "start_time": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "vrdst6": {"required": False, "type": "str"}, - "vrgrp": {"required": False, "type": "int"}, - "vrid": {"required": True, "type": "int"}, - "vrip6": {"required": False, "type": "str"} - }} - }}, - "l2forward": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "lacp_ha_slave": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "lacp_mode": {"required": False, "type": "str", - "choices": ["static", "passive", "active"]}, - "lacp_speed": {"required": False, "type": "str", - "choices": ["slow", "fast"]}, - "lcp_echo_interval": {"required": False, "type": "int"}, - "lcp_max_echo_fails": {"required": False, "type": "int"}, - "link_up_delay": {"required": False, "type": "int"}, - "lldp_transmission": {"required": False, "type": "str", - "choices": ["enable", "disable", "vdom"]}, - "macaddr": {"required": False, "type": "str"}, - "managed_device": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "management_ip": {"required": False, "type": "str"}, - "member": {"required": False, "type": "list", - "options": { - "interface_name": {"required": False, "type": "str"} - }}, - "min_links": {"required": False, "type": "int"}, - "min_links_down": {"required": False, "type": "str", - "choices": ["operational", "administrative"]}, - "mode": {"required": False, "type": "str", - "choices": ["static", "dhcp", "pppoe"]}, - "mtu": {"required": False, "type": "int"}, - "mtu_override": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "name": {"required": True, "type": "str"}, - "ndiscforward": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "netbios_forward": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "netflow_sampler": {"required": False, "type": "str", - "choices": ["disable", "tx", "rx", - "both"]}, - "outbandwidth": {"required": False, "type": "int"}, - "padt_retry_timeout": {"required": False, "type": "int"}, - "password": {"required": False, "type": "str"}, - "ping_serv_status": {"required": False, "type": "int"}, - "polling_interval": {"required": False, "type": "int"}, - "pppoe_unnumbered_negotiate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "pptp_auth_type": {"required": False, "type": "str", - "choices": ["auto", "pap", "chap", - "mschapv1", "mschapv2"]}, - "pptp_client": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "pptp_password": {"required": False, "type": "str"}, - "pptp_server_ip": {"required": False, "type": "str"}, - "pptp_timeout": {"required": False, "type": "int"}, - "pptp_user": {"required": False, "type": "str"}, - "preserve_session_route": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "priority": {"required": False, "type": "int"}, - "priority_override": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "proxy_captive_portal": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "redundant_interface": {"required": False, "type": "str"}, - "remote_ip": {"required": False, "type": "str"}, - "replacemsg_override_group": {"required": False, "type": "str"}, - "role": {"required": False, "type": "str", - "choices": ["lan", "wan", "dmz", - "undefined"]}, - "sample_direction": {"required": False, "type": "str", - "choices": ["tx", "rx", "both"]}, - "sample_rate": {"required": False, "type": "int"}, - "scan_botnet_connections": {"required": False, "type": "str", - "choices": ["disable", "block", "monitor"]}, - "secondary_IP": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "secondaryip": {"required": False, "type": "list", - "options": { - "allowaccess": {"required": False, "type": "str", - "choices": ["ping", "https", "ssh", - "snmp", "http", "telnet", - "fgfm", "radius-acct", "probe-response", - "capwap", "ftm"]}, - "detectprotocol": {"required": False, "type": "str", - "choices": ["ping", "tcp-echo", "udp-echo"]}, - "detectserver": {"required": False, "type": "str"}, - "gwdetect": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ha_priority": {"required": False, "type": "int"}, - "id": {"required": True, "type": "int"}, - "ip": {"required": False, "type": "str"}, - "ping_serv_status": {"required": False, "type": "int"} - }}, - "security_exempt_list": {"required": False, "type": "str"}, - "security_external_logout": {"required": False, "type": "str"}, - "security_external_web": {"required": False, "type": "str"}, - "security_groups": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "security_mac_auth_bypass": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "security_mode": {"required": False, "type": "str", - "choices": ["none", "captive-portal", "802.1X"]}, - "security_redirect_url": {"required": False, "type": "str"}, - "service_name": {"required": False, "type": "str"}, - "sflow_sampler": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "snmp_index": {"required": False, "type": "int"}, - "speed": {"required": False, "type": "str", - "choices": ["auto", "10full", "10half", - "100full", "100half", "1000full", - "1000half", "1000auto"]}, - "spillover_threshold": {"required": False, "type": "int"}, - "src_check": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "status": {"required": False, "type": "str", - "choices": ["up", "down"]}, - "stpforward": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "stpforward_mode": {"required": False, "type": "str", - "choices": ["rpl-all-ext-id", "rpl-bridge-ext-id", "rpl-nothing"]}, - "subst": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "substitute_dst_mac": {"required": False, "type": "str"}, - "switch": {"required": False, "type": "str"}, - "switch_controller_access_vlan": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "switch_controller_arp_inspection": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "switch_controller_dhcp_snooping": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "switch_controller_dhcp_snooping_option82": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "switch_controller_dhcp_snooping_verify_mac": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "switch_controller_igmp_snooping": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "switch_controller_learning_limit": {"required": False, "type": "int"}, - "tagging": {"required": False, "type": "list", - "options": { - "category": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "tags": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }} - }}, - "tcp_mss": {"required": False, "type": "int"}, - "trust_ip_1": {"required": False, "type": "str"}, - "trust_ip_2": {"required": False, "type": "str"}, - "trust_ip_3": {"required": False, "type": "str"}, - "trust_ip6_1": {"required": False, "type": "str"}, - "trust_ip6_2": {"required": False, "type": "str"}, - "trust_ip6_3": {"required": False, "type": "str"}, - "type": {"required": False, "type": "str", - "choices": ["physical", "vlan", "aggregate", - "redundant", "tunnel", "vdom-link", - "loopback", "switch", "hard-switch", - "vap-switch", "wl-mesh", "fext-wan", - "vxlan", "hdlc", "switch-vlan"]}, - "username": {"required": False, "type": "str"}, - "vdom": {"required": False, "type": "str"}, - "vindex": {"required": False, "type": "int"}, - "vlanforward": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "vlanid": {"required": False, "type": "int"}, - "vrf": {"required": False, "type": "int"}, - "vrrp": {"required": False, "type": "list", - "options": { - "accept_mode": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "adv_interval": {"required": False, "type": "int"}, - "ignore_default_route": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "preempt": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "priority": {"required": False, "type": "int"}, - "proxy_arp": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "ip": {"required": False, "type": "str"} - }}, - "start_time": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "version": {"required": False, "type": "str", - "choices": ["2", "3"]}, - "vrdst": {"required": False, "type": "str"}, - "vrdst_priority": {"required": False, "type": "int"}, - "vrgrp": {"required": False, "type": "int"}, - "vrid": {"required": True, "type": "int"}, - "vrip": {"required": False, "type": "str"} - }}, - "vrrp_virtual_mac": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "wccp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "weight": {"required": False, "type": "int"}, - "wins_ip": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_ipip_tunnel.py b/lib/ansible/modules/network/fortios/fortios_system_ipip_tunnel.py deleted file mode 100644 index 15661d406b3..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_ipip_tunnel.py +++ /dev/null @@ -1,328 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_ipip_tunnel -short_description: Configure IP in IP Tunneling in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and ipip_tunnel category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_ipip_tunnel: - description: - - Configure IP in IP Tunneling. - default: null - type: dict - suboptions: - interface: - description: - - Interface name that is associated with the incoming traffic from available options. Source system.interface.name. - type: str - local_gw: - description: - - IPv4 address for the local gateway. - type: str - name: - description: - - IPIP Tunnel name. - required: true - type: str - remote_gw: - description: - - IPv4 address for the remote gateway. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IP in IP Tunneling. - fortios_system_ipip_tunnel: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_ipip_tunnel: - interface: " (source system.interface.name)" - local_gw: "" - name: "default_name_5" - remote_gw: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_ipip_tunnel_data(json): - option_list = ['interface', 'local_gw', 'name', - 'remote_gw'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_ipip_tunnel(data, fos): - vdom = data['vdom'] - state = data['state'] - system_ipip_tunnel_data = data['system_ipip_tunnel'] - filtered_data = underscore_to_hyphen(filter_system_ipip_tunnel_data(system_ipip_tunnel_data)) - - if state == "present": - return fos.set('system', - 'ipip-tunnel', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'ipip-tunnel', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_ipip_tunnel']: - resp = system_ipip_tunnel(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_ipip_tunnel": { - "required": False, "type": "dict", "default": None, - "options": { - "interface": {"required": False, "type": "str"}, - "local_gw": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "remote_gw": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_ips_urlfilter_dns.py b/lib/ansible/modules/network/fortios/fortios_system_ips_urlfilter_dns.py deleted file mode 100644 index 4b31bd9f5dd..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_ips_urlfilter_dns.py +++ /dev/null @@ -1,329 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_ips_urlfilter_dns -short_description: Configure IPS URL filter DNS servers in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and ips_urlfilter_dns category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_ips_urlfilter_dns: - description: - - Configure IPS URL filter DNS servers. - default: null - type: dict - suboptions: - address: - description: - - DNS server IP address. - required: true - type: str - ipv6_capability: - description: - - Enable/disable this server for IPv6 queries. - type: str - choices: - - enable - - disable - status: - description: - - Enable/disable using this DNS server for IPS URL filter DNS queries. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPS URL filter DNS servers. - fortios_system_ips_urlfilter_dns: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_ips_urlfilter_dns: - address: "" - ipv6_capability: "enable" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_ips_urlfilter_dns_data(json): - option_list = ['address', 'ipv6_capability', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_ips_urlfilter_dns(data, fos): - vdom = data['vdom'] - state = data['state'] - system_ips_urlfilter_dns_data = data['system_ips_urlfilter_dns'] - filtered_data = underscore_to_hyphen(filter_system_ips_urlfilter_dns_data(system_ips_urlfilter_dns_data)) - - if state == "present": - return fos.set('system', - 'ips-urlfilter-dns', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'ips-urlfilter-dns', - mkey=filtered_data['address'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_ips_urlfilter_dns']: - resp = system_ips_urlfilter_dns(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_ips_urlfilter_dns": { - "required": False, "type": "dict", "default": None, - "options": { - "address": {"required": True, "type": "str"}, - "ipv6_capability": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_ips_urlfilter_dns6.py b/lib/ansible/modules/network/fortios/fortios_system_ips_urlfilter_dns6.py deleted file mode 100644 index 5038eceebef..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_ips_urlfilter_dns6.py +++ /dev/null @@ -1,319 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_ips_urlfilter_dns6 -short_description: Configure IPS URL filter IPv6 DNS servers in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and ips_urlfilter_dns6 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_ips_urlfilter_dns6: - description: - - Configure IPS URL filter IPv6 DNS servers. - default: null - type: dict - suboptions: - address6: - description: - - IPv6 address of DNS server. - required: true - type: str - status: - description: - - Enable/disable this server for IPv6 DNS queries. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPS URL filter IPv6 DNS servers. - fortios_system_ips_urlfilter_dns6: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_ips_urlfilter_dns6: - address6: "" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_ips_urlfilter_dns6_data(json): - option_list = ['address6', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_ips_urlfilter_dns6(data, fos): - vdom = data['vdom'] - state = data['state'] - system_ips_urlfilter_dns6_data = data['system_ips_urlfilter_dns6'] - filtered_data = underscore_to_hyphen(filter_system_ips_urlfilter_dns6_data(system_ips_urlfilter_dns6_data)) - - if state == "present": - return fos.set('system', - 'ips-urlfilter-dns6', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'ips-urlfilter-dns6', - mkey=filtered_data['address6'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_ips_urlfilter_dns6']: - resp = system_ips_urlfilter_dns6(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_ips_urlfilter_dns6": { - "required": False, "type": "dict", "default": None, - "options": { - "address6": {"required": True, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_ipv6_neighbor_cache.py b/lib/ansible/modules/network/fortios/fortios_system_ipv6_neighbor_cache.py deleted file mode 100644 index d6690cfa604..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_ipv6_neighbor_cache.py +++ /dev/null @@ -1,328 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_ipv6_neighbor_cache -short_description: Configure IPv6 neighbor cache table in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and ipv6_neighbor_cache category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_ipv6_neighbor_cache: - description: - - Configure IPv6 neighbor cache table. - default: null - type: dict - suboptions: - id: - description: - - Unique integer ID of the entry. - required: true - type: int - interface: - description: - - Select the associated interface name from available options. Source system.interface.name. - type: str - ipv6: - description: - - "IPv6 address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx)." - type: str - mac: - description: - - "MAC address (format: xx:xx:xx:xx:xx:xx)." - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv6 neighbor cache table. - fortios_system_ipv6_neighbor_cache: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_ipv6_neighbor_cache: - id: "3" - interface: " (source system.interface.name)" - ipv6: "" - mac: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_ipv6_neighbor_cache_data(json): - option_list = ['id', 'interface', 'ipv6', - 'mac'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_ipv6_neighbor_cache(data, fos): - vdom = data['vdom'] - state = data['state'] - system_ipv6_neighbor_cache_data = data['system_ipv6_neighbor_cache'] - filtered_data = underscore_to_hyphen(filter_system_ipv6_neighbor_cache_data(system_ipv6_neighbor_cache_data)) - - if state == "present": - return fos.set('system', - 'ipv6-neighbor-cache', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'ipv6-neighbor-cache', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_ipv6_neighbor_cache']: - resp = system_ipv6_neighbor_cache(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_ipv6_neighbor_cache": { - "required": False, "type": "dict", "default": None, - "options": { - "id": {"required": True, "type": "int"}, - "interface": {"required": False, "type": "str"}, - "ipv6": {"required": False, "type": "str"}, - "mac": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_ipv6_tunnel.py b/lib/ansible/modules/network/fortios/fortios_system_ipv6_tunnel.py deleted file mode 100644 index 7cab86f06a4..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_ipv6_tunnel.py +++ /dev/null @@ -1,328 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_ipv6_tunnel -short_description: Configure IPv6/IPv4 in IPv6 tunnel in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and ipv6_tunnel category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_ipv6_tunnel: - description: - - Configure IPv6/IPv4 in IPv6 tunnel. - default: null - type: dict - suboptions: - destination: - description: - - Remote IPv6 address of the tunnel. - type: str - interface: - description: - - Interface name. Source system.interface.name. - type: str - name: - description: - - IPv6 tunnel name. - required: true - type: str - source: - description: - - Local IPv6 address of the tunnel. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv6/IPv4 in IPv6 tunnel. - fortios_system_ipv6_tunnel: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_ipv6_tunnel: - destination: "" - interface: " (source system.interface.name)" - name: "default_name_5" - source: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_ipv6_tunnel_data(json): - option_list = ['destination', 'interface', 'name', - 'source'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_ipv6_tunnel(data, fos): - vdom = data['vdom'] - state = data['state'] - system_ipv6_tunnel_data = data['system_ipv6_tunnel'] - filtered_data = underscore_to_hyphen(filter_system_ipv6_tunnel_data(system_ipv6_tunnel_data)) - - if state == "present": - return fos.set('system', - 'ipv6-tunnel', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'ipv6-tunnel', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_ipv6_tunnel']: - resp = system_ipv6_tunnel(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_ipv6_tunnel": { - "required": False, "type": "dict", "default": None, - "options": { - "destination": {"required": False, "type": "str"}, - "interface": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "source": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_link_monitor.py b/lib/ansible/modules/network/fortios/fortios_system_link_monitor.py deleted file mode 100644 index 22dca6dcbc3..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_link_monitor.py +++ /dev/null @@ -1,488 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_link_monitor -short_description: Configure Link Health Monitor in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and link_monitor category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_link_monitor: - description: - - Configure Link Health Monitor. - default: null - type: dict - suboptions: - addr_mode: - description: - - Address mode (IPv4 or IPv6). - type: str - choices: - - ipv4 - - ipv6 - failtime: - description: - - Number of retry attempts before the server is considered down (1 - 10) - type: int - gateway_ip: - description: - - Gateway IP address used to probe the server. - type: str - gateway_ip6: - description: - - Gateway IPv6 address used to probe the server. - type: str - ha_priority: - description: - - HA election priority (1 - 50). - type: int - http_agent: - description: - - String in the http-agent field in the HTTP header. - type: str - http_get: - description: - - If you are monitoring an HTML server you can send an HTTP-GET request with a custom string. Use this option to define the string. - type: str - http_match: - description: - - String that you expect to see in the HTTP-GET requests of the traffic to be monitored. - type: str - interval: - description: - - Detection interval (1 - 3600 sec). - type: int - name: - description: - - Link monitor name. - required: true - type: str - packet_size: - description: - - Packet size of a twamp test session, - type: int - password: - description: - - Twamp controller password in authentication mode - type: str - port: - description: - - Port number of the traffic to be used to monitor the server. - type: int - protocol: - description: - - Protocols used to monitor the server. - type: str - choices: - - ping - - tcp-echo - - udp-echo - - http - - twamp - - ping6 - recoverytime: - description: - - Number of successful responses received before server is considered recovered (1 - 10). - type: int - security_mode: - description: - - Twamp controller security mode. - type: str - choices: - - none - - authentication - server: - description: - - IP address of the server(s) to be monitored. - type: list - suboptions: - address: - description: - - Server address. - required: true - type: str - source_ip: - description: - - Source IP address used in packet to the server. - type: str - source_ip6: - description: - - Source IPv6 address used in packet to the server. - type: str - srcintf: - description: - - Interface that receives the traffic to be monitored. Source system.interface.name. - type: str - status: - description: - - Enable/disable this link monitor. - type: str - choices: - - enable - - disable - update_cascade_interface: - description: - - Enable/disable update cascade interface. - type: str - choices: - - enable - - disable - update_static_route: - description: - - Enable/disable updating the static route. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure Link Health Monitor. - fortios_system_link_monitor: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_link_monitor: - addr_mode: "ipv4" - failtime: "4" - gateway_ip: "" - gateway_ip6: "" - ha_priority: "7" - http_agent: "" - http_get: "" - http_match: "" - interval: "11" - name: "default_name_12" - packet_size: "13" - password: "" - port: "15" - protocol: "ping" - recoverytime: "17" - security_mode: "none" - server: - - - address: "" - source_ip: "84.230.14.43" - source_ip6: "" - srcintf: " (source system.interface.name)" - status: "enable" - update_cascade_interface: "enable" - update_static_route: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_link_monitor_data(json): - option_list = ['addr_mode', 'failtime', 'gateway_ip', - 'gateway_ip6', 'ha_priority', 'http_agent', - 'http_get', 'http_match', 'interval', - 'name', 'packet_size', 'password', - 'port', 'protocol', 'recoverytime', - 'security_mode', 'server', 'source_ip', - 'source_ip6', 'srcintf', 'status', - 'update_cascade_interface', 'update_static_route'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_link_monitor(data, fos): - vdom = data['vdom'] - state = data['state'] - system_link_monitor_data = data['system_link_monitor'] - filtered_data = underscore_to_hyphen(filter_system_link_monitor_data(system_link_monitor_data)) - - if state == "present": - return fos.set('system', - 'link-monitor', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'link-monitor', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_link_monitor']: - resp = system_link_monitor(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_link_monitor": { - "required": False, "type": "dict", "default": None, - "options": { - "addr_mode": {"required": False, "type": "str", - "choices": ["ipv4", "ipv6"]}, - "failtime": {"required": False, "type": "int"}, - "gateway_ip": {"required": False, "type": "str"}, - "gateway_ip6": {"required": False, "type": "str"}, - "ha_priority": {"required": False, "type": "int"}, - "http_agent": {"required": False, "type": "str"}, - "http_get": {"required": False, "type": "str"}, - "http_match": {"required": False, "type": "str"}, - "interval": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "packet_size": {"required": False, "type": "int"}, - "password": {"required": False, "type": "str"}, - "port": {"required": False, "type": "int"}, - "protocol": {"required": False, "type": "str", - "choices": ["ping", "tcp-echo", "udp-echo", - "http", "twamp", "ping6"]}, - "recoverytime": {"required": False, "type": "int"}, - "security_mode": {"required": False, "type": "str", - "choices": ["none", "authentication"]}, - "server": {"required": False, "type": "list", - "options": { - "address": {"required": True, "type": "str"} - }}, - "source_ip": {"required": False, "type": "str"}, - "source_ip6": {"required": False, "type": "str"}, - "srcintf": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "update_cascade_interface": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "update_static_route": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_mac_address_table.py b/lib/ansible/modules/network/fortios/fortios_system_mac_address_table.py deleted file mode 100644 index 698d545c7e6..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_mac_address_table.py +++ /dev/null @@ -1,321 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_mac_address_table -short_description: Configure MAC address tables in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and mac_address_table category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_mac_address_table: - description: - - Configure MAC address tables. - default: null - type: dict - suboptions: - interface: - description: - - Interface name. Source system.interface.name. - type: str - mac: - description: - - MAC address. - required: true - type: str - reply_substitute: - description: - - New MAC for reply traffic. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure MAC address tables. - fortios_system_mac_address_table: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_mac_address_table: - interface: " (source system.interface.name)" - mac: "" - reply_substitute: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_mac_address_table_data(json): - option_list = ['interface', 'mac', 'reply_substitute'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_mac_address_table(data, fos): - vdom = data['vdom'] - state = data['state'] - system_mac_address_table_data = data['system_mac_address_table'] - filtered_data = underscore_to_hyphen(filter_system_mac_address_table_data(system_mac_address_table_data)) - - if state == "present": - return fos.set('system', - 'mac-address-table', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'mac-address-table', - mkey=filtered_data['mac'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_mac_address_table']: - resp = system_mac_address_table(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_mac_address_table": { - "required": False, "type": "dict", "default": None, - "options": { - "interface": {"required": False, "type": "str"}, - "mac": {"required": True, "type": "str"}, - "reply_substitute": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_management_tunnel.py b/lib/ansible/modules/network/fortios/fortios_system_management_tunnel.py deleted file mode 100644 index 66129f7e677..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_management_tunnel.py +++ /dev/null @@ -1,351 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_management_tunnel -short_description: Management tunnel configuration in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and management_tunnel category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_management_tunnel: - description: - - Management tunnel configuration. - default: null - type: dict - suboptions: - allow_collect_statistics: - description: - - Enable/disable collection of run time statistics. - type: str - choices: - - enable - - disable - allow_config_restore: - description: - - Enable/disable allow config restore. - type: str - choices: - - enable - - disable - allow_push_configuration: - description: - - Enable/disable push configuration. - type: str - choices: - - enable - - disable - allow_push_firmware: - description: - - Enable/disable push firmware. - type: str - choices: - - enable - - disable - authorized_manager_only: - description: - - Enable/disable restriction of authorized manager only. - type: str - choices: - - enable - - disable - serial_number: - description: - - Serial number. - type: str - status: - description: - - Enable/disable FGFM tunnel. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Management tunnel configuration. - fortios_system_management_tunnel: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_management_tunnel: - allow_collect_statistics: "enable" - allow_config_restore: "enable" - allow_push_configuration: "enable" - allow_push_firmware: "enable" - authorized_manager_only: "enable" - serial_number: "" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_management_tunnel_data(json): - option_list = ['allow_collect_statistics', 'allow_config_restore', 'allow_push_configuration', - 'allow_push_firmware', 'authorized_manager_only', 'serial_number', - 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_management_tunnel(data, fos): - vdom = data['vdom'] - system_management_tunnel_data = data['system_management_tunnel'] - filtered_data = underscore_to_hyphen(filter_system_management_tunnel_data(system_management_tunnel_data)) - - return fos.set('system', - 'management-tunnel', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_management_tunnel']: - resp = system_management_tunnel(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_management_tunnel": { - "required": False, "type": "dict", "default": None, - "options": { - "allow_collect_statistics": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "allow_config_restore": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "allow_push_configuration": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "allow_push_firmware": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "authorized_manager_only": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "serial_number": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_mobile_tunnel.py b/lib/ansible/modules/network/fortios/fortios_system_mobile_tunnel.py deleted file mode 100644 index 57dbead6d40..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_mobile_tunnel.py +++ /dev/null @@ -1,435 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_mobile_tunnel -short_description: Configure Mobile tunnels, an implementation of Network Mobility (NEMO) extensions for Mobile IPv4 RFC5177 in Fortinet's FortiOS and - FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and mobile_tunnel category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_mobile_tunnel: - description: - - Configure Mobile tunnels, an implementation of Network Mobility (NEMO) extensions for Mobile IPv4 RFC5177. - default: null - type: dict - suboptions: - hash_algorithm: - description: - - Hash Algorithm (Keyed MD5). - type: str - choices: - - hmac-md5 - home_address: - description: - - "Home IP address (Format: xxx.xxx.xxx.xxx)." - type: str - home_agent: - description: - - "IPv4 address of the NEMO HA (Format: xxx.xxx.xxx.xxx)." - type: str - lifetime: - description: - - NMMO HA registration request lifetime (180 - 65535 sec). - type: int - n_mhae_key: - description: - - NEMO authentication key. - type: str - n_mhae_key_type: - description: - - NEMO authentication key type (ascii or base64). - type: str - choices: - - ascii - - base64 - n_mhae_spi: - description: - - "NEMO authentication SPI ." - type: int - name: - description: - - Tunnel name. - required: true - type: str - network: - description: - - NEMO network configuration. - type: list - suboptions: - id: - description: - - Network entry ID. - required: true - type: int - interface: - description: - - Select the associated interface name from available options. Source system.interface.name. - type: str - prefix: - description: - - "Class IP and Netmask with correction (Format:xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx or xxx.xxx.xxx.xxx/x)." - type: str - reg_interval: - description: - - NMMO HA registration interval (5 - 300). - type: int - reg_retry: - description: - - Maximum number of NMMO HA registration retries (1 to 30). - type: int - renew_interval: - description: - - Time before lifetime expiration to send NMMO HA re-registration (5 - 60). - type: int - roaming_interface: - description: - - Select the associated interface name from available options. Source system.interface.name. - type: str - status: - description: - - Enable/disable this mobile tunnel. - type: str - choices: - - disable - - enable - tunnel_mode: - description: - - NEMO tunnel mode (GRE tunnel). - type: str - choices: - - gre -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure Mobile tunnels, an implementation of Network Mobility (NEMO) extensions for Mobile IPv4 RFC5177. - fortios_system_mobile_tunnel: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_mobile_tunnel: - hash_algorithm: "hmac-md5" - home_address: "" - home_agent: "" - lifetime: "6" - n_mhae_key: "" - n_mhae_key_type: "ascii" - n_mhae_spi: "9" - name: "default_name_10" - network: - - - id: "12" - interface: " (source system.interface.name)" - prefix: "" - reg_interval: "15" - reg_retry: "16" - renew_interval: "17" - roaming_interface: " (source system.interface.name)" - status: "disable" - tunnel_mode: "gre" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_mobile_tunnel_data(json): - option_list = ['hash_algorithm', 'home_address', 'home_agent', - 'lifetime', 'n_mhae_key', 'n_mhae_key_type', - 'n_mhae_spi', 'name', 'network', - 'reg_interval', 'reg_retry', 'renew_interval', - 'roaming_interface', 'status', 'tunnel_mode'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_mobile_tunnel(data, fos): - vdom = data['vdom'] - state = data['state'] - system_mobile_tunnel_data = data['system_mobile_tunnel'] - filtered_data = underscore_to_hyphen(filter_system_mobile_tunnel_data(system_mobile_tunnel_data)) - - if state == "present": - return fos.set('system', - 'mobile-tunnel', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'mobile-tunnel', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_mobile_tunnel']: - resp = system_mobile_tunnel(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_mobile_tunnel": { - "required": False, "type": "dict", "default": None, - "options": { - "hash_algorithm": {"required": False, "type": "str", - "choices": ["hmac-md5"]}, - "home_address": {"required": False, "type": "str"}, - "home_agent": {"required": False, "type": "str"}, - "lifetime": {"required": False, "type": "int"}, - "n_mhae_key": {"required": False, "type": "str"}, - "n_mhae_key_type": {"required": False, "type": "str", - "choices": ["ascii", "base64"]}, - "n_mhae_spi": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "network": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "interface": {"required": False, "type": "str"}, - "prefix": {"required": False, "type": "str"} - }}, - "reg_interval": {"required": False, "type": "int"}, - "reg_retry": {"required": False, "type": "int"}, - "renew_interval": {"required": False, "type": "int"}, - "roaming_interface": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "tunnel_mode": {"required": False, "type": "str", - "choices": ["gre"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_nat64.py b/lib/ansible/modules/network/fortios/fortios_system_nat64.py deleted file mode 100644 index 51d1551964f..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_nat64.py +++ /dev/null @@ -1,364 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_nat64 -short_description: Configure NAT64 in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and nat64 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_nat64: - description: - - Configure NAT64. - default: null - type: dict - suboptions: - always_synthesize_aaaa_record: - description: - - Enable/disable AAAA record synthesis . - type: str - choices: - - enable - - disable - generate_ipv6_fragment_header: - description: - - Enable/disable IPv6 fragment header generation. - type: str - choices: - - enable - - disable - nat46_force_ipv4_packet_forwarding: - description: - - Enable/disable mandatory IPv4 packet forwarding in nat46. - type: str - choices: - - enable - - disable - nat64_prefix: - description: - - "NAT64 prefix must be ::/96 ." - type: str - secondary_prefix: - description: - - Secondary NAT64 prefix. - type: list - suboptions: - name: - description: - - NAT64 prefix name. - required: true - type: str - nat64_prefix: - description: - - NAT64 prefix. - type: str - secondary_prefix_status: - description: - - Enable/disable secondary NAT64 prefix. - type: str - choices: - - enable - - disable - status: - description: - - Enable/disable NAT64 . - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure NAT64. - fortios_system_nat64: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_nat64: - always_synthesize_aaaa_record: "enable" - generate_ipv6_fragment_header: "enable" - nat46_force_ipv4_packet_forwarding: "enable" - nat64_prefix: "" - secondary_prefix: - - - name: "default_name_8" - nat64_prefix: "" - secondary_prefix_status: "enable" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_nat64_data(json): - option_list = ['always_synthesize_aaaa_record', 'generate_ipv6_fragment_header', 'nat46_force_ipv4_packet_forwarding', - 'nat64_prefix', 'secondary_prefix', 'secondary_prefix_status', - 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_nat64(data, fos): - vdom = data['vdom'] - system_nat64_data = data['system_nat64'] - filtered_data = underscore_to_hyphen(filter_system_nat64_data(system_nat64_data)) - - return fos.set('system', - 'nat64', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_nat64']: - resp = system_nat64(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_nat64": { - "required": False, "type": "dict", "default": None, - "options": { - "always_synthesize_aaaa_record": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "generate_ipv6_fragment_header": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "nat46_force_ipv4_packet_forwarding": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "nat64_prefix": {"required": False, "type": "str"}, - "secondary_prefix": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"}, - "nat64_prefix": {"required": False, "type": "str"} - }}, - "secondary_prefix_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_nd_proxy.py b/lib/ansible/modules/network/fortios/fortios_system_nd_proxy.py deleted file mode 100644 index 3d37445534c..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_nd_proxy.py +++ /dev/null @@ -1,309 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_nd_proxy -short_description: Configure IPv6 neighbor discovery proxy (RFC4389) in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and nd_proxy category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_nd_proxy: - description: - - Configure IPv6 neighbor discovery proxy (RFC4389). - default: null - type: dict - suboptions: - member: - description: - - Interfaces using the neighbor discovery proxy. - type: list - suboptions: - interface_name: - description: - - Interface name. Source system.interface.name. - type: str - status: - description: - - Enable/disable neighbor discovery proxy. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv6 neighbor discovery proxy (RFC4389). - fortios_system_nd_proxy: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_nd_proxy: - member: - - - interface_name: " (source system.interface.name)" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_nd_proxy_data(json): - option_list = ['member', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_nd_proxy(data, fos): - vdom = data['vdom'] - system_nd_proxy_data = data['system_nd_proxy'] - filtered_data = underscore_to_hyphen(filter_system_nd_proxy_data(system_nd_proxy_data)) - - return fos.set('system', - 'nd-proxy', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_nd_proxy']: - resp = system_nd_proxy(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_nd_proxy": { - "required": False, "type": "dict", "default": None, - "options": { - "member": {"required": False, "type": "list", - "options": { - "interface_name": {"required": False, "type": "str"} - }}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_netflow.py b/lib/ansible/modules/network/fortios/fortios_system_netflow.py deleted file mode 100644 index f1aa8d66540..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_netflow.py +++ /dev/null @@ -1,327 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_netflow -short_description: Configure NetFlow in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and netflow category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_netflow: - description: - - Configure NetFlow. - default: null - type: dict - suboptions: - active_flow_timeout: - description: - - Timeout to report active flows (1 - 60 min). - type: int - collector_ip: - description: - - Collector IP. - type: str - collector_port: - description: - - NetFlow collector port number. - type: int - inactive_flow_timeout: - description: - - Timeout for periodic report of finished flows (10 - 600 sec). - type: int - source_ip: - description: - - Source IP address for communication with the NetFlow agent. - type: str - template_tx_counter: - description: - - Counter of flowset records before resending a template flowset record. - type: int - template_tx_timeout: - description: - - Timeout for periodic template flowset transmission (1 - 1440 min). - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure NetFlow. - fortios_system_netflow: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_netflow: - active_flow_timeout: "3" - collector_ip: "" - collector_port: "5" - inactive_flow_timeout: "6" - source_ip: "84.230.14.43" - template_tx_counter: "8" - template_tx_timeout: "9" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_netflow_data(json): - option_list = ['active_flow_timeout', 'collector_ip', 'collector_port', - 'inactive_flow_timeout', 'source_ip', 'template_tx_counter', - 'template_tx_timeout'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_netflow(data, fos): - vdom = data['vdom'] - system_netflow_data = data['system_netflow'] - filtered_data = underscore_to_hyphen(filter_system_netflow_data(system_netflow_data)) - - return fos.set('system', - 'netflow', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_netflow']: - resp = system_netflow(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_netflow": { - "required": False, "type": "dict", "default": None, - "options": { - "active_flow_timeout": {"required": False, "type": "int"}, - "collector_ip": {"required": False, "type": "str"}, - "collector_port": {"required": False, "type": "int"}, - "inactive_flow_timeout": {"required": False, "type": "int"}, - "source_ip": {"required": False, "type": "str"}, - "template_tx_counter": {"required": False, "type": "int"}, - "template_tx_timeout": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_network_visibility.py b/lib/ansible/modules/network/fortios/fortios_system_network_visibility.py deleted file mode 100644 index 1ce46d907ed..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_network_visibility.py +++ /dev/null @@ -1,336 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_network_visibility -short_description: Configure network visibility settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and network_visibility category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_network_visibility: - description: - - Configure network visibility settings. - default: null - type: dict - suboptions: - destination_hostname_visibility: - description: - - Enable/disable logging of destination hostname visibility. - type: str - choices: - - disable - - enable - destination_location: - description: - - Enable/disable logging of destination geographical location visibility. - type: str - choices: - - disable - - enable - destination_visibility: - description: - - Enable/disable logging of destination visibility. - type: str - choices: - - disable - - enable - hostname_limit: - description: - - Limit of the number of hostname table entries (0 - 50000). - type: int - hostname_ttl: - description: - - TTL of hostname table entries (60 - 86400). - type: int - source_location: - description: - - Enable/disable logging of source geographical location visibility. - type: str - choices: - - disable - - enable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure network visibility settings. - fortios_system_network_visibility: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_network_visibility: - destination_hostname_visibility: "disable" - destination_location: "disable" - destination_visibility: "disable" - hostname_limit: "6" - hostname_ttl: "7" - source_location: "disable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_network_visibility_data(json): - option_list = ['destination_hostname_visibility', 'destination_location', 'destination_visibility', - 'hostname_limit', 'hostname_ttl', 'source_location'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_network_visibility(data, fos): - vdom = data['vdom'] - system_network_visibility_data = data['system_network_visibility'] - filtered_data = underscore_to_hyphen(filter_system_network_visibility_data(system_network_visibility_data)) - - return fos.set('system', - 'network-visibility', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_network_visibility']: - resp = system_network_visibility(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_network_visibility": { - "required": False, "type": "dict", "default": None, - "options": { - "destination_hostname_visibility": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "destination_location": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "destination_visibility": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "hostname_limit": {"required": False, "type": "int"}, - "hostname_ttl": {"required": False, "type": "int"}, - "source_location": {"required": False, "type": "str", - "choices": ["disable", "enable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_ntp.py b/lib/ansible/modules/network/fortios/fortios_system_ntp.py deleted file mode 100644 index 014c2a153b7..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_ntp.py +++ /dev/null @@ -1,405 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_ntp -short_description: Configure system NTP information in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and ntp category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_ntp: - description: - - Configure system NTP information. - default: null - type: dict - suboptions: - interface: - description: - - FortiGate interface(s) with NTP server mode enabled. Devices on your network can contact these interfaces for NTP services. - type: list - suboptions: - interface_name: - description: - - Interface name. Source system.interface.name. - type: str - ntpserver: - description: - - Configure the FortiGate to connect to any available third-party NTP server. - type: list - suboptions: - authentication: - description: - - Enable/disable MD5 authentication. - type: str - choices: - - enable - - disable - id: - description: - - NTP server ID. - required: true - type: int - key: - description: - - Key for MD5 authentication. - type: str - key_id: - description: - - Key ID for authentication. - type: int - ntpv3: - description: - - Enable to use NTPv3 instead of NTPv4. - type: str - choices: - - enable - - disable - server: - description: - - IP address or hostname of the NTP Server. - type: str - ntpsync: - description: - - Enable/disable setting the FortiGate system time by synchronizing with an NTP Server. - type: str - choices: - - enable - - disable - server_mode: - description: - - Enable/disable FortiGate NTP Server Mode. Your FortiGate becomes an NTP server for other devices on your network. The FortiGate relays - NTP requests to its configured NTP server. - type: str - choices: - - enable - - disable - source_ip: - description: - - Source IP address for communication to the NTP server. - type: str - source_ip6: - description: - - Source IPv6 address for communication to the NTP server. - type: str - syncinterval: - description: - - NTP synchronization interval (1 - 1440 min). - type: int - type: - description: - - Use the FortiGuard NTP server or any other available NTP Server. - type: str - choices: - - fortiguard - - custom -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure system NTP information. - fortios_system_ntp: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_ntp: - interface: - - - interface_name: " (source system.interface.name)" - ntpserver: - - - authentication: "enable" - id: "7" - key: "" - key_id: "9" - ntpv3: "enable" - server: "192.168.100.40" - ntpsync: "enable" - server_mode: "enable" - source_ip: "84.230.14.43" - source_ip6: "" - syncinterval: "16" - type: "fortiguard" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_ntp_data(json): - option_list = ['interface', 'ntpserver', 'ntpsync', - 'server_mode', 'source_ip', 'source_ip6', - 'syncinterval', 'type'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_ntp(data, fos): - vdom = data['vdom'] - system_ntp_data = data['system_ntp'] - filtered_data = underscore_to_hyphen(filter_system_ntp_data(system_ntp_data)) - - return fos.set('system', - 'ntp', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_ntp']: - resp = system_ntp(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_ntp": { - "required": False, "type": "dict", "default": None, - "options": { - "interface": {"required": False, "type": "list", - "options": { - "interface_name": {"required": False, "type": "str"} - }}, - "ntpserver": {"required": False, "type": "list", - "options": { - "authentication": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "id": {"required": True, "type": "int"}, - "key": {"required": False, "type": "str"}, - "key_id": {"required": False, "type": "int"}, - "ntpv3": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "server": {"required": False, "type": "str"} - }}, - "ntpsync": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "server_mode": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "source_ip": {"required": False, "type": "str"}, - "source_ip6": {"required": False, "type": "str"}, - "syncinterval": {"required": False, "type": "int"}, - "type": {"required": False, "type": "str", - "choices": ["fortiguard", "custom"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_object_tagging.py b/lib/ansible/modules/network/fortios/fortios_system_object_tagging.py deleted file mode 100644 index 5d96911dfdc..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_object_tagging.py +++ /dev/null @@ -1,377 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_object_tagging -short_description: Configure object tagging in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and object_tagging category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_object_tagging: - description: - - Configure object tagging. - default: null - type: dict - suboptions: - address: - description: - - Address. - type: str - choices: - - disable - - mandatory - - optional - category: - description: - - Tag Category. - required: true - type: str - color: - description: - - Color of icon on the GUI. - type: int - device: - description: - - Device. - type: str - choices: - - disable - - mandatory - - optional - interface: - description: - - Interface. - type: str - choices: - - disable - - mandatory - - optional - multiple: - description: - - Allow multiple tag selection. - type: str - choices: - - enable - - disable - tags: - description: - - Tags. - type: list - suboptions: - name: - description: - - Tag name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure object tagging. - fortios_system_object_tagging: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_object_tagging: - address: "disable" - category: "" - color: "5" - device: "disable" - interface: "disable" - multiple: "enable" - tags: - - - name: "default_name_10" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_object_tagging_data(json): - option_list = ['address', 'category', 'color', - 'device', 'interface', 'multiple', - 'tags'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_object_tagging(data, fos): - vdom = data['vdom'] - state = data['state'] - system_object_tagging_data = data['system_object_tagging'] - filtered_data = underscore_to_hyphen(filter_system_object_tagging_data(system_object_tagging_data)) - - if state == "present": - return fos.set('system', - 'object-tagging', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'object-tagging', - mkey=filtered_data['category'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_object_tagging']: - resp = system_object_tagging(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_object_tagging": { - "required": False, "type": "dict", "default": None, - "options": { - "address": {"required": False, "type": "str", - "choices": ["disable", "mandatory", "optional"]}, - "category": {"required": True, "type": "str"}, - "color": {"required": False, "type": "int"}, - "device": {"required": False, "type": "str", - "choices": ["disable", "mandatory", "optional"]}, - "interface": {"required": False, "type": "str", - "choices": ["disable", "mandatory", "optional"]}, - "multiple": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "tags": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_password_policy.py b/lib/ansible/modules/network/fortios/fortios_system_password_policy.py deleted file mode 100644 index 364e1cc0d77..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_password_policy.py +++ /dev/null @@ -1,372 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_password_policy -short_description: Configure password policy for locally defined administrator passwords and IPsec VPN pre-shared keys in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and password_policy category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_password_policy: - description: - - Configure password policy for locally defined administrator passwords and IPsec VPN pre-shared keys. - default: null - type: dict - suboptions: - apply_to: - description: - - Apply password policy to administrator passwords or IPsec pre-shared keys or both. Separate entries with a space. - type: str - choices: - - admin-password - - ipsec-preshared-key - change_4_characters: - description: - - Enable/disable changing at least 4 characters for a new password (This attribute overrides reuse-password if both are enabled). - type: str - choices: - - enable - - disable - expire_day: - description: - - Number of days after which passwords expire (1 - 999 days). - type: int - expire_status: - description: - - Enable/disable password expiration. - type: str - choices: - - enable - - disable - min_lower_case_letter: - description: - - Minimum number of lowercase characters in password (0 - 128). - type: int - min_non_alphanumeric: - description: - - Minimum number of non-alphanumeric characters in password (0 - 128). - type: int - min_number: - description: - - Minimum number of numeric characters in password (0 - 128). - type: int - min_upper_case_letter: - description: - - Minimum number of uppercase characters in password (0 - 128). - type: int - minimum_length: - description: - - Minimum password length (8 - 128). - type: int - reuse_password: - description: - - Enable/disable reusing of password (if both reuse-password and change-4-characters are enabled, change-4-characters overrides). - type: str - choices: - - enable - - disable - status: - description: - - Enable/disable setting a password policy for locally defined administrator passwords and IPsec VPN pre-shared keys. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure password policy for locally defined administrator passwords and IPsec VPN pre-shared keys. - fortios_system_password_policy: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_password_policy: - apply_to: "admin-password" - change_4_characters: "enable" - expire_day: "5" - expire_status: "enable" - min_lower_case_letter: "7" - min_non_alphanumeric: "8" - min_number: "9" - min_upper_case_letter: "10" - minimum_length: "11" - reuse_password: "enable" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_password_policy_data(json): - option_list = ['apply_to', 'change_4_characters', 'expire_day', - 'expire_status', 'min_lower_case_letter', 'min_non_alphanumeric', - 'min_number', 'min_upper_case_letter', 'minimum_length', - 'reuse_password', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_password_policy(data, fos): - vdom = data['vdom'] - system_password_policy_data = data['system_password_policy'] - filtered_data = underscore_to_hyphen(filter_system_password_policy_data(system_password_policy_data)) - - return fos.set('system', - 'password-policy', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_password_policy']: - resp = system_password_policy(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_password_policy": { - "required": False, "type": "dict", "default": None, - "options": { - "apply_to": {"required": False, "type": "str", - "choices": ["admin-password", "ipsec-preshared-key"]}, - "change_4_characters": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "expire_day": {"required": False, "type": "int"}, - "expire_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "min_lower_case_letter": {"required": False, "type": "int"}, - "min_non_alphanumeric": {"required": False, "type": "int"}, - "min_number": {"required": False, "type": "int"}, - "min_upper_case_letter": {"required": False, "type": "int"}, - "minimum_length": {"required": False, "type": "int"}, - "reuse_password": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_password_policy_guest_admin.py b/lib/ansible/modules/network/fortios/fortios_system_password_policy_guest_admin.py deleted file mode 100644 index ff31c6f2783..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_password_policy_guest_admin.py +++ /dev/null @@ -1,371 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_password_policy_guest_admin -short_description: Configure the password policy for guest administrators in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and password_policy_guest_admin category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_password_policy_guest_admin: - description: - - Configure the password policy for guest administrators. - default: null - type: dict - suboptions: - apply_to: - description: - - Guest administrator to which this password policy applies. - type: str - choices: - - guest-admin-password - change_4_characters: - description: - - Enable/disable changing at least 4 characters for a new password (This attribute overrides reuse-password if both are enabled). - type: str - choices: - - enable - - disable - expire_day: - description: - - Number of days after which passwords expire (1 - 999 days). - type: int - expire_status: - description: - - Enable/disable password expiration. - type: str - choices: - - enable - - disable - min_lower_case_letter: - description: - - Minimum number of lowercase characters in password (0 - 128). - type: int - min_non_alphanumeric: - description: - - Minimum number of non-alphanumeric characters in password (0 - 128). - type: int - min_number: - description: - - Minimum number of numeric characters in password (0 - 128). - type: int - min_upper_case_letter: - description: - - Minimum number of uppercase characters in password (0 - 128). - type: int - minimum_length: - description: - - Minimum password length (8 - 128). - type: int - reuse_password: - description: - - Enable/disable reusing of password (if both reuse-password and change-4-characters are enabled, change-4-characters overrides). - type: str - choices: - - enable - - disable - status: - description: - - Enable/disable setting a password policy for locally defined administrator passwords and IPsec VPN pre-shared keys. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure the password policy for guest administrators. - fortios_system_password_policy_guest_admin: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_password_policy_guest_admin: - apply_to: "guest-admin-password" - change_4_characters: "enable" - expire_day: "5" - expire_status: "enable" - min_lower_case_letter: "7" - min_non_alphanumeric: "8" - min_number: "9" - min_upper_case_letter: "10" - minimum_length: "11" - reuse_password: "enable" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_password_policy_guest_admin_data(json): - option_list = ['apply_to', 'change_4_characters', 'expire_day', - 'expire_status', 'min_lower_case_letter', 'min_non_alphanumeric', - 'min_number', 'min_upper_case_letter', 'minimum_length', - 'reuse_password', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_password_policy_guest_admin(data, fos): - vdom = data['vdom'] - system_password_policy_guest_admin_data = data['system_password_policy_guest_admin'] - filtered_data = underscore_to_hyphen(filter_system_password_policy_guest_admin_data(system_password_policy_guest_admin_data)) - - return fos.set('system', - 'password-policy-guest-admin', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_password_policy_guest_admin']: - resp = system_password_policy_guest_admin(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_password_policy_guest_admin": { - "required": False, "type": "dict", "default": None, - "options": { - "apply_to": {"required": False, "type": "str", - "choices": ["guest-admin-password"]}, - "change_4_characters": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "expire_day": {"required": False, "type": "int"}, - "expire_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "min_lower_case_letter": {"required": False, "type": "int"}, - "min_non_alphanumeric": {"required": False, "type": "int"}, - "min_number": {"required": False, "type": "int"}, - "min_upper_case_letter": {"required": False, "type": "int"}, - "minimum_length": {"required": False, "type": "int"}, - "reuse_password": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_pppoe_interface.py b/lib/ansible/modules/network/fortios/fortios_system_pppoe_interface.py deleted file mode 100644 index 541b8865be8..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_pppoe_interface.py +++ /dev/null @@ -1,424 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_pppoe_interface -short_description: Configure the PPPoE interfaces in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and pppoe_interface category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_pppoe_interface: - description: - - Configure the PPPoE interfaces. - default: null - type: dict - suboptions: - ac_name: - description: - - PPPoE AC name. - type: str - auth_type: - description: - - PPP authentication type to use. - type: str - choices: - - auto - - pap - - chap - - mschapv1 - - mschapv2 - device: - description: - - Name for the physical interface. Source system.interface.name. - type: str - dial_on_demand: - description: - - Enable/disable dial on demand to dial the PPPoE interface when packets are routed to the PPPoE interface. - type: str - choices: - - enable - - disable - disc_retry_timeout: - description: - - PPPoE discovery init timeout value in (0-4294967295 sec). - type: int - idle_timeout: - description: - - PPPoE auto disconnect after idle timeout (0-4294967295 sec). - type: int - ipunnumbered: - description: - - PPPoE unnumbered IP. - type: str - ipv6: - description: - - Enable/disable IPv6 Control Protocol (IPv6CP). - type: str - choices: - - enable - - disable - lcp_echo_interval: - description: - - PPPoE LCP echo interval in (0-4294967295 sec). - type: int - lcp_max_echo_fails: - description: - - Maximum missed LCP echo messages before disconnect (0-4294967295). - type: int - name: - description: - - Name of the PPPoE interface. - required: true - type: str - padt_retry_timeout: - description: - - PPPoE terminate timeout value in (0-4294967295 sec). - type: int - password: - description: - - Enter the password. - type: str - pppoe_unnumbered_negotiate: - description: - - Enable/disable PPPoE unnumbered negotiation. - type: str - choices: - - enable - - disable - service_name: - description: - - PPPoE service name. - type: str - username: - description: - - User name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure the PPPoE interfaces. - fortios_system_pppoe_interface: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_pppoe_interface: - ac_name: "" - auth_type: "auto" - device: " (source system.interface.name)" - dial_on_demand: "enable" - disc_retry_timeout: "7" - idle_timeout: "8" - ipunnumbered: "" - ipv6: "enable" - lcp_echo_interval: "11" - lcp_max_echo_fails: "12" - name: "default_name_13" - padt_retry_timeout: "14" - password: "" - pppoe_unnumbered_negotiate: "enable" - service_name: "" - username: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_pppoe_interface_data(json): - option_list = ['ac_name', 'auth_type', 'device', - 'dial_on_demand', 'disc_retry_timeout', 'idle_timeout', - 'ipunnumbered', 'ipv6', 'lcp_echo_interval', - 'lcp_max_echo_fails', 'name', 'padt_retry_timeout', - 'password', 'pppoe_unnumbered_negotiate', 'service_name', - 'username'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_pppoe_interface(data, fos): - vdom = data['vdom'] - state = data['state'] - system_pppoe_interface_data = data['system_pppoe_interface'] - filtered_data = underscore_to_hyphen(filter_system_pppoe_interface_data(system_pppoe_interface_data)) - - if state == "present": - return fos.set('system', - 'pppoe-interface', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'pppoe-interface', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_pppoe_interface']: - resp = system_pppoe_interface(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_pppoe_interface": { - "required": False, "type": "dict", "default": None, - "options": { - "ac_name": {"required": False, "type": "str"}, - "auth_type": {"required": False, "type": "str", - "choices": ["auto", "pap", "chap", - "mschapv1", "mschapv2"]}, - "device": {"required": False, "type": "str"}, - "dial_on_demand": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "disc_retry_timeout": {"required": False, "type": "int"}, - "idle_timeout": {"required": False, "type": "int"}, - "ipunnumbered": {"required": False, "type": "str"}, - "ipv6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "lcp_echo_interval": {"required": False, "type": "int"}, - "lcp_max_echo_fails": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "padt_retry_timeout": {"required": False, "type": "int"}, - "password": {"required": False, "type": "str"}, - "pppoe_unnumbered_negotiate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "service_name": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_probe_response.py b/lib/ansible/modules/network/fortios/fortios_system_probe_response.py deleted file mode 100644 index 88a9bfb0a09..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_probe_response.py +++ /dev/null @@ -1,341 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_probe_response -short_description: Configure system probe response in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and probe_response category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_probe_response: - description: - - Configure system probe response. - default: null - type: dict - suboptions: - http_probe_value: - description: - - Value to respond to the monitoring server. - type: str - mode: - description: - - SLA response mode. - type: str - choices: - - none - - http-probe - - twamp - password: - description: - - Twamp respondor password in authentication mode - type: str - port: - description: - - Port number to response. - type: int - security_mode: - description: - - Twamp respondor security mode. - type: str - choices: - - none - - authentication - timeout: - description: - - An inactivity timer for a twamp test session. - type: int - ttl_mode: - description: - - Mode for TWAMP packet TTL modification. - type: str - choices: - - reinit - - decrease - - retain -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure system probe response. - fortios_system_probe_response: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_probe_response: - http_probe_value: "" - mode: "none" - password: "" - port: "6" - security_mode: "none" - timeout: "8" - ttl_mode: "reinit" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_probe_response_data(json): - option_list = ['http_probe_value', 'mode', 'password', - 'port', 'security_mode', 'timeout', - 'ttl_mode'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_probe_response(data, fos): - vdom = data['vdom'] - system_probe_response_data = data['system_probe_response'] - filtered_data = underscore_to_hyphen(filter_system_probe_response_data(system_probe_response_data)) - - return fos.set('system', - 'probe-response', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_probe_response']: - resp = system_probe_response(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_probe_response": { - "required": False, "type": "dict", "default": None, - "options": { - "http_probe_value": {"required": False, "type": "str"}, - "mode": {"required": False, "type": "str", - "choices": ["none", "http-probe", "twamp"]}, - "password": {"required": False, "type": "str"}, - "port": {"required": False, "type": "int"}, - "security_mode": {"required": False, "type": "str", - "choices": ["none", "authentication"]}, - "timeout": {"required": False, "type": "int"}, - "ttl_mode": {"required": False, "type": "str", - "choices": ["reinit", "decrease", "retain"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_proxy_arp.py b/lib/ansible/modules/network/fortios/fortios_system_proxy_arp.py deleted file mode 100644 index bda454c8519..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_proxy_arp.py +++ /dev/null @@ -1,328 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_proxy_arp -short_description: Configure proxy-ARP in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and proxy_arp category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_proxy_arp: - description: - - Configure proxy-ARP. - default: null - type: dict - suboptions: - end_ip: - description: - - End IP of IP range to be proxied. - type: str - id: - description: - - Unique integer ID of the entry. - required: true - type: int - interface: - description: - - Interface acting proxy-ARP. Source system.interface.name. - type: str - ip: - description: - - IP address or start IP to be proxied. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure proxy-ARP. - fortios_system_proxy_arp: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_proxy_arp: - end_ip: "" - id: "4" - interface: " (source system.interface.name)" - ip: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_proxy_arp_data(json): - option_list = ['end_ip', 'id', 'interface', - 'ip'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_proxy_arp(data, fos): - vdom = data['vdom'] - state = data['state'] - system_proxy_arp_data = data['system_proxy_arp'] - filtered_data = underscore_to_hyphen(filter_system_proxy_arp_data(system_proxy_arp_data)) - - if state == "present": - return fos.set('system', - 'proxy-arp', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'proxy-arp', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_proxy_arp']: - resp = system_proxy_arp(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_proxy_arp": { - "required": False, "type": "dict", "default": None, - "options": { - "end_ip": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "interface": {"required": False, "type": "str"}, - "ip": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_admin.py b/lib/ansible/modules/network/fortios/fortios_system_replacemsg_admin.py deleted file mode 100644 index 3c65d29e0ee..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_admin.py +++ /dev/null @@ -1,339 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_replacemsg_admin -short_description: Replacement messages in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system_replacemsg feature and admin category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_replacemsg_admin: - description: - - Replacement messages. - default: null - type: dict - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Replacement messages. - fortios_system_replacemsg_admin: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_replacemsg_admin: - buffer: "" - format: "none" - header: "none" - msg_type: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_replacemsg_admin_data(json): - option_list = ['buffer', 'format', 'header', - 'msg_type'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_replacemsg_admin(data, fos): - vdom = data['vdom'] - state = data['state'] - system_replacemsg_admin_data = data['system_replacemsg_admin'] - filtered_data = underscore_to_hyphen(filter_system_replacemsg_admin_data(system_replacemsg_admin_data)) - - if state == "present": - return fos.set('system.replacemsg', - 'admin', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system.replacemsg', - 'admin', - mkey=filtered_data['msg-type'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system_replacemsg(data, fos): - - if data['system_replacemsg_admin']: - resp = system_replacemsg_admin(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_replacemsg_admin": { - "required": False, "type": "dict", "default": None, - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_alertmail.py b/lib/ansible/modules/network/fortios/fortios_system_replacemsg_alertmail.py deleted file mode 100644 index 9e901028cf6..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_alertmail.py +++ /dev/null @@ -1,339 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_replacemsg_alertmail -short_description: Replacement messages in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system_replacemsg feature and alertmail category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_replacemsg_alertmail: - description: - - Replacement messages. - default: null - type: dict - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Replacement messages. - fortios_system_replacemsg_alertmail: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_replacemsg_alertmail: - buffer: "" - format: "none" - header: "none" - msg_type: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_replacemsg_alertmail_data(json): - option_list = ['buffer', 'format', 'header', - 'msg_type'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_replacemsg_alertmail(data, fos): - vdom = data['vdom'] - state = data['state'] - system_replacemsg_alertmail_data = data['system_replacemsg_alertmail'] - filtered_data = underscore_to_hyphen(filter_system_replacemsg_alertmail_data(system_replacemsg_alertmail_data)) - - if state == "present": - return fos.set('system.replacemsg', - 'alertmail', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system.replacemsg', - 'alertmail', - mkey=filtered_data['msg-type'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system_replacemsg(data, fos): - - if data['system_replacemsg_alertmail']: - resp = system_replacemsg_alertmail(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_replacemsg_alertmail": { - "required": False, "type": "dict", "default": None, - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_auth.py b/lib/ansible/modules/network/fortios/fortios_system_replacemsg_auth.py deleted file mode 100644 index 3ca811e6e99..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_auth.py +++ /dev/null @@ -1,339 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_replacemsg_auth -short_description: Replacement messages in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system_replacemsg feature and auth category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_replacemsg_auth: - description: - - Replacement messages. - default: null - type: dict - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Replacement messages. - fortios_system_replacemsg_auth: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_replacemsg_auth: - buffer: "" - format: "none" - header: "none" - msg_type: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_replacemsg_auth_data(json): - option_list = ['buffer', 'format', 'header', - 'msg_type'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_replacemsg_auth(data, fos): - vdom = data['vdom'] - state = data['state'] - system_replacemsg_auth_data = data['system_replacemsg_auth'] - filtered_data = underscore_to_hyphen(filter_system_replacemsg_auth_data(system_replacemsg_auth_data)) - - if state == "present": - return fos.set('system.replacemsg', - 'auth', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system.replacemsg', - 'auth', - mkey=filtered_data['msg-type'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system_replacemsg(data, fos): - - if data['system_replacemsg_auth']: - resp = system_replacemsg_auth(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_replacemsg_auth": { - "required": False, "type": "dict", "default": None, - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_device_detection_portal.py b/lib/ansible/modules/network/fortios/fortios_system_replacemsg_device_detection_portal.py deleted file mode 100644 index 2acd9eb1ad8..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_device_detection_portal.py +++ /dev/null @@ -1,339 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_replacemsg_device_detection_portal -short_description: Replacement messages in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system_replacemsg feature and device_detection_portal category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_replacemsg_device_detection_portal: - description: - - Replacement messages. - default: null - type: dict - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Replacement messages. - fortios_system_replacemsg_device_detection_portal: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_replacemsg_device_detection_portal: - buffer: "" - format: "none" - header: "none" - msg_type: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_replacemsg_device_detection_portal_data(json): - option_list = ['buffer', 'format', 'header', - 'msg_type'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_replacemsg_device_detection_portal(data, fos): - vdom = data['vdom'] - state = data['state'] - system_replacemsg_device_detection_portal_data = data['system_replacemsg_device_detection_portal'] - filtered_data = underscore_to_hyphen(filter_system_replacemsg_device_detection_portal_data(system_replacemsg_device_detection_portal_data)) - - if state == "present": - return fos.set('system.replacemsg', - 'device-detection-portal', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system.replacemsg', - 'device-detection-portal', - mkey=filtered_data['msg-type'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system_replacemsg(data, fos): - - if data['system_replacemsg_device_detection_portal']: - resp = system_replacemsg_device_detection_portal(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_replacemsg_device_detection_portal": { - "required": False, "type": "dict", "default": None, - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_ec.py b/lib/ansible/modules/network/fortios/fortios_system_replacemsg_ec.py deleted file mode 100644 index adddbbc4258..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_ec.py +++ /dev/null @@ -1,339 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_replacemsg_ec -short_description: Replacement messages in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system_replacemsg feature and ec category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_replacemsg_ec: - description: - - Replacement messages. - default: null - type: dict - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Replacement messages. - fortios_system_replacemsg_ec: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_replacemsg_ec: - buffer: "" - format: "none" - header: "none" - msg_type: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_replacemsg_ec_data(json): - option_list = ['buffer', 'format', 'header', - 'msg_type'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_replacemsg_ec(data, fos): - vdom = data['vdom'] - state = data['state'] - system_replacemsg_ec_data = data['system_replacemsg_ec'] - filtered_data = underscore_to_hyphen(filter_system_replacemsg_ec_data(system_replacemsg_ec_data)) - - if state == "present": - return fos.set('system.replacemsg', - 'ec', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system.replacemsg', - 'ec', - mkey=filtered_data['msg-type'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system_replacemsg(data, fos): - - if data['system_replacemsg_ec']: - resp = system_replacemsg_ec(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_replacemsg_ec": { - "required": False, "type": "dict", "default": None, - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_fortiguard_wf.py b/lib/ansible/modules/network/fortios/fortios_system_replacemsg_fortiguard_wf.py deleted file mode 100644 index fbb6619e35d..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_fortiguard_wf.py +++ /dev/null @@ -1,339 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_replacemsg_fortiguard_wf -short_description: Replacement messages in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system_replacemsg feature and fortiguard_wf category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_replacemsg_fortiguard_wf: - description: - - Replacement messages. - default: null - type: dict - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Replacement messages. - fortios_system_replacemsg_fortiguard_wf: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_replacemsg_fortiguard_wf: - buffer: "" - format: "none" - header: "none" - msg_type: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_replacemsg_fortiguard_wf_data(json): - option_list = ['buffer', 'format', 'header', - 'msg_type'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_replacemsg_fortiguard_wf(data, fos): - vdom = data['vdom'] - state = data['state'] - system_replacemsg_fortiguard_wf_data = data['system_replacemsg_fortiguard_wf'] - filtered_data = underscore_to_hyphen(filter_system_replacemsg_fortiguard_wf_data(system_replacemsg_fortiguard_wf_data)) - - if state == "present": - return fos.set('system.replacemsg', - 'fortiguard-wf', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system.replacemsg', - 'fortiguard-wf', - mkey=filtered_data['msg-type'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system_replacemsg(data, fos): - - if data['system_replacemsg_fortiguard_wf']: - resp = system_replacemsg_fortiguard_wf(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_replacemsg_fortiguard_wf": { - "required": False, "type": "dict", "default": None, - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_ftp.py b/lib/ansible/modules/network/fortios/fortios_system_replacemsg_ftp.py deleted file mode 100644 index 7f1148312a4..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_ftp.py +++ /dev/null @@ -1,339 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_replacemsg_ftp -short_description: Replacement messages in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system_replacemsg feature and ftp category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_replacemsg_ftp: - description: - - Replacement messages. - default: null - type: dict - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Replacement messages. - fortios_system_replacemsg_ftp: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_replacemsg_ftp: - buffer: "" - format: "none" - header: "none" - msg_type: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_replacemsg_ftp_data(json): - option_list = ['buffer', 'format', 'header', - 'msg_type'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_replacemsg_ftp(data, fos): - vdom = data['vdom'] - state = data['state'] - system_replacemsg_ftp_data = data['system_replacemsg_ftp'] - filtered_data = underscore_to_hyphen(filter_system_replacemsg_ftp_data(system_replacemsg_ftp_data)) - - if state == "present": - return fos.set('system.replacemsg', - 'ftp', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system.replacemsg', - 'ftp', - mkey=filtered_data['msg-type'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system_replacemsg(data, fos): - - if data['system_replacemsg_ftp']: - resp = system_replacemsg_ftp(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_replacemsg_ftp": { - "required": False, "type": "dict", "default": None, - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_group.py b/lib/ansible/modules/network/fortios/fortios_system_replacemsg_group.py deleted file mode 100644 index 92707f5f436..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_group.py +++ /dev/null @@ -1,1162 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_replacemsg_group -short_description: Configure replacement message groups in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and replacemsg_group category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_replacemsg_group: - description: - - Configure replacement message groups. - default: null - type: dict - suboptions: - admin: - description: - - Replacement message table entries. - type: list - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str - alertmail: - description: - - Replacement message table entries. - type: list - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str - auth: - description: - - Replacement message table entries. - type: list - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str - comment: - description: - - Comment. - type: str - custom_message: - description: - - Replacement message table entries. - type: list - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str - device_detection_portal: - description: - - Replacement message table entries. - type: list - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str - ec: - description: - - Replacement message table entries. - type: list - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str - fortiguard_wf: - description: - - Replacement message table entries. - type: list - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str - ftp: - description: - - Replacement message table entries. - type: list - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str - group_type: - description: - - Group type. - type: str - choices: - - default - - utm - - auth - - ec - http: - description: - - Replacement message table entries. - type: list - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str - icap: - description: - - Replacement message table entries. - type: list - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str - mail: - description: - - Replacement message table entries. - type: list - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str - nac_quar: - description: - - Replacement message table entries. - type: list - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str - name: - description: - - Group name. - required: true - type: str - nntp: - description: - - Replacement message table entries. - type: list - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str - spam: - description: - - Replacement message table entries. - type: list - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str - sslvpn: - description: - - Replacement message table entries. - type: list - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str - traffic_quota: - description: - - Replacement message table entries. - type: list - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str - utm: - description: - - Replacement message table entries. - type: list - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str - webproxy: - description: - - Replacement message table entries. - type: list - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure replacement message groups. - fortios_system_replacemsg_group: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_replacemsg_group: - admin: - - - buffer: "" - format: "none" - header: "none" - msg_type: "" - alertmail: - - - buffer: "" - format: "none" - header: "none" - msg_type: "" - auth: - - - buffer: "" - format: "none" - header: "none" - msg_type: "" - comment: "Comment." - custom_message: - - - buffer: "" - format: "none" - header: "none" - msg_type: "" - device_detection_portal: - - - buffer: "" - format: "none" - header: "none" - msg_type: "" - ec: - - - buffer: "" - format: "none" - header: "none" - msg_type: "" - fortiguard_wf: - - - buffer: "" - format: "none" - header: "none" - msg_type: "" - ftp: - - - buffer: "" - format: "none" - header: "none" - msg_type: "" - group_type: "default" - http: - - - buffer: "" - format: "none" - header: "none" - msg_type: "" - icap: - - - buffer: "" - format: "none" - header: "none" - msg_type: "" - mail: - - - buffer: "" - format: "none" - header: "none" - msg_type: "" - nac_quar: - - - buffer: "" - format: "none" - header: "none" - msg_type: "" - name: "default_name_65" - nntp: - - - buffer: "" - format: "none" - header: "none" - msg_type: "" - spam: - - - buffer: "" - format: "none" - header: "none" - msg_type: "" - sslvpn: - - - buffer: "" - format: "none" - header: "none" - msg_type: "" - traffic_quota: - - - buffer: "" - format: "none" - header: "none" - msg_type: "" - utm: - - - buffer: "" - format: "none" - header: "none" - msg_type: "" - webproxy: - - - buffer: "" - format: "none" - header: "none" - msg_type: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_replacemsg_group_data(json): - option_list = ['admin', 'alertmail', 'auth', - 'comment', 'custom_message', 'device_detection_portal', - 'ec', 'fortiguard_wf', 'ftp', - 'group_type', 'http', 'icap', - 'mail', 'nac_quar', 'name', - 'nntp', 'spam', 'sslvpn', - 'traffic_quota', 'utm', 'webproxy'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_replacemsg_group(data, fos): - vdom = data['vdom'] - state = data['state'] - system_replacemsg_group_data = data['system_replacemsg_group'] - filtered_data = underscore_to_hyphen(filter_system_replacemsg_group_data(system_replacemsg_group_data)) - - if state == "present": - return fos.set('system', - 'replacemsg-group', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'replacemsg-group', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_replacemsg_group']: - resp = system_replacemsg_group(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_replacemsg_group": { - "required": False, "type": "dict", "default": None, - "options": { - "admin": {"required": False, "type": "list", - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - }}, - "alertmail": {"required": False, "type": "list", - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - }}, - "auth": {"required": False, "type": "list", - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - }}, - "comment": {"required": False, "type": "str"}, - "custom_message": {"required": False, "type": "list", - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - }}, - "device_detection_portal": {"required": False, "type": "list", - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - }}, - "ec": {"required": False, "type": "list", - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - }}, - "fortiguard_wf": {"required": False, "type": "list", - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - }}, - "ftp": {"required": False, "type": "list", - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - }}, - "group_type": {"required": False, "type": "str", - "choices": ["default", "utm", "auth", - "ec"]}, - "http": {"required": False, "type": "list", - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - }}, - "icap": {"required": False, "type": "list", - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - }}, - "mail": {"required": False, "type": "list", - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - }}, - "nac_quar": {"required": False, "type": "list", - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - }}, - "name": {"required": True, "type": "str"}, - "nntp": {"required": False, "type": "list", - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - }}, - "spam": {"required": False, "type": "list", - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - }}, - "sslvpn": {"required": False, "type": "list", - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - }}, - "traffic_quota": {"required": False, "type": "list", - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - }}, - "utm": {"required": False, "type": "list", - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - }}, - "webproxy": {"required": False, "type": "list", - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_http.py b/lib/ansible/modules/network/fortios/fortios_system_replacemsg_http.py deleted file mode 100644 index f073eca92bf..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_http.py +++ /dev/null @@ -1,339 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_replacemsg_http -short_description: Replacement messages in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system_replacemsg feature and http category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_replacemsg_http: - description: - - Replacement messages. - default: null - type: dict - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Replacement messages. - fortios_system_replacemsg_http: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_replacemsg_http: - buffer: "" - format: "none" - header: "none" - msg_type: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_replacemsg_http_data(json): - option_list = ['buffer', 'format', 'header', - 'msg_type'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_replacemsg_http(data, fos): - vdom = data['vdom'] - state = data['state'] - system_replacemsg_http_data = data['system_replacemsg_http'] - filtered_data = underscore_to_hyphen(filter_system_replacemsg_http_data(system_replacemsg_http_data)) - - if state == "present": - return fos.set('system.replacemsg', - 'http', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system.replacemsg', - 'http', - mkey=filtered_data['msg-type'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system_replacemsg(data, fos): - - if data['system_replacemsg_http']: - resp = system_replacemsg_http(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_replacemsg_http": { - "required": False, "type": "dict", "default": None, - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_icap.py b/lib/ansible/modules/network/fortios/fortios_system_replacemsg_icap.py deleted file mode 100644 index 56aee82977f..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_icap.py +++ /dev/null @@ -1,339 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_replacemsg_icap -short_description: Replacement messages in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system_replacemsg feature and icap category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_replacemsg_icap: - description: - - Replacement messages. - default: null - type: dict - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Replacement messages. - fortios_system_replacemsg_icap: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_replacemsg_icap: - buffer: "" - format: "none" - header: "none" - msg_type: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_replacemsg_icap_data(json): - option_list = ['buffer', 'format', 'header', - 'msg_type'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_replacemsg_icap(data, fos): - vdom = data['vdom'] - state = data['state'] - system_replacemsg_icap_data = data['system_replacemsg_icap'] - filtered_data = underscore_to_hyphen(filter_system_replacemsg_icap_data(system_replacemsg_icap_data)) - - if state == "present": - return fos.set('system.replacemsg', - 'icap', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system.replacemsg', - 'icap', - mkey=filtered_data['msg-type'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system_replacemsg(data, fos): - - if data['system_replacemsg_icap']: - resp = system_replacemsg_icap(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_replacemsg_icap": { - "required": False, "type": "dict", "default": None, - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_image.py b/lib/ansible/modules/network/fortios/fortios_system_replacemsg_image.py deleted file mode 100644 index 6e852bf14e9..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_image.py +++ /dev/null @@ -1,328 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_replacemsg_image -short_description: Configure replacement message images in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and replacemsg_image category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_replacemsg_image: - description: - - Configure replacement message images. - default: null - type: dict - suboptions: - image_base64: - description: - - Image data. - type: str - image_type: - description: - - Image type. - type: str - choices: - - gif - - jpg - - tiff - - png - name: - description: - - Image name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure replacement message images. - fortios_system_replacemsg_image: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_replacemsg_image: - image_base64: "" - image_type: "gif" - name: "default_name_5" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_replacemsg_image_data(json): - option_list = ['image_base64', 'image_type', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_replacemsg_image(data, fos): - vdom = data['vdom'] - state = data['state'] - system_replacemsg_image_data = data['system_replacemsg_image'] - filtered_data = underscore_to_hyphen(filter_system_replacemsg_image_data(system_replacemsg_image_data)) - - if state == "present": - return fos.set('system', - 'replacemsg-image', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'replacemsg-image', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_replacemsg_image']: - resp = system_replacemsg_image(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_replacemsg_image": { - "required": False, "type": "dict", "default": None, - "options": { - "image_base64": {"required": False, "type": "str"}, - "image_type": {"required": False, "type": "str", - "choices": ["gif", "jpg", "tiff", - "png"]}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_mail.py b/lib/ansible/modules/network/fortios/fortios_system_replacemsg_mail.py deleted file mode 100644 index 123bfb8e52d..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_mail.py +++ /dev/null @@ -1,339 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_replacemsg_mail -short_description: Replacement messages in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system_replacemsg feature and mail category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_replacemsg_mail: - description: - - Replacement messages. - default: null - type: dict - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Replacement messages. - fortios_system_replacemsg_mail: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_replacemsg_mail: - buffer: "" - format: "none" - header: "none" - msg_type: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_replacemsg_mail_data(json): - option_list = ['buffer', 'format', 'header', - 'msg_type'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_replacemsg_mail(data, fos): - vdom = data['vdom'] - state = data['state'] - system_replacemsg_mail_data = data['system_replacemsg_mail'] - filtered_data = underscore_to_hyphen(filter_system_replacemsg_mail_data(system_replacemsg_mail_data)) - - if state == "present": - return fos.set('system.replacemsg', - 'mail', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system.replacemsg', - 'mail', - mkey=filtered_data['msg-type'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system_replacemsg(data, fos): - - if data['system_replacemsg_mail']: - resp = system_replacemsg_mail(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_replacemsg_mail": { - "required": False, "type": "dict", "default": None, - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_nac_quar.py b/lib/ansible/modules/network/fortios/fortios_system_replacemsg_nac_quar.py deleted file mode 100644 index ac89baaf6ae..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_nac_quar.py +++ /dev/null @@ -1,339 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_replacemsg_nac_quar -short_description: Replacement messages in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system_replacemsg feature and nac_quar category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_replacemsg_nac_quar: - description: - - Replacement messages. - default: null - type: dict - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Replacement messages. - fortios_system_replacemsg_nac_quar: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_replacemsg_nac_quar: - buffer: "" - format: "none" - header: "none" - msg_type: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_replacemsg_nac_quar_data(json): - option_list = ['buffer', 'format', 'header', - 'msg_type'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_replacemsg_nac_quar(data, fos): - vdom = data['vdom'] - state = data['state'] - system_replacemsg_nac_quar_data = data['system_replacemsg_nac_quar'] - filtered_data = underscore_to_hyphen(filter_system_replacemsg_nac_quar_data(system_replacemsg_nac_quar_data)) - - if state == "present": - return fos.set('system.replacemsg', - 'nac-quar', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system.replacemsg', - 'nac-quar', - mkey=filtered_data['msg-type'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system_replacemsg(data, fos): - - if data['system_replacemsg_nac_quar']: - resp = system_replacemsg_nac_quar(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_replacemsg_nac_quar": { - "required": False, "type": "dict", "default": None, - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_nntp.py b/lib/ansible/modules/network/fortios/fortios_system_replacemsg_nntp.py deleted file mode 100644 index 03a94b78479..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_nntp.py +++ /dev/null @@ -1,339 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_replacemsg_nntp -short_description: Replacement messages in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system_replacemsg feature and nntp category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_replacemsg_nntp: - description: - - Replacement messages. - default: null - type: dict - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Replacement messages. - fortios_system_replacemsg_nntp: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_replacemsg_nntp: - buffer: "" - format: "none" - header: "none" - msg_type: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_replacemsg_nntp_data(json): - option_list = ['buffer', 'format', 'header', - 'msg_type'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_replacemsg_nntp(data, fos): - vdom = data['vdom'] - state = data['state'] - system_replacemsg_nntp_data = data['system_replacemsg_nntp'] - filtered_data = underscore_to_hyphen(filter_system_replacemsg_nntp_data(system_replacemsg_nntp_data)) - - if state == "present": - return fos.set('system.replacemsg', - 'nntp', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system.replacemsg', - 'nntp', - mkey=filtered_data['msg-type'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system_replacemsg(data, fos): - - if data['system_replacemsg_nntp']: - resp = system_replacemsg_nntp(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_replacemsg_nntp": { - "required": False, "type": "dict", "default": None, - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_spam.py b/lib/ansible/modules/network/fortios/fortios_system_replacemsg_spam.py deleted file mode 100644 index a8f8ebdbe0b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_spam.py +++ /dev/null @@ -1,339 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_replacemsg_spam -short_description: Replacement messages in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system_replacemsg feature and spam category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_replacemsg_spam: - description: - - Replacement messages. - default: null - type: dict - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Replacement messages. - fortios_system_replacemsg_spam: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_replacemsg_spam: - buffer: "" - format: "none" - header: "none" - msg_type: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_replacemsg_spam_data(json): - option_list = ['buffer', 'format', 'header', - 'msg_type'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_replacemsg_spam(data, fos): - vdom = data['vdom'] - state = data['state'] - system_replacemsg_spam_data = data['system_replacemsg_spam'] - filtered_data = underscore_to_hyphen(filter_system_replacemsg_spam_data(system_replacemsg_spam_data)) - - if state == "present": - return fos.set('system.replacemsg', - 'spam', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system.replacemsg', - 'spam', - mkey=filtered_data['msg-type'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system_replacemsg(data, fos): - - if data['system_replacemsg_spam']: - resp = system_replacemsg_spam(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_replacemsg_spam": { - "required": False, "type": "dict", "default": None, - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_sslvpn.py b/lib/ansible/modules/network/fortios/fortios_system_replacemsg_sslvpn.py deleted file mode 100644 index 34cf273da59..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_sslvpn.py +++ /dev/null @@ -1,339 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_replacemsg_sslvpn -short_description: Replacement messages in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system_replacemsg feature and sslvpn category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_replacemsg_sslvpn: - description: - - Replacement messages. - default: null - type: dict - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Replacement messages. - fortios_system_replacemsg_sslvpn: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_replacemsg_sslvpn: - buffer: "" - format: "none" - header: "none" - msg_type: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_replacemsg_sslvpn_data(json): - option_list = ['buffer', 'format', 'header', - 'msg_type'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_replacemsg_sslvpn(data, fos): - vdom = data['vdom'] - state = data['state'] - system_replacemsg_sslvpn_data = data['system_replacemsg_sslvpn'] - filtered_data = underscore_to_hyphen(filter_system_replacemsg_sslvpn_data(system_replacemsg_sslvpn_data)) - - if state == "present": - return fos.set('system.replacemsg', - 'sslvpn', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system.replacemsg', - 'sslvpn', - mkey=filtered_data['msg-type'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system_replacemsg(data, fos): - - if data['system_replacemsg_sslvpn']: - resp = system_replacemsg_sslvpn(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_replacemsg_sslvpn": { - "required": False, "type": "dict", "default": None, - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_traffic_quota.py b/lib/ansible/modules/network/fortios/fortios_system_replacemsg_traffic_quota.py deleted file mode 100644 index 90449e8dd7e..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_traffic_quota.py +++ /dev/null @@ -1,339 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_replacemsg_traffic_quota -short_description: Replacement messages in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system_replacemsg feature and traffic_quota category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_replacemsg_traffic_quota: - description: - - Replacement messages. - default: null - type: dict - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Replacement messages. - fortios_system_replacemsg_traffic_quota: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_replacemsg_traffic_quota: - buffer: "" - format: "none" - header: "none" - msg_type: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_replacemsg_traffic_quota_data(json): - option_list = ['buffer', 'format', 'header', - 'msg_type'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_replacemsg_traffic_quota(data, fos): - vdom = data['vdom'] - state = data['state'] - system_replacemsg_traffic_quota_data = data['system_replacemsg_traffic_quota'] - filtered_data = underscore_to_hyphen(filter_system_replacemsg_traffic_quota_data(system_replacemsg_traffic_quota_data)) - - if state == "present": - return fos.set('system.replacemsg', - 'traffic-quota', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system.replacemsg', - 'traffic-quota', - mkey=filtered_data['msg-type'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system_replacemsg(data, fos): - - if data['system_replacemsg_traffic_quota']: - resp = system_replacemsg_traffic_quota(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_replacemsg_traffic_quota": { - "required": False, "type": "dict", "default": None, - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_utm.py b/lib/ansible/modules/network/fortios/fortios_system_replacemsg_utm.py deleted file mode 100644 index 8c3de90bf52..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_utm.py +++ /dev/null @@ -1,339 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_replacemsg_utm -short_description: Replacement messages in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system_replacemsg feature and utm category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_replacemsg_utm: - description: - - Replacement messages. - default: null - type: dict - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Replacement messages. - fortios_system_replacemsg_utm: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_replacemsg_utm: - buffer: "" - format: "none" - header: "none" - msg_type: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_replacemsg_utm_data(json): - option_list = ['buffer', 'format', 'header', - 'msg_type'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_replacemsg_utm(data, fos): - vdom = data['vdom'] - state = data['state'] - system_replacemsg_utm_data = data['system_replacemsg_utm'] - filtered_data = underscore_to_hyphen(filter_system_replacemsg_utm_data(system_replacemsg_utm_data)) - - if state == "present": - return fos.set('system.replacemsg', - 'utm', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system.replacemsg', - 'utm', - mkey=filtered_data['msg-type'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system_replacemsg(data, fos): - - if data['system_replacemsg_utm']: - resp = system_replacemsg_utm(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_replacemsg_utm": { - "required": False, "type": "dict", "default": None, - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_webproxy.py b/lib/ansible/modules/network/fortios/fortios_system_replacemsg_webproxy.py deleted file mode 100644 index 63f9f744ba9..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_replacemsg_webproxy.py +++ /dev/null @@ -1,339 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_replacemsg_webproxy -short_description: Replacement messages in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system_replacemsg feature and webproxy category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_replacemsg_webproxy: - description: - - Replacement messages. - default: null - type: dict - suboptions: - buffer: - description: - - Message string. - type: str - format: - description: - - Format flag. - type: str - choices: - - none - - text - - html - - wml - header: - description: - - Header flag. - type: str - choices: - - none - - http - - 8bit - msg_type: - description: - - Message type. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Replacement messages. - fortios_system_replacemsg_webproxy: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_replacemsg_webproxy: - buffer: "" - format: "none" - header: "none" - msg_type: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_replacemsg_webproxy_data(json): - option_list = ['buffer', 'format', 'header', - 'msg_type'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_replacemsg_webproxy(data, fos): - vdom = data['vdom'] - state = data['state'] - system_replacemsg_webproxy_data = data['system_replacemsg_webproxy'] - filtered_data = underscore_to_hyphen(filter_system_replacemsg_webproxy_data(system_replacemsg_webproxy_data)) - - if state == "present": - return fos.set('system.replacemsg', - 'webproxy', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system.replacemsg', - 'webproxy', - mkey=filtered_data['msg-type'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system_replacemsg(data, fos): - - if data['system_replacemsg_webproxy']: - resp = system_replacemsg_webproxy(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_replacemsg_webproxy": { - "required": False, "type": "dict", "default": None, - "options": { - "buffer": {"required": False, "type": "str"}, - "format": {"required": False, "type": "str", - "choices": ["none", "text", "html", - "wml"]}, - "header": {"required": False, "type": "str", - "choices": ["none", "http", "8bit"]}, - "msg_type": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system_replacemsg(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_resource_limits.py b/lib/ansible/modules/network/fortios/fortios_system_resource_limits.py deleted file mode 100644 index e369e7ecd13..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_resource_limits.py +++ /dev/null @@ -1,396 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_resource_limits -short_description: Configure resource limits in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and resource_limits category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_resource_limits: - description: - - Configure resource limits. - default: null - type: dict - suboptions: - custom_service: - description: - - Maximum number of firewall custom services. - type: int - dialup_tunnel: - description: - - Maximum number of dial-up tunnels. - type: int - firewall_address: - description: - - Maximum number of firewall addresses (IPv4, IPv6, multicast). - type: int - firewall_addrgrp: - description: - - Maximum number of firewall address groups (IPv4, IPv6). - type: int - firewall_policy: - description: - - Maximum number of firewall policies (IPv4, IPv6, policy46, policy64, DoS-policy4, DoS-policy6, multicast). - type: int - ipsec_phase1: - description: - - Maximum number of VPN IPsec phase1 tunnels. - type: int - ipsec_phase1_interface: - description: - - Maximum number of VPN IPsec phase1 interface tunnels. - type: int - ipsec_phase2: - description: - - Maximum number of VPN IPsec phase2 tunnels. - type: int - ipsec_phase2_interface: - description: - - Maximum number of VPN IPsec phase2 interface tunnels. - type: int - log_disk_quota: - description: - - Log disk quota in MB. - type: int - onetime_schedule: - description: - - Maximum number of firewall one-time schedules. - type: int - proxy: - description: - - Maximum number of concurrent proxy users. - type: int - recurring_schedule: - description: - - Maximum number of firewall recurring schedules. - type: int - service_group: - description: - - Maximum number of firewall service groups. - type: int - session: - description: - - Maximum number of sessions. - type: int - sslvpn: - description: - - Maximum number of SSL-VPN. - type: int - user: - description: - - Maximum number of local users. - type: int - user_group: - description: - - Maximum number of user groups. - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure resource limits. - fortios_system_resource_limits: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_resource_limits: - custom_service: "3" - dialup_tunnel: "4" - firewall_address: "5" - firewall_addrgrp: "6" - firewall_policy: "7" - ipsec_phase1: "8" - ipsec_phase1_interface: "9" - ipsec_phase2: "10" - ipsec_phase2_interface: "11" - log_disk_quota: "12" - onetime_schedule: "13" - proxy: "14" - recurring_schedule: "15" - service_group: "16" - session: "17" - sslvpn: "18" - user: "19" - user_group: "20" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_resource_limits_data(json): - option_list = ['custom_service', 'dialup_tunnel', 'firewall_address', - 'firewall_addrgrp', 'firewall_policy', 'ipsec_phase1', - 'ipsec_phase1_interface', 'ipsec_phase2', 'ipsec_phase2_interface', - 'log_disk_quota', 'onetime_schedule', 'proxy', - 'recurring_schedule', 'service_group', 'session', - 'sslvpn', 'user', 'user_group'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_resource_limits(data, fos): - vdom = data['vdom'] - system_resource_limits_data = data['system_resource_limits'] - filtered_data = underscore_to_hyphen(filter_system_resource_limits_data(system_resource_limits_data)) - - return fos.set('system', - 'resource-limits', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_resource_limits']: - resp = system_resource_limits(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_resource_limits": { - "required": False, "type": "dict", "default": None, - "options": { - "custom_service": {"required": False, "type": "int"}, - "dialup_tunnel": {"required": False, "type": "int"}, - "firewall_address": {"required": False, "type": "int"}, - "firewall_addrgrp": {"required": False, "type": "int"}, - "firewall_policy": {"required": False, "type": "int"}, - "ipsec_phase1": {"required": False, "type": "int"}, - "ipsec_phase1_interface": {"required": False, "type": "int"}, - "ipsec_phase2": {"required": False, "type": "int"}, - "ipsec_phase2_interface": {"required": False, "type": "int"}, - "log_disk_quota": {"required": False, "type": "int"}, - "onetime_schedule": {"required": False, "type": "int"}, - "proxy": {"required": False, "type": "int"}, - "recurring_schedule": {"required": False, "type": "int"}, - "service_group": {"required": False, "type": "int"}, - "session": {"required": False, "type": "int"}, - "sslvpn": {"required": False, "type": "int"}, - "user": {"required": False, "type": "int"}, - "user_group": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_sdn_connector.py b/lib/ansible/modules/network/fortios/fortios_system_sdn_connector.py deleted file mode 100644 index a67bcfbb5c3..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_sdn_connector.py +++ /dev/null @@ -1,665 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_sdn_connector -short_description: Configure connection to SDN Connector in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and sdn_connector category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - system_sdn_connector: - description: - - Configure connection to SDN Connector. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - access_key: - description: - - AWS access key ID. - type: str - azure_region: - description: - - Azure server region. - type: str - choices: - - global - - china - - germany - - usgov - - local - client_id: - description: - - Azure client ID (application ID). - type: str - client_secret: - description: - - Azure client secret (application key). - type: str - compartment_id: - description: - - Compartment ID. - type: str - external_ip: - description: - - Configure GCP external IP. - type: list - suboptions: - name: - description: - - External IP name. - required: true - type: str - gcp_project: - description: - - GCP project name. - type: str - key_passwd: - description: - - Private key password. - type: str - login_endpoint: - description: - - Azure Stack login enpoint. - type: str - name: - description: - - SDN connector name. - required: true - type: str - nic: - description: - - Configure Azure network interface. - type: list - suboptions: - ip: - description: - - Configure IP configuration. - type: list - suboptions: - name: - description: - - IP configuration name. - required: true - type: str - public_ip: - description: - - Public IP name. - type: str - name: - description: - - Network interface name. - required: true - type: str - oci_cert: - description: - - OCI certificate. Source certificate.local.name. - type: str - oci_fingerprint: - description: - - OCI pubkey fingerprint. - type: str - oci_region: - description: - - OCI server region. - type: str - choices: - - phoenix - - ashburn - - frankfurt - - london - password: - description: - - Password of the remote SDN connector as login credentials. - type: str - private_key: - description: - - Private key of GCP service account. - type: str - region: - description: - - AWS region name. - type: str - resource_group: - description: - - Azure resource group. - type: str - resource_url: - description: - - Azure Stack resource URL. - type: str - route: - description: - - Configure GCP route. - type: list - suboptions: - name: - description: - - Route name. - required: true - type: str - route_table: - description: - - Configure Azure route table. - type: list - suboptions: - name: - description: - - Route table name. - required: true - type: str - route: - description: - - Configure Azure route. - type: list - suboptions: - name: - description: - - Route name. - required: true - type: str - next_hop: - description: - - Next hop address. - type: str - secret_key: - description: - - AWS secret access key. - type: str - server: - description: - - Server address of the remote SDN connector. - type: str - server_port: - description: - - Port number of the remote SDN connector. - type: int - service_account: - description: - - GCP service account email. - type: str - status: - description: - - Enable/disable connection to the remote SDN connector. - type: str - choices: - - disable - - enable - subscription_id: - description: - - Azure subscription ID. - type: str - tenant_id: - description: - - Tenant ID (directory ID). - type: str - type: - description: - - Type of SDN connector. - type: str - choices: - - aci - - aws - - azure - - gcp - - nsx - - nuage - - oci - - openstack - update_interval: - description: - - Dynamic object update interval (0 - 3600 sec, 0 means disabled). - type: int - use_metadata_iam: - description: - - Enable/disable using IAM role from metadata to call API. - type: str - choices: - - disable - - enable - user_id: - description: - - User ID. - type: str - username: - description: - - Username of the remote SDN connector as login credentials. - type: str - vpc_id: - description: - - AWS VPC ID. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure connection to SDN Connector. - fortios_system_sdn_connector: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_sdn_connector: - access_key: "" - azure_region: "global" - client_id: "" - client_secret: "" - compartment_id: "" - external_ip: - - - name: "default_name_9" - gcp_project: "" - key_passwd: "" - login_endpoint: "" - name: "default_name_13" - nic: - - - ip: - - - name: "default_name_16" - public_ip: "" - name: "default_name_18" - oci_cert: " (source certificate.local.name)" - oci_fingerprint: "" - oci_region: "phoenix" - password: "" - private_key: "" - region: "" - resource_group: "" - resource_url: "" - route: - - - name: "default_name_28" - route_table: - - - name: "default_name_30" - route: - - - name: "default_name_32" - next_hop: "" - secret_key: "" - server: "192.168.100.40" - server_port: "36" - service_account: "" - status: "disable" - subscription_id: "" - tenant_id: "" - type: "aci" - update_interval: "42" - use_metadata_iam: "disable" - user_id: "" - username: "" - vpc_id: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_sdn_connector_data(json): - option_list = ['access_key', 'azure_region', 'client_id', - 'client_secret', 'compartment_id', 'external_ip', - 'gcp_project', 'key_passwd', 'login_endpoint', - 'name', 'nic', 'oci_cert', - 'oci_fingerprint', 'oci_region', 'password', - 'private_key', 'region', 'resource_group', - 'resource_url', 'route', 'route_table', - 'secret_key', 'server', 'server_port', - 'service_account', 'status', 'subscription_id', - 'tenant_id', 'type', 'update_interval', - 'use_metadata_iam', 'user_id', 'username', - 'vpc_id'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_sdn_connector(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['system_sdn_connector'] and data['system_sdn_connector']: - state = data['system_sdn_connector']['state'] - else: - state = True - system_sdn_connector_data = data['system_sdn_connector'] - filtered_data = underscore_to_hyphen(filter_system_sdn_connector_data(system_sdn_connector_data)) - - if state == "present": - return fos.set('system', - 'sdn-connector', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'sdn-connector', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_sdn_connector']: - resp = system_sdn_connector(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "system_sdn_connector": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "access_key": {"required": False, "type": "str"}, - "azure_region": {"required": False, "type": "str", - "choices": ["global", "china", "germany", - "usgov", "local"]}, - "client_id": {"required": False, "type": "str"}, - "client_secret": {"required": False, "type": "str"}, - "compartment_id": {"required": False, "type": "str"}, - "external_ip": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "gcp_project": {"required": False, "type": "str"}, - "key_passwd": {"required": False, "type": "str"}, - "login_endpoint": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "nic": {"required": False, "type": "list", - "options": { - "ip": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"}, - "public_ip": {"required": False, "type": "str"} - }}, - "name": {"required": True, "type": "str"} - }}, - "oci_cert": {"required": False, "type": "str"}, - "oci_fingerprint": {"required": False, "type": "str"}, - "oci_region": {"required": False, "type": "str", - "choices": ["phoenix", "ashburn", "frankfurt", - "london"]}, - "password": {"required": False, "type": "str"}, - "private_key": {"required": False, "type": "str"}, - "region": {"required": False, "type": "str"}, - "resource_group": {"required": False, "type": "str"}, - "resource_url": {"required": False, "type": "str"}, - "route": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "route_table": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"}, - "route": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"}, - "next_hop": {"required": False, "type": "str"} - }} - }}, - "secret_key": {"required": False, "type": "str"}, - "server": {"required": False, "type": "str"}, - "server_port": {"required": False, "type": "int"}, - "service_account": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "subscription_id": {"required": False, "type": "str"}, - "tenant_id": {"required": False, "type": "str"}, - "type": {"required": False, "type": "str", - "choices": ["aci", "aws", "azure", - "gcp", "nsx", "nuage", - "oci", "openstack"]}, - "update_interval": {"required": False, "type": "int"}, - "use_metadata_iam": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "user_id": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "vpc_id": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_session_helper.py b/lib/ansible/modules/network/fortios/fortios_system_session_helper.py deleted file mode 100644 index dc53547e6c0..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_session_helper.py +++ /dev/null @@ -1,353 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_session_helper -short_description: Configure session helper in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and session_helper category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_session_helper: - description: - - Configure session helper. - default: null - type: dict - suboptions: - id: - description: - - Session helper ID. - required: true - type: int - name: - description: - - Helper name. - type: str - choices: - - ftp - - tftp - - ras - - h323 - - tns - - mms - - sip - - pptp - - rtsp - - dns-udp - - dns-tcp - - pmap - - rsh - - dcerpc - - mgcp - - gtp-c - - gtp-u - - gtp-b - port: - description: - - Protocol port. - type: int - protocol: - description: - - Protocol number. - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure session helper. - fortios_system_session_helper: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_session_helper: - id: "3" - name: "default_name_4" - port: "5" - protocol: "6" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_session_helper_data(json): - option_list = ['id', 'name', 'port', - 'protocol'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_session_helper(data, fos): - vdom = data['vdom'] - state = data['state'] - system_session_helper_data = data['system_session_helper'] - filtered_data = underscore_to_hyphen(filter_system_session_helper_data(system_session_helper_data)) - - if state == "present": - return fos.set('system', - 'session-helper', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'session-helper', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_session_helper']: - resp = system_session_helper(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_session_helper": { - "required": False, "type": "dict", "default": None, - "options": { - "id": {"required": True, "type": "int"}, - "name": {"required": False, "type": "str", - "choices": ["ftp", "tftp", "ras", - "h323", "tns", "mms", - "sip", "pptp", "rtsp", - "dns-udp", "dns-tcp", "pmap", - "rsh", "dcerpc", "mgcp", - "gtp-c", "gtp-u", "gtp-b"]}, - "port": {"required": False, "type": "int"}, - "protocol": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_session_ttl.py b/lib/ansible/modules/network/fortios/fortios_system_session_ttl.py deleted file mode 100644 index 0da01409184..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_session_ttl.py +++ /dev/null @@ -1,330 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_session_ttl -short_description: Configure global session TTL timers for this FortiGate in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and session_ttl category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_session_ttl: - description: - - Configure global session TTL timers for this FortiGate. - default: null - type: dict - suboptions: - default: - description: - - Default timeout. - type: str - port: - description: - - Session TTL port. - type: list - suboptions: - end_port: - description: - - End port number. - type: int - id: - description: - - Table entry ID. - required: true - type: int - protocol: - description: - - Protocol (0 - 255). - type: int - start_port: - description: - - Start port number. - type: int - timeout: - description: - - Session timeout (TTL). - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure global session TTL timers for this FortiGate. - fortios_system_session_ttl: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_session_ttl: - default: "" - port: - - - end_port: "5" - id: "6" - protocol: "7" - start_port: "8" - timeout: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_session_ttl_data(json): - option_list = ['default', 'port'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_session_ttl(data, fos): - vdom = data['vdom'] - system_session_ttl_data = data['system_session_ttl'] - filtered_data = underscore_to_hyphen(filter_system_session_ttl_data(system_session_ttl_data)) - - return fos.set('system', - 'session-ttl', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_session_ttl']: - resp = system_session_ttl(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_session_ttl": { - "required": False, "type": "dict", "default": None, - "options": { - "default": {"required": False, "type": "str"}, - "port": {"required": False, "type": "list", - "options": { - "end_port": {"required": False, "type": "int"}, - "id": {"required": True, "type": "int"}, - "protocol": {"required": False, "type": "int"}, - "start_port": {"required": False, "type": "int"}, - "timeout": {"required": False, "type": "str"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_settings.py b/lib/ansible/modules/network/fortios/fortios_system_settings.py deleted file mode 100644 index 07280e10fff..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_settings.py +++ /dev/null @@ -1,1369 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_settings -short_description: Configure VDOM settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and settings category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - system_settings: - description: - - Configure VDOM settings. - default: null - type: dict - suboptions: - allow_linkdown_path: - description: - - Enable/disable link down path. - type: str - choices: - - enable - - disable - allow_subnet_overlap: - description: - - Enable/disable allowing interface subnets to use overlapping IP addresses. - type: str - choices: - - enable - - disable - asymroute: - description: - - Enable/disable IPv4 asymmetric routing. - type: str - choices: - - enable - - disable - asymroute_icmp: - description: - - Enable/disable ICMP asymmetric routing. - type: str - choices: - - enable - - disable - asymroute6: - description: - - Enable/disable asymmetric IPv6 routing. - type: str - choices: - - enable - - disable - asymroute6_icmp: - description: - - Enable/disable asymmetric ICMPv6 routing. - type: str - choices: - - enable - - disable - bfd: - description: - - Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. - type: str - choices: - - enable - - disable - bfd_desired_min_tx: - description: - - BFD desired minimal transmit interval (1 - 100000 ms). - type: int - bfd_detect_mult: - description: - - BFD detection multiplier (1 - 50). - type: int - bfd_dont_enforce_src_port: - description: - - Enable to not enforce verifying the source port of BFD Packets. - type: str - choices: - - enable - - disable - bfd_required_min_rx: - description: - - BFD required minimal receive interval (1 - 100000 ms). - type: int - block_land_attack: - description: - - Enable/disable blocking of land attacks. - type: str - choices: - - disable - - enable - central_nat: - description: - - Enable/disable central NAT. - type: str - choices: - - enable - - disable - comments: - description: - - VDOM comments. - type: str - compliance_check: - description: - - Enable/disable PCI DSS compliance checking. - type: str - choices: - - enable - - disable - default_voip_alg_mode: - description: - - Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn't include a VoIP profile. - type: str - choices: - - proxy-based - - kernel-helper-based - deny_tcp_with_icmp: - description: - - Enable/disable denying TCP by sending an ICMP communication prohibited packet. - type: str - choices: - - enable - - disable - device: - description: - - Interface to use for management access for NAT mode. Source system.interface.name. - type: str - dhcp_proxy: - description: - - Enable/disable the DHCP Proxy. - type: str - choices: - - enable - - disable - dhcp_server_ip: - description: - - DHCP Server IPv4 address. - type: str - dhcp6_server_ip: - description: - - DHCPv6 server IPv6 address. - type: str - discovered_device_timeout: - description: - - Timeout for discovered devices (1 - 365 days). - type: int - ecmp_max_paths: - description: - - Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing (1 - 100). - type: int - email_portal_check_dns: - description: - - Enable/disable using DNS to validate email addresses collected by a captive portal. - type: str - choices: - - disable - - enable - firewall_session_dirty: - description: - - Select how to manage sessions affected by firewall policy configuration changes. - type: str - choices: - - check-all - - check-new - - check-policy-option - fw_session_hairpin: - description: - - Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. - type: str - choices: - - enable - - disable - gateway: - description: - - Transparent mode IPv4 default gateway IP address. - type: str - gateway6: - description: - - Transparent mode IPv4 default gateway IP address. - type: str - gui_advanced_policy: - description: - - Enable/disable advanced policy configuration on the GUI. - type: str - choices: - - enable - - disable - gui_allow_unnamed_policy: - description: - - Enable/disable the requirement for policy naming on the GUI. - type: str - choices: - - enable - - disable - gui_antivirus: - description: - - Enable/disable AntiVirus on the GUI. - type: str - choices: - - enable - - disable - gui_ap_profile: - description: - - Enable/disable FortiAP profiles on the GUI. - type: str - choices: - - enable - - disable - gui_application_control: - description: - - Enable/disable application control on the GUI. - type: str - choices: - - enable - - disable - gui_default_policy_columns: - description: - - Default columns to display for policy lists on GUI. - type: list - suboptions: - name: - description: - - Select column name. - required: true - type: str - gui_dhcp_advanced: - description: - - Enable/disable advanced DHCP options on the GUI. - type: str - choices: - - enable - - disable - gui_dlp: - description: - - Enable/disable DLP on the GUI. - type: str - choices: - - enable - - disable - gui_dns_database: - description: - - Enable/disable DNS database settings on the GUI. - type: str - choices: - - enable - - disable - gui_dnsfilter: - description: - - Enable/disable DNS Filtering on the GUI. - type: str - choices: - - enable - - disable - gui_domain_ip_reputation: - description: - - Enable/disable Domain and IP Reputation on the GUI. - type: str - choices: - - enable - - disable - gui_dos_policy: - description: - - Enable/disable DoS policies on the GUI. - type: str - choices: - - enable - - disable - gui_dynamic_profile_display: - description: - - Enable/disable RADIUS Single Sign On (RSSO) on the GUI. - type: str - choices: - - enable - - disable - gui_dynamic_routing: - description: - - Enable/disable dynamic routing on the GUI. - type: str - choices: - - enable - - disable - gui_email_collection: - description: - - Enable/disable email collection on the GUI. - type: str - choices: - - enable - - disable - gui_endpoint_control: - description: - - Enable/disable endpoint control on the GUI. - type: str - choices: - - enable - - disable - gui_endpoint_control_advanced: - description: - - Enable/disable advanced endpoint control options on the GUI. - type: str - choices: - - enable - - disable - gui_explicit_proxy: - description: - - Enable/disable the explicit proxy on the GUI. - type: str - choices: - - enable - - disable - gui_fortiap_split_tunneling: - description: - - Enable/disable FortiAP split tunneling on the GUI. - type: str - choices: - - enable - - disable - gui_fortiextender_controller: - description: - - Enable/disable FortiExtender on the GUI. - type: str - choices: - - enable - - disable - gui_icap: - description: - - Enable/disable ICAP on the GUI. - type: str - choices: - - enable - - disable - gui_implicit_policy: - description: - - Enable/disable implicit firewall policies on the GUI. - type: str - choices: - - enable - - disable - gui_ips: - description: - - Enable/disable IPS on the GUI. - type: str - choices: - - enable - - disable - gui_load_balance: - description: - - Enable/disable server load balancing on the GUI. - type: str - choices: - - enable - - disable - gui_local_in_policy: - description: - - Enable/disable Local-In policies on the GUI. - type: str - choices: - - enable - - disable - gui_local_reports: - description: - - Enable/disable local reports on the GUI. - type: str - choices: - - enable - - disable - gui_multicast_policy: - description: - - Enable/disable multicast firewall policies on the GUI. - type: str - choices: - - enable - - disable - gui_multiple_interface_policy: - description: - - Enable/disable adding multiple interfaces to a policy on the GUI. - type: str - choices: - - enable - - disable - gui_multiple_utm_profiles: - description: - - Enable/disable multiple UTM profiles on the GUI. - type: str - choices: - - enable - - disable - gui_nat46_64: - description: - - Enable/disable NAT46 and NAT64 settings on the GUI. - type: str - choices: - - enable - - disable - gui_object_colors: - description: - - Enable/disable object colors on the GUI. - type: str - choices: - - enable - - disable - gui_policy_based_ipsec: - description: - - Enable/disable policy-based IPsec VPN on the GUI. - type: str - choices: - - enable - - disable - gui_policy_learning: - description: - - Enable/disable firewall policy learning mode on the GUI. - type: str - choices: - - enable - - disable - gui_replacement_message_groups: - description: - - Enable/disable replacement message groups on the GUI. - type: str - choices: - - enable - - disable - gui_spamfilter: - description: - - Enable/disable Antispam on the GUI. - type: str - choices: - - enable - - disable - gui_sslvpn_personal_bookmarks: - description: - - Enable/disable SSL-VPN personal bookmark management on the GUI. - type: str - choices: - - enable - - disable - gui_sslvpn_realms: - description: - - Enable/disable SSL-VPN realms on the GUI. - type: str - choices: - - enable - - disable - gui_switch_controller: - description: - - Enable/disable the switch controller on the GUI. - type: str - choices: - - enable - - disable - gui_threat_weight: - description: - - Enable/disable threat weight on the GUI. - type: str - choices: - - enable - - disable - gui_traffic_shaping: - description: - - Enable/disable traffic shaping on the GUI. - type: str - choices: - - enable - - disable - gui_voip_profile: - description: - - Enable/disable VoIP profiles on the GUI. - type: str - choices: - - enable - - disable - gui_vpn: - description: - - Enable/disable VPN tunnels on the GUI. - type: str - choices: - - enable - - disable - gui_waf_profile: - description: - - Enable/disable Web Application Firewall on the GUI. - type: str - choices: - - enable - - disable - gui_wan_load_balancing: - description: - - Enable/disable SD-WAN on the GUI. - type: str - choices: - - enable - - disable - gui_wanopt_cache: - description: - - Enable/disable WAN Optimization and Web Caching on the GUI. - type: str - choices: - - enable - - disable - gui_webfilter: - description: - - Enable/disable Web filtering on the GUI. - type: str - choices: - - enable - - disable - gui_webfilter_advanced: - description: - - Enable/disable advanced web filtering on the GUI. - type: str - choices: - - enable - - disable - gui_wireless_controller: - description: - - Enable/disable the wireless controller on the GUI. - type: str - choices: - - enable - - disable - http_external_dest: - description: - - Offload HTTP traffic to FortiWeb or FortiCache. - type: str - choices: - - fortiweb - - forticache - ike_dn_format: - description: - - Configure IKE ASN.1 Distinguished Name format conventions. - type: str - choices: - - with-space - - no-space - ike_quick_crash_detect: - description: - - Enable/disable IKE quick crash detection (RFC 6290). - type: str - choices: - - enable - - disable - ike_session_resume: - description: - - Enable/disable IKEv2 session resumption (RFC 5723). - type: str - choices: - - enable - - disable - implicit_allow_dns: - description: - - Enable/disable implicitly allowing DNS traffic. - type: str - choices: - - enable - - disable - inspection_mode: - description: - - Inspection mode (proxy-based or flow-based). - type: str - choices: - - proxy - - flow - ip: - description: - - IP address and netmask. - type: str - ip6: - description: - - IPv6 address prefix for NAT mode. - type: str - link_down_access: - description: - - Enable/disable link down access traffic. - type: str - choices: - - enable - - disable - lldp_transmission: - description: - - Enable/disable Link Layer Discovery Protocol (LLDP) for this VDOM or apply global settings to this VDOM. - type: str - choices: - - enable - - disable - - global - mac_ttl: - description: - - Duration of MAC addresses in Transparent mode (300 - 8640000 sec). - type: int - manageip: - description: - - Transparent mode IPv4 management IP address and netmask. - type: str - manageip6: - description: - - Transparent mode IPv6 management IP address and netmask. - type: str - multicast_forward: - description: - - Enable/disable multicast forwarding. - type: str - choices: - - enable - - disable - multicast_skip_policy: - description: - - Enable/disable allowing multicast traffic through the FortiGate without a policy check. - type: str - choices: - - enable - - disable - multicast_ttl_notchange: - description: - - Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. - type: str - choices: - - enable - - disable - ngfw_mode: - description: - - Next Generation Firewall (NGFW) mode. - type: str - choices: - - profile-based - - policy-based - opmode: - description: - - Firewall operation mode (NAT or Transparent). - type: str - choices: - - nat - - transparent - prp_trailer_action: - description: - - Enable/disable action to take on PRP trailer. - type: str - choices: - - enable - - disable - sccp_port: - description: - - TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535). - type: int - ses_denied_traffic: - description: - - Enable/disable including denied session in the session table. - type: str - choices: - - enable - - disable - sip_helper: - description: - - Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway - (ALG). - type: str - choices: - - enable - - disable - sip_nat_trace: - description: - - Enable/disable recording the original SIP source IP address when NAT is used. - type: str - choices: - - enable - - disable - sip_ssl_port: - description: - - TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535). - type: int - sip_tcp_port: - description: - - TCP port the SIP proxy monitors for SIP traffic (0 - 65535). - type: int - sip_udp_port: - description: - - UDP port the SIP proxy monitors for SIP traffic (0 - 65535). - type: int - snat_hairpin_traffic: - description: - - Enable/disable source NAT (SNAT) for hairpin traffic. - type: str - choices: - - enable - - disable - ssl_ssh_profile: - description: - - Profile for SSL/SSH inspection. Source firewall.ssl-ssh-profile.name. - type: str - status: - description: - - Enable/disable this VDOM. - type: str - choices: - - enable - - disable - strict_src_check: - description: - - Enable/disable strict source verification. - type: str - choices: - - enable - - disable - tcp_session_without_syn: - description: - - Enable/disable allowing TCP session without SYN flags. - type: str - choices: - - enable - - disable - utf8_spam_tagging: - description: - - Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. - type: str - choices: - - enable - - disable - v4_ecmp_mode: - description: - - IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. - type: str - choices: - - source-ip-based - - weight-based - - usage-based - - source-dest-ip-based - vpn_stats_log: - description: - - Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. - type: str - choices: - - ipsec - - pptp - - l2tp - - ssl - vpn_stats_period: - description: - - Period to send VPN log statistics (60 - 86400 sec). - type: int - wccp_cache_engine: - description: - - Enable/disable WCCP cache engine. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure VDOM settings. - fortios_system_settings: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_settings: - allow_linkdown_path: "enable" - allow_subnet_overlap: "enable" - asymroute: "enable" - asymroute_icmp: "enable" - asymroute6: "enable" - asymroute6_icmp: "enable" - bfd: "enable" - bfd_desired_min_tx: "10" - bfd_detect_mult: "11" - bfd_dont_enforce_src_port: "enable" - bfd_required_min_rx: "13" - block_land_attack: "disable" - central_nat: "enable" - comments: "" - compliance_check: "enable" - default_voip_alg_mode: "proxy-based" - deny_tcp_with_icmp: "enable" - device: " (source system.interface.name)" - dhcp_proxy: "enable" - dhcp_server_ip: "" - dhcp6_server_ip: "" - discovered_device_timeout: "24" - ecmp_max_paths: "25" - email_portal_check_dns: "disable" - firewall_session_dirty: "check-all" - fw_session_hairpin: "enable" - gateway: "" - gateway6: "" - gui_advanced_policy: "enable" - gui_allow_unnamed_policy: "enable" - gui_antivirus: "enable" - gui_ap_profile: "enable" - gui_application_control: "enable" - gui_default_policy_columns: - - - name: "default_name_37" - gui_dhcp_advanced: "enable" - gui_dlp: "enable" - gui_dns_database: "enable" - gui_dnsfilter: "enable" - gui_domain_ip_reputation: "enable" - gui_dos_policy: "enable" - gui_dynamic_profile_display: "enable" - gui_dynamic_routing: "enable" - gui_email_collection: "enable" - gui_endpoint_control: "enable" - gui_endpoint_control_advanced: "enable" - gui_explicit_proxy: "enable" - gui_fortiap_split_tunneling: "enable" - gui_fortiextender_controller: "enable" - gui_icap: "enable" - gui_implicit_policy: "enable" - gui_ips: "enable" - gui_load_balance: "enable" - gui_local_in_policy: "enable" - gui_local_reports: "enable" - gui_multicast_policy: "enable" - gui_multiple_interface_policy: "enable" - gui_multiple_utm_profiles: "enable" - gui_nat46_64: "enable" - gui_object_colors: "enable" - gui_policy_based_ipsec: "enable" - gui_policy_learning: "enable" - gui_replacement_message_groups: "enable" - gui_spamfilter: "enable" - gui_sslvpn_personal_bookmarks: "enable" - gui_sslvpn_realms: "enable" - gui_switch_controller: "enable" - gui_threat_weight: "enable" - gui_traffic_shaping: "enable" - gui_voip_profile: "enable" - gui_vpn: "enable" - gui_waf_profile: "enable" - gui_wan_load_balancing: "enable" - gui_wanopt_cache: "enable" - gui_webfilter: "enable" - gui_webfilter_advanced: "enable" - gui_wireless_controller: "enable" - http_external_dest: "fortiweb" - ike_dn_format: "with-space" - ike_quick_crash_detect: "enable" - ike_session_resume: "enable" - implicit_allow_dns: "enable" - inspection_mode: "proxy" - ip: "" - ip6: "" - link_down_access: "enable" - lldp_transmission: "enable" - mac_ttl: "90" - manageip: "" - manageip6: "" - multicast_forward: "enable" - multicast_skip_policy: "enable" - multicast_ttl_notchange: "enable" - ngfw_mode: "profile-based" - opmode: "nat" - prp_trailer_action: "enable" - sccp_port: "99" - ses_denied_traffic: "enable" - sip_helper: "enable" - sip_nat_trace: "enable" - sip_ssl_port: "103" - sip_tcp_port: "104" - sip_udp_port: "105" - snat_hairpin_traffic: "enable" - ssl_ssh_profile: " (source firewall.ssl-ssh-profile.name)" - status: "enable" - strict_src_check: "enable" - tcp_session_without_syn: "enable" - utf8_spam_tagging: "enable" - v4_ecmp_mode: "source-ip-based" - vpn_stats_log: "ipsec" - vpn_stats_period: "114" - wccp_cache_engine: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_settings_data(json): - option_list = ['allow_linkdown_path', 'allow_subnet_overlap', 'asymroute', - 'asymroute_icmp', 'asymroute6', 'asymroute6_icmp', - 'bfd', 'bfd_desired_min_tx', 'bfd_detect_mult', - 'bfd_dont_enforce_src_port', 'bfd_required_min_rx', 'block_land_attack', - 'central_nat', 'comments', 'compliance_check', - 'default_voip_alg_mode', 'deny_tcp_with_icmp', 'device', - 'dhcp_proxy', 'dhcp_server_ip', 'dhcp6_server_ip', - 'discovered_device_timeout', 'ecmp_max_paths', 'email_portal_check_dns', - 'firewall_session_dirty', 'fw_session_hairpin', 'gateway', - 'gateway6', 'gui_advanced_policy', 'gui_allow_unnamed_policy', - 'gui_antivirus', 'gui_ap_profile', 'gui_application_control', - 'gui_default_policy_columns', 'gui_dhcp_advanced', 'gui_dlp', - 'gui_dns_database', 'gui_dnsfilter', 'gui_domain_ip_reputation', - 'gui_dos_policy', 'gui_dynamic_profile_display', 'gui_dynamic_routing', - 'gui_email_collection', 'gui_endpoint_control', 'gui_endpoint_control_advanced', - 'gui_explicit_proxy', 'gui_fortiap_split_tunneling', 'gui_fortiextender_controller', - 'gui_icap', 'gui_implicit_policy', 'gui_ips', - 'gui_load_balance', 'gui_local_in_policy', 'gui_local_reports', - 'gui_multicast_policy', 'gui_multiple_interface_policy', 'gui_multiple_utm_profiles', - 'gui_nat46_64', 'gui_object_colors', 'gui_policy_based_ipsec', - 'gui_policy_learning', 'gui_replacement_message_groups', 'gui_spamfilter', - 'gui_sslvpn_personal_bookmarks', 'gui_sslvpn_realms', 'gui_switch_controller', - 'gui_threat_weight', 'gui_traffic_shaping', 'gui_voip_profile', - 'gui_vpn', 'gui_waf_profile', 'gui_wan_load_balancing', - 'gui_wanopt_cache', 'gui_webfilter', 'gui_webfilter_advanced', - 'gui_wireless_controller', 'http_external_dest', 'ike_dn_format', - 'ike_quick_crash_detect', 'ike_session_resume', 'implicit_allow_dns', - 'inspection_mode', 'ip', 'ip6', - 'link_down_access', 'lldp_transmission', 'mac_ttl', - 'manageip', 'manageip6', 'multicast_forward', - 'multicast_skip_policy', 'multicast_ttl_notchange', 'ngfw_mode', - 'opmode', 'prp_trailer_action', 'sccp_port', - 'ses_denied_traffic', 'sip_helper', 'sip_nat_trace', - 'sip_ssl_port', 'sip_tcp_port', 'sip_udp_port', - 'snat_hairpin_traffic', 'ssl_ssh_profile', 'status', - 'strict_src_check', 'tcp_session_without_syn', 'utf8_spam_tagging', - 'v4_ecmp_mode', 'vpn_stats_log', 'vpn_stats_period', - 'wccp_cache_engine'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_settings(data, fos): - vdom = data['vdom'] - system_settings_data = data['system_settings'] - filtered_data = underscore_to_hyphen(filter_system_settings_data(system_settings_data)) - - return fos.set('system', - 'settings', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_settings']: - resp = system_settings(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_settings": { - "required": False, "type": "dict", "default": None, - "options": { - "allow_linkdown_path": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "allow_subnet_overlap": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "asymroute": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "asymroute_icmp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "asymroute6": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "asymroute6_icmp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "bfd": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "bfd_desired_min_tx": {"required": False, "type": "int"}, - "bfd_detect_mult": {"required": False, "type": "int"}, - "bfd_dont_enforce_src_port": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "bfd_required_min_rx": {"required": False, "type": "int"}, - "block_land_attack": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "central_nat": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "comments": {"required": False, "type": "str"}, - "compliance_check": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "default_voip_alg_mode": {"required": False, "type": "str", - "choices": ["proxy-based", "kernel-helper-based"]}, - "deny_tcp_with_icmp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "device": {"required": False, "type": "str"}, - "dhcp_proxy": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dhcp_server_ip": {"required": False, "type": "str"}, - "dhcp6_server_ip": {"required": False, "type": "str"}, - "discovered_device_timeout": {"required": False, "type": "int"}, - "ecmp_max_paths": {"required": False, "type": "int"}, - "email_portal_check_dns": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "firewall_session_dirty": {"required": False, "type": "str", - "choices": ["check-all", "check-new", "check-policy-option"]}, - "fw_session_hairpin": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gateway": {"required": False, "type": "str"}, - "gateway6": {"required": False, "type": "str"}, - "gui_advanced_policy": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_allow_unnamed_policy": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_antivirus": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_ap_profile": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_application_control": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_default_policy_columns": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "gui_dhcp_advanced": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_dlp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_dns_database": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_dnsfilter": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_domain_ip_reputation": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_dos_policy": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_dynamic_profile_display": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_dynamic_routing": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_email_collection": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_endpoint_control": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_endpoint_control_advanced": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_explicit_proxy": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_fortiap_split_tunneling": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_fortiextender_controller": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_icap": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_implicit_policy": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_ips": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_load_balance": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_local_in_policy": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_local_reports": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_multicast_policy": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_multiple_interface_policy": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_multiple_utm_profiles": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_nat46_64": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_object_colors": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_policy_based_ipsec": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_policy_learning": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_replacement_message_groups": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_spamfilter": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_sslvpn_personal_bookmarks": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_sslvpn_realms": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_switch_controller": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_threat_weight": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_traffic_shaping": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_voip_profile": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_vpn": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_waf_profile": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_wan_load_balancing": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_wanopt_cache": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_webfilter": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_webfilter_advanced": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gui_wireless_controller": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "http_external_dest": {"required": False, "type": "str", - "choices": ["fortiweb", "forticache"]}, - "ike_dn_format": {"required": False, "type": "str", - "choices": ["with-space", "no-space"]}, - "ike_quick_crash_detect": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ike_session_resume": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "implicit_allow_dns": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "inspection_mode": {"required": False, "type": "str", - "choices": ["proxy", "flow"]}, - "ip": {"required": False, "type": "str"}, - "ip6": {"required": False, "type": "str"}, - "link_down_access": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "lldp_transmission": {"required": False, "type": "str", - "choices": ["enable", "disable", "global"]}, - "mac_ttl": {"required": False, "type": "int"}, - "manageip": {"required": False, "type": "str"}, - "manageip6": {"required": False, "type": "str"}, - "multicast_forward": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "multicast_skip_policy": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "multicast_ttl_notchange": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ngfw_mode": {"required": False, "type": "str", - "choices": ["profile-based", "policy-based"]}, - "opmode": {"required": False, "type": "str", - "choices": ["nat", "transparent"]}, - "prp_trailer_action": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sccp_port": {"required": False, "type": "int"}, - "ses_denied_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sip_helper": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sip_nat_trace": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sip_ssl_port": {"required": False, "type": "int"}, - "sip_tcp_port": {"required": False, "type": "int"}, - "sip_udp_port": {"required": False, "type": "int"}, - "snat_hairpin_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssl_ssh_profile": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "strict_src_check": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "tcp_session_without_syn": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "utf8_spam_tagging": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "v4_ecmp_mode": {"required": False, "type": "str", - "choices": ["source-ip-based", "weight-based", "usage-based", - "source-dest-ip-based"]}, - "vpn_stats_log": {"required": False, "type": "str", - "choices": ["ipsec", "pptp", "l2tp", - "ssl"]}, - "vpn_stats_period": {"required": False, "type": "int"}, - "wccp_cache_engine": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_sflow.py b/lib/ansible/modules/network/fortios/fortios_system_sflow.py deleted file mode 100644 index 55ada439ede..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_sflow.py +++ /dev/null @@ -1,302 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_sflow -short_description: Configure sFlow in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and sflow category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_sflow: - description: - - Configure sFlow. - default: null - type: dict - suboptions: - collector_ip: - description: - - IP address of the sFlow collector that sFlow agents added to interfaces in this VDOM send sFlow datagrams to . - type: str - collector_port: - description: - - UDP port number used for sending sFlow datagrams (configure only if required by your sFlow collector or your network configuration) (0 - - 65535). - type: int - source_ip: - description: - - Source IP address for sFlow agent. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure sFlow. - fortios_system_sflow: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_sflow: - collector_ip: "" - collector_port: "4" - source_ip: "84.230.14.43" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_sflow_data(json): - option_list = ['collector_ip', 'collector_port', 'source_ip'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_sflow(data, fos): - vdom = data['vdom'] - system_sflow_data = data['system_sflow'] - filtered_data = underscore_to_hyphen(filter_system_sflow_data(system_sflow_data)) - - return fos.set('system', - 'sflow', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_sflow']: - resp = system_sflow(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_sflow": { - "required": False, "type": "dict", "default": None, - "options": { - "collector_ip": {"required": False, "type": "str"}, - "collector_port": {"required": False, "type": "int"}, - "source_ip": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_sit_tunnel.py b/lib/ansible/modules/network/fortios/fortios_system_sit_tunnel.py deleted file mode 100644 index cc0b307161b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_sit_tunnel.py +++ /dev/null @@ -1,334 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_sit_tunnel -short_description: Configure IPv6 tunnel over IPv4 in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and sit_tunnel category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_sit_tunnel: - description: - - Configure IPv6 tunnel over IPv4. - default: null - type: dict - suboptions: - destination: - description: - - Destination IP address of the tunnel. - type: str - interface: - description: - - Interface name. Source system.interface.name. - type: str - ip6: - description: - - IPv6 address of the tunnel. - type: str - name: - description: - - Tunnel name. - required: true - type: str - source: - description: - - Source IP address of the tunnel. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPv6 tunnel over IPv4. - fortios_system_sit_tunnel: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_sit_tunnel: - destination: "" - interface: " (source system.interface.name)" - ip6: "" - name: "default_name_6" - source: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_sit_tunnel_data(json): - option_list = ['destination', 'interface', 'ip6', - 'name', 'source'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_sit_tunnel(data, fos): - vdom = data['vdom'] - state = data['state'] - system_sit_tunnel_data = data['system_sit_tunnel'] - filtered_data = underscore_to_hyphen(filter_system_sit_tunnel_data(system_sit_tunnel_data)) - - if state == "present": - return fos.set('system', - 'sit-tunnel', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'sit-tunnel', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_sit_tunnel']: - resp = system_sit_tunnel(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_sit_tunnel": { - "required": False, "type": "dict", "default": None, - "options": { - "destination": {"required": False, "type": "str"}, - "interface": {"required": False, "type": "str"}, - "ip6": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "source": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_sms_server.py b/lib/ansible/modules/network/fortios/fortios_system_sms_server.py deleted file mode 100644 index f2c3ed9a322..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_sms_server.py +++ /dev/null @@ -1,315 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_sms_server -short_description: Configure SMS server for sending SMS messages to support user authentication in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and sms_server category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_sms_server: - description: - - Configure SMS server for sending SMS messages to support user authentication. - default: null - type: dict - suboptions: - mail_server: - description: - - Email-to-SMS server domain name. - type: str - name: - description: - - Name of SMS server. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure SMS server for sending SMS messages to support user authentication. - fortios_system_sms_server: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_sms_server: - mail_server: "" - name: "default_name_4" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_sms_server_data(json): - option_list = ['mail_server', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_sms_server(data, fos): - vdom = data['vdom'] - state = data['state'] - system_sms_server_data = data['system_sms_server'] - filtered_data = underscore_to_hyphen(filter_system_sms_server_data(system_sms_server_data)) - - if state == "present": - return fos.set('system', - 'sms-server', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'sms-server', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_sms_server']: - resp = system_sms_server(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_sms_server": { - "required": False, "type": "dict", "default": None, - "options": { - "mail_server": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_snmp_community.py b/lib/ansible/modules/network/fortios/fortios_system_snmp_community.py deleted file mode 100644 index 8280259d4d4..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_snmp_community.py +++ /dev/null @@ -1,560 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_snmp_community -short_description: SNMP community configuration in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system_snmp feature and community category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_snmp_community: - description: - - SNMP community configuration. - default: null - type: dict - suboptions: - events: - description: - - SNMP trap events. - type: str - choices: - - cpu-high - - mem-low - - log-full - - intf-ip - - vpn-tun-up - - vpn-tun-down - - ha-switch - - ha-hb-failure - - ips-signature - - ips-anomaly - - av-virus - - av-oversize - - av-pattern - - av-fragmented - - fm-if-change - - fm-conf-change - - bgp-established - - bgp-backward-transition - - ha-member-up - - ha-member-down - - ent-conf-change - - av-conserve - - av-bypass - - av-oversize-passed - - av-oversize-blocked - - ips-pkg-update - - ips-fail-open - - faz-disconnect - - wc-ap-up - - wc-ap-down - - fswctl-session-up - - fswctl-session-down - - load-balance-real-server-down - - device-new - - per-cpu-high - hosts: - description: - - Configure IPv4 SNMP managers (hosts). - type: list - suboptions: - ha_direct: - description: - - Enable/disable direct management of HA cluster members. - type: str - choices: - - enable - - disable - host_type: - description: - - Control whether the SNMP manager sends SNMP queries, receives SNMP traps, or both. - type: str - choices: - - any - - query - - trap - id: - description: - - Host entry ID. - required: true - type: int - ip: - description: - - IPv4 address of the SNMP manager (host). - type: str - source_ip: - description: - - Source IPv4 address for SNMP traps. - type: str - hosts6: - description: - - Configure IPv6 SNMP managers. - type: list - suboptions: - ha_direct: - description: - - Enable/disable direct management of HA cluster members. - type: str - choices: - - enable - - disable - host_type: - description: - - Control whether the SNMP manager sends SNMP queries, receives SNMP traps, or both. - type: str - choices: - - any - - query - - trap - id: - description: - - Host6 entry ID. - required: true - type: int - ipv6: - description: - - SNMP manager IPv6 address prefix. - type: str - source_ipv6: - description: - - Source IPv6 address for SNMP traps. - type: str - id: - description: - - Community ID. - required: true - type: int - name: - description: - - Community name. - type: str - query_v1_port: - description: - - SNMP v1 query port . - type: int - query_v1_status: - description: - - Enable/disable SNMP v1 queries. - type: str - choices: - - enable - - disable - query_v2c_port: - description: - - SNMP v2c query port . - type: int - query_v2c_status: - description: - - Enable/disable SNMP v2c queries. - type: str - choices: - - enable - - disable - status: - description: - - Enable/disable this SNMP community. - type: str - choices: - - enable - - disable - trap_v1_lport: - description: - - SNMP v1 trap local port . - type: int - trap_v1_rport: - description: - - SNMP v1 trap remote port . - type: int - trap_v1_status: - description: - - Enable/disable SNMP v1 traps. - type: str - choices: - - enable - - disable - trap_v2c_lport: - description: - - SNMP v2c trap local port . - type: int - trap_v2c_rport: - description: - - SNMP v2c trap remote port . - type: int - trap_v2c_status: - description: - - Enable/disable SNMP v2c traps. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: SNMP community configuration. - fortios_system_snmp_community: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_snmp_community: - events: "cpu-high" - hosts: - - - ha_direct: "enable" - host_type: "any" - id: "7" - ip: "" - source_ip: "84.230.14.43" - hosts6: - - - ha_direct: "enable" - host_type: "any" - id: "13" - ipv6: "" - source_ipv6: "" - id: "16" - name: "default_name_17" - query_v1_port: "18" - query_v1_status: "enable" - query_v2c_port: "20" - query_v2c_status: "enable" - status: "enable" - trap_v1_lport: "23" - trap_v1_rport: "24" - trap_v1_status: "enable" - trap_v2c_lport: "26" - trap_v2c_rport: "27" - trap_v2c_status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_snmp_community_data(json): - option_list = ['events', 'hosts', 'hosts6', - 'id', 'name', 'query_v1_port', - 'query_v1_status', 'query_v2c_port', 'query_v2c_status', - 'status', 'trap_v1_lport', 'trap_v1_rport', - 'trap_v1_status', 'trap_v2c_lport', 'trap_v2c_rport', - 'trap_v2c_status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_snmp_community(data, fos): - vdom = data['vdom'] - state = data['state'] - system_snmp_community_data = data['system_snmp_community'] - filtered_data = underscore_to_hyphen(filter_system_snmp_community_data(system_snmp_community_data)) - - if state == "present": - return fos.set('system.snmp', - 'community', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system.snmp', - 'community', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system_snmp(data, fos): - - if data['system_snmp_community']: - resp = system_snmp_community(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_snmp_community": { - "required": False, "type": "dict", "default": None, - "options": { - "events": {"required": False, "type": "str", - "choices": ["cpu-high", "mem-low", "log-full", - "intf-ip", "vpn-tun-up", "vpn-tun-down", - "ha-switch", "ha-hb-failure", "ips-signature", - "ips-anomaly", "av-virus", "av-oversize", - "av-pattern", "av-fragmented", "fm-if-change", - "fm-conf-change", "bgp-established", "bgp-backward-transition", - "ha-member-up", "ha-member-down", "ent-conf-change", - "av-conserve", "av-bypass", "av-oversize-passed", - "av-oversize-blocked", "ips-pkg-update", "ips-fail-open", - "faz-disconnect", "wc-ap-up", "wc-ap-down", - "fswctl-session-up", "fswctl-session-down", "load-balance-real-server-down", - "device-new", "per-cpu-high"]}, - "hosts": {"required": False, "type": "list", - "options": { - "ha_direct": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "host_type": {"required": False, "type": "str", - "choices": ["any", "query", "trap"]}, - "id": {"required": True, "type": "int"}, - "ip": {"required": False, "type": "str"}, - "source_ip": {"required": False, "type": "str"} - }}, - "hosts6": {"required": False, "type": "list", - "options": { - "ha_direct": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "host_type": {"required": False, "type": "str", - "choices": ["any", "query", "trap"]}, - "id": {"required": True, "type": "int"}, - "ipv6": {"required": False, "type": "str"}, - "source_ipv6": {"required": False, "type": "str"} - }}, - "id": {"required": True, "type": "int"}, - "name": {"required": False, "type": "str"}, - "query_v1_port": {"required": False, "type": "int"}, - "query_v1_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "query_v2c_port": {"required": False, "type": "int"}, - "query_v2c_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "trap_v1_lport": {"required": False, "type": "int"}, - "trap_v1_rport": {"required": False, "type": "int"}, - "trap_v1_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "trap_v2c_lport": {"required": False, "type": "int"}, - "trap_v2c_rport": {"required": False, "type": "int"}, - "trap_v2c_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system_snmp(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system_snmp(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_snmp_sysinfo.py b/lib/ansible/modules/network/fortios/fortios_system_snmp_sysinfo.py deleted file mode 100644 index b98e90dbe3e..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_snmp_sysinfo.py +++ /dev/null @@ -1,337 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_snmp_sysinfo -short_description: SNMP system info configuration in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system_snmp feature and sysinfo category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_snmp_sysinfo: - description: - - SNMP system info configuration. - default: null - type: dict - suboptions: - contact_info: - description: - - Contact information. - type: str - description: - description: - - System description. - type: str - engine_id: - description: - - Local SNMP engineID string (maximum 24 characters). - type: str - location: - description: - - System location. - type: str - status: - description: - - Enable/disable SNMP. - type: str - choices: - - enable - - disable - trap_high_cpu_threshold: - description: - - CPU usage when trap is sent. - type: int - trap_log_full_threshold: - description: - - Log disk usage when trap is sent. - type: int - trap_low_memory_threshold: - description: - - Memory usage when trap is sent. - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: SNMP system info configuration. - fortios_system_snmp_sysinfo: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_snmp_sysinfo: - contact_info: "" - description: "" - engine_id: "" - location: "" - status: "enable" - trap_high_cpu_threshold: "8" - trap_log_full_threshold: "9" - trap_low_memory_threshold: "10" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_snmp_sysinfo_data(json): - option_list = ['contact_info', 'description', 'engine_id', - 'location', 'status', 'trap_high_cpu_threshold', - 'trap_log_full_threshold', 'trap_low_memory_threshold'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_snmp_sysinfo(data, fos): - vdom = data['vdom'] - system_snmp_sysinfo_data = data['system_snmp_sysinfo'] - filtered_data = underscore_to_hyphen(filter_system_snmp_sysinfo_data(system_snmp_sysinfo_data)) - - return fos.set('system.snmp', - 'sysinfo', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system_snmp(data, fos): - - if data['system_snmp_sysinfo']: - resp = system_snmp_sysinfo(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_snmp_sysinfo": { - "required": False, "type": "dict", "default": None, - "options": { - "contact_info": {"required": False, "type": "str"}, - "description": {"required": False, "type": "str"}, - "engine_id": {"required": False, "type": "str"}, - "location": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "trap_high_cpu_threshold": {"required": False, "type": "int"}, - "trap_log_full_threshold": {"required": False, "type": "int"}, - "trap_low_memory_threshold": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system_snmp(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system_snmp(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_snmp_user.py b/lib/ansible/modules/network/fortios/fortios_system_snmp_user.py deleted file mode 100644 index afe0c74b2df..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_snmp_user.py +++ /dev/null @@ -1,512 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_snmp_user -short_description: SNMP user configuration in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system_snmp feature and user category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_snmp_user: - description: - - SNMP user configuration. - default: null - type: dict - suboptions: - auth_proto: - description: - - Authentication protocol. - type: str - choices: - - md5 - - sha - auth_pwd: - description: - - Password for authentication protocol. - type: str - events: - description: - - SNMP notifications (traps) to send. - type: list - choices: - - cpu-high - - mem-low - - log-full - - intf-ip - - vpn-tun-up - - vpn-tun-down - - ha-switch - - ha-hb-failure - - ips-signature - - ips-anomaly - - av-virus - - av-oversize - - av-pattern - - av-fragmented - - fm-if-change - - fm-conf-change - - bgp-established - - bgp-backward-transition - - ha-member-up - - ha-member-down - - ent-conf-change - - av-conserve - - av-bypass - - av-oversize-passed - - av-oversize-blocked - - ips-pkg-update - - ips-fail-open - - faz-disconnect - - wc-ap-up - - wc-ap-down - - fswctl-session-up - - fswctl-session-down - - load-balance-real-server-down - - device-new - - per-cpu-high - ha_direct: - description: - - Enable/disable direct management of HA cluster members. - type: str - choices: - - enable - - disable - name: - description: - - SNMP user name. - required: true - type: str - notify_hosts: - description: - - SNMP managers to send notifications (traps) to. - type: list - notify_hosts6: - description: - - IPv6 SNMP managers to send notifications (traps) to. - type: list - priv_proto: - description: - - Privacy (encryption) protocol. - type: str - choices: - - aes - - des - - aes256 - - aes256cisco - priv_pwd: - description: - - Password for privacy (encryption) protocol. - type: str - queries: - description: - - Enable/disable SNMP queries for this user. - type: str - choices: - - enable - - disable - query_port: - description: - - SNMPv3 query port . - type: int - security_level: - description: - - Security level for message authentication and encryption. - type: str - choices: - - no-auth-no-priv - - auth-no-priv - - auth-priv - source_ip: - description: - - Source IP for SNMP trap. - type: str - source_ipv6: - description: - - Source IPv6 for SNMP trap. - type: str - status: - description: - - Enable/disable this SNMP user. - type: str - choices: - - enable - - disable - trap_lport: - description: - - SNMPv3 local trap port . - type: int - trap_rport: - description: - - SNMPv3 trap remote port . - type: int - trap_status: - description: - - Enable/disable traps for this SNMP user. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: SNMP user configuration. - fortios_system_snmp_user: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_snmp_user: - auth_proto: "md5" - auth_pwd: "" - events: "cpu-high" - ha_direct: "enable" - name: "default_name_7" - notify_hosts: "" - notify_hosts6: "" - priv_proto: "aes" - priv_pwd: "" - queries: "enable" - query_port: "13" - security_level: "no-auth-no-priv" - source_ip: "84.230.14.43" - source_ipv6: "" - status: "enable" - trap_lport: "18" - trap_rport: "19" - trap_status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_snmp_user_data(json): - option_list = ['auth_proto', 'auth_pwd', 'events', - 'ha_direct', 'name', 'notify_hosts', - 'notify_hosts6', 'priv_proto', 'priv_pwd', - 'queries', 'query_port', 'security_level', - 'source_ip', 'source_ipv6', 'status', - 'trap_lport', 'trap_rport', 'trap_status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def flatten_multilists_attributes(data): - multilist_attrs = [[u'events'], [u'notify_hosts'], [u'notify_hosts6']] - - for attr in multilist_attrs: - try: - path = "data['" + "']['".join(elem for elem in attr) + "']" - current_val = eval(path) - flattened_val = ' '.join(elem for elem in current_val) - exec(path + '= flattened_val') - except BaseException: - pass - - return data - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_snmp_user(data, fos): - vdom = data['vdom'] - state = data['state'] - system_snmp_user_data = data['system_snmp_user'] - system_snmp_user_data = flatten_multilists_attributes(system_snmp_user_data) - filtered_data = underscore_to_hyphen(filter_system_snmp_user_data(system_snmp_user_data)) - - if state == "present": - return fos.set('system.snmp', - 'user', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system.snmp', - 'user', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system_snmp(data, fos): - - if data['system_snmp_user']: - resp = system_snmp_user(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_snmp_user": { - "required": False, "type": "dict", "default": None, - "options": { - "auth_proto": {"required": False, "type": "str", - "choices": ["md5", "sha"]}, - "auth_pwd": {"required": False, "type": "str"}, - "events": {"required": False, "type": "list", - "choices": ["cpu-high", "mem-low", "log-full", - "intf-ip", "vpn-tun-up", "vpn-tun-down", - "ha-switch", "ha-hb-failure", "ips-signature", - "ips-anomaly", "av-virus", "av-oversize", - "av-pattern", "av-fragmented", "fm-if-change", - "fm-conf-change", "bgp-established", "bgp-backward-transition", - "ha-member-up", "ha-member-down", "ent-conf-change", - "av-conserve", "av-bypass", "av-oversize-passed", - "av-oversize-blocked", "ips-pkg-update", "ips-fail-open", - "faz-disconnect", "wc-ap-up", "wc-ap-down", - "fswctl-session-up", "fswctl-session-down", "load-balance-real-server-down", - "device-new", "per-cpu-high"]}, - "ha_direct": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "name": {"required": True, "type": "str"}, - "notify_hosts": {"required": False, "type": "list"}, - "notify_hosts6": {"required": False, "type": "list"}, - "priv_proto": {"required": False, "type": "str", - "choices": ["aes", "des", "aes256", - "aes256cisco"]}, - "priv_pwd": {"required": False, "type": "str"}, - "queries": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "query_port": {"required": False, "type": "int"}, - "security_level": {"required": False, "type": "str", - "choices": ["no-auth-no-priv", "auth-no-priv", "auth-priv"]}, - "source_ip": {"required": False, "type": "str"}, - "source_ipv6": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "trap_lport": {"required": False, "type": "int"}, - "trap_rport": {"required": False, "type": "int"}, - "trap_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system_snmp(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system_snmp(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_storage.py b/lib/ansible/modules/network/fortios/fortios_system_storage.py deleted file mode 100644 index b0a3083e196..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_storage.py +++ /dev/null @@ -1,377 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_storage -short_description: Configure logical storage in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and storage category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_storage: - description: - - Configure logical storage. - default: null - type: dict - suboptions: - device: - description: - - Partition device. - type: str - media_status: - description: - - The physical status of current media. - type: str - choices: - - enable - - disable - - fail - name: - description: - - Storage name. - required: true - type: str - order: - description: - - Set storage order. - type: int - partition: - description: - - Label of underlying partition. - type: str - size: - description: - - Partition size. - type: int - status: - description: - - Enable/disable storage. - type: str - choices: - - enable - - disable - usage: - description: - - Use hard disk for logging or WAN Optimization . - type: str - choices: - - log - - wanopt - wanopt_mode: - description: - - WAN Optimization mode . - type: str - choices: - - mix - - wanopt - - webcache -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure logical storage. - fortios_system_storage: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_storage: - device: "" - media_status: "enable" - name: "default_name_5" - order: "6" - partition: "" - size: "8" - status: "enable" - usage: "log" - wanopt_mode: "mix" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_storage_data(json): - option_list = ['device', 'media_status', 'name', - 'order', 'partition', 'size', - 'status', 'usage', 'wanopt_mode'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_storage(data, fos): - vdom = data['vdom'] - state = data['state'] - system_storage_data = data['system_storage'] - filtered_data = underscore_to_hyphen(filter_system_storage_data(system_storage_data)) - - if state == "present": - return fos.set('system', - 'storage', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'storage', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_storage']: - resp = system_storage(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_storage": { - "required": False, "type": "dict", "default": None, - "options": { - "device": {"required": False, "type": "str"}, - "media_status": {"required": False, "type": "str", - "choices": ["enable", "disable", "fail"]}, - "name": {"required": True, "type": "str"}, - "order": {"required": False, "type": "int"}, - "partition": {"required": False, "type": "str"}, - "size": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "usage": {"required": False, "type": "str", - "choices": ["log", "wanopt"]}, - "wanopt_mode": {"required": False, "type": "str", - "choices": ["mix", "wanopt", "webcache"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_switch_interface.py b/lib/ansible/modules/network/fortios/fortios_system_switch_interface.py deleted file mode 100644 index b2720ee40bb..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_switch_interface.py +++ /dev/null @@ -1,396 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_switch_interface -short_description: Configure software switch interfaces by grouping physical and WiFi interfaces in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and switch_interface category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_switch_interface: - description: - - Configure software switch interfaces by grouping physical and WiFi interfaces. - default: null - type: dict - suboptions: - intra_switch_policy: - description: - - Allow any traffic between switch interfaces or require firewall policies to allow traffic between switch interfaces. - type: str - choices: - - implicit - - explicit - member: - description: - - Names of the interfaces that belong to the virtual switch. - type: list - suboptions: - interface_name: - description: - - Physical interface name. Source system.interface.name. - type: str - name: - description: - - Interface name (name cannot be in use by any other interfaces, VLANs, or inter-VDOM links). - required: true - type: str - span: - description: - - Enable/disable port spanning. Port spanning echoes traffic received by the software switch to the span destination port. - type: str - choices: - - disable - - enable - span_dest_port: - description: - - SPAN destination port name. All traffic on the SPAN source ports is echoed to the SPAN destination port. Source system.interface.name. - type: str - span_direction: - description: - - "The direction in which the SPAN port operates, either: rx, tx, or both." - type: str - choices: - - rx - - tx - - both - span_source_port: - description: - - Physical interface name. Port spanning echoes all traffic on the SPAN source ports to the SPAN destination port. - type: list - suboptions: - interface_name: - description: - - Physical interface name. Source system.interface.name. - type: str - type: - description: - - "Type of switch based on functionality: switch for normal functionality, or hub to duplicate packets to all port members." - type: str - choices: - - switch - - hub - vdom: - description: - - VDOM that the software switch belongs to. Source system.vdom.name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure software switch interfaces by grouping physical and WiFi interfaces. - fortios_system_switch_interface: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_switch_interface: - intra_switch_policy: "implicit" - member: - - - interface_name: " (source system.interface.name)" - name: "default_name_6" - span: "disable" - span_dest_port: " (source system.interface.name)" - span_direction: "rx" - span_source_port: - - - interface_name: " (source system.interface.name)" - type: "switch" - vdom: " (source system.vdom.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_switch_interface_data(json): - option_list = ['intra_switch_policy', 'member', 'name', - 'span', 'span_dest_port', 'span_direction', - 'span_source_port', 'type', 'vdom'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_switch_interface(data, fos): - vdom = data['vdom'] - state = data['state'] - system_switch_interface_data = data['system_switch_interface'] - filtered_data = underscore_to_hyphen(filter_system_switch_interface_data(system_switch_interface_data)) - - if state == "present": - return fos.set('system', - 'switch-interface', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'switch-interface', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_switch_interface']: - resp = system_switch_interface(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_switch_interface": { - "required": False, "type": "dict", "default": None, - "options": { - "intra_switch_policy": {"required": False, "type": "str", - "choices": ["implicit", "explicit"]}, - "member": {"required": False, "type": "list", - "options": { - "interface_name": {"required": False, "type": "str"} - }}, - "name": {"required": True, "type": "str"}, - "span": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "span_dest_port": {"required": False, "type": "str"}, - "span_direction": {"required": False, "type": "str", - "choices": ["rx", "tx", "both"]}, - "span_source_port": {"required": False, "type": "list", - "options": { - "interface_name": {"required": False, "type": "str"} - }}, - "type": {"required": False, "type": "str", - "choices": ["switch", "hub"]}, - "vdom": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_tos_based_priority.py b/lib/ansible/modules/network/fortios/fortios_system_tos_based_priority.py deleted file mode 100644 index 2c48dc56ebb..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_tos_based_priority.py +++ /dev/null @@ -1,327 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_tos_based_priority -short_description: Configure Type of Service (ToS) based priority table to set network traffic priorities in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and tos_based_priority category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_tos_based_priority: - description: - - Configure Type of Service (ToS) based priority table to set network traffic priorities. - default: null - type: dict - suboptions: - id: - description: - - Item ID. - required: true - type: int - priority: - description: - - ToS based priority level to low, medium or high (these priorities match firewall traffic shaping priorities) . - type: str - choices: - - low - - medium - - high - tos: - description: - - "Value of the ToS byte in the IP datagram header (0-15, 8: minimize delay, 4: maximize throughput, 2: maximize reliability, 1: minimize - monetary cost, and 0: )." - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure Type of Service (ToS) based priority table to set network traffic priorities. - fortios_system_tos_based_priority: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_tos_based_priority: - id: "3" - priority: "low" - tos: "5" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_tos_based_priority_data(json): - option_list = ['id', 'priority', 'tos'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_tos_based_priority(data, fos): - vdom = data['vdom'] - state = data['state'] - system_tos_based_priority_data = data['system_tos_based_priority'] - filtered_data = underscore_to_hyphen(filter_system_tos_based_priority_data(system_tos_based_priority_data)) - - if state == "present": - return fos.set('system', - 'tos-based-priority', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'tos-based-priority', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_tos_based_priority']: - resp = system_tos_based_priority(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_tos_based_priority": { - "required": False, "type": "dict", "default": None, - "options": { - "id": {"required": True, "type": "int"}, - "priority": {"required": False, "type": "str", - "choices": ["low", "medium", "high"]}, - "tos": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_vdom.py b/lib/ansible/modules/network/fortios/fortios_system_vdom.py deleted file mode 100644 index cc7e2fca8ba..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_vdom.py +++ /dev/null @@ -1,350 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_vdom -short_description: Configure virtual domain in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and vdom category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - system_vdom: - description: - - Configure virtual domain. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - name: - description: - - VDOM name. - required: true - type: str - short_name: - description: - - VDOM short name. - type: str - temporary: - description: - - Temporary. - type: int - vcluster_id: - description: - - Virtual cluster ID (0 - 4294967295). - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure virtual domain. - fortios_system_vdom: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_vdom: - name: "default_name_3" - short_name: "" - temporary: "5" - vcluster_id: "6" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_vdom_data(json): - option_list = ['name', 'short_name', 'temporary', - 'vcluster_id'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_vdom(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['system_vdom'] and data['system_vdom']: - state = data['system_vdom']['state'] - else: - state = True - system_vdom_data = data['system_vdom'] - filtered_data = underscore_to_hyphen(filter_system_vdom_data(system_vdom_data)) - - if state == "present": - return fos.set('system', - 'vdom', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'vdom', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_vdom']: - resp = system_vdom(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "system_vdom": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "name": {"required": True, "type": "str"}, - "short_name": {"required": False, "type": "str"}, - "temporary": {"required": False, "type": "int"}, - "vcluster_id": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_vdom_dns.py b/lib/ansible/modules/network/fortios/fortios_system_vdom_dns.py deleted file mode 100644 index 35f54ed55d0..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_vdom_dns.py +++ /dev/null @@ -1,324 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_vdom_dns -short_description: Configure DNS servers for a non-management VDOM in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and vdom_dns category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_vdom_dns: - description: - - Configure DNS servers for a non-management VDOM. - default: null - type: dict - suboptions: - ip6_primary: - description: - - Primary IPv6 DNS server IP address for the VDOM. - type: str - ip6_secondary: - description: - - Secondary IPv6 DNS server IP address for the VDOM. - type: str - primary: - description: - - Primary DNS server IP address for the VDOM. - type: str - secondary: - description: - - Secondary DNS server IP address for the VDOM. - type: str - source_ip: - description: - - Source IP for communications with the DNS server. - type: str - vdom_dns: - description: - - Enable/disable configuring DNS servers for the current VDOM. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure DNS servers for a non-management VDOM. - fortios_system_vdom_dns: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_vdom_dns: - ip6_primary: "" - ip6_secondary: "" - primary: "" - secondary: "" - source_ip: "84.230.14.43" - vdom_dns: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_vdom_dns_data(json): - option_list = ['ip6_primary', 'ip6_secondary', 'primary', - 'secondary', 'source_ip', 'vdom_dns'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_vdom_dns(data, fos): - vdom = data['vdom'] - system_vdom_dns_data = data['system_vdom_dns'] - filtered_data = underscore_to_hyphen(filter_system_vdom_dns_data(system_vdom_dns_data)) - - return fos.set('system', - 'vdom-dns', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_vdom_dns']: - resp = system_vdom_dns(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_vdom_dns": { - "required": False, "type": "dict", "default": None, - "options": { - "ip6_primary": {"required": False, "type": "str"}, - "ip6_secondary": {"required": False, "type": "str"}, - "primary": {"required": False, "type": "str"}, - "secondary": {"required": False, "type": "str"}, - "source_ip": {"required": False, "type": "str"}, - "vdom_dns": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_vdom_exception.py b/lib/ansible/modules/network/fortios/fortios_system_vdom_exception.py deleted file mode 100644 index 8c199b62006..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_vdom_exception.py +++ /dev/null @@ -1,355 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_vdom_exception -short_description: Global configuration objects that can be configured independently for all VDOMs or for the defined VDOM scope in Fortinet's FortiOS and - FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and vdom_exception category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_vdom_exception: - description: - - Global configuration objects that can be configured independently for all VDOMs or for the defined VDOM scope. - default: null - type: dict - suboptions: - id: - description: - - Index <1-4096>. - required: true - type: int - object: - description: - - Name of the configuration object that can be configured independently for all VDOMs. - type: str - choices: - - log.fortianalyzer.setting - - log.fortianalyzer.override-setting - oid: - description: - - Object ID. - type: int - scope: - description: - - Determine whether the configuration object can be configured separately for all VDOMs or if some VDOMs share the same configuration. - type: str - choices: - - all - - inclusive - - exclusive - vdom: - description: - - Names of the VDOMs. - type: list - suboptions: - name: - description: - - VDOM name. Source system.vdom.name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Global configuration objects that can be configured independently for all VDOMs or for the defined VDOM scope. - fortios_system_vdom_exception: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_vdom_exception: - id: "3" - object: "log.fortianalyzer.setting" - oid: "5" - scope: "all" - vdom: - - - name: "default_name_8 (source system.vdom.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_vdom_exception_data(json): - option_list = ['id', 'object', 'oid', - 'scope', 'vdom'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_vdom_exception(data, fos): - vdom = data['vdom'] - state = data['state'] - system_vdom_exception_data = data['system_vdom_exception'] - filtered_data = underscore_to_hyphen(filter_system_vdom_exception_data(system_vdom_exception_data)) - - if state == "present": - return fos.set('system', - 'vdom-exception', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'vdom-exception', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_vdom_exception']: - resp = system_vdom_exception(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_vdom_exception": { - "required": False, "type": "dict", "default": None, - "options": { - "id": {"required": True, "type": "int"}, - "object": {"required": False, "type": "str", - "choices": ["log.fortianalyzer.setting", "log.fortianalyzer.override-setting"]}, - "oid": {"required": False, "type": "int"}, - "scope": {"required": False, "type": "str", - "choices": ["all", "inclusive", "exclusive"]}, - "vdom": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_vdom_link.py b/lib/ansible/modules/network/fortios/fortios_system_vdom_link.py deleted file mode 100644 index e23c33b5bb0..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_vdom_link.py +++ /dev/null @@ -1,329 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_vdom_link -short_description: Configure VDOM links in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and vdom_link category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_vdom_link: - description: - - Configure VDOM links. - default: null - type: dict - suboptions: - name: - description: - - VDOM link name (maximum = 8 characters). - required: true - type: str - type: - description: - - "VDOM link type: PPP or Ethernet." - type: str - choices: - - ppp - - ethernet - vcluster: - description: - - Virtual cluster. - type: str - choices: - - vcluster1 - - vcluster2 -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure VDOM links. - fortios_system_vdom_link: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_vdom_link: - name: "default_name_3" - type: "ppp" - vcluster: "vcluster1" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_vdom_link_data(json): - option_list = ['name', 'type', 'vcluster'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_vdom_link(data, fos): - vdom = data['vdom'] - state = data['state'] - system_vdom_link_data = data['system_vdom_link'] - filtered_data = underscore_to_hyphen(filter_system_vdom_link_data(system_vdom_link_data)) - - if state == "present": - return fos.set('system', - 'vdom-link', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'vdom-link', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_vdom_link']: - resp = system_vdom_link(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_vdom_link": { - "required": False, "type": "dict", "default": None, - "options": { - "name": {"required": True, "type": "str"}, - "type": {"required": False, "type": "str", - "choices": ["ppp", "ethernet"]}, - "vcluster": {"required": False, "type": "str", - "choices": ["vcluster1", "vcluster2"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_vdom_netflow.py b/lib/ansible/modules/network/fortios/fortios_system_vdom_netflow.py deleted file mode 100644 index 1f48108c53a..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_vdom_netflow.py +++ /dev/null @@ -1,312 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_vdom_netflow -short_description: Configure NetFlow per VDOM in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and vdom_netflow category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_vdom_netflow: - description: - - Configure NetFlow per VDOM. - default: null - type: dict - suboptions: - collector_ip: - description: - - NetFlow collector IP address. - type: str - collector_port: - description: - - NetFlow collector port number. - type: int - source_ip: - description: - - Source IP address for communication with the NetFlow agent. - type: str - vdom_netflow: - description: - - Enable/disable NetFlow per VDOM. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure NetFlow per VDOM. - fortios_system_vdom_netflow: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_vdom_netflow: - collector_ip: "" - collector_port: "4" - source_ip: "84.230.14.43" - vdom_netflow: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_vdom_netflow_data(json): - option_list = ['collector_ip', 'collector_port', 'source_ip', - 'vdom_netflow'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_vdom_netflow(data, fos): - vdom = data['vdom'] - system_vdom_netflow_data = data['system_vdom_netflow'] - filtered_data = underscore_to_hyphen(filter_system_vdom_netflow_data(system_vdom_netflow_data)) - - return fos.set('system', - 'vdom-netflow', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_vdom_netflow']: - resp = system_vdom_netflow(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_vdom_netflow": { - "required": False, "type": "dict", "default": None, - "options": { - "collector_ip": {"required": False, "type": "str"}, - "collector_port": {"required": False, "type": "int"}, - "source_ip": {"required": False, "type": "str"}, - "vdom_netflow": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_vdom_property.py b/lib/ansible/modules/network/fortios/fortios_system_vdom_property.py deleted file mode 100644 index ba964acc12f..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_vdom_property.py +++ /dev/null @@ -1,435 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_vdom_property -short_description: Configure VDOM property in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and vdom_property category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_vdom_property: - description: - - Configure VDOM property. - default: null - type: dict - suboptions: - custom_service: - description: - - Maximum guaranteed number of firewall custom services. - type: str - description: - description: - - Description. - type: str - dialup_tunnel: - description: - - Maximum guaranteed number of dial-up tunnels. - type: str - firewall_address: - description: - - Maximum guaranteed number of firewall addresses (IPv4, IPv6, multicast). - type: str - firewall_addrgrp: - description: - - Maximum guaranteed number of firewall address groups (IPv4, IPv6). - type: str - firewall_policy: - description: - - Maximum guaranteed number of firewall policies (IPv4, IPv6, policy46, policy64, DoS-policy4, DoS-policy6, multicast). - type: str - ipsec_phase1: - description: - - Maximum guaranteed number of VPN IPsec phase 1 tunnels. - type: str - ipsec_phase1_interface: - description: - - Maximum guaranteed number of VPN IPsec phase1 interface tunnels. - type: str - ipsec_phase2: - description: - - Maximum guaranteed number of VPN IPsec phase 2 tunnels. - type: str - ipsec_phase2_interface: - description: - - Maximum guaranteed number of VPN IPsec phase2 interface tunnels. - type: str - log_disk_quota: - description: - - Log disk quota in MB (range depends on how much disk space is available). - type: str - name: - description: - - VDOM name. Source system.vdom.name. - required: true - type: str - onetime_schedule: - description: - - Maximum guaranteed number of firewall one-time schedules. - type: str - proxy: - description: - - Maximum guaranteed number of concurrent proxy users. - type: str - recurring_schedule: - description: - - Maximum guaranteed number of firewall recurring schedules. - type: str - service_group: - description: - - Maximum guaranteed number of firewall service groups. - type: str - session: - description: - - Maximum guaranteed number of sessions. - type: str - snmp_index: - description: - - Permanent SNMP Index of the virtual domain (0 - 4294967295). - type: int - sslvpn: - description: - - Maximum guaranteed number of SSL-VPNs. - type: str - user: - description: - - Maximum guaranteed number of local users. - type: str - user_group: - description: - - Maximum guaranteed number of user groups. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure VDOM property. - fortios_system_vdom_property: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_vdom_property: - custom_service: "" - description: "" - dialup_tunnel: "" - firewall_address: "" - firewall_addrgrp: "" - firewall_policy: "" - ipsec_phase1: "" - ipsec_phase1_interface: "" - ipsec_phase2: "" - ipsec_phase2_interface: "" - log_disk_quota: "" - name: "default_name_14 (source system.vdom.name)" - onetime_schedule: "" - proxy: "" - recurring_schedule: "" - service_group: "" - session: "" - snmp_index: "20" - sslvpn: "" - user: "" - user_group: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_vdom_property_data(json): - option_list = ['custom_service', 'description', 'dialup_tunnel', - 'firewall_address', 'firewall_addrgrp', 'firewall_policy', - 'ipsec_phase1', 'ipsec_phase1_interface', 'ipsec_phase2', - 'ipsec_phase2_interface', 'log_disk_quota', 'name', - 'onetime_schedule', 'proxy', 'recurring_schedule', - 'service_group', 'session', 'snmp_index', - 'sslvpn', 'user', 'user_group'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_vdom_property(data, fos): - vdom = data['vdom'] - state = data['state'] - system_vdom_property_data = data['system_vdom_property'] - filtered_data = underscore_to_hyphen(filter_system_vdom_property_data(system_vdom_property_data)) - - if state == "present": - return fos.set('system', - 'vdom-property', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'vdom-property', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_vdom_property']: - resp = system_vdom_property(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_vdom_property": { - "required": False, "type": "dict", "default": None, - "options": { - "custom_service": {"required": False, "type": "str"}, - "description": {"required": False, "type": "str"}, - "dialup_tunnel": {"required": False, "type": "str"}, - "firewall_address": {"required": False, "type": "str"}, - "firewall_addrgrp": {"required": False, "type": "str"}, - "firewall_policy": {"required": False, "type": "str"}, - "ipsec_phase1": {"required": False, "type": "str"}, - "ipsec_phase1_interface": {"required": False, "type": "str"}, - "ipsec_phase2": {"required": False, "type": "str"}, - "ipsec_phase2_interface": {"required": False, "type": "str"}, - "log_disk_quota": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "onetime_schedule": {"required": False, "type": "str"}, - "proxy": {"required": False, "type": "str"}, - "recurring_schedule": {"required": False, "type": "str"}, - "service_group": {"required": False, "type": "str"}, - "session": {"required": False, "type": "str"}, - "snmp_index": {"required": False, "type": "int"}, - "sslvpn": {"required": False, "type": "str"}, - "user": {"required": False, "type": "str"}, - "user_group": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_vdom_radius_server.py b/lib/ansible/modules/network/fortios/fortios_system_vdom_radius_server.py deleted file mode 100644 index ce7ba915863..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_vdom_radius_server.py +++ /dev/null @@ -1,325 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_vdom_radius_server -short_description: Configure a RADIUS server to use as a RADIUS Single Sign On (RSSO) server for this VDOM in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and vdom_radius_server category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_vdom_radius_server: - description: - - Configure a RADIUS server to use as a RADIUS Single Sign On (RSSO) server for this VDOM. - default: null - type: dict - suboptions: - name: - description: - - Name of the VDOM that you are adding the RADIUS server to. Source system.vdom.name. - required: true - type: str - radius_server_vdom: - description: - - Use this option to select another VDOM containing a VDOM RSSO RADIUS server to use for the current VDOM. Source system.vdom.name. - type: str - status: - description: - - Enable/disable the RSSO RADIUS server for this VDOM. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure a RADIUS server to use as a RADIUS Single Sign On (RSSO) server for this VDOM. - fortios_system_vdom_radius_server: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_vdom_radius_server: - name: "default_name_3 (source system.vdom.name)" - radius_server_vdom: " (source system.vdom.name)" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_vdom_radius_server_data(json): - option_list = ['name', 'radius_server_vdom', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_vdom_radius_server(data, fos): - vdom = data['vdom'] - state = data['state'] - system_vdom_radius_server_data = data['system_vdom_radius_server'] - filtered_data = underscore_to_hyphen(filter_system_vdom_radius_server_data(system_vdom_radius_server_data)) - - if state == "present": - return fos.set('system', - 'vdom-radius-server', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'vdom-radius-server', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_vdom_radius_server']: - resp = system_vdom_radius_server(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_vdom_radius_server": { - "required": False, "type": "dict", "default": None, - "options": { - "name": {"required": True, "type": "str"}, - "radius_server_vdom": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_vdom_sflow.py b/lib/ansible/modules/network/fortios/fortios_system_vdom_sflow.py deleted file mode 100644 index 466efd461c6..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_vdom_sflow.py +++ /dev/null @@ -1,316 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_vdom_sflow -short_description: Configure sFlow per VDOM to add or change the IP address and UDP port that FortiGate sFlow agents in this VDOM use to send sFlow datagrams - to an sFlow collector in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and vdom_sflow category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - system_vdom_sflow: - description: - - Configure sFlow per VDOM to add or change the IP address and UDP port that FortiGate sFlow agents in this VDOM use to send sFlow datagrams to an - sFlow collector. - default: null - type: dict - suboptions: - collector_ip: - description: - - IP address of the sFlow collector that sFlow agents added to interfaces in this VDOM send sFlow datagrams to . - type: str - collector_port: - description: - - UDP port number used for sending sFlow datagrams (configure only if required by your sFlow collector or your network configuration) (0 - - 65535). - type: int - source_ip: - description: - - Source IP address for sFlow agent. - type: str - vdom_sflow: - description: - - Enable/disable the sFlow configuration for the current VDOM. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure sFlow per VDOM to add or change the IP address and UDP port that FortiGate sFlow agents in this VDOM use to send sFlow datagrams to an - sFlow collector. - fortios_system_vdom_sflow: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_vdom_sflow: - collector_ip: "" - collector_port: "4" - source_ip: "84.230.14.43" - vdom_sflow: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_vdom_sflow_data(json): - option_list = ['collector_ip', 'collector_port', 'source_ip', - 'vdom_sflow'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_vdom_sflow(data, fos): - vdom = data['vdom'] - system_vdom_sflow_data = data['system_vdom_sflow'] - filtered_data = underscore_to_hyphen(filter_system_vdom_sflow_data(system_vdom_sflow_data)) - - return fos.set('system', - 'vdom-sflow', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_vdom_sflow']: - resp = system_vdom_sflow(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_vdom_sflow": { - "required": False, "type": "dict", "default": None, - "options": { - "collector_ip": {"required": False, "type": "str"}, - "collector_port": {"required": False, "type": "int"}, - "source_ip": {"required": False, "type": "str"}, - "vdom_sflow": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_virtual_wan_link.py b/lib/ansible/modules/network/fortios/fortios_system_virtual_wan_link.py deleted file mode 100644 index 20fb1ec5bdb..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_virtual_wan_link.py +++ /dev/null @@ -1,1168 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_virtual_wan_link -short_description: Configure redundant internet connections using SD-WAN (formerly virtual WAN link) in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and virtual_wan_link category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - system_virtual_wan_link: - description: - - Configure redundant internet connections using SD-WAN (formerly virtual WAN link). - default: null - type: dict - suboptions: - fail_alert_interfaces: - description: - - Physical interfaces that will be alerted. - type: list - suboptions: - name: - description: - - Physical interface name. Source system.interface.name. - required: true - type: str - fail_detect: - description: - - Enable/disable SD-WAN Internet connection status checking (failure detection). - type: str - choices: - - enable - - disable - health_check: - description: - - SD-WAN status checking or health checking. Identify a server on the Internet and determine how SD-WAN verifies that the FortiGate can - communicate with it. - type: list - suboptions: - addr_mode: - description: - - Address mode (IPv4 or IPv6). - type: str - choices: - - ipv4 - - ipv6 - failtime: - description: - - Number of failures before server is considered lost (1 - 3600). - type: int - http_agent: - description: - - String in the http-agent field in the HTTP header. - type: str - http_get: - description: - - URL used to communicate with the server if the protocol if the protocol is HTTP. - type: str - http_match: - description: - - Response string expected from the server if the protocol is HTTP. - type: str - interval: - description: - - Status check interval, or the time between attempting to connect to the server (1 - 3600 sec). - type: int - members: - description: - - Member sequence number list. - type: list - suboptions: - seq_num: - description: - - Member sequence number. Source system.virtual-wan-link.members.seq-num. - type: int - name: - description: - - Status check or health check name. - required: true - type: str - packet_size: - description: - - Packet size of a twamp test session, - type: int - password: - description: - - Twamp controller password in authentication mode - type: str - port: - description: - - Port number used to communicate with the server over the selected protocol. - type: int - protocol: - description: - - Protocol used to determine if the FortiGate can communicate with the server. - type: str - choices: - - ping - - tcp-echo - - udp-echo - - http - - twamp - - ping6 - recoverytime: - description: - - Number of successful responses received before server is considered recovered (1 - 3600). - type: int - security_mode: - description: - - Twamp controller security mode. - type: str - choices: - - none - - authentication - server: - description: - - IP address or FQDN name of the server. - type: str - sla: - description: - - Service level agreement (SLA). - type: list - suboptions: - id: - description: - - SLA ID. - required: true - type: int - jitter_threshold: - description: - - Jitter for SLA to make decision in milliseconds. (0 - 10000000). - type: int - latency_threshold: - description: - - Latency for SLA to make decision in milliseconds. (0 - 10000000). - type: int - link_cost_factor: - description: - - Criteria on which to base link selection. - type: str - choices: - - latency - - jitter - - packet-loss - packetloss_threshold: - description: - - Packet loss for SLA to make decision in percentage. (0 - 100). - type: int - threshold_alert_jitter: - description: - - Alert threshold for jitter (ms). - type: int - threshold_alert_latency: - description: - - Alert threshold for latency (ms). - type: int - threshold_alert_packetloss: - description: - - Alert threshold for packet loss (percentage). - type: int - threshold_warning_jitter: - description: - - Warning threshold for jitter (ms). - type: int - threshold_warning_latency: - description: - - Warning threshold for latency (ms). - type: int - threshold_warning_packetloss: - description: - - Warning threshold for packet loss (percentage). - type: int - update_cascade_interface: - description: - - Enable/disable update cascade interface. - type: str - choices: - - enable - - disable - update_static_route: - description: - - Enable/disable updating the static route. - type: str - choices: - - enable - - disable - load_balance_mode: - description: - - Algorithm or mode to use for load balancing Internet traffic to SD-WAN members. - type: str - choices: - - source-ip-based - - weight-based - - usage-based - - source-dest-ip-based - - measured-volume-based - members: - description: - - Physical FortiGate interfaces added to the virtual-wan-link. - type: list - suboptions: - comment: - description: - - Comments. - type: str - gateway: - description: - - The default gateway for this interface. Usually the default gateway of the Internet service provider that this interface is - connected to. - type: str - gateway6: - description: - - IPv6 gateway. - type: str - ingress_spillover_threshold: - description: - - Ingress spillover threshold for this interface (0 - 16776000 kbit/s). When this traffic volume threshold is reached, new - sessions spill over to other interfaces in the SD-WAN. - type: int - interface: - description: - - Interface name. Source system.interface.name. - type: str - priority: - description: - - Priority of the interface (0 - 4294967295). Used for SD-WAN rules or priority rules. - type: int - seq_num: - description: - - Sequence number(1-255). - type: int - source: - description: - - Source IP address used in the health-check packet to the server. - type: str - source6: - description: - - Source IPv6 address used in the health-check packet to the server. - type: str - spillover_threshold: - description: - - Egress spillover threshold for this interface (0 - 16776000 kbit/s). When this traffic volume threshold is reached, new sessions - spill over to other interfaces in the SD-WAN. - type: int - status: - description: - - Enable/disable this interface in the SD-WAN. - type: str - choices: - - disable - - enable - volume_ratio: - description: - - Measured volume ratio (this value / sum of all values = percentage of link volume, 0 - 255). - type: int - weight: - description: - - Weight of this interface for weighted load balancing. (0 - 255) More traffic is directed to interfaces with higher weights. - type: int - service: - description: - - Create SD-WAN rules or priority rules (also called services) to control how sessions are distributed to physical interfaces in the - SD-WAN. - type: list - suboptions: - addr_mode: - description: - - Address mode (IPv4 or IPv6). - type: str - choices: - - ipv4 - - ipv6 - bandwidth_weight: - description: - - Coefficient of reciprocal of available bidirectional bandwidth in the formula of custom-profile-1. - type: int - default: - description: - - Enable/disable use of SD-WAN as default service. - type: str - choices: - - enable - - disable - dscp_forward: - description: - - Enable/disable forward traffic DSCP tag. - type: str - choices: - - enable - - disable - dscp_forward_tag: - description: - - Forward traffic DSCP tag. - type: str - dscp_reverse: - description: - - Enable/disable reverse traffic DSCP tag. - type: str - choices: - - enable - - disable - dscp_reverse_tag: - description: - - Reverse traffic DSCP tag. - type: str - dst: - description: - - Destination address name. - type: list - suboptions: - name: - description: - - Address or address group name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - dst_negate: - description: - - Enable/disable negation of destination address match. - type: str - choices: - - enable - - disable - dst6: - description: - - Destination address6 name. - type: list - suboptions: - name: - description: - - Address6 or address6 group name. Source firewall.address6.name firewall.addrgrp6.name. - required: true - type: str - end_port: - description: - - End destination port number. - type: int - gateway: - description: - - Enable/disable SD-WAN service gateway. - type: str - choices: - - enable - - disable - groups: - description: - - User groups. - type: list - suboptions: - name: - description: - - Group name. Source user.group.name. - required: true - type: str - health_check: - description: - - Health check. Source system.virtual-wan-link.health-check.name. - type: str - hold_down_time: - description: - - Waiting period in seconds when switching from the back-up member to the primary member (0 - 10000000). - type: int - id: - description: - - Priority rule ID (1 - 4000). - required: true - type: int - input_device: - description: - - Source interface name. - type: list - suboptions: - name: - description: - - Interface name. Source system.interface.name. - required: true - type: str - internet_service: - description: - - Enable/disable use of Internet service for application-based load balancing. - type: str - choices: - - enable - - disable - internet_service_ctrl: - description: - - Control-based Internet Service ID list. - type: list - suboptions: - id: - description: - - Control-based Internet Service ID. - required: true - type: int - internet_service_ctrl_group: - description: - - Control-based Internet Service group list. - type: list - suboptions: - name: - description: - - Control-based Internet Service group name. Source application.group.name. - required: true - type: str - internet_service_custom: - description: - - Custom Internet service name list. - type: list - suboptions: - name: - description: - - Custom Internet service name. Source firewall.internet-service-custom.name. - required: true - type: str - internet_service_custom_group: - description: - - Custom Internet Service group list. - type: list - suboptions: - name: - description: - - Custom Internet Service group name. Source firewall.internet-service-custom-group.name. - required: true - type: str - internet_service_group: - description: - - Internet Service group list. - type: list - suboptions: - name: - description: - - Internet Service group name. Source firewall.internet-service-group.name. - required: true - type: str - internet_service_id: - description: - - Internet service ID list. - type: list - suboptions: - id: - description: - - Internet service ID. Source firewall.internet-service.id. - required: true - type: int - jitter_weight: - description: - - Coefficient of jitter in the formula of custom-profile-1. - type: int - latency_weight: - description: - - Coefficient of latency in the formula of custom-profile-1. - type: int - link_cost_factor: - description: - - Link cost factor. - type: str - choices: - - latency - - jitter - - packet-loss - - inbandwidth - - outbandwidth - - bibandwidth - - custom-profile-1 - link_cost_threshold: - description: - - Percentage threshold change of link cost values that will result in policy route regeneration (0 - 10000000). - type: int - member: - description: - - Member sequence number. - type: int - mode: - description: - - Control how the priority rule sets the priority of interfaces in the SD-WAN. - type: str - choices: - - auto - - manual - - priority - - sla - name: - description: - - Priority rule name. - type: str - packet_loss_weight: - description: - - Coefficient of packet-loss in the formula of custom-profile-1. - type: int - priority_members: - description: - - Member sequence number list. - type: list - suboptions: - seq_num: - description: - - Member sequence number. Source system.virtual-wan-link.members.seq-num. - type: int - protocol: - description: - - Protocol number. - type: int - quality_link: - description: - - Quality grade. - type: int - route_tag: - description: - - IPv4 route map route-tag. - type: int - sla: - description: - - Service level agreement (SLA). - type: list - suboptions: - health_check: - description: - - Virtual WAN Link health-check. Source system.virtual-wan-link.health-check.name. - type: str - id: - description: - - SLA ID. - type: int - src: - description: - - Source address name. - type: list - suboptions: - name: - description: - - Address or address group name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - src_negate: - description: - - Enable/disable negation of source address match. - type: str - choices: - - enable - - disable - src6: - description: - - Source address6 name. - type: list - suboptions: - name: - description: - - Address6 or address6 group name. Source firewall.address6.name firewall.addrgrp6.name. - required: true - type: str - start_port: - description: - - Start destination port number. - type: int - status: - description: - - Enable/disable SD-WAN service. - type: str - choices: - - enable - - disable - tos: - description: - - Type of service bit pattern. - type: str - tos_mask: - description: - - Type of service evaluated bits. - type: str - users: - description: - - User name. - type: list - suboptions: - name: - description: - - User name. Source user.local.name. - required: true - type: str - status: - description: - - Enable/disable SD-WAN. - type: str - choices: - - disable - - enable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure redundant internet connections using SD-WAN (formerly virtual WAN link). - fortios_system_virtual_wan_link: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - system_virtual_wan_link: - fail_alert_interfaces: - - - name: "default_name_4 (source system.interface.name)" - fail_detect: "enable" - health_check: - - - addr_mode: "ipv4" - failtime: "8" - http_agent: "" - http_get: "" - http_match: "" - interval: "12" - members: - - - seq_num: "14 (source system.virtual-wan-link.members.seq-num)" - name: "default_name_15" - packet_size: "16" - password: "" - port: "18" - protocol: "ping" - recoverytime: "20" - security_mode: "none" - server: "192.168.100.40" - sla: - - - id: "24" - jitter_threshold: "25" - latency_threshold: "26" - link_cost_factor: "latency" - packetloss_threshold: "28" - threshold_alert_jitter: "29" - threshold_alert_latency: "30" - threshold_alert_packetloss: "31" - threshold_warning_jitter: "32" - threshold_warning_latency: "33" - threshold_warning_packetloss: "34" - update_cascade_interface: "enable" - update_static_route: "enable" - load_balance_mode: "source-ip-based" - members: - - - comment: "Comments." - gateway: "" - gateway6: "" - ingress_spillover_threshold: "42" - interface: " (source system.interface.name)" - priority: "44" - seq_num: "45" - source: "" - source6: "" - spillover_threshold: "48" - status: "disable" - volume_ratio: "50" - weight: "51" - service: - - - addr_mode: "ipv4" - bandwidth_weight: "54" - default: "enable" - dscp_forward: "enable" - dscp_forward_tag: "" - dscp_reverse: "enable" - dscp_reverse_tag: "" - dst: - - - name: "default_name_61 (source firewall.address.name firewall.addrgrp.name)" - dst_negate: "enable" - dst6: - - - name: "default_name_64 (source firewall.address6.name firewall.addrgrp6.name)" - end_port: "65" - gateway: "enable" - groups: - - - name: "default_name_68 (source user.group.name)" - health_check: " (source system.virtual-wan-link.health-check.name)" - hold_down_time: "70" - id: "71" - input_device: - - - name: "default_name_73 (source system.interface.name)" - internet_service: "enable" - internet_service_ctrl: - - - id: "76" - internet_service_ctrl_group: - - - name: "default_name_78 (source application.group.name)" - internet_service_custom: - - - name: "default_name_80 (source firewall.internet-service-custom.name)" - internet_service_custom_group: - - - name: "default_name_82 (source firewall.internet-service-custom-group.name)" - internet_service_group: - - - name: "default_name_84 (source firewall.internet-service-group.name)" - internet_service_id: - - - id: "86 (source firewall.internet-service.id)" - jitter_weight: "87" - latency_weight: "88" - link_cost_factor: "latency" - link_cost_threshold: "90" - member: "91" - mode: "auto" - name: "default_name_93" - packet_loss_weight: "94" - priority_members: - - - seq_num: "96 (source system.virtual-wan-link.members.seq-num)" - protocol: "97" - quality_link: "98" - route_tag: "99" - sla: - - - health_check: " (source system.virtual-wan-link.health-check.name)" - id: "102" - src: - - - name: "default_name_104 (source firewall.address.name firewall.addrgrp.name)" - src_negate: "enable" - src6: - - - name: "default_name_107 (source firewall.address6.name firewall.addrgrp6.name)" - start_port: "108" - status: "enable" - tos: "" - tos_mask: "" - users: - - - name: "default_name_113 (source user.local.name)" - status: "disable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_virtual_wan_link_data(json): - option_list = ['fail_alert_interfaces', 'fail_detect', 'health_check', - 'load_balance_mode', 'members', 'service', - 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_virtual_wan_link(data, fos): - vdom = data['vdom'] - system_virtual_wan_link_data = data['system_virtual_wan_link'] - filtered_data = underscore_to_hyphen(filter_system_virtual_wan_link_data(system_virtual_wan_link_data)) - - return fos.set('system', - 'virtual-wan-link', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_virtual_wan_link']: - resp = system_virtual_wan_link(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "system_virtual_wan_link": { - "required": False, "type": "dict", "default": None, - "options": { - "fail_alert_interfaces": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "fail_detect": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "health_check": {"required": False, "type": "list", - "options": { - "addr_mode": {"required": False, "type": "str", - "choices": ["ipv4", "ipv6"]}, - "failtime": {"required": False, "type": "int"}, - "http_agent": {"required": False, "type": "str"}, - "http_get": {"required": False, "type": "str"}, - "http_match": {"required": False, "type": "str"}, - "interval": {"required": False, "type": "int"}, - "members": {"required": False, "type": "list", - "options": { - "seq_num": {"required": False, "type": "int"} - }}, - "name": {"required": True, "type": "str"}, - "packet_size": {"required": False, "type": "int"}, - "password": {"required": False, "type": "str"}, - "port": {"required": False, "type": "int"}, - "protocol": {"required": False, "type": "str", - "choices": ["ping", "tcp-echo", "udp-echo", - "http", "twamp", "ping6"]}, - "recoverytime": {"required": False, "type": "int"}, - "security_mode": {"required": False, "type": "str", - "choices": ["none", "authentication"]}, - "server": {"required": False, "type": "str"}, - "sla": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "jitter_threshold": {"required": False, "type": "int"}, - "latency_threshold": {"required": False, "type": "int"}, - "link_cost_factor": {"required": False, "type": "str", - "choices": ["latency", "jitter", "packet-loss"]}, - "packetloss_threshold": {"required": False, "type": "int"} - }}, - "threshold_alert_jitter": {"required": False, "type": "int"}, - "threshold_alert_latency": {"required": False, "type": "int"}, - "threshold_alert_packetloss": {"required": False, "type": "int"}, - "threshold_warning_jitter": {"required": False, "type": "int"}, - "threshold_warning_latency": {"required": False, "type": "int"}, - "threshold_warning_packetloss": {"required": False, "type": "int"}, - "update_cascade_interface": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "update_static_route": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "load_balance_mode": {"required": False, "type": "str", - "choices": ["source-ip-based", "weight-based", "usage-based", - "source-dest-ip-based", "measured-volume-based"]}, - "members": {"required": False, "type": "list", - "options": { - "comment": {"required": False, "type": "str"}, - "gateway": {"required": False, "type": "str"}, - "gateway6": {"required": False, "type": "str"}, - "ingress_spillover_threshold": {"required": False, "type": "int"}, - "interface": {"required": False, "type": "str"}, - "priority": {"required": False, "type": "int"}, - "seq_num": {"required": False, "type": "int"}, - "source": {"required": False, "type": "str"}, - "source6": {"required": False, "type": "str"}, - "spillover_threshold": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "volume_ratio": {"required": False, "type": "int"}, - "weight": {"required": False, "type": "int"} - }}, - "service": {"required": False, "type": "list", - "options": { - "addr_mode": {"required": False, "type": "str", - "choices": ["ipv4", "ipv6"]}, - "bandwidth_weight": {"required": False, "type": "int"}, - "default": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dscp_forward": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dscp_forward_tag": {"required": False, "type": "str"}, - "dscp_reverse": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dscp_reverse_tag": {"required": False, "type": "str"}, - "dst": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "dst_negate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dst6": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "end_port": {"required": False, "type": "int"}, - "gateway": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "groups": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "health_check": {"required": False, "type": "str"}, - "hold_down_time": {"required": False, "type": "int"}, - "id": {"required": True, "type": "int"}, - "input_device": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "internet_service": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "internet_service_ctrl": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "internet_service_ctrl_group": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "internet_service_custom": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "internet_service_custom_group": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "internet_service_group": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "internet_service_id": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "jitter_weight": {"required": False, "type": "int"}, - "latency_weight": {"required": False, "type": "int"}, - "link_cost_factor": {"required": False, "type": "str", - "choices": ["latency", "jitter", "packet-loss", - "inbandwidth", "outbandwidth", "bibandwidth", - "custom-profile-1"]}, - "link_cost_threshold": {"required": False, "type": "int"}, - "member": {"required": False, "type": "int"}, - "mode": {"required": False, "type": "str", - "choices": ["auto", "manual", "priority", - "sla"]}, - "name": {"required": False, "type": "str"}, - "packet_loss_weight": {"required": False, "type": "int"}, - "priority_members": {"required": False, "type": "list", - "options": { - "seq_num": {"required": False, "type": "int"} - }}, - "protocol": {"required": False, "type": "int"}, - "quality_link": {"required": False, "type": "int"}, - "route_tag": {"required": False, "type": "int"}, - "sla": {"required": False, "type": "list", - "options": { - "health_check": {"required": False, "type": "str"}, - "id": {"required": False, "type": "int"} - }}, - "src": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "src_negate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "src6": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "start_port": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "tos": {"required": False, "type": "str"}, - "tos_mask": {"required": False, "type": "str"}, - "users": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }} - }}, - "status": {"required": False, "type": "str", - "choices": ["disable", "enable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_virtual_wire_pair.py b/lib/ansible/modules/network/fortios/fortios_system_virtual_wire_pair.py deleted file mode 100644 index ce20cd0d982..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_virtual_wire_pair.py +++ /dev/null @@ -1,342 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_virtual_wire_pair -short_description: Configure virtual wire pairs in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and virtual_wire_pair category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_virtual_wire_pair: - description: - - Configure virtual wire pairs. - default: null - type: dict - suboptions: - member: - description: - - Interfaces belong to the virtual-wire-pair. - type: list - suboptions: - interface_name: - description: - - Interface name. Source system.interface.name. - type: str - name: - description: - - Virtual-wire-pair name. Must be a unique interface name. - required: true - type: str - vlan_filter: - description: - - Set VLAN filters. - type: str - wildcard_vlan: - description: - - Enable/disable wildcard VLAN. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure virtual wire pairs. - fortios_system_virtual_wire_pair: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_virtual_wire_pair: - member: - - - interface_name: " (source system.interface.name)" - name: "default_name_5" - vlan_filter: "" - wildcard_vlan: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_virtual_wire_pair_data(json): - option_list = ['member', 'name', 'vlan_filter', - 'wildcard_vlan'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_virtual_wire_pair(data, fos): - vdom = data['vdom'] - state = data['state'] - system_virtual_wire_pair_data = data['system_virtual_wire_pair'] - filtered_data = underscore_to_hyphen(filter_system_virtual_wire_pair_data(system_virtual_wire_pair_data)) - - if state == "present": - return fos.set('system', - 'virtual-wire-pair', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'virtual-wire-pair', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_virtual_wire_pair']: - resp = system_virtual_wire_pair(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_virtual_wire_pair": { - "required": False, "type": "dict", "default": None, - "options": { - "member": {"required": False, "type": "list", - "options": { - "interface_name": {"required": False, "type": "str"} - }}, - "name": {"required": True, "type": "str"}, - "vlan_filter": {"required": False, "type": "str"}, - "wildcard_vlan": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_vxlan.py b/lib/ansible/modules/network/fortios/fortios_system_vxlan.py deleted file mode 100644 index b59caa34be5..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_vxlan.py +++ /dev/null @@ -1,382 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_vxlan -short_description: Configure VXLAN devices in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and vxlan category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_vxlan: - description: - - Configure VXLAN devices. - default: null - type: dict - suboptions: - dstport: - description: - - VXLAN destination port (1 - 65535). - type: int - interface: - description: - - Outgoing interface for VXLAN encapsulated traffic. Source system.interface.name. - type: str - ip_version: - description: - - IP version to use for the VXLAN interface and so for communication over the VXLAN. IPv4 or IPv6 unicast or multicast. - type: str - choices: - - ipv4-unicast - - ipv6-unicast - - ipv4-multicast - - ipv6-multicast - multicast_ttl: - description: - - VXLAN multicast TTL (1-255). - type: int - name: - description: - - VXLAN device or interface name. Must be a unique interface name. - required: true - type: str - remote_ip: - description: - - IPv4 address of the VXLAN interface on the device at the remote end of the VXLAN. - type: list - suboptions: - ip: - description: - - IPv4 address. - required: true - type: str - remote_ip6: - description: - - IPv6 IP address of the VXLAN interface on the device at the remote end of the VXLAN. - type: list - suboptions: - ip6: - description: - - IPv6 address. - required: true - type: str - vni: - description: - - VXLAN network ID. - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure VXLAN devices. - fortios_system_vxlan: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_vxlan: - dstport: "3" - interface: " (source system.interface.name)" - ip_version: "ipv4-unicast" - multicast_ttl: "6" - name: "default_name_7" - remote_ip: - - - ip: "" - remote_ip6: - - - ip6: "" - vni: "12" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_vxlan_data(json): - option_list = ['dstport', 'interface', 'ip_version', - 'multicast_ttl', 'name', 'remote_ip', - 'remote_ip6', 'vni'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_vxlan(data, fos): - vdom = data['vdom'] - state = data['state'] - system_vxlan_data = data['system_vxlan'] - filtered_data = underscore_to_hyphen(filter_system_vxlan_data(system_vxlan_data)) - - if state == "present": - return fos.set('system', - 'vxlan', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'vxlan', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_vxlan']: - resp = system_vxlan(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_vxlan": { - "required": False, "type": "dict", "default": None, - "options": { - "dstport": {"required": False, "type": "int"}, - "interface": {"required": False, "type": "str"}, - "ip_version": {"required": False, "type": "str", - "choices": ["ipv4-unicast", "ipv6-unicast", "ipv4-multicast", - "ipv6-multicast"]}, - "multicast_ttl": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "remote_ip": {"required": False, "type": "list", - "options": { - "ip": {"required": True, "type": "str"} - }}, - "remote_ip6": {"required": False, "type": "list", - "options": { - "ip6": {"required": True, "type": "str"} - }}, - "vni": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_wccp.py b/lib/ansible/modules/network/fortios/fortios_system_wccp.py deleted file mode 100644 index 6f506f5ca73..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_wccp.py +++ /dev/null @@ -1,494 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_wccp -short_description: Configure WCCP in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and wccp category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_wccp: - description: - - Configure WCCP. - default: null - type: dict - suboptions: - assignment_bucket_format: - description: - - Assignment bucket format for the WCCP cache engine. - type: str - choices: - - wccp-v2 - - cisco-implementation - assignment_dstaddr_mask: - description: - - Assignment destination address mask. - type: str - assignment_method: - description: - - Hash key assignment preference. - type: str - choices: - - HASH - - MASK - - any - assignment_srcaddr_mask: - description: - - Assignment source address mask. - type: str - assignment_weight: - description: - - Assignment of hash weight/ratio for the WCCP cache engine. - type: int - authentication: - description: - - Enable/disable MD5 authentication. - type: str - choices: - - enable - - disable - cache_engine_method: - description: - - Method used to forward traffic to the routers or to return to the cache engine. - type: str - choices: - - GRE - - L2 - cache_id: - description: - - IP address known to all routers. If the addresses are the same, use the default 0.0.0.0. - type: str - forward_method: - description: - - Method used to forward traffic to the cache servers. - type: str - choices: - - GRE - - L2 - - any - group_address: - description: - - IP multicast address used by the cache routers. For the FortiGate to ignore multicast WCCP traffic, use the default 0.0.0.0. - type: str - password: - description: - - Password for MD5 authentication. - type: str - ports: - description: - - Service ports. - type: str - ports_defined: - description: - - Match method. - type: str - choices: - - source - - destination - primary_hash: - description: - - Hash method. - type: str - choices: - - src-ip - - dst-ip - - src-port - - dst-port - priority: - description: - - Service priority. - type: int - protocol: - description: - - Service protocol. - type: int - return_method: - description: - - Method used to decline a redirected packet and return it to the FortiGate. - type: str - choices: - - GRE - - L2 - - any - router_id: - description: - - IP address known to all cache engines. If all cache engines connect to the same FortiGate interface, use the default 0.0.0.0. - type: str - router_list: - description: - - IP addresses of one or more WCCP routers. - type: str - server_list: - description: - - IP addresses and netmasks for up to four cache servers. - type: str - server_type: - description: - - Cache server type. - type: str - choices: - - forward - - proxy - service_id: - description: - - Service ID. - type: str - service_type: - description: - - WCCP service type used by the cache server for logical interception and redirection of traffic. - type: str - choices: - - auto - - standard - - dynamic -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure WCCP. - fortios_system_wccp: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_wccp: - assignment_bucket_format: "wccp-v2" - assignment_dstaddr_mask: "" - assignment_method: "HASH" - assignment_srcaddr_mask: "" - assignment_weight: "7" - authentication: "enable" - cache_engine_method: "GRE" - cache_id: "" - forward_method: "GRE" - group_address: "" - password: "" - ports: "" - ports_defined: "source" - primary_hash: "src-ip" - priority: "17" - protocol: "18" - return_method: "GRE" - router_id: "" - router_list: "" - server_list: "" - server_type: "forward" - service_id: "" - service_type: "auto" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_wccp_data(json): - option_list = ['assignment_bucket_format', 'assignment_dstaddr_mask', 'assignment_method', - 'assignment_srcaddr_mask', 'assignment_weight', 'authentication', - 'cache_engine_method', 'cache_id', 'forward_method', - 'group_address', 'password', 'ports', - 'ports_defined', 'primary_hash', 'priority', - 'protocol', 'return_method', 'router_id', - 'router_list', 'server_list', 'server_type', - 'service_id', 'service_type'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_wccp(data, fos): - vdom = data['vdom'] - state = data['state'] - system_wccp_data = data['system_wccp'] - filtered_data = underscore_to_hyphen(filter_system_wccp_data(system_wccp_data)) - - if state == "present": - return fos.set('system', - 'wccp', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'wccp', - mkey=filtered_data['service-id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_wccp']: - resp = system_wccp(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_wccp": { - "required": False, "type": "dict", "default": None, - "options": { - "assignment_bucket_format": {"required": False, "type": "str", - "choices": ["wccp-v2", "cisco-implementation"]}, - "assignment_dstaddr_mask": {"required": False, "type": "str"}, - "assignment_method": {"required": False, "type": "str", - "choices": ["HASH", "MASK", "any"]}, - "assignment_srcaddr_mask": {"required": False, "type": "str"}, - "assignment_weight": {"required": False, "type": "int"}, - "authentication": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "cache_engine_method": {"required": False, "type": "str", - "choices": ["GRE", "L2"]}, - "cache_id": {"required": False, "type": "str"}, - "forward_method": {"required": False, "type": "str", - "choices": ["GRE", "L2", "any"]}, - "group_address": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str"}, - "ports": {"required": False, "type": "str"}, - "ports_defined": {"required": False, "type": "str", - "choices": ["source", "destination"]}, - "primary_hash": {"required": False, "type": "str", - "choices": ["src-ip", "dst-ip", "src-port", - "dst-port"]}, - "priority": {"required": False, "type": "int"}, - "protocol": {"required": False, "type": "int"}, - "return_method": {"required": False, "type": "str", - "choices": ["GRE", "L2", "any"]}, - "router_id": {"required": False, "type": "str"}, - "router_list": {"required": False, "type": "str"}, - "server_list": {"required": False, "type": "str"}, - "server_type": {"required": False, "type": "str", - "choices": ["forward", "proxy"]}, - "service_id": {"required": False, "type": "str"}, - "service_type": {"required": False, "type": "str", - "choices": ["auto", "standard", "dynamic"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_system_zone.py b/lib/ansible/modules/network/fortios/fortios_system_zone.py deleted file mode 100644 index e1d2f59271c..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_system_zone.py +++ /dev/null @@ -1,379 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_system_zone -short_description: Configure zones to group two or more interfaces. When a zone is created you can configure policies for the zone instead of individual - interfaces in the zone in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify system feature and zone category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - system_zone: - description: - - Configure zones to group two or more interfaces. When a zone is created you can configure policies for the zone instead of individual interfaces - in the zone. - default: null - type: dict - suboptions: - interface: - description: - - Add interfaces to this zone. Interfaces must not be assigned to another zone or have firewall policies defined. - type: list - suboptions: - interface_name: - description: - - Select two or more interfaces to add to the zone. Source system.interface.name. - type: str - intrazone: - description: - - Allow or deny traffic routing between different interfaces in the same zone . - type: str - choices: - - allow - - deny - name: - description: - - Zone name. - required: true - type: str - tagging: - description: - - Config object tagging. - type: list - suboptions: - category: - description: - - Tag category. Source system.object-tagging.category. - type: str - name: - description: - - Tagging entry name. - required: true - type: str - tags: - description: - - Tags. - type: list - suboptions: - name: - description: - - Tag name. Source system.object-tagging.tags.name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure zones to group two or more interfaces. When a zone is created you can configure policies for the zone instead of individual interfaces in - the zone. - fortios_system_zone: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - system_zone: - interface: - - - interface_name: " (source system.interface.name)" - intrazone: "allow" - name: "default_name_6" - tagging: - - - category: " (source system.object-tagging.category)" - name: "default_name_9" - tags: - - - name: "default_name_11 (source system.object-tagging.tags.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_system_zone_data(json): - option_list = ['interface', 'intrazone', 'name', - 'tagging'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def system_zone(data, fos): - vdom = data['vdom'] - state = data['state'] - system_zone_data = data['system_zone'] - filtered_data = underscore_to_hyphen(filter_system_zone_data(system_zone_data)) - - if state == "present": - return fos.set('system', - 'zone', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('system', - 'zone', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_system(data, fos): - - if data['system_zone']: - resp = system_zone(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "system_zone": { - "required": False, "type": "dict", "default": None, - "options": { - "interface": {"required": False, "type": "list", - "options": { - "interface_name": {"required": False, "type": "str"} - }}, - "intrazone": {"required": False, "type": "str", - "choices": ["allow", "deny"]}, - "name": {"required": True, "type": "str"}, - "tagging": {"required": False, "type": "list", - "options": { - "category": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "tags": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_system(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_system(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_user_adgrp.py b/lib/ansible/modules/network/fortios/fortios_user_adgrp.py deleted file mode 100644 index e8bd6847492..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_user_adgrp.py +++ /dev/null @@ -1,337 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_user_adgrp -short_description: Configure FSSO groups in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify user feature and adgrp category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - user_adgrp: - description: - - Configure FSSO groups. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - name: - description: - - Name. - required: true - type: str - server_name: - description: - - FSSO agent name. Source user.fsso.name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FSSO groups. - fortios_user_adgrp: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - user_adgrp: - name: "default_name_3" - server_name: " (source user.fsso.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_user_adgrp_data(json): - option_list = ['name', 'server_name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def user_adgrp(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['user_adgrp'] and data['user_adgrp']: - state = data['user_adgrp']['state'] - else: - state = True - user_adgrp_data = data['user_adgrp'] - filtered_data = underscore_to_hyphen(filter_user_adgrp_data(user_adgrp_data)) - - if state == "present": - return fos.set('user', - 'adgrp', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('user', - 'adgrp', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_user(data, fos): - - if data['user_adgrp']: - resp = user_adgrp(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "user_adgrp": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "name": {"required": True, "type": "str"}, - "server_name": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_user(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_user(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_user_device.py b/lib/ansible/modules/network/fortios/fortios_user_device.py deleted file mode 100644 index 490e8e10b80..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_user_device.py +++ /dev/null @@ -1,433 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_user_device -short_description: Configure devices in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify user feature and device category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - user_device: - description: - - Configure devices. - default: null - type: dict - suboptions: - alias: - description: - - Device alias. - required: true - type: str - avatar: - description: - - Image file for avatar (maximum 4K base64 encoded). - type: str - category: - description: - - Device category. - type: str - choices: - - none - - amazon-device - - android-device - - blackberry-device - - fortinet-device - - ios-device - - windows-device - comment: - description: - - Comment. - type: str - mac: - description: - - Device MAC address. - type: str - master_device: - description: - - Master device (optional). Source user.device.alias. - type: str - tagging: - description: - - Config object tagging. - type: list - suboptions: - category: - description: - - Tag category. Source system.object-tagging.category. - type: str - name: - description: - - Tagging entry name. - required: true - type: str - tags: - description: - - Tags. - type: list - suboptions: - name: - description: - - Tag name. Source system.object-tagging.tags.name. - required: true - type: str - type: - description: - - Device type. - type: str - choices: - - unknown - - android-phone - - android-tablet - - blackberry-phone - - blackberry-playbook - - forticam - - fortifone - - fortinet-device - - gaming-console - - ip-phone - - ipad - - iphone - - linux-pc - - mac - - media-streaming - - printer - - router-nat-device - - windows-pc - - windows-phone - - windows-tablet - - other-network-device - user: - description: - - User name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure devices. - fortios_user_device: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - user_device: - alias: "" - avatar: "" - category: "none" - comment: "Comment." - mac: "" - master_device: " (source user.device.alias)" - tagging: - - - category: " (source system.object-tagging.category)" - name: "default_name_11" - tags: - - - name: "default_name_13 (source system.object-tagging.tags.name)" - type: "unknown" - user: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_user_device_data(json): - option_list = ['alias', 'avatar', 'category', - 'comment', 'mac', 'master_device', - 'tagging', 'type', 'user'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def user_device(data, fos): - vdom = data['vdom'] - state = data['state'] - user_device_data = data['user_device'] - filtered_data = underscore_to_hyphen(filter_user_device_data(user_device_data)) - - if state == "present": - return fos.set('user', - 'device', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('user', - 'device', - mkey=filtered_data['alias'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_user(data, fos): - - if data['user_device']: - resp = user_device(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "user_device": { - "required": False, "type": "dict", "default": None, - "options": { - "alias": {"required": True, "type": "str"}, - "avatar": {"required": False, "type": "str"}, - "category": {"required": False, "type": "str", - "choices": ["none", "amazon-device", "android-device", - "blackberry-device", "fortinet-device", "ios-device", - "windows-device"]}, - "comment": {"required": False, "type": "str"}, - "mac": {"required": False, "type": "str"}, - "master_device": {"required": False, "type": "str"}, - "tagging": {"required": False, "type": "list", - "options": { - "category": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "tags": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }} - }}, - "type": {"required": False, "type": "str", - "choices": ["unknown", "android-phone", "android-tablet", - "blackberry-phone", "blackberry-playbook", "forticam", - "fortifone", "fortinet-device", "gaming-console", - "ip-phone", "ipad", "iphone", - "linux-pc", "mac", "media-streaming", - "printer", "router-nat-device", "windows-pc", - "windows-phone", "windows-tablet", "other-network-device"]}, - "user": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_user(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_user(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_user_device_access_list.py b/lib/ansible/modules/network/fortios/fortios_user_device_access_list.py deleted file mode 100644 index 6998cc987d2..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_user_device_access_list.py +++ /dev/null @@ -1,352 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_user_device_access_list -short_description: Configure device access control lists in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify user feature and device_access_list category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - user_device_access_list: - description: - - Configure device access control lists. - default: null - type: dict - suboptions: - default_action: - description: - - Accept or deny unknown/unspecified devices. - type: str - choices: - - accept - - deny - device_list: - description: - - Device list. - type: list - suboptions: - action: - description: - - Allow or block device. - type: str - choices: - - accept - - deny - device: - description: - - Firewall device or device group. Source user.device.alias user.device-group.name user.device-category.name. - type: str - id: - description: - - Entry ID. - required: true - type: int - name: - description: - - Device access list name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure device access control lists. - fortios_user_device_access_list: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - user_device_access_list: - default_action: "accept" - device_list: - - - action: "accept" - device: " (source user.device.alias user.device-group.name user.device-category.name)" - id: "7" - name: "default_name_8" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_user_device_access_list_data(json): - option_list = ['default_action', 'device_list', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def user_device_access_list(data, fos): - vdom = data['vdom'] - state = data['state'] - user_device_access_list_data = data['user_device_access_list'] - filtered_data = underscore_to_hyphen(filter_user_device_access_list_data(user_device_access_list_data)) - - if state == "present": - return fos.set('user', - 'device-access-list', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('user', - 'device-access-list', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_user(data, fos): - - if data['user_device_access_list']: - resp = user_device_access_list(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "user_device_access_list": { - "required": False, "type": "dict", "default": None, - "options": { - "default_action": {"required": False, "type": "str", - "choices": ["accept", "deny"]}, - "device_list": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["accept", "deny"]}, - "device": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"} - }}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_user(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_user(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_user_device_category.py b/lib/ansible/modules/network/fortios/fortios_user_device_category.py deleted file mode 100644 index e2513dd2235..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_user_device_category.py +++ /dev/null @@ -1,321 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_user_device_category -short_description: Configure device categories in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify user feature and device_category category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - user_device_category: - description: - - Configure device categories. - default: null - type: dict - suboptions: - comment: - description: - - Comment. - type: str - desc: - description: - - Device category description. - type: str - name: - description: - - Device category name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure device categories. - fortios_user_device_category: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - user_device_category: - comment: "Comment." - desc: "" - name: "default_name_5" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_user_device_category_data(json): - option_list = ['comment', 'desc', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def user_device_category(data, fos): - vdom = data['vdom'] - state = data['state'] - user_device_category_data = data['user_device_category'] - filtered_data = underscore_to_hyphen(filter_user_device_category_data(user_device_category_data)) - - if state == "present": - return fos.set('user', - 'device-category', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('user', - 'device-category', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_user(data, fos): - - if data['user_device_category']: - resp = user_device_category(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "user_device_category": { - "required": False, "type": "dict", "default": None, - "options": { - "comment": {"required": False, "type": "str"}, - "desc": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_user(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_user(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_user_device_group.py b/lib/ansible/modules/network/fortios/fortios_user_device_group.py deleted file mode 100644 index bbad35e6e17..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_user_device_group.py +++ /dev/null @@ -1,373 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_user_device_group -short_description: Configure device groups in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify user feature and device_group category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - user_device_group: - description: - - Configure device groups. - default: null - type: dict - suboptions: - comment: - description: - - Comment. - type: str - member: - description: - - Device group member. - type: list - suboptions: - name: - description: - - Device name. Source user.device.alias user.device-category.name. - required: true - type: str - name: - description: - - Device group name. - required: true - type: str - tagging: - description: - - Config object tagging. - type: list - suboptions: - category: - description: - - Tag category. Source system.object-tagging.category. - type: str - name: - description: - - Tagging entry name. - required: true - type: str - tags: - description: - - Tags. - type: list - suboptions: - name: - description: - - Tag name. Source system.object-tagging.tags.name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure device groups. - fortios_user_device_group: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - user_device_group: - comment: "Comment." - member: - - - name: "default_name_5 (source user.device.alias user.device-category.name)" - name: "default_name_6" - tagging: - - - category: " (source system.object-tagging.category)" - name: "default_name_9" - tags: - - - name: "default_name_11 (source system.object-tagging.tags.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_user_device_group_data(json): - option_list = ['comment', 'member', 'name', - 'tagging'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def user_device_group(data, fos): - vdom = data['vdom'] - state = data['state'] - user_device_group_data = data['user_device_group'] - filtered_data = underscore_to_hyphen(filter_user_device_group_data(user_device_group_data)) - - if state == "present": - return fos.set('user', - 'device-group', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('user', - 'device-group', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_user(data, fos): - - if data['user_device_group']: - resp = user_device_group(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "user_device_group": { - "required": False, "type": "dict", "default": None, - "options": { - "comment": {"required": False, "type": "str"}, - "member": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "name": {"required": True, "type": "str"}, - "tagging": {"required": False, "type": "list", - "options": { - "category": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "tags": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_user(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_user(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_user_domain_controller.py b/lib/ansible/modules/network/fortios/fortios_user_domain_controller.py deleted file mode 100644 index 703b02c6334..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_user_domain_controller.py +++ /dev/null @@ -1,334 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_user_domain_controller -short_description: Configure domain controller entries in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify user feature and domain_controller category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - user_domain_controller: - description: - - Configure domain controller entries. - default: null - type: dict - suboptions: - domain_name: - description: - - Domain DNS name. - type: str - ip_address: - description: - - Domain controller IP address. - type: str - ldap_server: - description: - - LDAP server name. Source user.ldap.name. - type: str - name: - description: - - Domain controller entry name. - required: true - type: str - port: - description: - - Port to be used for communication with the domain controller . - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure domain controller entries. - fortios_user_domain_controller: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - user_domain_controller: - domain_name: "" - ip_address: "" - ldap_server: " (source user.ldap.name)" - name: "default_name_6" - port: "7" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_user_domain_controller_data(json): - option_list = ['domain_name', 'ip_address', 'ldap_server', - 'name', 'port'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def user_domain_controller(data, fos): - vdom = data['vdom'] - state = data['state'] - user_domain_controller_data = data['user_domain_controller'] - filtered_data = underscore_to_hyphen(filter_user_domain_controller_data(user_domain_controller_data)) - - if state == "present": - return fos.set('user', - 'domain-controller', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('user', - 'domain-controller', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_user(data, fos): - - if data['user_domain_controller']: - resp = user_domain_controller(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "user_domain_controller": { - "required": False, "type": "dict", "default": None, - "options": { - "domain_name": {"required": False, "type": "str"}, - "ip_address": {"required": False, "type": "str"}, - "ldap_server": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "port": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_user(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_user(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_user_fortitoken.py b/lib/ansible/modules/network/fortios/fortios_user_fortitoken.py deleted file mode 100644 index e1c95a3d08f..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_user_fortitoken.py +++ /dev/null @@ -1,362 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_user_fortitoken -short_description: Configure FortiToken in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify user feature and fortitoken category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - user_fortitoken: - description: - - Configure FortiToken. - default: null - type: dict - suboptions: - activation_code: - description: - - Mobile token user activation-code. - type: str - activation_expire: - description: - - Mobile token user activation-code expire time. - type: int - comments: - description: - - Comment. - type: str - license: - description: - - Mobile token license. - type: str - os_ver: - description: - - Device Mobile Version. - type: str - reg_id: - description: - - Device Reg ID. - type: str - seed: - description: - - Token seed. - type: str - serial_number: - description: - - Serial number. - type: str - status: - description: - - Status - type: str - choices: - - active - - lock -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiToken. - fortios_user_fortitoken: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - user_fortitoken: - activation_code: "" - activation_expire: "4" - comments: "" - license: "" - os_ver: "" - reg_id: "" - seed: "" - serial_number: "" - status: "active" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_user_fortitoken_data(json): - option_list = ['activation_code', 'activation_expire', 'comments', - 'license', 'os_ver', 'reg_id', - 'seed', 'serial_number', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def user_fortitoken(data, fos): - vdom = data['vdom'] - state = data['state'] - user_fortitoken_data = data['user_fortitoken'] - filtered_data = underscore_to_hyphen(filter_user_fortitoken_data(user_fortitoken_data)) - - if state == "present": - return fos.set('user', - 'fortitoken', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('user', - 'fortitoken', - mkey=filtered_data['serial-number'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_user(data, fos): - - if data['user_fortitoken']: - resp = user_fortitoken(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "user_fortitoken": { - "required": False, "type": "dict", "default": None, - "options": { - "activation_code": {"required": False, "type": "str"}, - "activation_expire": {"required": False, "type": "int"}, - "comments": {"required": False, "type": "str"}, - "license": {"required": False, "type": "str"}, - "os_ver": {"required": False, "type": "str"}, - "reg_id": {"required": False, "type": "str"}, - "seed": {"required": False, "type": "str"}, - "serial_number": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["active", "lock"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_user(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_user(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_user_fsso.py b/lib/ansible/modules/network/fortios/fortios_user_fsso.py deleted file mode 100644 index 0fabd23038b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_user_fsso.py +++ /dev/null @@ -1,423 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_user_fsso -short_description: Configure Fortinet Single Sign On (FSSO) agents in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify user feature and fsso category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - user_fsso: - description: - - Configure Fortinet Single Sign On (FSSO) agents. - default: null - type: dict - suboptions: - ldap_server: - description: - - LDAP server to get group information. Source user.ldap.name. - type: str - name: - description: - - Name. - required: true - type: str - password: - description: - - Password of the first FSSO collector agent. - type: str - password2: - description: - - Password of the second FSSO collector agent. - type: str - password3: - description: - - Password of the third FSSO collector agent. - type: str - password4: - description: - - Password of the fourth FSSO collector agent. - type: str - password5: - description: - - Password of the fifth FSSO collector agent. - type: str - port: - description: - - Port of the first FSSO collector agent. - type: int - port2: - description: - - Port of the second FSSO collector agent. - type: int - port3: - description: - - Port of the third FSSO collector agent. - type: int - port4: - description: - - Port of the fourth FSSO collector agent. - type: int - port5: - description: - - Port of the fifth FSSO collector agent. - type: int - server: - description: - - Domain name or IP address of the first FSSO collector agent. - type: str - server2: - description: - - Domain name or IP address of the second FSSO collector agent. - type: str - server3: - description: - - Domain name or IP address of the third FSSO collector agent. - type: str - server4: - description: - - Domain name or IP address of the fourth FSSO collector agent. - type: str - server5: - description: - - Domain name or IP address of the fifth FSSO collector agent. - type: str - source_ip: - description: - - Source IP for communications to FSSO agent. - type: str - source_ip6: - description: - - IPv6 source for communications to FSSO agent. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure Fortinet Single Sign On (FSSO) agents. - fortios_user_fsso: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - user_fsso: - ldap_server: " (source user.ldap.name)" - name: "default_name_4" - password: "" - password2: "" - password3: "" - password4: "" - password5: "" - port: "10" - port2: "11" - port3: "12" - port4: "13" - port5: "14" - server: "192.168.100.40" - server2: "" - server3: "" - server4: "" - server5: "" - source_ip: "84.230.14.43" - source_ip6: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_user_fsso_data(json): - option_list = ['ldap_server', 'name', 'password', - 'password2', 'password3', 'password4', - 'password5', 'port', 'port2', - 'port3', 'port4', 'port5', - 'server', 'server2', 'server3', - 'server4', 'server5', 'source_ip', - 'source_ip6'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def user_fsso(data, fos): - vdom = data['vdom'] - state = data['state'] - user_fsso_data = data['user_fsso'] - filtered_data = underscore_to_hyphen(filter_user_fsso_data(user_fsso_data)) - - if state == "present": - return fos.set('user', - 'fsso', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('user', - 'fsso', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_user(data, fos): - - if data['user_fsso']: - resp = user_fsso(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "user_fsso": { - "required": False, "type": "dict", "default": None, - "options": { - "ldap_server": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "password": {"required": False, "type": "str"}, - "password2": {"required": False, "type": "str"}, - "password3": {"required": False, "type": "str"}, - "password4": {"required": False, "type": "str"}, - "password5": {"required": False, "type": "str"}, - "port": {"required": False, "type": "int"}, - "port2": {"required": False, "type": "int"}, - "port3": {"required": False, "type": "int"}, - "port4": {"required": False, "type": "int"}, - "port5": {"required": False, "type": "int"}, - "server": {"required": False, "type": "str"}, - "server2": {"required": False, "type": "str"}, - "server3": {"required": False, "type": "str"}, - "server4": {"required": False, "type": "str"}, - "server5": {"required": False, "type": "str"}, - "source_ip": {"required": False, "type": "str"}, - "source_ip6": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_user(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_user(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_user_fsso_polling.py b/lib/ansible/modules/network/fortios/fortios_user_fsso_polling.py deleted file mode 100644 index 095ab9eb88a..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_user_fsso_polling.py +++ /dev/null @@ -1,387 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_user_fsso_polling -short_description: Configure FSSO active directory servers for polling mode in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify user feature and fsso_polling category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - user_fsso_polling: - description: - - Configure FSSO active directory servers for polling mode. - default: null - type: dict - suboptions: - adgrp: - description: - - LDAP Group Info. - type: list - suboptions: - name: - description: - - Name. - required: true - type: str - default_domain: - description: - - Default domain managed by this Active Directory server. - type: str - id: - description: - - Active Directory server ID. - required: true - type: int - ldap_server: - description: - - LDAP server name used in LDAP connection strings. Source user.ldap.name. - type: str - logon_history: - description: - - Number of hours of logon history to keep, 0 means keep all history. - type: int - password: - description: - - Password required to log into this Active Directory server - type: str - polling_frequency: - description: - - Polling frequency (every 1 to 30 seconds). - type: int - port: - description: - - Port to communicate with this Active Directory server. - type: int - server: - description: - - Host name or IP address of the Active Directory server. - type: str - status: - description: - - Enable/disable polling for the status of this Active Directory server. - type: str - choices: - - enable - - disable - user: - description: - - User name required to log into this Active Directory server. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FSSO active directory servers for polling mode. - fortios_user_fsso_polling: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - user_fsso_polling: - adgrp: - - - name: "default_name_4" - default_domain: "" - id: "6" - ldap_server: " (source user.ldap.name)" - logon_history: "8" - password: "" - polling_frequency: "10" - port: "11" - server: "192.168.100.40" - status: "enable" - user: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_user_fsso_polling_data(json): - option_list = ['adgrp', 'default_domain', 'id', - 'ldap_server', 'logon_history', 'password', - 'polling_frequency', 'port', 'server', - 'status', 'user'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def user_fsso_polling(data, fos): - vdom = data['vdom'] - state = data['state'] - user_fsso_polling_data = data['user_fsso_polling'] - filtered_data = underscore_to_hyphen(filter_user_fsso_polling_data(user_fsso_polling_data)) - - if state == "present": - return fos.set('user', - 'fsso-polling', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('user', - 'fsso-polling', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_user(data, fos): - - if data['user_fsso_polling']: - resp = user_fsso_polling(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "user_fsso_polling": { - "required": False, "type": "dict", "default": None, - "options": { - "adgrp": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "default_domain": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "ldap_server": {"required": False, "type": "str"}, - "logon_history": {"required": False, "type": "int"}, - "password": {"required": False, "type": "str"}, - "polling_frequency": {"required": False, "type": "int"}, - "port": {"required": False, "type": "int"}, - "server": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "user": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_user(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_user(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_user_group.py b/lib/ansible/modules/network/fortios/fortios_user_group.py deleted file mode 100644 index 94bf51dabbf..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_user_group.py +++ /dev/null @@ -1,602 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_user_group -short_description: Configure user groups in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify user feature and group category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - user_group: - description: - - Configure user groups. - default: null - type: dict - suboptions: - auth_concurrent_override: - description: - - Enable/disable overriding the global number of concurrent authentication sessions for this user group. - type: str - choices: - - enable - - disable - auth_concurrent_value: - description: - - Maximum number of concurrent authenticated connections per user (0 - 100). - type: int - authtimeout: - description: - - Authentication timeout in minutes for this user group. 0 to use the global user setting auth-timeout. - type: int - company: - description: - - Set the action for the company guest user field. - type: str - choices: - - optional - - mandatory - - disabled - email: - description: - - Enable/disable the guest user email address field. - type: str - choices: - - disable - - enable - expire: - description: - - Time in seconds before guest user accounts expire. (1 - 31536000 sec) - type: int - expire_type: - description: - - Determine when the expiration countdown begins. - type: str - choices: - - immediately - - first-successful-login - group_type: - description: - - Set the group to be for firewall authentication, FSSO, RSSO, or guest users. - type: str - choices: - - firewall - - fsso-service - - rsso - - guest - guest: - description: - - Guest User. - type: list - suboptions: - comment: - description: - - Comment. - type: str - company: - description: - - Set the action for the company guest user field. - type: str - email: - description: - - Email. - type: str - expiration: - description: - - Expire time. - type: str - mobile_phone: - description: - - Mobile phone. - type: str - name: - description: - - Guest name. - type: str - password: - description: - - Guest password. - type: str - sponsor: - description: - - Set the action for the sponsor guest user field. - type: str - user_id: - description: - - Guest ID. - type: str - http_digest_realm: - description: - - Realm attribute for MD5-digest authentication. - type: str - id: - description: - - Group ID. - type: int - match: - description: - - Group matches. - type: list - suboptions: - group_name: - description: - - Name of matching group on remote authentication server. - type: str - id: - description: - - ID. - required: true - type: int - server_name: - description: - - Name of remote auth server. Source user.radius.name user.ldap.name user.tacacs+.name. - type: str - max_accounts: - description: - - Maximum number of guest accounts that can be created for this group (0 means unlimited). - type: int - member: - description: - - Names of users, peers, LDAP servers, or RADIUS servers to add to the user group. - type: list - suboptions: - name: - description: - - Group member name. Source user.peer.name user.local.name user.radius.name user.tacacs+.name user.ldap.name user.adgrp.name user - .pop3.name. - required: true - type: str - mobile_phone: - description: - - Enable/disable the guest user mobile phone number field. - type: str - choices: - - disable - - enable - multiple_guest_add: - description: - - Enable/disable addition of multiple guests. - type: str - choices: - - disable - - enable - name: - description: - - Group name. - required: true - type: str - password: - description: - - Guest user password type. - type: str - choices: - - auto-generate - - specify - - disable - sms_custom_server: - description: - - SMS server. Source system.sms-server.name. - type: str - sms_server: - description: - - Send SMS through FortiGuard or other external server. - type: str - choices: - - fortiguard - - custom - sponsor: - description: - - Set the action for the sponsor guest user field. - type: str - choices: - - optional - - mandatory - - disabled - sso_attribute_value: - description: - - Name of the RADIUS user group that this local user group represents. - type: str - user_id: - description: - - Guest user ID type. - type: str - choices: - - email - - auto-generate - - specify - user_name: - description: - - Enable/disable the guest user name entry. - type: str - choices: - - disable - - enable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure user groups. - fortios_user_group: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - user_group: - auth_concurrent_override: "enable" - auth_concurrent_value: "4" - authtimeout: "5" - company: "optional" - email: "disable" - expire: "8" - expire_type: "immediately" - group_type: "firewall" - guest: - - - comment: "Comment." - company: "" - email: "" - expiration: "" - mobile_phone: "" - name: "default_name_17" - password: "" - sponsor: "" - user_id: "" - http_digest_realm: "" - id: "22" - match: - - - group_name: "" - id: "25" - server_name: " (source user.radius.name user.ldap.name user.tacacs+.name)" - max_accounts: "27" - member: - - - name: "default_name_29 (source user.peer.name user.local.name user.radius.name user.tacacs+.name user.ldap.name user.adgrp.name user.pop3.name)" - mobile_phone: "disable" - multiple_guest_add: "disable" - name: "default_name_32" - password: "auto-generate" - sms_custom_server: " (source system.sms-server.name)" - sms_server: "fortiguard" - sponsor: "optional" - sso_attribute_value: "" - user_id: "email" - user_name: "disable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_user_group_data(json): - option_list = ['auth_concurrent_override', 'auth_concurrent_value', 'authtimeout', - 'company', 'email', 'expire', - 'expire_type', 'group_type', 'guest', - 'http_digest_realm', 'id', 'match', - 'max_accounts', 'member', 'mobile_phone', - 'multiple_guest_add', 'name', 'password', - 'sms_custom_server', 'sms_server', 'sponsor', - 'sso_attribute_value', 'user_id', 'user_name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def user_group(data, fos): - vdom = data['vdom'] - state = data['state'] - user_group_data = data['user_group'] - filtered_data = underscore_to_hyphen(filter_user_group_data(user_group_data)) - - if state == "present": - return fos.set('user', - 'group', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('user', - 'group', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_user(data, fos): - - if data['user_group']: - resp = user_group(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "user_group": { - "required": False, "type": "dict", "default": None, - "options": { - "auth_concurrent_override": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "auth_concurrent_value": {"required": False, "type": "int"}, - "authtimeout": {"required": False, "type": "int"}, - "company": {"required": False, "type": "str", - "choices": ["optional", "mandatory", "disabled"]}, - "email": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "expire": {"required": False, "type": "int"}, - "expire_type": {"required": False, "type": "str", - "choices": ["immediately", "first-successful-login"]}, - "group_type": {"required": False, "type": "str", - "choices": ["firewall", "fsso-service", "rsso", - "guest"]}, - "guest": {"required": False, "type": "list", - "options": { - "comment": {"required": False, "type": "str"}, - "company": {"required": False, "type": "str"}, - "email": {"required": False, "type": "str"}, - "expiration": {"required": False, "type": "str"}, - "mobile_phone": {"required": False, "type": "str"}, - "name": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str"}, - "sponsor": {"required": False, "type": "str"}, - "user_id": {"required": False, "type": "str"} - }}, - "http_digest_realm": {"required": False, "type": "str"}, - "id": {"required": False, "type": "int"}, - "match": {"required": False, "type": "list", - "options": { - "group_name": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "server_name": {"required": False, "type": "str"} - }}, - "max_accounts": {"required": False, "type": "int"}, - "member": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "mobile_phone": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "multiple_guest_add": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "name": {"required": True, "type": "str"}, - "password": {"required": False, "type": "str", - "choices": ["auto-generate", "specify", "disable"]}, - "sms_custom_server": {"required": False, "type": "str"}, - "sms_server": {"required": False, "type": "str", - "choices": ["fortiguard", "custom"]}, - "sponsor": {"required": False, "type": "str", - "choices": ["optional", "mandatory", "disabled"]}, - "sso_attribute_value": {"required": False, "type": "str"}, - "user_id": {"required": False, "type": "str", - "choices": ["email", "auto-generate", "specify"]}, - "user_name": {"required": False, "type": "str", - "choices": ["disable", "enable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_user(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_user(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_user_krb_keytab.py b/lib/ansible/modules/network/fortios/fortios_user_krb_keytab.py deleted file mode 100644 index a7dac52cbed..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_user_krb_keytab.py +++ /dev/null @@ -1,328 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_user_krb_keytab -short_description: Configure Kerberos keytab entries in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify user feature and krb_keytab category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - user_krb_keytab: - description: - - Configure Kerberos keytab entries. - default: null - type: dict - suboptions: - keytab: - description: - - base64 coded keytab file containing a pre-shared key. - type: str - ldap_server: - description: - - LDAP server name. Source user.ldap.name. - type: str - name: - description: - - Kerberos keytab entry name. - required: true - type: str - principal: - description: - - Kerberos service principal, e.g. HTTP/fgt.example.com@EXAMPLE.COM. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure Kerberos keytab entries. - fortios_user_krb_keytab: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - user_krb_keytab: - keytab: "" - ldap_server: " (source user.ldap.name)" - name: "default_name_5" - principal: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_user_krb_keytab_data(json): - option_list = ['keytab', 'ldap_server', 'name', - 'principal'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def user_krb_keytab(data, fos): - vdom = data['vdom'] - state = data['state'] - user_krb_keytab_data = data['user_krb_keytab'] - filtered_data = underscore_to_hyphen(filter_user_krb_keytab_data(user_krb_keytab_data)) - - if state == "present": - return fos.set('user', - 'krb-keytab', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('user', - 'krb-keytab', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_user(data, fos): - - if data['user_krb_keytab']: - resp = user_krb_keytab(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "user_krb_keytab": { - "required": False, "type": "dict", "default": None, - "options": { - "keytab": {"required": False, "type": "str"}, - "ldap_server": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "principal": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_user(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_user(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_user_ldap.py b/lib/ansible/modules/network/fortios/fortios_user_ldap.py deleted file mode 100644 index ed79ab203de..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_user_ldap.py +++ /dev/null @@ -1,493 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_user_ldap -short_description: Configure LDAP server entries in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify user feature and ldap category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - user_ldap: - description: - - Configure LDAP server entries. - default: null - type: dict - suboptions: - account_key_filter: - description: - - Account key filter, using the UPN as the search filter. - type: str - account_key_processing: - description: - - Account key processing operation, either keep or strip domain string of UPN in the token. - type: str - choices: - - same - - strip - ca_cert: - description: - - CA certificate name. Source vpn.certificate.ca.name. - type: str - cnid: - description: - - Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn". - type: str - dn: - description: - - Distinguished name used to look up entries on the LDAP server. - type: str - group_filter: - description: - - Filter used for group matching. - type: str - group_member_check: - description: - - Group member checking methods. - type: str - choices: - - user-attr - - group-object - - posix-group-object - group_object_filter: - description: - - Filter used for group searching. - type: str - group_search_base: - description: - - Search base used for group searching. - type: str - member_attr: - description: - - Name of attribute from which to get group membership. - type: str - name: - description: - - LDAP server entry name. - required: true - type: str - password: - description: - - Password for initial binding. - type: str - password_expiry_warning: - description: - - Enable/disable password expiry warnings. - type: str - choices: - - enable - - disable - password_renewal: - description: - - Enable/disable online password renewal. - type: str - choices: - - enable - - disable - port: - description: - - Port to be used for communication with the LDAP server . - type: int - secondary_server: - description: - - Secondary LDAP server CN domain name or IP. - type: str - secure: - description: - - Port to be used for authentication. - type: str - choices: - - disable - - starttls - - ldaps - server: - description: - - LDAP server CN domain name or IP. - type: str - server_identity_check: - description: - - Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). - type: str - choices: - - enable - - disable - source_ip: - description: - - Source IP for communications to LDAP server. - type: str - ssl_min_proto_version: - description: - - Minimum supported protocol version for SSL/TLS connections . - type: str - choices: - - default - - SSLv3 - - TLSv1 - - TLSv1-1 - - TLSv1-2 - tertiary_server: - description: - - Tertiary LDAP server CN domain name or IP. - type: str - type: - description: - - Authentication type for LDAP searches. - type: str - choices: - - simple - - anonymous - - regular - username: - description: - - Username (full DN) for initial binding. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure LDAP server entries. - fortios_user_ldap: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - user_ldap: - account_key_filter: "" - account_key_processing: "same" - ca_cert: " (source vpn.certificate.ca.name)" - cnid: "" - dn: "" - group_filter: "" - group_member_check: "user-attr" - group_object_filter: "" - group_search_base: "" - member_attr: "" - name: "default_name_13" - password: "" - password_expiry_warning: "enable" - password_renewal: "enable" - port: "17" - secondary_server: "" - secure: "disable" - server: "192.168.100.40" - server_identity_check: "enable" - source_ip: "84.230.14.43" - ssl_min_proto_version: "default" - tertiary_server: "" - type: "simple" - username: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_user_ldap_data(json): - option_list = ['account_key_filter', 'account_key_processing', 'ca_cert', - 'cnid', 'dn', 'group_filter', - 'group_member_check', 'group_object_filter', 'group_search_base', - 'member_attr', 'name', 'password', - 'password_expiry_warning', 'password_renewal', 'port', - 'secondary_server', 'secure', 'server', - 'server_identity_check', 'source_ip', 'ssl_min_proto_version', - 'tertiary_server', 'type', 'username'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def user_ldap(data, fos): - vdom = data['vdom'] - state = data['state'] - user_ldap_data = data['user_ldap'] - filtered_data = underscore_to_hyphen(filter_user_ldap_data(user_ldap_data)) - - if state == "present": - return fos.set('user', - 'ldap', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('user', - 'ldap', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_user(data, fos): - - if data['user_ldap']: - resp = user_ldap(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "user_ldap": { - "required": False, "type": "dict", "default": None, - "options": { - "account_key_filter": {"required": False, "type": "str"}, - "account_key_processing": {"required": False, "type": "str", - "choices": ["same", "strip"]}, - "ca_cert": {"required": False, "type": "str"}, - "cnid": {"required": False, "type": "str"}, - "dn": {"required": False, "type": "str"}, - "group_filter": {"required": False, "type": "str"}, - "group_member_check": {"required": False, "type": "str", - "choices": ["user-attr", "group-object", "posix-group-object"]}, - "group_object_filter": {"required": False, "type": "str"}, - "group_search_base": {"required": False, "type": "str"}, - "member_attr": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "password": {"required": False, "type": "str"}, - "password_expiry_warning": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "password_renewal": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "port": {"required": False, "type": "int"}, - "secondary_server": {"required": False, "type": "str"}, - "secure": {"required": False, "type": "str", - "choices": ["disable", "starttls", "ldaps"]}, - "server": {"required": False, "type": "str"}, - "server_identity_check": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "source_ip": {"required": False, "type": "str"}, - "ssl_min_proto_version": {"required": False, "type": "str", - "choices": ["default", "SSLv3", "TLSv1", - "TLSv1-1", "TLSv1-2"]}, - "tertiary_server": {"required": False, "type": "str"}, - "type": {"required": False, "type": "str", - "choices": ["simple", "anonymous", "regular"]}, - "username": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_user(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_user(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_user_local.py b/lib/ansible/modules/network/fortios/fortios_user_local.py deleted file mode 100644 index ba413568efd..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_user_local.py +++ /dev/null @@ -1,462 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_user_local -short_description: Configure local users in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify user feature and local category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - user_local: - description: - - Configure local users. - default: null - type: dict - suboptions: - auth_concurrent_override: - description: - - Enable/disable overriding the policy-auth-concurrent under config system global. - type: str - choices: - - enable - - disable - auth_concurrent_value: - description: - - Maximum number of concurrent logins permitted from the same user. - type: int - authtimeout: - description: - - Time in minutes before the authentication timeout for a user is reached. - type: int - email_to: - description: - - Two-factor recipient's email address. - type: str - fortitoken: - description: - - Two-factor recipient's FortiToken serial number. Source user.fortitoken.serial-number. - type: str - id: - description: - - User ID. - type: int - ldap_server: - description: - - Name of LDAP server with which the user must authenticate. Source user.ldap.name. - type: str - name: - description: - - User name. - required: true - type: str - passwd: - description: - - User's password. - type: str - passwd_policy: - description: - - Password policy to apply to this user, as defined in config user password-policy. Source user.password-policy.name. - type: str - passwd_time: - description: - - Time of the last password update. - type: str - ppk_identity: - description: - - IKEv2 Postquantum Preshared Key Identity. - type: str - ppk_secret: - description: - - IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x). - type: str - radius_server: - description: - - Name of RADIUS server with which the user must authenticate. Source user.radius.name. - type: str - sms_custom_server: - description: - - Two-factor recipient's SMS server. Source system.sms-server.name. - type: str - sms_phone: - description: - - Two-factor recipient's mobile phone number. - type: str - sms_server: - description: - - Send SMS through FortiGuard or other external server. - type: str - choices: - - fortiguard - - custom - status: - description: - - Enable/disable allowing the local user to authenticate with the FortiGate unit. - type: str - choices: - - enable - - disable - two_factor: - description: - - Enable/disable two-factor authentication. - type: str - choices: - - disable - - fortitoken - - email - - sms - type: - description: - - Authentication method. - type: str - choices: - - password - - radius - - tacacs+ - - ldap - workstation: - description: - - Name of the remote user workstation, if you want to limit the user to authenticate only from a particular workstation. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure local users. - fortios_user_local: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - user_local: - auth_concurrent_override: "enable" - auth_concurrent_value: "4" - authtimeout: "5" - email_to: "" - fortitoken: " (source user.fortitoken.serial-number)" - id: "8" - ldap_server: " (source user.ldap.name)" - name: "default_name_10" - passwd: "" - passwd_policy: " (source user.password-policy.name)" - passwd_time: "" - ppk_identity: "" - ppk_secret: "" - radius_server: " (source user.radius.name)" - sms_custom_server: " (source system.sms-server.name)" - sms_phone: "" - sms_server: "fortiguard" - status: "enable" - two_factor: "disable" - type: "password" - workstation: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_user_local_data(json): - option_list = ['auth_concurrent_override', 'auth_concurrent_value', 'authtimeout', - 'email_to', 'fortitoken', 'id', - 'ldap_server', 'name', 'passwd', - 'passwd_policy', 'passwd_time', 'ppk_identity', - 'ppk_secret', 'radius_server', 'sms_custom_server', - 'sms_phone', 'sms_server', 'status', - 'two_factor', 'type', - 'workstation'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def user_local(data, fos): - vdom = data['vdom'] - state = data['state'] - user_local_data = data['user_local'] - filtered_data = underscore_to_hyphen(filter_user_local_data(user_local_data)) - - if state == "present": - return fos.set('user', - 'local', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('user', - 'local', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_user(data, fos): - - if data['user_local']: - resp = user_local(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "user_local": { - "required": False, "type": "dict", "default": None, - "options": { - "auth_concurrent_override": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "auth_concurrent_value": {"required": False, "type": "int"}, - "authtimeout": {"required": False, "type": "int"}, - "email_to": {"required": False, "type": "str"}, - "fortitoken": {"required": False, "type": "str"}, - "id": {"required": False, "type": "int"}, - "ldap_server": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "passwd": {"required": False, "type": "str"}, - "passwd_policy": {"required": False, "type": "str"}, - "passwd_time": {"required": False, "type": "str"}, - "ppk_identity": {"required": False, "type": "str"}, - "ppk_secret": {"required": False, "type": "str"}, - "radius_server": {"required": False, "type": "str"}, - "sms_custom_server": {"required": False, "type": "str"}, - "sms_phone": {"required": False, "type": "str"}, - "sms_server": {"required": False, "type": "str", - "choices": ["fortiguard", "custom"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "two_factor": {"required": False, "type": "str", - "choices": ["disable", "fortitoken", "email", - "sms"]}, - "type": {"required": False, "type": "str", - "choices": ["password", "radius", "tacacs+", - "ldap"]}, - "workstation": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_user(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_user(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_user_password_policy.py b/lib/ansible/modules/network/fortios/fortios_user_password_policy.py deleted file mode 100644 index 01738f96213..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_user_password_policy.py +++ /dev/null @@ -1,321 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_user_password_policy -short_description: Configure user password policy in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify user feature and password_policy category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - user_password_policy: - description: - - Configure user password policy. - default: null - type: dict - suboptions: - expire_days: - description: - - Time in days before the user's password expires. - type: int - name: - description: - - Password policy name. - required: true - type: str - warn_days: - description: - - Time in days before a password expiration warning message is displayed to the user upon login. - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure user password policy. - fortios_user_password_policy: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - user_password_policy: - expire_days: "3" - name: "default_name_4" - warn_days: "5" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_user_password_policy_data(json): - option_list = ['expire_days', 'name', 'warn_days'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def user_password_policy(data, fos): - vdom = data['vdom'] - state = data['state'] - user_password_policy_data = data['user_password_policy'] - filtered_data = underscore_to_hyphen(filter_user_password_policy_data(user_password_policy_data)) - - if state == "present": - return fos.set('user', - 'password-policy', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('user', - 'password-policy', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_user(data, fos): - - if data['user_password_policy']: - resp = user_password_policy(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "user_password_policy": { - "required": False, "type": "dict", "default": None, - "options": { - "expire_days": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "warn_days": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_user(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_user(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_user_peer.py b/lib/ansible/modules/network/fortios/fortios_user_peer.py deleted file mode 100644 index e69987a9448..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_user_peer.py +++ /dev/null @@ -1,406 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_user_peer -short_description: Configure peer users in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify user feature and peer category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - user_peer: - description: - - Configure peer users. - default: null - type: dict - suboptions: - ca: - description: - - Name of the CA certificate as returned by the execute vpn certificate ca list command. Source vpn.certificate.ca.name. - type: str - cn: - description: - - Peer certificate common name. - type: str - cn_type: - description: - - Peer certificate common name type. - type: str - choices: - - string - - email - - FQDN - - ipv4 - - ipv6 - ldap_mode: - description: - - Mode for LDAP peer authentication. - type: str - choices: - - password - - principal-name - ldap_password: - description: - - Password for LDAP server bind. - type: str - ldap_server: - description: - - Name of an LDAP server defined under the user ldap command. Performs client access rights check. Source user.ldap.name. - type: str - ldap_username: - description: - - Username for LDAP server bind. - type: str - mandatory_ca_verify: - description: - - Determine what happens to the peer if the CA certificate is not installed. Disable to automatically consider the peer certificate as - valid. - type: str - choices: - - enable - - disable - name: - description: - - Peer name. - required: true - type: str - ocsp_override_server: - description: - - Online Certificate Status Protocol (OCSP) server for certificate retrieval. Source vpn.certificate.ocsp-server.name. - type: str - passwd: - description: - - Peer's password used for two-factor authentication. - type: str - subject: - description: - - Peer certificate name constraints. - type: str - two_factor: - description: - - Enable/disable two-factor authentication, applying certificate and password-based authentication. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure peer users. - fortios_user_peer: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - user_peer: - ca: " (source vpn.certificate.ca.name)" - cn: "" - cn_type: "string" - ldap_mode: "password" - ldap_password: "" - ldap_server: " (source user.ldap.name)" - ldap_username: "" - mandatory_ca_verify: "enable" - name: "default_name_11" - ocsp_override_server: " (source vpn.certificate.ocsp-server.name)" - passwd: "" - subject: "" - two_factor: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_user_peer_data(json): - option_list = ['ca', 'cn', 'cn_type', - 'ldap_mode', 'ldap_password', 'ldap_server', - 'ldap_username', 'mandatory_ca_verify', 'name', - 'ocsp_override_server', 'passwd', 'subject', - 'two_factor'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def user_peer(data, fos): - vdom = data['vdom'] - state = data['state'] - user_peer_data = data['user_peer'] - filtered_data = underscore_to_hyphen(filter_user_peer_data(user_peer_data)) - - if state == "present": - return fos.set('user', - 'peer', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('user', - 'peer', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_user(data, fos): - - if data['user_peer']: - resp = user_peer(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "user_peer": { - "required": False, "type": "dict", "default": None, - "options": { - "ca": {"required": False, "type": "str"}, - "cn": {"required": False, "type": "str"}, - "cn_type": {"required": False, "type": "str", - "choices": ["string", "email", "FQDN", - "ipv4", "ipv6"]}, - "ldap_mode": {"required": False, "type": "str", - "choices": ["password", "principal-name"]}, - "ldap_password": {"required": False, "type": "str"}, - "ldap_server": {"required": False, "type": "str"}, - "ldap_username": {"required": False, "type": "str"}, - "mandatory_ca_verify": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "name": {"required": True, "type": "str"}, - "ocsp_override_server": {"required": False, "type": "str"}, - "passwd": {"required": False, "type": "str"}, - "subject": {"required": False, "type": "str"}, - "two_factor": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_user(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_user(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_user_peergrp.py b/lib/ansible/modules/network/fortios/fortios_user_peergrp.py deleted file mode 100644 index 690f602380a..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_user_peergrp.py +++ /dev/null @@ -1,326 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_user_peergrp -short_description: Configure peer groups in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify user feature and peergrp category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - user_peergrp: - description: - - Configure peer groups. - default: null - type: dict - suboptions: - member: - description: - - Peer group members. - type: list - suboptions: - name: - description: - - Peer group member name. Source user.peer.name. - required: true - type: str - name: - description: - - Peer group name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure peer groups. - fortios_user_peergrp: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - user_peergrp: - member: - - - name: "default_name_4 (source user.peer.name)" - name: "default_name_5" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_user_peergrp_data(json): - option_list = ['member', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def user_peergrp(data, fos): - vdom = data['vdom'] - state = data['state'] - user_peergrp_data = data['user_peergrp'] - filtered_data = underscore_to_hyphen(filter_user_peergrp_data(user_peergrp_data)) - - if state == "present": - return fos.set('user', - 'peergrp', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('user', - 'peergrp', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_user(data, fos): - - if data['user_peergrp']: - resp = user_peergrp(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "user_peergrp": { - "required": False, "type": "dict", "default": None, - "options": { - "member": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_user(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_user(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_user_pop3.py b/lib/ansible/modules/network/fortios/fortios_user_pop3.py deleted file mode 100644 index 97b522c3a5d..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_user_pop3.py +++ /dev/null @@ -1,347 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_user_pop3 -short_description: POP3 server entry configuration in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify user feature and pop3 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - user_pop3: - description: - - POP3 server entry configuration. - default: null - type: dict - suboptions: - name: - description: - - POP3 server entry name. - required: true - type: str - port: - description: - - POP3 service port number. - type: int - secure: - description: - - SSL connection. - type: str - choices: - - none - - starttls - - pop3s - server: - description: - - server domain name or IP. - type: str - ssl_min_proto_version: - description: - - Minimum supported protocol version for SSL/TLS connections. - type: str - choices: - - default - - SSLv3 - - TLSv1 - - TLSv1-1 - - TLSv1-2 -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: POP3 server entry configuration. - fortios_user_pop3: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - user_pop3: - name: "default_name_3" - port: "4" - secure: "none" - server: "192.168.100.40" - ssl_min_proto_version: "default" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_user_pop3_data(json): - option_list = ['name', 'port', 'secure', - 'server', 'ssl_min_proto_version'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def user_pop3(data, fos): - vdom = data['vdom'] - state = data['state'] - user_pop3_data = data['user_pop3'] - filtered_data = underscore_to_hyphen(filter_user_pop3_data(user_pop3_data)) - - if state == "present": - return fos.set('user', - 'pop3', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('user', - 'pop3', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_user(data, fos): - - if data['user_pop3']: - resp = user_pop3(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "user_pop3": { - "required": False, "type": "dict", "default": None, - "options": { - "name": {"required": True, "type": "str"}, - "port": {"required": False, "type": "int"}, - "secure": {"required": False, "type": "str", - "choices": ["none", "starttls", "pop3s"]}, - "server": {"required": False, "type": "str"}, - "ssl_min_proto_version": {"required": False, "type": "str", - "choices": ["default", "SSLv3", "TLSv1", - "TLSv1-1", "TLSv1-2"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_user(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_user(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_user_quarantine.py b/lib/ansible/modules/network/fortios/fortios_user_quarantine.py deleted file mode 100644 index 6537a41300b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_user_quarantine.py +++ /dev/null @@ -1,351 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_user_quarantine -short_description: Configure quarantine support in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify user feature and quarantine category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - user_quarantine: - description: - - Configure quarantine support. - default: null - type: dict - suboptions: - quarantine: - description: - - Enable/disable quarantine. - type: str - choices: - - enable - - disable - targets: - description: - - Quarantine entry to hold multiple MACs. - type: list - suboptions: - description: - description: - - Description for the quarantine entry. - type: str - entry: - description: - - Quarantine entry name. - required: true - type: str - macs: - description: - - Quarantine MACs. - type: list - suboptions: - description: - description: - - Description for the quarantine MAC. - type: str - entry_id: - description: - - FSW entry id for the quarantine MAC. - type: int - mac: - description: - - Quarantine MAC. - required: true - type: str - parent: - description: - - Parent entry name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure quarantine support. - fortios_user_quarantine: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - user_quarantine: - quarantine: "enable" - targets: - - - description: "" - entry: "" - macs: - - - description: "" - entry_id: "9" - mac: "" - parent: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_user_quarantine_data(json): - option_list = ['quarantine', 'targets'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def user_quarantine(data, fos): - vdom = data['vdom'] - user_quarantine_data = data['user_quarantine'] - filtered_data = underscore_to_hyphen(filter_user_quarantine_data(user_quarantine_data)) - - return fos.set('user', - 'quarantine', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_user(data, fos): - - if data['user_quarantine']: - resp = user_quarantine(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "user_quarantine": { - "required": False, "type": "dict", "default": None, - "options": { - "quarantine": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "targets": {"required": False, "type": "list", - "options": { - "description": {"required": False, "type": "str"}, - "entry": {"required": True, "type": "str"}, - "macs": {"required": False, "type": "list", - "options": { - "description": {"required": False, "type": "str"}, - "entry_id": {"required": False, "type": "int"}, - "mac": {"required": True, "type": "str"}, - "parent": {"required": False, "type": "str"} - }} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_user(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_user(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_user_radius.py b/lib/ansible/modules/network/fortios/fortios_user_radius.py deleted file mode 100644 index 1584263548b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_user_radius.py +++ /dev/null @@ -1,790 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_user_radius -short_description: Configure RADIUS server entries in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify user feature and radius category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - user_radius: - description: - - Configure RADIUS server entries. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - accounting_server: - description: - - Additional accounting servers. - type: list - suboptions: - id: - description: - - ID (0 - 4294967295). - required: true - type: int - port: - description: - - RADIUS accounting port number. - type: int - secret: - description: - - Secret key. - type: str - server: - description: - - name_str or ip_str Server CN domain name or IP. - type: str - source_ip: - description: - - Source IP address for communications to the RADIUS server. - type: str - status: - description: - - Status. - type: str - choices: - - enable - - disable - acct_all_servers: - description: - - Enable/disable sending of accounting messages to all configured servers. - type: str - choices: - - enable - - disable - acct_interim_interval: - description: - - Time in seconds between each accounting interim update message. - type: int - all_usergroup: - description: - - Enable/disable automatically including this RADIUS server in all user groups. - type: str - choices: - - disable - - enable - auth_type: - description: - - Authentication methods/protocols permitted for this RADIUS server. - type: str - choices: - - auto - - ms_chap_v2 - - ms_chap - - chap - - pap - class: - description: - - Class attribute name(s). - type: list - suboptions: - name: - description: - - Class name. - required: true - type: str - h3c_compatibility: - description: - - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. - type: str - choices: - - enable - - disable - name: - description: - - RADIUS server entry name. - required: true - type: str - nas_ip: - description: - - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes. - type: str - password_encoding: - description: - - Password encoding. - type: str - choices: - - auto - - ISO-8859-1 - password_renewal: - description: - - Enable/disable password renewal. - type: str - choices: - - enable - - disable - radius_coa: - description: - - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is - authenticated. - type: str - choices: - - enable - - disable - radius_port: - description: - - RADIUS service port number. - type: int - rsso: - description: - - Enable/disable RADIUS based single sign on feature. - type: str - choices: - - enable - - disable - rsso_context_timeout: - description: - - Time in seconds before the logged out user is removed from the "user context list" of logged on users. - type: int - rsso_endpoint_attribute: - description: - - RADIUS attributes used to extract the user end point identifier from the RADIUS Start record. - type: str - choices: - - User-Name - - NAS-IP-Address - - Framed-IP-Address - - Framed-IP-Netmask - - Filter-Id - - Login-IP-Host - - Reply-Message - - Callback-Number - - Callback-Id - - Framed-Route - - Framed-IPX-Network - - Class - - Called-Station-Id - - Calling-Station-Id - - NAS-Identifier - - Proxy-State - - Login-LAT-Service - - Login-LAT-Node - - Login-LAT-Group - - Framed-AppleTalk-Zone - - Acct-Session-Id - - Acct-Multi-Session-Id - rsso_endpoint_block_attribute: - description: - - RADIUS attributes used to block a user. - type: str - choices: - - User-Name - - NAS-IP-Address - - Framed-IP-Address - - Framed-IP-Netmask - - Filter-Id - - Login-IP-Host - - Reply-Message - - Callback-Number - - Callback-Id - - Framed-Route - - Framed-IPX-Network - - Class - - Called-Station-Id - - Calling-Station-Id - - NAS-Identifier - - Proxy-State - - Login-LAT-Service - - Login-LAT-Node - - Login-LAT-Group - - Framed-AppleTalk-Zone - - Acct-Session-Id - - Acct-Multi-Session-Id - rsso_ep_one_ip_only: - description: - - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. - type: str - choices: - - enable - - disable - rsso_flush_ip_session: - description: - - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. - type: str - choices: - - enable - - disable - rsso_log_flags: - description: - - Events to log. - type: str - choices: - - protocol-error - - profile-missing - - accounting-stop-missed - - accounting-event - - endpoint-block - - radiusd-other - - none - rsso_log_period: - description: - - Time interval in seconds that group event log messages will be generated for dynamic profile events. - type: int - rsso_radius_response: - description: - - Enable/disable sending RADIUS response packets after receiving Start and Stop records. - type: str - choices: - - enable - - disable - rsso_radius_server_port: - description: - - UDP port to listen on for RADIUS Start and Stop records. - type: int - rsso_secret: - description: - - RADIUS secret used by the RADIUS accounting server. - type: str - rsso_validate_request_secret: - description: - - Enable/disable validating the RADIUS request shared secret in the Start or End record. - type: str - choices: - - enable - - disable - secondary_secret: - description: - - Secret key to access the secondary server. - type: str - secondary_server: - description: - - name_str or ip_str secondary RADIUS CN domain name or IP. - type: str - secret: - description: - - Pre-shared secret key used to access the primary RADIUS server. - type: str - server: - description: - - Primary RADIUS server CN domain name or IP address. - type: str - source_ip: - description: - - Source IP address for communications to the RADIUS server. - type: str - sso_attribute: - description: - - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. - type: str - choices: - - User-Name - - NAS-IP-Address - - Framed-IP-Address - - Framed-IP-Netmask - - Filter-Id - - Login-IP-Host - - Reply-Message - - Callback-Number - - Callback-Id - - Framed-Route - - Framed-IPX-Network - - Class - - Called-Station-Id - - Calling-Station-Id - - NAS-Identifier - - Proxy-State - - Login-LAT-Service - - Login-LAT-Node - - Login-LAT-Group - - Framed-AppleTalk-Zone - - Acct-Session-Id - - Acct-Multi-Session-Id - sso_attribute_key: - description: - - Key prefix for SSO group value in the SSO attribute. - type: str - sso_attribute_value_override: - description: - - Enable/disable override old attribute value with new value for the same endpoint. - type: str - choices: - - enable - - disable - tertiary_secret: - description: - - Secret key to access the tertiary server. - type: str - tertiary_server: - description: - - name_str or ip_str tertiary RADIUS CN domain name or IP. - type: str - timeout: - description: - - Time in seconds between re-sending authentication requests. - type: int - use_management_vdom: - description: - - Enable/disable using management VDOM to send requests. - type: str - choices: - - enable - - disable - username_case_sensitive: - description: - - Enable/disable case sensitive user names. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure RADIUS server entries. - fortios_user_radius: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - user_radius: - accounting_server: - - - id: "4" - port: "5" - secret: "" - server: "192.168.100.40" - source_ip: "84.230.14.43" - status: "enable" - acct_all_servers: "enable" - acct_interim_interval: "11" - all_usergroup: "disable" - auth_type: "auto" - class: - - - name: "default_name_15" - h3c_compatibility: "enable" - name: "default_name_17" - nas_ip: "" - password_encoding: "auto" - password_renewal: "enable" - radius_coa: "enable" - radius_port: "22" - rsso: "enable" - rsso_context_timeout: "24" - rsso_endpoint_attribute: "User-Name" - rsso_endpoint_block_attribute: "User-Name" - rsso_ep_one_ip_only: "enable" - rsso_flush_ip_session: "enable" - rsso_log_flags: "protocol-error" - rsso_log_period: "30" - rsso_radius_response: "enable" - rsso_radius_server_port: "32" - rsso_secret: "" - rsso_validate_request_secret: "enable" - secondary_secret: "" - secondary_server: "" - secret: "" - server: "192.168.100.40" - source_ip: "84.230.14.43" - sso_attribute: "User-Name" - sso_attribute_key: "" - sso_attribute_value_override: "enable" - tertiary_secret: "" - tertiary_server: "" - timeout: "45" - use_management_vdom: "enable" - username_case_sensitive: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_user_radius_data(json): - option_list = ['accounting_server', 'acct_all_servers', 'acct_interim_interval', - 'all_usergroup', 'auth_type', 'class', - 'h3c_compatibility', 'name', 'nas_ip', - 'password_encoding', 'password_renewal', 'radius_coa', - 'radius_port', 'rsso', 'rsso_context_timeout', - 'rsso_endpoint_attribute', 'rsso_endpoint_block_attribute', 'rsso_ep_one_ip_only', - 'rsso_flush_ip_session', 'rsso_log_flags', 'rsso_log_period', - 'rsso_radius_response', 'rsso_radius_server_port', 'rsso_secret', - 'rsso_validate_request_secret', 'secondary_secret', 'secondary_server', - 'secret', 'server', 'source_ip', - 'sso_attribute', 'sso_attribute_key', 'sso_attribute_value_override', - 'tertiary_secret', 'tertiary_server', 'timeout', - 'use_management_vdom', 'username_case_sensitive'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def user_radius(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['user_radius'] and data['user_radius']: - state = data['user_radius']['state'] - else: - state = True - user_radius_data = data['user_radius'] - filtered_data = underscore_to_hyphen(filter_user_radius_data(user_radius_data)) - - if state == "present": - return fos.set('user', - 'radius', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('user', - 'radius', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_user(data, fos): - - if data['user_radius']: - resp = user_radius(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "user_radius": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "accounting_server": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "port": {"required": False, "type": "int"}, - "secret": {"required": False, "type": "str"}, - "server": {"required": False, "type": "str"}, - "source_ip": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "acct_all_servers": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "acct_interim_interval": {"required": False, "type": "int"}, - "all_usergroup": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "auth_type": {"required": False, "type": "str", - "choices": ["auto", "ms_chap_v2", "ms_chap", - "chap", "pap"]}, - "class": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "h3c_compatibility": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "name": {"required": True, "type": "str"}, - "nas_ip": {"required": False, "type": "str"}, - "password_encoding": {"required": False, "type": "str", - "choices": ["auto", "ISO-8859-1"]}, - "password_renewal": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "radius_coa": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "radius_port": {"required": False, "type": "int"}, - "rsso": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "rsso_context_timeout": {"required": False, "type": "int"}, - "rsso_endpoint_attribute": {"required": False, "type": "str", - "choices": ["User-Name", "NAS-IP-Address", "Framed-IP-Address", - "Framed-IP-Netmask", "Filter-Id", "Login-IP-Host", - "Reply-Message", "Callback-Number", "Callback-Id", - "Framed-Route", "Framed-IPX-Network", "Class", - "Called-Station-Id", "Calling-Station-Id", "NAS-Identifier", - "Proxy-State", "Login-LAT-Service", "Login-LAT-Node", - "Login-LAT-Group", "Framed-AppleTalk-Zone", "Acct-Session-Id", - "Acct-Multi-Session-Id"]}, - "rsso_endpoint_block_attribute": {"required": False, "type": "str", - "choices": ["User-Name", "NAS-IP-Address", "Framed-IP-Address", - "Framed-IP-Netmask", "Filter-Id", "Login-IP-Host", - "Reply-Message", "Callback-Number", "Callback-Id", - "Framed-Route", "Framed-IPX-Network", "Class", - "Called-Station-Id", "Calling-Station-Id", "NAS-Identifier", - "Proxy-State", "Login-LAT-Service", "Login-LAT-Node", - "Login-LAT-Group", "Framed-AppleTalk-Zone", "Acct-Session-Id", - "Acct-Multi-Session-Id"]}, - "rsso_ep_one_ip_only": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "rsso_flush_ip_session": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "rsso_log_flags": {"required": False, "type": "str", - "choices": ["protocol-error", "profile-missing", "accounting-stop-missed", - "accounting-event", "endpoint-block", "radiusd-other", - "none"]}, - "rsso_log_period": {"required": False, "type": "int"}, - "rsso_radius_response": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "rsso_radius_server_port": {"required": False, "type": "int"}, - "rsso_secret": {"required": False, "type": "str"}, - "rsso_validate_request_secret": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "secondary_secret": {"required": False, "type": "str"}, - "secondary_server": {"required": False, "type": "str"}, - "secret": {"required": False, "type": "str"}, - "server": {"required": False, "type": "str"}, - "source_ip": {"required": False, "type": "str"}, - "sso_attribute": {"required": False, "type": "str", - "choices": ["User-Name", "NAS-IP-Address", "Framed-IP-Address", - "Framed-IP-Netmask", "Filter-Id", "Login-IP-Host", - "Reply-Message", "Callback-Number", "Callback-Id", - "Framed-Route", "Framed-IPX-Network", "Class", - "Called-Station-Id", "Calling-Station-Id", "NAS-Identifier", - "Proxy-State", "Login-LAT-Service", "Login-LAT-Node", - "Login-LAT-Group", "Framed-AppleTalk-Zone", "Acct-Session-Id", - "Acct-Multi-Session-Id"]}, - "sso_attribute_key": {"required": False, "type": "str"}, - "sso_attribute_value_override": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "tertiary_secret": {"required": False, "type": "str"}, - "tertiary_server": {"required": False, "type": "str"}, - "timeout": {"required": False, "type": "int"}, - "use_management_vdom": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "username_case_sensitive": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_user(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_user(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_user_security_exempt_list.py b/lib/ansible/modules/network/fortios/fortios_user_security_exempt_list.py deleted file mode 100644 index 53ced001cee..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_user_security_exempt_list.py +++ /dev/null @@ -1,400 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_user_security_exempt_list -short_description: Configure security exemption list in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify user feature and security_exempt_list category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - user_security_exempt_list: - description: - - Configure security exemption list. - default: null - type: dict - suboptions: - description: - description: - - Description. - type: str - name: - description: - - Name of the exempt list. - required: true - type: str - rule: - description: - - Configure rules for exempting users from captive portal authentication. - type: list - suboptions: - devices: - description: - - Devices or device groups. - type: list - suboptions: - name: - description: - - Device or group name. Source user.device.alias user.device-group.name user.device-category.name. - required: true - type: str - dstaddr: - description: - - Destination addresses or address groups. - type: list - suboptions: - name: - description: - - Address or group name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - id: - description: - - ID. - required: true - type: int - service: - description: - - Destination services. - type: list - suboptions: - name: - description: - - Service name. Source firewall.service.custom.name firewall.service.group.name. - required: true - type: str - srcaddr: - description: - - Source addresses or address groups. - type: list - suboptions: - name: - description: - - Address or group name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure security exemption list. - fortios_user_security_exempt_list: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - user_security_exempt_list: - description: "" - name: "default_name_4" - rule: - - - devices: - - - name: "default_name_7 (source user.device.alias user.device-group.name user.device-category.name)" - dstaddr: - - - name: "default_name_9 (source firewall.address.name firewall.addrgrp.name)" - id: "10" - service: - - - name: "default_name_12 (source firewall.service.custom.name firewall.service.group.name)" - srcaddr: - - - name: "default_name_14 (source firewall.address.name firewall.addrgrp.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_user_security_exempt_list_data(json): - option_list = ['description', 'name', 'rule'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def user_security_exempt_list(data, fos): - vdom = data['vdom'] - state = data['state'] - user_security_exempt_list_data = data['user_security_exempt_list'] - filtered_data = underscore_to_hyphen(filter_user_security_exempt_list_data(user_security_exempt_list_data)) - - if state == "present": - return fos.set('user', - 'security-exempt-list', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('user', - 'security-exempt-list', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_user(data, fos): - - if data['user_security_exempt_list']: - resp = user_security_exempt_list(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "user_security_exempt_list": { - "required": False, "type": "dict", "default": None, - "options": { - "description": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "rule": {"required": False, "type": "list", - "options": { - "devices": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "dstaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "id": {"required": True, "type": "int"}, - "service": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "srcaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_user(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_user(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_user_setting.py b/lib/ansible/modules/network/fortios/fortios_user_setting.py deleted file mode 100644 index fbc7a95bf12..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_user_setting.py +++ /dev/null @@ -1,446 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_user_setting -short_description: Configure user authentication setting in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify user feature and setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - user_setting: - description: - - Configure user authentication setting. - default: null - type: dict - suboptions: - auth_blackout_time: - description: - - Time in seconds an IP address is denied access after failing to authenticate five times within one minute. - type: int - auth_ca_cert: - description: - - HTTPS CA certificate for policy authentication. Source vpn.certificate.local.name. - type: str - auth_cert: - description: - - HTTPS server certificate for policy authentication. Source vpn.certificate.local.name. - type: str - auth_http_basic: - description: - - Enable/disable use of HTTP basic authentication for identity-based firewall policies. - type: str - choices: - - enable - - disable - auth_invalid_max: - description: - - Maximum number of failed authentication attempts before the user is blocked. - type: int - auth_lockout_duration: - description: - - Lockout period in seconds after too many login failures. - type: int - auth_lockout_threshold: - description: - - Maximum number of failed login attempts before login lockout is triggered. - type: int - auth_portal_timeout: - description: - - Time in minutes before captive portal user have to re-authenticate (1 - 30 min). - type: int - auth_ports: - description: - - Set up non-standard ports for authentication with HTTP, HTTPS, FTP, and TELNET. - type: list - suboptions: - id: - description: - - ID. - required: true - type: int - port: - description: - - Non-standard port for firewall user authentication. - type: int - type: - description: - - Service type. - type: str - choices: - - http - - https - - ftp - - telnet - auth_secure_http: - description: - - Enable/disable redirecting HTTP user authentication to more secure HTTPS. - type: str - choices: - - enable - - disable - auth_src_mac: - description: - - Enable/disable source MAC for user identity. - type: str - choices: - - enable - - disable - auth_ssl_allow_renegotiation: - description: - - Allow/forbid SSL re-negotiation for HTTPS authentication. - type: str - choices: - - enable - - disable - auth_timeout: - description: - - Time in minutes before the firewall user authentication timeout requires the user to re-authenticate. - type: int - auth_timeout_type: - description: - - Control if authenticated users have to login again after a hard timeout, after an idle timeout, or after a session timeout. - type: str - choices: - - idle-timeout - - hard-timeout - - new-session - auth_type: - description: - - Supported firewall policy authentication protocols/methods. - type: str - choices: - - http - - https - - ftp - - telnet - radius_ses_timeout_act: - description: - - Set the RADIUS session timeout to a hard timeout or to ignore RADIUS server session timeouts. - type: str - choices: - - hard-timeout - - ignore-timeout -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure user authentication setting. - fortios_user_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - user_setting: - auth_blackout_time: "3" - auth_ca_cert: " (source vpn.certificate.local.name)" - auth_cert: " (source vpn.certificate.local.name)" - auth_http_basic: "enable" - auth_invalid_max: "7" - auth_lockout_duration: "8" - auth_lockout_threshold: "9" - auth_portal_timeout: "10" - auth_ports: - - - id: "12" - port: "13" - type: "http" - auth_secure_http: "enable" - auth_src_mac: "enable" - auth_ssl_allow_renegotiation: "enable" - auth_timeout: "18" - auth_timeout_type: "idle-timeout" - auth_type: "http" - radius_ses_timeout_act: "hard-timeout" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_user_setting_data(json): - option_list = ['auth_blackout_time', 'auth_ca_cert', 'auth_cert', - 'auth_http_basic', 'auth_invalid_max', 'auth_lockout_duration', - 'auth_lockout_threshold', 'auth_portal_timeout', 'auth_ports', - 'auth_secure_http', 'auth_src_mac', 'auth_ssl_allow_renegotiation', - 'auth_timeout', 'auth_timeout_type', 'auth_type', - 'radius_ses_timeout_act'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def user_setting(data, fos): - vdom = data['vdom'] - user_setting_data = data['user_setting'] - filtered_data = underscore_to_hyphen(filter_user_setting_data(user_setting_data)) - - return fos.set('user', - 'setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_user(data, fos): - - if data['user_setting']: - resp = user_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "user_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "auth_blackout_time": {"required": False, "type": "int"}, - "auth_ca_cert": {"required": False, "type": "str"}, - "auth_cert": {"required": False, "type": "str"}, - "auth_http_basic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "auth_invalid_max": {"required": False, "type": "int"}, - "auth_lockout_duration": {"required": False, "type": "int"}, - "auth_lockout_threshold": {"required": False, "type": "int"}, - "auth_portal_timeout": {"required": False, "type": "int"}, - "auth_ports": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "port": {"required": False, "type": "int"}, - "type": {"required": False, "type": "str", - "choices": ["http", "https", "ftp", - "telnet"]} - }}, - "auth_secure_http": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "auth_src_mac": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "auth_ssl_allow_renegotiation": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "auth_timeout": {"required": False, "type": "int"}, - "auth_timeout_type": {"required": False, "type": "str", - "choices": ["idle-timeout", "hard-timeout", "new-session"]}, - "auth_type": {"required": False, "type": "str", - "choices": ["http", "https", "ftp", - "telnet"]}, - "radius_ses_timeout_act": {"required": False, "type": "str", - "choices": ["hard-timeout", "ignore-timeout"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_user(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_user(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_user_tacacsplus.py b/lib/ansible/modules/network/fortios/fortios_user_tacacsplus.py deleted file mode 100644 index 70ebb3a109a..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_user_tacacsplus.py +++ /dev/null @@ -1,406 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_user_tacacsplus -short_description: Configure TACACS+ server entries in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify user feature and tacacsplus category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - user_tacacsplus: - description: - - Configure TACACS+ server entries. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - authen_type: - description: - - Allowed authentication protocols/methods. - type: str - choices: - - mschap - - chap - - pap - - ascii - - auto - authorization: - description: - - Enable/disable TACACS+ authorization. - type: str - choices: - - enable - - disable - key: - description: - - Key to access the primary server. - type: str - name: - description: - - TACACS+ server entry name. - required: true - type: str - port: - description: - - Port number of the TACACS+ server. - type: int - secondary_key: - description: - - Key to access the secondary server. - type: str - secondary_server: - description: - - Secondary TACACS+ server CN domain name or IP address. - type: str - server: - description: - - Primary TACACS+ server CN domain name or IP address. - type: str - source_ip: - description: - - source IP for communications to TACACS+ server. - type: str - tertiary_key: - description: - - Key to access the tertiary server. - type: str - tertiary_server: - description: - - Tertiary TACACS+ server CN domain name or IP address. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure TACACS+ server entries. - fortios_user_tacacsplus: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - user_tacacsplus: - authen_type: "mschap" - authorization: "enable" - key: "" - name: "default_name_6" - port: "7" - secondary_key: "" - secondary_server: "" - server: "192.168.100.40" - source_ip: "84.230.14.43" - tertiary_key: "" - tertiary_server: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_user_tacacsplus_data(json): - option_list = ['authen_type', 'authorization', 'key', - 'name', 'port', 'secondary_key', - 'secondary_server', 'server', 'source_ip', - 'tertiary_key', 'tertiary_server'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def user_tacacsplus(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['user_tacacsplus'] and data['user_tacacsplus']: - state = data['user_tacacsplus']['state'] - else: - state = True - user_tacacsplus_data = data['user_tacacsplus'] - filtered_data = underscore_to_hyphen(filter_user_tacacsplus_data(user_tacacsplus_data)) - - if state == "present": - return fos.set('user', - 'tacacs+', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('user', - 'tacacs+', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_user(data, fos): - - if data['user_tacacsplus']: - resp = user_tacacsplus(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "user_tacacsplus": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "authen_type": {"required": False, "type": "str", - "choices": ["mschap", "chap", "pap", - "ascii", "auto"]}, - "authorization": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "key": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "port": {"required": False, "type": "int"}, - "secondary_key": {"required": False, "type": "str"}, - "secondary_server": {"required": False, "type": "str"}, - "server": {"required": False, "type": "str"}, - "source_ip": {"required": False, "type": "str"}, - "tertiary_key": {"required": False, "type": "str"}, - "tertiary_server": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_user(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_user(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_voip_profile.py b/lib/ansible/modules/network/fortios/fortios_voip_profile.py deleted file mode 100644 index 0c6f3a8a987..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_voip_profile.py +++ /dev/null @@ -1,1315 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_voip_profile -short_description: Configure VoIP profiles in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify voip feature and profile category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - voip_profile: - description: - - Configure VoIP profiles. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - comment: - description: - - Comment. - type: str - name: - description: - - Profile name. - required: true - type: str - sccp: - description: - - SCCP. - type: dict - suboptions: - block_mcast: - description: - - Enable/disable block multicast RTP connections. - type: str - choices: - - disable - - enable - log_call_summary: - description: - - Enable/disable log summary of SCCP calls. - type: str - choices: - - disable - - enable - log_violations: - description: - - Enable/disable logging of SCCP violations. - type: str - choices: - - disable - - enable - max_calls: - description: - - Maximum calls per minute per SCCP client (max 65535). - type: int - status: - description: - - Enable/disable SCCP. - type: str - choices: - - disable - - enable - verify_header: - description: - - Enable/disable verify SCCP header content. - type: str - choices: - - disable - - enable - sip: - description: - - SIP. - type: dict - suboptions: - ack_rate: - description: - - ACK request rate limit (per second, per policy). - type: int - block_ack: - description: - - Enable/disable block ACK requests. - type: str - choices: - - disable - - enable - block_bye: - description: - - Enable/disable block BYE requests. - type: str - choices: - - disable - - enable - block_cancel: - description: - - Enable/disable block CANCEL requests. - type: str - choices: - - disable - - enable - block_geo_red_options: - description: - - Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy. - type: str - choices: - - disable - - enable - block_info: - description: - - Enable/disable block INFO requests. - type: str - choices: - - disable - - enable - block_invite: - description: - - Enable/disable block INVITE requests. - type: str - choices: - - disable - - enable - block_long_lines: - description: - - Enable/disable block requests with headers exceeding max-line-length. - type: str - choices: - - disable - - enable - block_message: - description: - - Enable/disable block MESSAGE requests. - type: str - choices: - - disable - - enable - block_notify: - description: - - Enable/disable block NOTIFY requests. - type: str - choices: - - disable - - enable - block_options: - description: - - Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either. - type: str - choices: - - disable - - enable - block_prack: - description: - - Enable/disable block prack requests. - type: str - choices: - - disable - - enable - block_publish: - description: - - Enable/disable block PUBLISH requests. - type: str - choices: - - disable - - enable - block_refer: - description: - - Enable/disable block REFER requests. - type: str - choices: - - disable - - enable - block_register: - description: - - Enable/disable block REGISTER requests. - type: str - choices: - - disable - - enable - block_subscribe: - description: - - Enable/disable block SUBSCRIBE requests. - type: str - choices: - - disable - - enable - block_unknown: - description: - - Block unrecognized SIP requests (enabled by default). - type: str - choices: - - disable - - enable - block_update: - description: - - Enable/disable block UPDATE requests. - type: str - choices: - - disable - - enable - bye_rate: - description: - - BYE request rate limit (per second, per policy). - type: int - call_keepalive: - description: - - Continue tracking calls with no RTP for this many minutes. - type: int - cancel_rate: - description: - - CANCEL request rate limit (per second, per policy). - type: int - contact_fixup: - description: - - "Fixup contact anyway even if contact's IP:port doesn't match session's IP:port." - type: str - choices: - - disable - - enable - hnt_restrict_source_ip: - description: - - Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled. - type: str - choices: - - disable - - enable - hosted_nat_traversal: - description: - - Hosted NAT Traversal (HNT). - type: str - choices: - - disable - - enable - info_rate: - description: - - INFO request rate limit (per second, per policy). - type: int - invite_rate: - description: - - INVITE request rate limit (per second, per policy). - type: int - ips_rtp: - description: - - Enable/disable allow IPS on RTP. - type: str - choices: - - disable - - enable - log_call_summary: - description: - - Enable/disable logging of SIP call summary. - type: str - choices: - - disable - - enable - log_violations: - description: - - Enable/disable logging of SIP violations. - type: str - choices: - - disable - - enable - malformed_header_allow: - description: - - Action for malformed Allow header. - type: str - choices: - - discard - - pass - - respond - malformed_header_call_id: - description: - - Action for malformed Call-ID header. - type: str - choices: - - discard - - pass - - respond - malformed_header_contact: - description: - - Action for malformed Contact header. - type: str - choices: - - discard - - pass - - respond - malformed_header_content_length: - description: - - Action for malformed Content-Length header. - type: str - choices: - - discard - - pass - - respond - malformed_header_content_type: - description: - - Action for malformed Content-Type header. - type: str - choices: - - discard - - pass - - respond - malformed_header_cseq: - description: - - Action for malformed CSeq header. - type: str - choices: - - discard - - pass - - respond - malformed_header_expires: - description: - - Action for malformed Expires header. - type: str - choices: - - discard - - pass - - respond - malformed_header_from: - description: - - Action for malformed From header. - type: str - choices: - - discard - - pass - - respond - malformed_header_max_forwards: - description: - - Action for malformed Max-Forwards header. - type: str - choices: - - discard - - pass - - respond - malformed_header_p_asserted_identity: - description: - - Action for malformed P-Asserted-Identity header. - type: str - choices: - - discard - - pass - - respond - malformed_header_rack: - description: - - Action for malformed RAck header. - type: str - choices: - - discard - - pass - - respond - malformed_header_record_route: - description: - - Action for malformed Record-Route header. - type: str - choices: - - discard - - pass - - respond - malformed_header_route: - description: - - Action for malformed Route header. - type: str - choices: - - discard - - pass - - respond - malformed_header_rseq: - description: - - Action for malformed RSeq header. - type: str - choices: - - discard - - pass - - respond - malformed_header_sdp_a: - description: - - Action for malformed SDP a line. - type: str - choices: - - discard - - pass - - respond - malformed_header_sdp_b: - description: - - Action for malformed SDP b line. - type: str - choices: - - discard - - pass - - respond - malformed_header_sdp_c: - description: - - Action for malformed SDP c line. - type: str - choices: - - discard - - pass - - respond - malformed_header_sdp_i: - description: - - Action for malformed SDP i line. - type: str - choices: - - discard - - pass - - respond - malformed_header_sdp_k: - description: - - Action for malformed SDP k line. - type: str - choices: - - discard - - pass - - respond - malformed_header_sdp_m: - description: - - Action for malformed SDP m line. - type: str - choices: - - discard - - pass - - respond - malformed_header_sdp_o: - description: - - Action for malformed SDP o line. - type: str - choices: - - discard - - pass - - respond - malformed_header_sdp_r: - description: - - Action for malformed SDP r line. - type: str - choices: - - discard - - pass - - respond - malformed_header_sdp_s: - description: - - Action for malformed SDP s line. - type: str - choices: - - discard - - pass - - respond - malformed_header_sdp_t: - description: - - Action for malformed SDP t line. - type: str - choices: - - discard - - pass - - respond - malformed_header_sdp_v: - description: - - Action for malformed SDP v line. - type: str - choices: - - discard - - pass - - respond - malformed_header_sdp_z: - description: - - Action for malformed SDP z line. - type: str - choices: - - discard - - pass - - respond - malformed_header_to: - description: - - Action for malformed To header. - type: str - choices: - - discard - - pass - - respond - malformed_header_via: - description: - - Action for malformed VIA header. - type: str - choices: - - discard - - pass - - respond - malformed_request_line: - description: - - Action for malformed request line. - type: str - choices: - - discard - - pass - - respond - max_body_length: - description: - - Maximum SIP message body length (0 meaning no limit). - type: int - max_dialogs: - description: - - Maximum number of concurrent calls/dialogs (per policy). - type: int - max_idle_dialogs: - description: - - Maximum number established but idle dialogs to retain (per policy). - type: int - max_line_length: - description: - - Maximum SIP header line length (78-4096). - type: int - message_rate: - description: - - MESSAGE request rate limit (per second, per policy). - type: int - nat_trace: - description: - - Enable/disable preservation of original IP in SDP i line. - type: str - choices: - - disable - - enable - no_sdp_fixup: - description: - - Enable/disable no SDP fix-up. - type: str - choices: - - disable - - enable - notify_rate: - description: - - NOTIFY request rate limit (per second, per policy). - type: int - open_contact_pinhole: - description: - - Enable/disable open pinhole for non-REGISTER Contact port. - type: str - choices: - - disable - - enable - open_record_route_pinhole: - description: - - Enable/disable open pinhole for Record-Route port. - type: str - choices: - - disable - - enable - open_register_pinhole: - description: - - Enable/disable open pinhole for REGISTER Contact port. - type: str - choices: - - disable - - enable - open_via_pinhole: - description: - - Enable/disable open pinhole for Via port. - type: str - choices: - - disable - - enable - options_rate: - description: - - OPTIONS request rate limit (per second, per policy). - type: int - prack_rate: - description: - - PRACK request rate limit (per second, per policy). - type: int - preserve_override: - description: - - "Override i line to preserve original IPS ." - type: str - choices: - - disable - - enable - provisional_invite_expiry_time: - description: - - Expiry time for provisional INVITE (10 - 3600 sec). - type: int - publish_rate: - description: - - PUBLISH request rate limit (per second, per policy). - type: int - refer_rate: - description: - - REFER request rate limit (per second, per policy). - type: int - register_contact_trace: - description: - - Enable/disable trace original IP/port within the contact header of REGISTER requests. - type: str - choices: - - disable - - enable - register_rate: - description: - - REGISTER request rate limit (per second, per policy). - type: int - rfc2543_branch: - description: - - Enable/disable support via branch compliant with RFC 2543. - type: str - choices: - - disable - - enable - rtp: - description: - - Enable/disable create pinholes for RTP traffic to traverse firewall. - type: str - choices: - - disable - - enable - ssl_algorithm: - description: - - Relative strength of encryption algorithms accepted in negotiation. - type: str - choices: - - high - - medium - - low - ssl_auth_client: - description: - - Require a client certificate and authenticate it with the peer/peergrp. Source user.peer.name user.peergrp.name. - type: str - ssl_auth_server: - description: - - Authenticate the server's certificate with the peer/peergrp. Source user.peer.name user.peergrp.name. - type: str - ssl_client_certificate: - description: - - Name of Certificate to offer to server if requested. Source vpn.certificate.local.name. - type: str - ssl_client_renegotiation: - description: - - Allow/block client renegotiation by server. - type: str - choices: - - allow - - deny - - secure - ssl_max_version: - description: - - Highest SSL/TLS version to negotiate. - type: str - choices: - - ssl-3.0 - - tls-1.0 - - tls-1.1 - - tls-1.2 - ssl_min_version: - description: - - Lowest SSL/TLS version to negotiate. - type: str - choices: - - ssl-3.0 - - tls-1.0 - - tls-1.1 - - tls-1.2 - ssl_mode: - description: - - SSL/TLS mode for encryption & decryption of traffic. - type: str - choices: - - off - - full - ssl_pfs: - description: - - SSL Perfect Forward Secrecy. - type: str - choices: - - require - - deny - - allow - ssl_send_empty_frags: - description: - - Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only). - type: str - choices: - - enable - - disable - ssl_server_certificate: - description: - - Name of Certificate return to the client in every SSL connection. Source vpn.certificate.local.name. - type: str - status: - description: - - Enable/disable SIP. - type: str - choices: - - disable - - enable - strict_register: - description: - - Enable/disable only allow the registrar to connect. - type: str - choices: - - disable - - enable - subscribe_rate: - description: - - SUBSCRIBE request rate limit (per second, per policy). - type: int - unknown_header: - description: - - Action for unknown SIP header. - type: str - choices: - - discard - - pass - - respond - update_rate: - description: - - UPDATE request rate limit (per second, per policy). - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure VoIP profiles. - fortios_voip_profile: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - voip_profile: - comment: "Comment." - name: "default_name_4" - sccp: - block_mcast: "disable" - log_call_summary: "disable" - log_violations: "disable" - max_calls: "9" - status: "disable" - verify_header: "disable" - sip: - ack_rate: "13" - block_ack: "disable" - block_bye: "disable" - block_cancel: "disable" - block_geo_red_options: "disable" - block_info: "disable" - block_invite: "disable" - block_long_lines: "disable" - block_message: "disable" - block_notify: "disable" - block_options: "disable" - block_prack: "disable" - block_publish: "disable" - block_refer: "disable" - block_register: "disable" - block_subscribe: "disable" - block_unknown: "disable" - block_update: "disable" - bye_rate: "31" - call_keepalive: "32" - cancel_rate: "33" - contact_fixup: "disable" - hnt_restrict_source_ip: "disable" - hosted_nat_traversal: "disable" - info_rate: "37" - invite_rate: "38" - ips_rtp: "disable" - log_call_summary: "disable" - log_violations: "disable" - malformed_header_allow: "discard" - malformed_header_call_id: "discard" - malformed_header_contact: "discard" - malformed_header_content_length: "discard" - malformed_header_content_type: "discard" - malformed_header_cseq: "discard" - malformed_header_expires: "discard" - malformed_header_from: "discard" - malformed_header_max_forwards: "discard" - malformed_header_p_asserted_identity: "discard" - malformed_header_rack: "discard" - malformed_header_record_route: "discard" - malformed_header_route: "discard" - malformed_header_rseq: "discard" - malformed_header_sdp_a: "discard" - malformed_header_sdp_b: "discard" - malformed_header_sdp_c: "discard" - malformed_header_sdp_i: "discard" - malformed_header_sdp_k: "discard" - malformed_header_sdp_m: "discard" - malformed_header_sdp_o: "discard" - malformed_header_sdp_r: "discard" - malformed_header_sdp_s: "discard" - malformed_header_sdp_t: "discard" - malformed_header_sdp_v: "discard" - malformed_header_sdp_z: "discard" - malformed_header_to: "discard" - malformed_header_via: "discard" - malformed_request_line: "discard" - max_body_length: "71" - max_dialogs: "72" - max_idle_dialogs: "73" - max_line_length: "74" - message_rate: "75" - nat_trace: "disable" - no_sdp_fixup: "disable" - notify_rate: "78" - open_contact_pinhole: "disable" - open_record_route_pinhole: "disable" - open_register_pinhole: "disable" - open_via_pinhole: "disable" - options_rate: "83" - prack_rate: "84" - preserve_override: "disable" - provisional_invite_expiry_time: "86" - publish_rate: "87" - refer_rate: "88" - register_contact_trace: "disable" - register_rate: "90" - rfc2543_branch: "disable" - rtp: "disable" - ssl_algorithm: "high" - ssl_auth_client: " (source user.peer.name user.peergrp.name)" - ssl_auth_server: " (source user.peer.name user.peergrp.name)" - ssl_client_certificate: " (source vpn.certificate.local.name)" - ssl_client_renegotiation: "allow" - ssl_max_version: "ssl-3.0" - ssl_min_version: "ssl-3.0" - ssl_mode: "off" - ssl_pfs: "require" - ssl_send_empty_frags: "enable" - ssl_server_certificate: " (source vpn.certificate.local.name)" - status: "disable" - strict_register: "disable" - subscribe_rate: "106" - unknown_header: "discard" - update_rate: "108" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_voip_profile_data(json): - option_list = ['comment', 'name', 'sccp', - 'sip'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def voip_profile(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['voip_profile'] and data['voip_profile']: - state = data['voip_profile']['state'] - else: - state = True - voip_profile_data = data['voip_profile'] - filtered_data = underscore_to_hyphen(filter_voip_profile_data(voip_profile_data)) - - if state == "present": - return fos.set('voip', - 'profile', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('voip', - 'profile', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_voip(data, fos): - - if data['voip_profile']: - resp = voip_profile(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "voip_profile": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "comment": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "sccp": {"required": False, "type": "dict", - "options": { - "block_mcast": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "log_call_summary": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "log_violations": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "max_calls": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "verify_header": {"required": False, "type": "str", - "choices": ["disable", "enable"]} - }}, - "sip": {"required": False, "type": "dict", - "options": { - "ack_rate": {"required": False, "type": "int"}, - "block_ack": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "block_bye": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "block_cancel": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "block_geo_red_options": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "block_info": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "block_invite": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "block_long_lines": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "block_message": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "block_notify": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "block_options": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "block_prack": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "block_publish": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "block_refer": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "block_register": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "block_subscribe": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "block_unknown": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "block_update": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "bye_rate": {"required": False, "type": "int"}, - "call_keepalive": {"required": False, "type": "int"}, - "cancel_rate": {"required": False, "type": "int"}, - "contact_fixup": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "hnt_restrict_source_ip": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "hosted_nat_traversal": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "info_rate": {"required": False, "type": "int"}, - "invite_rate": {"required": False, "type": "int"}, - "ips_rtp": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "log_call_summary": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "log_violations": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "malformed_header_allow": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "malformed_header_call_id": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "malformed_header_contact": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "malformed_header_content_length": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "malformed_header_content_type": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "malformed_header_cseq": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "malformed_header_expires": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "malformed_header_from": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "malformed_header_max_forwards": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "malformed_header_p_asserted_identity": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "malformed_header_rack": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "malformed_header_record_route": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "malformed_header_route": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "malformed_header_rseq": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "malformed_header_sdp_a": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "malformed_header_sdp_b": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "malformed_header_sdp_c": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "malformed_header_sdp_i": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "malformed_header_sdp_k": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "malformed_header_sdp_m": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "malformed_header_sdp_o": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "malformed_header_sdp_r": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "malformed_header_sdp_s": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "malformed_header_sdp_t": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "malformed_header_sdp_v": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "malformed_header_sdp_z": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "malformed_header_to": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "malformed_header_via": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "malformed_request_line": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "max_body_length": {"required": False, "type": "int"}, - "max_dialogs": {"required": False, "type": "int"}, - "max_idle_dialogs": {"required": False, "type": "int"}, - "max_line_length": {"required": False, "type": "int"}, - "message_rate": {"required": False, "type": "int"}, - "nat_trace": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "no_sdp_fixup": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "notify_rate": {"required": False, "type": "int"}, - "open_contact_pinhole": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "open_record_route_pinhole": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "open_register_pinhole": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "open_via_pinhole": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "options_rate": {"required": False, "type": "int"}, - "prack_rate": {"required": False, "type": "int"}, - "preserve_override": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "provisional_invite_expiry_time": {"required": False, "type": "int"}, - "publish_rate": {"required": False, "type": "int"}, - "refer_rate": {"required": False, "type": "int"}, - "register_contact_trace": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "register_rate": {"required": False, "type": "int"}, - "rfc2543_branch": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "rtp": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "ssl_algorithm": {"required": False, "type": "str", - "choices": ["high", "medium", "low"]}, - "ssl_auth_client": {"required": False, "type": "str"}, - "ssl_auth_server": {"required": False, "type": "str"}, - "ssl_client_certificate": {"required": False, "type": "str"}, - "ssl_client_renegotiation": {"required": False, "type": "str", - "choices": ["allow", "deny", "secure"]}, - "ssl_max_version": {"required": False, "type": "str", - "choices": ["ssl-3.0", "tls-1.0", "tls-1.1", - "tls-1.2"]}, - "ssl_min_version": {"required": False, "type": "str", - "choices": ["ssl-3.0", "tls-1.0", "tls-1.1", - "tls-1.2"]}, - "ssl_mode": {"required": False, "type": "str", - "choices": ["off", "full"]}, - "ssl_pfs": {"required": False, "type": "str", - "choices": ["require", "deny", "allow"]}, - "ssl_send_empty_frags": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssl_server_certificate": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "strict_register": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "subscribe_rate": {"required": False, "type": "int"}, - "unknown_header": {"required": False, "type": "str", - "choices": ["discard", "pass", "respond"]}, - "update_rate": {"required": False, "type": "int"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_voip(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_voip(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_certificate_ca.py b/lib/ansible/modules/network/fortios/fortios_vpn_certificate_ca.py deleted file mode 100644 index 076342de85b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_vpn_certificate_ca.py +++ /dev/null @@ -1,379 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_vpn_certificate_ca -short_description: CA certificate in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify vpn_certificate feature and ca category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - vpn_certificate_ca: - description: - - CA certificate. - default: null - type: dict - suboptions: - auto_update_days: - description: - - Number of days to wait before requesting an updated CA certificate (0 - 4294967295, 0 = disabled). - type: int - auto_update_days_warning: - description: - - Number of days before an expiry-warning message is generated (0 - 4294967295, 0 = disabled). - type: int - ca: - description: - - CA certificate as a PEM file. - type: str - last_updated: - description: - - Time at which CA was last updated. - type: int - name: - description: - - Name. - required: true - type: str - range: - description: - - Either global or VDOM IP address range for the CA certificate. - type: str - choices: - - global - - vdom - scep_url: - description: - - URL of the SCEP server. - type: str - source: - description: - - CA certificate source type. - type: str - choices: - - factory - - user - - bundle - source_ip: - description: - - Source IP address for communications to the SCEP server. - type: str - trusted: - description: - - Enable/disable as a trusted CA. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: CA certificate. - fortios_vpn_certificate_ca: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - vpn_certificate_ca: - auto_update_days: "3" - auto_update_days_warning: "4" - ca: "" - last_updated: "6" - name: "default_name_7" - range: "global" - scep_url: "" - source: "factory" - source_ip: "84.230.14.43" - trusted: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_vpn_certificate_ca_data(json): - option_list = ['auto_update_days', 'auto_update_days_warning', 'ca', - 'last_updated', 'name', 'range', - 'scep_url', 'source', 'source_ip', - 'trusted'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def vpn_certificate_ca(data, fos): - vdom = data['vdom'] - state = data['state'] - vpn_certificate_ca_data = data['vpn_certificate_ca'] - filtered_data = underscore_to_hyphen(filter_vpn_certificate_ca_data(vpn_certificate_ca_data)) - - if state == "present": - return fos.set('vpn.certificate', - 'ca', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('vpn.certificate', - 'ca', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_vpn_certificate(data, fos): - - if data['vpn_certificate_ca']: - resp = vpn_certificate_ca(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "vpn_certificate_ca": { - "required": False, "type": "dict", "default": None, - "options": { - "auto_update_days": {"required": False, "type": "int"}, - "auto_update_days_warning": {"required": False, "type": "int"}, - "ca": {"required": False, "type": "str"}, - "last_updated": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "range": {"required": False, "type": "str", - "choices": ["global", "vdom"]}, - "scep_url": {"required": False, "type": "str"}, - "source": {"required": False, "type": "str", - "choices": ["factory", "user", "bundle"]}, - "source_ip": {"required": False, "type": "str"}, - "trusted": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_vpn_certificate(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_vpn_certificate(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_certificate_crl.py b/lib/ansible/modules/network/fortios/fortios_vpn_certificate_crl.py deleted file mode 100644 index 4ed91be827e..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_vpn_certificate_crl.py +++ /dev/null @@ -1,400 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_vpn_certificate_crl -short_description: Certificate Revocation List as a PEM file in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify vpn_certificate feature and crl category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - vpn_certificate_crl: - description: - - Certificate Revocation List as a PEM file. - default: null - type: dict - suboptions: - crl: - description: - - Certificate Revocation List as a PEM file. - type: str - http_url: - description: - - HTTP server URL for CRL auto-update. - type: str - last_updated: - description: - - Time at which CRL was last updated. - type: int - ldap_password: - description: - - LDAP server user password. - type: str - ldap_server: - description: - - LDAP server name for CRL auto-update. - type: str - ldap_username: - description: - - LDAP server user name. - type: str - name: - description: - - Name. - required: true - type: str - range: - description: - - Either global or VDOM IP address range for the certificate. - type: str - choices: - - global - - vdom - scep_cert: - description: - - Local certificate for SCEP communication for CRL auto-update. Source vpn.certificate.local.name. - type: str - scep_url: - description: - - SCEP server URL for CRL auto-update. - type: str - source: - description: - - Certificate source type. - type: str - choices: - - factory - - user - - bundle - source_ip: - description: - - Source IP address for communications to a HTTP or SCEP CA server. - type: str - update_interval: - description: - - Time in seconds before the FortiGate checks for an updated CRL. Set to 0 to update only when it expires. - type: int - update_vdom: - description: - - VDOM for CRL update. Source system.vdom.name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Certificate Revocation List as a PEM file. - fortios_vpn_certificate_crl: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - vpn_certificate_crl: - crl: "" - http_url: "" - last_updated: "5" - ldap_password: "" - ldap_server: "" - ldap_username: "" - name: "default_name_9" - range: "global" - scep_cert: " (source vpn.certificate.local.name)" - scep_url: "" - source: "factory" - source_ip: "84.230.14.43" - update_interval: "15" - update_vdom: " (source system.vdom.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_vpn_certificate_crl_data(json): - option_list = ['crl', 'http_url', 'last_updated', - 'ldap_password', 'ldap_server', 'ldap_username', - 'name', 'range', 'scep_cert', - 'scep_url', 'source', 'source_ip', - 'update_interval', 'update_vdom'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def vpn_certificate_crl(data, fos): - vdom = data['vdom'] - state = data['state'] - vpn_certificate_crl_data = data['vpn_certificate_crl'] - filtered_data = underscore_to_hyphen(filter_vpn_certificate_crl_data(vpn_certificate_crl_data)) - - if state == "present": - return fos.set('vpn.certificate', - 'crl', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('vpn.certificate', - 'crl', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_vpn_certificate(data, fos): - - if data['vpn_certificate_crl']: - resp = vpn_certificate_crl(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "vpn_certificate_crl": { - "required": False, "type": "dict", "default": None, - "options": { - "crl": {"required": False, "type": "str"}, - "http_url": {"required": False, "type": "str"}, - "last_updated": {"required": False, "type": "int"}, - "ldap_password": {"required": False, "type": "str"}, - "ldap_server": {"required": False, "type": "str"}, - "ldap_username": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "range": {"required": False, "type": "str", - "choices": ["global", "vdom"]}, - "scep_cert": {"required": False, "type": "str"}, - "scep_url": {"required": False, "type": "str"}, - "source": {"required": False, "type": "str", - "choices": ["factory", "user", "bundle"]}, - "source_ip": {"required": False, "type": "str"}, - "update_interval": {"required": False, "type": "int"}, - "update_vdom": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_vpn_certificate(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_vpn_certificate(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_certificate_local.py b/lib/ansible/modules/network/fortios/fortios_vpn_certificate_local.py deleted file mode 100644 index 84393df2ff5..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_vpn_certificate_local.py +++ /dev/null @@ -1,480 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_vpn_certificate_local -short_description: Local keys and certificates in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify vpn_certificate feature and local category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - vpn_certificate_local: - description: - - Local keys and certificates. - default: null - type: dict - suboptions: - auto_regenerate_days: - description: - - Number of days to wait before expiry of an updated local certificate is requested (0 = disabled). - type: int - auto_regenerate_days_warning: - description: - - Number of days to wait before an expiry warning message is generated (0 = disabled). - type: int - ca_identifier: - description: - - CA identifier of the CA server for signing via SCEP. - type: str - certificate: - description: - - PEM format certificate. - type: str - cmp_path: - description: - - Path location inside CMP server. - type: str - cmp_regeneration_method: - description: - - CMP auto-regeneration method. - type: str - choices: - - keyupate - - renewal - cmp_server: - description: - - "'ADDRESS:PORT' for CMP server." - type: str - cmp_server_cert: - description: - - CMP server certificate. Source vpn.certificate.ca.name. - type: str - comments: - description: - - Comment. - type: str - csr: - description: - - Certificate Signing Request. - type: str - enroll_protocol: - description: - - Certificate enrollment protocol. - type: str - choices: - - none - - scep - - cmpv2 - ike_localid: - description: - - Local ID the FortiGate uses for authentication as a VPN client. - type: str - ike_localid_type: - description: - - IKE local ID type. - type: str - choices: - - asn1dn - - fqdn - last_updated: - description: - - Time at which certificate was last updated. - type: int - name: - description: - - Name. - required: true - type: str - name_encoding: - description: - - Name encoding method for auto-regeneration. - type: str - choices: - - printable - - utf8 - password: - description: - - Password as a PEM file. - type: str - private_key: - description: - - PEM format key, encrypted with a password. - type: str - range: - description: - - Either a global or VDOM IP address range for the certificate. - type: str - choices: - - global - - vdom - scep_password: - description: - - SCEP server challenge password for auto-regeneration. - type: str - scep_url: - description: - - SCEP server URL. - type: str - source: - description: - - Certificate source type. - type: str - choices: - - factory - - user - - bundle - source_ip: - description: - - Source IP address for communications to the SCEP server. - type: str - state: - description: - - Certificate Signing Request State. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Local keys and certificates. - fortios_vpn_certificate_local: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - vpn_certificate_local: - auto_regenerate_days: "3" - auto_regenerate_days_warning: "4" - ca_identifier: "myId_5" - certificate: "" - cmp_path: "" - cmp_regeneration_method: "keyupate" - cmp_server: "" - cmp_server_cert: " (source vpn.certificate.ca.name)" - comments: "" - csr: "" - enroll_protocol: "none" - ike_localid: "" - ike_localid_type: "asn1dn" - last_updated: "16" - name: "default_name_17" - name_encoding: "printable" - password: "" - private_key: "" - range: "global" - scep_password: "" - scep_url: "" - source: "factory" - source_ip: "84.230.14.43" - state: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_vpn_certificate_local_data(json): - option_list = ['auto_regenerate_days', 'auto_regenerate_days_warning', 'ca_identifier', - 'certificate', 'cmp_path', 'cmp_regeneration_method', - 'cmp_server', 'cmp_server_cert', 'comments', - 'csr', 'enroll_protocol', 'ike_localid', - 'ike_localid_type', 'last_updated', 'name', - 'name_encoding', 'password', 'private_key', - 'range', 'scep_password', 'scep_url', - 'source', 'source_ip', 'state'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def vpn_certificate_local(data, fos): - vdom = data['vdom'] - state = data['state'] - vpn_certificate_local_data = data['vpn_certificate_local'] - filtered_data = underscore_to_hyphen(filter_vpn_certificate_local_data(vpn_certificate_local_data)) - - if state == "present": - return fos.set('vpn.certificate', - 'local', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('vpn.certificate', - 'local', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_vpn_certificate(data, fos): - - if data['vpn_certificate_local']: - resp = vpn_certificate_local(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "vpn_certificate_local": { - "required": False, "type": "dict", "default": None, - "options": { - "auto_regenerate_days": {"required": False, "type": "int"}, - "auto_regenerate_days_warning": {"required": False, "type": "int"}, - "ca_identifier": {"required": False, "type": "str"}, - "certificate": {"required": False, "type": "str"}, - "cmp_path": {"required": False, "type": "str"}, - "cmp_regeneration_method": {"required": False, "type": "str", - "choices": ["keyupate", "renewal"]}, - "cmp_server": {"required": False, "type": "str"}, - "cmp_server_cert": {"required": False, "type": "str"}, - "comments": {"required": False, "type": "str"}, - "csr": {"required": False, "type": "str"}, - "enroll_protocol": {"required": False, "type": "str", - "choices": ["none", "scep", "cmpv2"]}, - "ike_localid": {"required": False, "type": "str"}, - "ike_localid_type": {"required": False, "type": "str", - "choices": ["asn1dn", "fqdn"]}, - "last_updated": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "name_encoding": {"required": False, "type": "str", - "choices": ["printable", "utf8"]}, - "password": {"required": False, "type": "str"}, - "private_key": {"required": False, "type": "str"}, - "range": {"required": False, "type": "str", - "choices": ["global", "vdom"]}, - "scep_password": {"required": False, "type": "str"}, - "scep_url": {"required": False, "type": "str"}, - "source": {"required": False, "type": "str", - "choices": ["factory", "user", "bundle"]}, - "source_ip": {"required": False, "type": "str"}, - "state": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_vpn_certificate(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_vpn_certificate(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_certificate_ocsp_server.py b/lib/ansible/modules/network/fortios/fortios_vpn_certificate_ocsp_server.py deleted file mode 100644 index 5b4f27ee53d..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_vpn_certificate_ocsp_server.py +++ /dev/null @@ -1,351 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_vpn_certificate_ocsp_server -short_description: OCSP server configuration in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify vpn_certificate feature and ocsp_server category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - vpn_certificate_ocsp_server: - description: - - OCSP server configuration. - default: null - type: dict - suboptions: - cert: - description: - - OCSP server certificate. Source vpn.certificate.remote.name vpn.certificate.ca.name. - type: str - name: - description: - - OCSP server entry name. - required: true - type: str - secondary_cert: - description: - - Secondary OCSP server certificate. Source vpn.certificate.remote.name vpn.certificate.ca.name. - type: str - secondary_url: - description: - - Secondary OCSP server URL. - type: str - source_ip: - description: - - Source IP address for communications to the OCSP server. - type: str - unavail_action: - description: - - Action when server is unavailable (revoke the certificate or ignore the result of the check). - type: str - choices: - - revoke - - ignore - url: - description: - - OCSP server URL. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: OCSP server configuration. - fortios_vpn_certificate_ocsp_server: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - vpn_certificate_ocsp_server: - cert: " (source vpn.certificate.remote.name vpn.certificate.ca.name)" - name: "default_name_4" - secondary_cert: " (source vpn.certificate.remote.name vpn.certificate.ca.name)" - secondary_url: "" - source_ip: "84.230.14.43" - unavail_action: "revoke" - url: "myurl.com" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_vpn_certificate_ocsp_server_data(json): - option_list = ['cert', 'name', 'secondary_cert', - 'secondary_url', 'source_ip', 'unavail_action', - 'url'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def vpn_certificate_ocsp_server(data, fos): - vdom = data['vdom'] - state = data['state'] - vpn_certificate_ocsp_server_data = data['vpn_certificate_ocsp_server'] - filtered_data = underscore_to_hyphen(filter_vpn_certificate_ocsp_server_data(vpn_certificate_ocsp_server_data)) - - if state == "present": - return fos.set('vpn.certificate', - 'ocsp-server', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('vpn.certificate', - 'ocsp-server', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_vpn_certificate(data, fos): - - if data['vpn_certificate_ocsp_server']: - resp = vpn_certificate_ocsp_server(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "vpn_certificate_ocsp_server": { - "required": False, "type": "dict", "default": None, - "options": { - "cert": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "secondary_cert": {"required": False, "type": "str"}, - "secondary_url": {"required": False, "type": "str"}, - "source_ip": {"required": False, "type": "str"}, - "unavail_action": {"required": False, "type": "str", - "choices": ["revoke", "ignore"]}, - "url": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_vpn_certificate(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_vpn_certificate(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_certificate_remote.py b/lib/ansible/modules/network/fortios/fortios_vpn_certificate_remote.py deleted file mode 100644 index 6878baf29db..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_vpn_certificate_remote.py +++ /dev/null @@ -1,337 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_vpn_certificate_remote -short_description: Remote certificate as a PEM file in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify vpn_certificate feature and remote category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - vpn_certificate_remote: - description: - - Remote certificate as a PEM file. - default: null - type: dict - suboptions: - name: - description: - - Name. - required: true - type: str - range: - description: - - Either the global or VDOM IP address range for the remote certificate. - type: str - choices: - - global - - vdom - remote: - description: - - Remote certificate. - type: str - source: - description: - - Remote certificate source type. - type: str - choices: - - factory - - user - - bundle -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Remote certificate as a PEM file. - fortios_vpn_certificate_remote: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - vpn_certificate_remote: - name: "default_name_3" - range: "global" - remote: "" - source: "factory" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_vpn_certificate_remote_data(json): - option_list = ['name', 'range', 'remote', - 'source'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def vpn_certificate_remote(data, fos): - vdom = data['vdom'] - state = data['state'] - vpn_certificate_remote_data = data['vpn_certificate_remote'] - filtered_data = underscore_to_hyphen(filter_vpn_certificate_remote_data(vpn_certificate_remote_data)) - - if state == "present": - return fos.set('vpn.certificate', - 'remote', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('vpn.certificate', - 'remote', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_vpn_certificate(data, fos): - - if data['vpn_certificate_remote']: - resp = vpn_certificate_remote(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "vpn_certificate_remote": { - "required": False, "type": "dict", "default": None, - "options": { - "name": {"required": True, "type": "str"}, - "range": {"required": False, "type": "str", - "choices": ["global", "vdom"]}, - "remote": {"required": False, "type": "str"}, - "source": {"required": False, "type": "str", - "choices": ["factory", "user", "bundle"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_vpn_certificate(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_vpn_certificate(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_certificate_setting.py b/lib/ansible/modules/network/fortios/fortios_vpn_certificate_setting.py deleted file mode 100644 index 8dcb3eae673..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_vpn_certificate_setting.py +++ /dev/null @@ -1,445 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_vpn_certificate_setting -short_description: VPN certificate setting in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify vpn_certificate feature and setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - vpn_certificate_setting: - description: - - VPN certificate setting. - default: null - type: dict - suboptions: - certname_dsa1024: - description: - - 1024 bit DSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. - type: str - certname_dsa2048: - description: - - 2048 bit DSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. - type: str - certname_ecdsa256: - description: - - 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. - type: str - certname_ecdsa384: - description: - - 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. - type: str - certname_rsa1024: - description: - - 1024 bit RSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. - type: str - certname_rsa2048: - description: - - 2048 bit RSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. - type: str - check_ca_cert: - description: - - Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted . - type: str - choices: - - enable - - disable - check_ca_chain: - description: - - Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in - the chain are trusted . - type: str - choices: - - enable - - disable - cmp_save_extra_certs: - description: - - Enable/disable saving extra certificates in CMP mode. - type: str - choices: - - enable - - disable - cn_match: - description: - - When searching for a matching certificate, control how to find matches in the cn attribute of the certificate subject name. - type: str - choices: - - substring - - value - ocsp_default_server: - description: - - Default OCSP server. Source vpn.certificate.ocsp-server.name. - type: str - ocsp_status: - description: - - Enable/disable receiving certificates using the OCSP. - type: str - choices: - - enable - - disable - ssl_min_proto_version: - description: - - Minimum supported protocol version for SSL/TLS connections . - type: str - choices: - - default - - SSLv3 - - TLSv1 - - TLSv1-1 - - TLSv1-2 - ssl_ocsp_option: - description: - - Specify whether the OCSP URL is from the certificate or the default OCSP server. - type: str - choices: - - certificate - - server - ssl_ocsp_status: - description: - - Enable/disable SSL OCSP. - type: str - choices: - - enable - - disable - strict_crl_check: - description: - - Enable/disable strict mode CRL checking. - type: str - choices: - - enable - - disable - strict_ocsp_check: - description: - - Enable/disable strict mode OCSP checking. - type: str - choices: - - enable - - disable - subject_match: - description: - - When searching for a matching certificate, control how to find matches in the certificate subject name. - type: str - choices: - - substring - - value -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: VPN certificate setting. - fortios_vpn_certificate_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - vpn_certificate_setting: - certname_dsa1024: " (source vpn.certificate.local.name)" - certname_dsa2048: " (source vpn.certificate.local.name)" - certname_ecdsa256: " (source vpn.certificate.local.name)" - certname_ecdsa384: " (source vpn.certificate.local.name)" - certname_rsa1024: " (source vpn.certificate.local.name)" - certname_rsa2048: " (source vpn.certificate.local.name)" - check_ca_cert: "enable" - check_ca_chain: "enable" - cmp_save_extra_certs: "enable" - cn_match: "substring" - ocsp_default_server: " (source vpn.certificate.ocsp-server.name)" - ocsp_status: "enable" - ssl_min_proto_version: "default" - ssl_ocsp_option: "certificate" - ssl_ocsp_status: "enable" - strict_crl_check: "enable" - strict_ocsp_check: "enable" - subject_match: "substring" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_vpn_certificate_setting_data(json): - option_list = ['certname_dsa1024', 'certname_dsa2048', 'certname_ecdsa256', - 'certname_ecdsa384', 'certname_rsa1024', 'certname_rsa2048', - 'check_ca_cert', 'check_ca_chain', 'cmp_save_extra_certs', - 'cn_match', 'ocsp_default_server', 'ocsp_status', - 'ssl_min_proto_version', 'ssl_ocsp_option', 'ssl_ocsp_status', - 'strict_crl_check', 'strict_ocsp_check', 'subject_match'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def vpn_certificate_setting(data, fos): - vdom = data['vdom'] - vpn_certificate_setting_data = data['vpn_certificate_setting'] - filtered_data = underscore_to_hyphen(filter_vpn_certificate_setting_data(vpn_certificate_setting_data)) - - return fos.set('vpn.certificate', - 'setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_vpn_certificate(data, fos): - - if data['vpn_certificate_setting']: - resp = vpn_certificate_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "vpn_certificate_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "certname_dsa1024": {"required": False, "type": "str"}, - "certname_dsa2048": {"required": False, "type": "str"}, - "certname_ecdsa256": {"required": False, "type": "str"}, - "certname_ecdsa384": {"required": False, "type": "str"}, - "certname_rsa1024": {"required": False, "type": "str"}, - "certname_rsa2048": {"required": False, "type": "str"}, - "check_ca_cert": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "check_ca_chain": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "cmp_save_extra_certs": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "cn_match": {"required": False, "type": "str", - "choices": ["substring", "value"]}, - "ocsp_default_server": {"required": False, "type": "str"}, - "ocsp_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssl_min_proto_version": {"required": False, "type": "str", - "choices": ["default", "SSLv3", "TLSv1", - "TLSv1-1", "TLSv1-2"]}, - "ssl_ocsp_option": {"required": False, "type": "str", - "choices": ["certificate", "server"]}, - "ssl_ocsp_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "strict_crl_check": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "strict_ocsp_check": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "subject_match": {"required": False, "type": "str", - "choices": ["substring", "value"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_vpn_certificate(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_vpn_certificate(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_concentrator.py b/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_concentrator.py deleted file mode 100644 index e0a6027d390..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_concentrator.py +++ /dev/null @@ -1,358 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_vpn_ipsec_concentrator -short_description: Concentrator configuration in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify vpn_ipsec feature and concentrator category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - vpn_ipsec_concentrator: - description: - - Concentrator configuration. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - member: - description: - - Names of up to 3 VPN tunnels to add to the concentrator. - type: list - suboptions: - name: - description: - - Member name. Source vpn.ipsec.manualkey.name vpn.ipsec.phase1.name. - required: true - type: str - name: - description: - - Concentrator name. - required: true - type: str - src_check: - description: - - Enable to check source address of phase 2 selector. Disable to check only the destination selector. - type: str - choices: - - disable - - enable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Concentrator configuration. - fortios_vpn_ipsec_concentrator: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - vpn_ipsec_concentrator: - member: - - - name: "default_name_4 (source vpn.ipsec.manualkey.name vpn.ipsec.phase1.name)" - name: "default_name_5" - src_check: "disable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_vpn_ipsec_concentrator_data(json): - option_list = ['member', 'name', 'src_check'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def vpn_ipsec_concentrator(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['vpn_ipsec_concentrator'] and data['vpn_ipsec_concentrator']: - state = data['vpn_ipsec_concentrator']['state'] - else: - state = True - vpn_ipsec_concentrator_data = data['vpn_ipsec_concentrator'] - filtered_data = underscore_to_hyphen(filter_vpn_ipsec_concentrator_data(vpn_ipsec_concentrator_data)) - - if state == "present": - return fos.set('vpn.ipsec', - 'concentrator', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('vpn.ipsec', - 'concentrator', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_vpn_ipsec(data, fos): - - if data['vpn_ipsec_concentrator']: - resp = vpn_ipsec_concentrator(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "vpn_ipsec_concentrator": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "member": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "name": {"required": True, "type": "str"}, - "src_check": {"required": False, "type": "str", - "choices": ["disable", "enable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_vpn_ipsec(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_vpn_ipsec(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_forticlient.py b/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_forticlient.py deleted file mode 100644 index 67f8a7310ce..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_forticlient.py +++ /dev/null @@ -1,355 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_vpn_ipsec_forticlient -short_description: Configure FortiClient policy realm in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify vpn_ipsec feature and forticlient category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - vpn_ipsec_forticlient: - description: - - Configure FortiClient policy realm. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - phase2name: - description: - - Phase 2 tunnel name that you defined in the FortiClient dialup configuration. Source vpn.ipsec.phase2.name vpn.ipsec.phase2-interface - .name. - type: str - realm: - description: - - FortiClient realm name. - required: true - type: str - status: - description: - - Enable/disable this FortiClient configuration. - type: str - choices: - - enable - - disable - usergroupname: - description: - - User group name for FortiClient users. Source user.group.name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiClient policy realm. - fortios_vpn_ipsec_forticlient: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - vpn_ipsec_forticlient: - phase2name: " (source vpn.ipsec.phase2.name vpn.ipsec.phase2-interface.name)" - realm: "" - status: "enable" - usergroupname: " (source user.group.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_vpn_ipsec_forticlient_data(json): - option_list = ['phase2name', 'realm', 'status', - 'usergroupname'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def vpn_ipsec_forticlient(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['vpn_ipsec_forticlient'] and data['vpn_ipsec_forticlient']: - state = data['vpn_ipsec_forticlient']['state'] - else: - state = True - vpn_ipsec_forticlient_data = data['vpn_ipsec_forticlient'] - filtered_data = underscore_to_hyphen(filter_vpn_ipsec_forticlient_data(vpn_ipsec_forticlient_data)) - - if state == "present": - return fos.set('vpn.ipsec', - 'forticlient', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('vpn.ipsec', - 'forticlient', - mkey=filtered_data['realm'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_vpn_ipsec(data, fos): - - if data['vpn_ipsec_forticlient']: - resp = vpn_ipsec_forticlient(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "vpn_ipsec_forticlient": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "phase2name": {"required": False, "type": "str"}, - "realm": {"required": True, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "usergroupname": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_vpn_ipsec(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_vpn_ipsec(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_manualkey.py b/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_manualkey.py deleted file mode 100644 index a0d4fdeb000..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_manualkey.py +++ /dev/null @@ -1,401 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_vpn_ipsec_manualkey -short_description: Configure IPsec manual keys in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify vpn_ipsec feature and manualkey category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - vpn_ipsec_manualkey: - description: - - Configure IPsec manual keys. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - authentication: - description: - - Authentication algorithm. Must be the same for both ends of the tunnel. - type: str - choices: - - null - - md5 - - sha1 - - sha256 - - sha384 - - sha512 - authkey: - description: - - Hexadecimal authentication key in 16-digit (8-byte) segments separated by hyphens. - type: str - enckey: - description: - - Hexadecimal encryption key in 16-digit (8-byte) segments separated by hyphens. - type: str - encryption: - description: - - Encryption algorithm. Must be the same for both ends of the tunnel. - type: str - choices: - - null - - des - interface: - description: - - Name of the physical, aggregate, or VLAN interface. Source system.interface.name. - type: str - local_gw: - description: - - Local gateway. - type: str - localspi: - description: - - Local SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules. - type: str - name: - description: - - IPsec tunnel name. - required: true - type: str - remote_gw: - description: - - Peer gateway. - type: str - remotespi: - description: - - Remote SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPsec manual keys. - fortios_vpn_ipsec_manualkey: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - vpn_ipsec_manualkey: - authentication: "null" - authkey: "" - enckey: "" - encryption: "null" - interface: " (source system.interface.name)" - local_gw: "" - localspi: "" - name: "default_name_10" - remote_gw: "" - remotespi: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_vpn_ipsec_manualkey_data(json): - option_list = ['authentication', 'authkey', 'enckey', - 'encryption', 'interface', 'local_gw', - 'localspi', 'name', 'remote_gw', - 'remotespi'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def vpn_ipsec_manualkey(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['vpn_ipsec_manualkey'] and data['vpn_ipsec_manualkey']: - state = data['vpn_ipsec_manualkey']['state'] - else: - state = True - vpn_ipsec_manualkey_data = data['vpn_ipsec_manualkey'] - filtered_data = underscore_to_hyphen(filter_vpn_ipsec_manualkey_data(vpn_ipsec_manualkey_data)) - - if state == "present": - return fos.set('vpn.ipsec', - 'manualkey', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('vpn.ipsec', - 'manualkey', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_vpn_ipsec(data, fos): - - if data['vpn_ipsec_manualkey']: - resp = vpn_ipsec_manualkey(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "vpn_ipsec_manualkey": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "authentication": {"required": False, "type": "str", - "choices": ["null", "md5", "sha1", - "sha256", "sha384", "sha512"]}, - "authkey": {"required": False, "type": "str"}, - "enckey": {"required": False, "type": "str"}, - "encryption": {"required": False, "type": "str", - "choices": ["null", "des"]}, - "interface": {"required": False, "type": "str"}, - "local_gw": {"required": False, "type": "str"}, - "localspi": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "remote_gw": {"required": False, "type": "str"}, - "remotespi": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_vpn_ipsec(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_vpn_ipsec(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_manualkey_interface.py b/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_manualkey_interface.py deleted file mode 100644 index 6eeebb80253..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_manualkey_interface.py +++ /dev/null @@ -1,434 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_vpn_ipsec_manualkey_interface -short_description: Configure IPsec manual keys in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify vpn_ipsec feature and manualkey_interface category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - vpn_ipsec_manualkey_interface: - description: - - Configure IPsec manual keys. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - addr_type: - description: - - IP version to use for IP packets. - type: str - choices: - - 4 - - 6 - auth_alg: - description: - - Authentication algorithm. Must be the same for both ends of the tunnel. - type: str - choices: - - null - - md5 - - sha1 - - sha256 - - sha384 - - sha512 - auth_key: - description: - - Hexadecimal authentication key in 16-digit (8-byte) segments separated by hyphens. - type: str - enc_alg: - description: - - Encryption algorithm. Must be the same for both ends of the tunnel. - type: str - choices: - - null - - des - enc_key: - description: - - Hexadecimal encryption key in 16-digit (8-byte) segments separated by hyphens. - type: str - interface: - description: - - Name of the physical, aggregate, or VLAN interface. Source system.interface.name. - type: str - ip_version: - description: - - IP version to use for VPN interface. - type: str - choices: - - 4 - - 6 - local_gw: - description: - - IPv4 address of the local gateway's external interface. - type: str - local_gw6: - description: - - Local IPv6 address of VPN gateway. - type: str - local_spi: - description: - - Local SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules. - type: str - name: - description: - - IPsec tunnel name. - required: true - type: str - remote_gw: - description: - - IPv4 address of the remote gateway's external interface. - type: str - remote_gw6: - description: - - Remote IPv6 address of VPN gateway. - type: str - remote_spi: - description: - - Remote SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPsec manual keys. - fortios_vpn_ipsec_manualkey_interface: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - vpn_ipsec_manualkey_interface: - addr_type: "4" - auth_alg: "null" - auth_key: "" - enc_alg: "null" - enc_key: "" - interface: " (source system.interface.name)" - ip_version: "4" - local_gw: "" - local_gw6: "" - local_spi: "" - name: "default_name_13" - remote_gw: "" - remote_gw6: "" - remote_spi: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_vpn_ipsec_manualkey_interface_data(json): - option_list = ['addr_type', 'auth_alg', 'auth_key', - 'enc_alg', 'enc_key', 'interface', - 'ip_version', 'local_gw', 'local_gw6', - 'local_spi', 'name', 'remote_gw', - 'remote_gw6', 'remote_spi'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def vpn_ipsec_manualkey_interface(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['vpn_ipsec_manualkey_interface'] and data['vpn_ipsec_manualkey_interface']: - state = data['vpn_ipsec_manualkey_interface']['state'] - else: - state = True - vpn_ipsec_manualkey_interface_data = data['vpn_ipsec_manualkey_interface'] - filtered_data = underscore_to_hyphen(filter_vpn_ipsec_manualkey_interface_data(vpn_ipsec_manualkey_interface_data)) - - if state == "present": - return fos.set('vpn.ipsec', - 'manualkey-interface', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('vpn.ipsec', - 'manualkey-interface', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_vpn_ipsec(data, fos): - - if data['vpn_ipsec_manualkey_interface']: - resp = vpn_ipsec_manualkey_interface(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "vpn_ipsec_manualkey_interface": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "addr_type": {"required": False, "type": "str", - "choices": ["4", "6"]}, - "auth_alg": {"required": False, "type": "str", - "choices": ["null", "md5", "sha1", - "sha256", "sha384", "sha512"]}, - "auth_key": {"required": False, "type": "str"}, - "enc_alg": {"required": False, "type": "str", - "choices": ["null", "des"]}, - "enc_key": {"required": False, "type": "str"}, - "interface": {"required": False, "type": "str"}, - "ip_version": {"required": False, "type": "str", - "choices": ["4", "6"]}, - "local_gw": {"required": False, "type": "str"}, - "local_gw6": {"required": False, "type": "str"}, - "local_spi": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "remote_gw": {"required": False, "type": "str"}, - "remote_gw6": {"required": False, "type": "str"}, - "remote_spi": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_vpn_ipsec(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_vpn_ipsec(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1.py b/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1.py deleted file mode 100644 index d08b560901b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1.py +++ /dev/null @@ -1,1266 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_vpn_ipsec_phase1 -short_description: Configure VPN remote gateway in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify vpn_ipsec feature and phase1 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - vpn_ipsec_phase1: - description: - - Configure VPN remote gateway. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - acct_verify: - description: - - Enable/disable verification of RADIUS accounting record. - type: str - choices: - - enable - - disable - add_gw_route: - description: - - Enable/disable automatically add a route to the remote gateway. - type: str - choices: - - enable - - disable - add_route: - description: - - Enable/disable control addition of a route to peer destination selector. - type: str - choices: - - disable - - enable - assign_ip: - description: - - Enable/disable assignment of IP to IPsec interface via configuration method. - type: str - choices: - - disable - - enable - assign_ip_from: - description: - - Method by which the IP address will be assigned. - type: str - choices: - - range - - usrgrp - - dhcp - - name - authmethod: - description: - - Authentication method. - type: str - choices: - - psk - - signature - authmethod_remote: - description: - - Authentication method (remote side). - type: str - choices: - - psk - - signature - authpasswd: - description: - - XAuth password (max 35 characters). - type: str - authusr: - description: - - XAuth user name. - type: str - authusrgrp: - description: - - Authentication user group. Source user.group.name. - type: str - auto_negotiate: - description: - - Enable/disable automatic initiation of IKE SA negotiation. - type: str - choices: - - enable - - disable - backup_gateway: - description: - - Instruct unity clients about the backup gateway address(es). - type: list - suboptions: - address: - description: - - Address of backup gateway. - required: true - type: str - banner: - description: - - Message that unity client should display after connecting. - type: str - cert_id_validation: - description: - - Enable/disable cross validation of peer ID and the identity in the peer's certificate as specified in RFC 4945. - type: str - choices: - - enable - - disable - certificate: - description: - - Names of up to 4 signed personal certificates. - type: list - suboptions: - name: - description: - - Certificate name. Source vpn.certificate.local.name. - required: true - type: str - childless_ike: - description: - - Enable/disable childless IKEv2 initiation (RFC 6023). - type: str - choices: - - enable - - disable - client_auto_negotiate: - description: - - Enable/disable allowing the VPN client to bring up the tunnel when there is no traffic. - type: str - choices: - - disable - - enable - client_keep_alive: - description: - - Enable/disable allowing the VPN client to keep the tunnel up when there is no traffic. - type: str - choices: - - disable - - enable - comments: - description: - - Comment. - type: str - dhgrp: - description: - - DH group. - type: str - choices: - - 1 - - 2 - - 5 - - 14 - - 15 - - 16 - - 17 - - 18 - - 19 - - 20 - - 21 - - 27 - - 28 - - 29 - - 30 - - 31 - digital_signature_auth: - description: - - Enable/disable IKEv2 Digital Signature Authentication (RFC 7427). - type: str - choices: - - enable - - disable - distance: - description: - - Distance for routes added by IKE (1 - 255). - type: int - dns_mode: - description: - - DNS server mode. - type: str - choices: - - manual - - auto - domain: - description: - - Instruct unity clients about the default DNS domain. - type: str - dpd: - description: - - Dead Peer Detection mode. - type: str - choices: - - disable - - on-idle - - on-demand - dpd_retrycount: - description: - - Number of DPD retry attempts. - type: int - dpd_retryinterval: - description: - - DPD retry interval. - type: str - eap: - description: - - Enable/disable IKEv2 EAP authentication. - type: str - choices: - - enable - - disable - eap_identity: - description: - - IKEv2 EAP peer identity type. - type: str - choices: - - use-id-payload - - send-request - enforce_unique_id: - description: - - Enable/disable peer ID uniqueness check. - type: str - choices: - - disable - - keep-new - - keep-old - forticlient_enforcement: - description: - - Enable/disable FortiClient enforcement. - type: str - choices: - - enable - - disable - fragmentation: - description: - - Enable/disable fragment IKE message on re-transmission. - type: str - choices: - - enable - - disable - fragmentation_mtu: - description: - - IKE fragmentation MTU (500 - 16000). - type: int - group_authentication: - description: - - Enable/disable IKEv2 IDi group authentication. - type: str - choices: - - enable - - disable - group_authentication_secret: - description: - - Password for IKEv2 IDi group authentication. (ASCII string or hexadecimal indicated by a leading 0x.) - type: str - ha_sync_esp_seqno: - description: - - Enable/disable sequence number jump ahead for IPsec HA. - type: str - choices: - - enable - - disable - idle_timeout: - description: - - Enable/disable IPsec tunnel idle timeout. - type: str - choices: - - enable - - disable - idle_timeoutinterval: - description: - - IPsec tunnel idle timeout in minutes (5 - 43200). - type: int - ike_version: - description: - - IKE protocol version. - type: str - choices: - - 1 - - 2 - include_local_lan: - description: - - Enable/disable allow local LAN access on unity clients. - type: str - choices: - - disable - - enable - interface: - description: - - Local physical, aggregate, or VLAN outgoing interface. Source system.interface.name. - type: str - ipv4_dns_server1: - description: - - IPv4 DNS server 1. - type: str - ipv4_dns_server2: - description: - - IPv4 DNS server 2. - type: str - ipv4_dns_server3: - description: - - IPv4 DNS server 3. - type: str - ipv4_end_ip: - description: - - End of IPv4 range. - type: str - ipv4_exclude_range: - description: - - Configuration Method IPv4 exclude ranges. - type: list - suboptions: - end_ip: - description: - - End of IPv4 exclusive range. - type: str - id: - description: - - ID. - required: true - type: int - start_ip: - description: - - Start of IPv4 exclusive range. - type: str - ipv4_name: - description: - - IPv4 address name. Source firewall.address.name firewall.addrgrp.name. - type: str - ipv4_netmask: - description: - - IPv4 Netmask. - type: str - ipv4_split_exclude: - description: - - IPv4 subnets that should not be sent over the IPsec tunnel. Source firewall.address.name firewall.addrgrp.name. - type: str - ipv4_split_include: - description: - - IPv4 split-include subnets. Source firewall.address.name firewall.addrgrp.name. - type: str - ipv4_start_ip: - description: - - Start of IPv4 range. - type: str - ipv4_wins_server1: - description: - - WINS server 1. - type: str - ipv4_wins_server2: - description: - - WINS server 2. - type: str - ipv6_dns_server1: - description: - - IPv6 DNS server 1. - type: str - ipv6_dns_server2: - description: - - IPv6 DNS server 2. - type: str - ipv6_dns_server3: - description: - - IPv6 DNS server 3. - type: str - ipv6_end_ip: - description: - - End of IPv6 range. - type: str - ipv6_exclude_range: - description: - - Configuration method IPv6 exclude ranges. - type: list - suboptions: - end_ip: - description: - - End of IPv6 exclusive range. - type: str - id: - description: - - ID. - required: true - type: int - start_ip: - description: - - Start of IPv6 exclusive range. - type: str - ipv6_name: - description: - - IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name. - type: str - ipv6_prefix: - description: - - IPv6 prefix. - type: int - ipv6_split_exclude: - description: - - IPv6 subnets that should not be sent over the IPsec tunnel. Source firewall.address6.name firewall.addrgrp6.name. - type: str - ipv6_split_include: - description: - - IPv6 split-include subnets. Source firewall.address6.name firewall.addrgrp6.name. - type: str - ipv6_start_ip: - description: - - Start of IPv6 range. - type: str - keepalive: - description: - - NAT-T keep alive interval. - type: int - keylife: - description: - - Time to wait in seconds before phase 1 encryption key expires. - type: int - local_gw: - description: - - Local VPN gateway. - type: str - localid: - description: - - Local ID. - type: str - localid_type: - description: - - Local ID type. - type: str - choices: - - auto - - fqdn - - user-fqdn - - keyid - - address - - asn1dn - mesh_selector_type: - description: - - Add selectors containing subsets of the configuration depending on traffic. - type: str - choices: - - disable - - subnet - - host - mode: - description: - - ID protection mode used to establish a secure channel. - type: str - choices: - - aggressive - - main - mode_cfg: - description: - - Enable/disable configuration method. - type: str - choices: - - disable - - enable - name: - description: - - IPsec remote gateway name. - required: true - type: str - nattraversal: - description: - - Enable/disable NAT traversal. - type: str - choices: - - enable - - disable - - forced - negotiate_timeout: - description: - - IKE SA negotiation timeout in seconds (1 - 300). - type: int - peer: - description: - - Accept this peer certificate. Source user.peer.name. - type: str - peergrp: - description: - - Accept this peer certificate group. Source user.peergrp.name. - type: str - peerid: - description: - - Accept this peer identity. - type: str - peertype: - description: - - Accept this peer type. - type: str - choices: - - any - - one - - dialup - - peer - - peergrp - ppk: - description: - - Enable/disable IKEv2 Postquantum Preshared Key (PPK). - type: str - choices: - - disable - - allow - - require - ppk_identity: - description: - - IKEv2 Postquantum Preshared Key Identity. - type: str - ppk_secret: - description: - - IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x). - type: str - priority: - description: - - Priority for routes added by IKE (0 - 4294967295). - type: int - proposal: - description: - - Phase1 proposal. - type: str - choices: - - des-md5 - - des-sha1 - - des-sha256 - - des-sha384 - - des-sha512 - psksecret: - description: - - Pre-shared secret for PSK authentication (ASCII string or hexadecimal encoded with a leading 0x). - type: str - psksecret_remote: - description: - - Pre-shared secret for remote side PSK authentication (ASCII string or hexadecimal encoded with a leading 0x). - type: str - reauth: - description: - - Enable/disable re-authentication upon IKE SA lifetime expiration. - type: str - choices: - - disable - - enable - rekey: - description: - - Enable/disable phase1 rekey. - type: str - choices: - - enable - - disable - remote_gw: - description: - - Remote VPN gateway. - type: str - remotegw_ddns: - description: - - Domain name of remote gateway (eg. name.DDNS.com). - type: str - rsa_signature_format: - description: - - Digital Signature Authentication RSA signature format. - type: str - choices: - - pkcs1 - - pss - save_password: - description: - - Enable/disable saving XAuth username and password on VPN clients. - type: str - choices: - - disable - - enable - send_cert_chain: - description: - - Enable/disable sending certificate chain. - type: str - choices: - - enable - - disable - signature_hash_alg: - description: - - Digital Signature Authentication hash algorithms. - type: str - choices: - - sha1 - - sha2-256 - - sha2-384 - - sha2-512 - split_include_service: - description: - - Split-include services. Source firewall.service.group.name firewall.service.custom.name. - type: str - suite_b: - description: - - Use Suite-B. - type: str - choices: - - disable - - suite-b-gcm-128 - - suite-b-gcm-256 - type: - description: - - Remote gateway type. - type: str - choices: - - static - - dynamic - - ddns - unity_support: - description: - - Enable/disable support for Cisco UNITY Configuration Method extensions. - type: str - choices: - - disable - - enable - usrgrp: - description: - - User group name for dialup peers. Source user.group.name. - type: str - wizard_type: - description: - - GUI VPN Wizard Type. - type: str - choices: - - custom - - dialup-forticlient - - dialup-ios - - dialup-android - - dialup-windows - - dialup-cisco - - static-fortigate - - dialup-fortigate - - static-cisco - - dialup-cisco-fw - xauthtype: - description: - - XAuth type. - type: str - choices: - - disable - - client - - pap - - chap - - auto -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure VPN remote gateway. - fortios_vpn_ipsec_phase1: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - vpn_ipsec_phase1: - acct_verify: "enable" - add_gw_route: "enable" - add_route: "disable" - assign_ip: "disable" - assign_ip_from: "range" - authmethod: "psk" - authmethod_remote: "psk" - authpasswd: "" - authusr: "" - authusrgrp: " (source user.group.name)" - auto_negotiate: "enable" - backup_gateway: - - - address: "" - banner: "" - cert_id_validation: "enable" - certificate: - - - name: "default_name_19 (source vpn.certificate.local.name)" - childless_ike: "enable" - client_auto_negotiate: "disable" - client_keep_alive: "disable" - comments: "" - dhgrp: "1" - digital_signature_auth: "enable" - distance: "26" - dns_mode: "manual" - domain: "" - dpd: "disable" - dpd_retrycount: "30" - dpd_retryinterval: "" - eap: "enable" - eap_identity: "use-id-payload" - enforce_unique_id: "disable" - forticlient_enforcement: "enable" - fragmentation: "enable" - fragmentation_mtu: "37" - group_authentication: "enable" - group_authentication_secret: "" - ha_sync_esp_seqno: "enable" - idle_timeout: "enable" - idle_timeoutinterval: "42" - ike_version: "1" - include_local_lan: "disable" - interface: " (source system.interface.name)" - ipv4_dns_server1: "" - ipv4_dns_server2: "" - ipv4_dns_server3: "" - ipv4_end_ip: "" - ipv4_exclude_range: - - - end_ip: "" - id: "52" - start_ip: "" - ipv4_name: " (source firewall.address.name firewall.addrgrp.name)" - ipv4_netmask: "" - ipv4_split_exclude: " (source firewall.address.name firewall.addrgrp.name)" - ipv4_split_include: " (source firewall.address.name firewall.addrgrp.name)" - ipv4_start_ip: "" - ipv4_wins_server1: "" - ipv4_wins_server2: "" - ipv6_dns_server1: "" - ipv6_dns_server2: "" - ipv6_dns_server3: "" - ipv6_end_ip: "" - ipv6_exclude_range: - - - end_ip: "" - id: "67" - start_ip: "" - ipv6_name: " (source firewall.address6.name firewall.addrgrp6.name)" - ipv6_prefix: "70" - ipv6_split_exclude: " (source firewall.address6.name firewall.addrgrp6.name)" - ipv6_split_include: " (source firewall.address6.name firewall.addrgrp6.name)" - ipv6_start_ip: "" - keepalive: "74" - keylife: "75" - local_gw: "" - localid: "" - localid_type: "auto" - mesh_selector_type: "disable" - mode: "aggressive" - mode_cfg: "disable" - name: "default_name_82" - nattraversal: "enable" - negotiate_timeout: "84" - peer: " (source user.peer.name)" - peergrp: " (source user.peergrp.name)" - peerid: "" - peertype: "any" - ppk: "disable" - ppk_identity: "" - ppk_secret: "" - priority: "92" - proposal: "des-md5" - psksecret: "" - psksecret_remote: "" - reauth: "disable" - rekey: "enable" - remote_gw: "" - remotegw_ddns: "" - rsa_signature_format: "pkcs1" - save_password: "disable" - send_cert_chain: "enable" - signature_hash_alg: "sha1" - split_include_service: " (source firewall.service.group.name firewall.service.custom.name)" - suite_b: "disable" - type: "static" - unity_support: "disable" - usrgrp: " (source user.group.name)" - wizard_type: "custom" - xauthtype: "disable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_vpn_ipsec_phase1_data(json): - option_list = ['acct_verify', 'add_gw_route', 'add_route', - 'assign_ip', 'assign_ip_from', 'authmethod', - 'authmethod_remote', 'authpasswd', 'authusr', - 'authusrgrp', 'auto_negotiate', 'backup_gateway', - 'banner', 'cert_id_validation', 'certificate', - 'childless_ike', 'client_auto_negotiate', 'client_keep_alive', - 'comments', 'dhgrp', 'digital_signature_auth', - 'distance', 'dns_mode', 'domain', - 'dpd', 'dpd_retrycount', 'dpd_retryinterval', - 'eap', 'eap_identity', 'enforce_unique_id', - 'forticlient_enforcement', 'fragmentation', 'fragmentation_mtu', - 'group_authentication', 'group_authentication_secret', 'ha_sync_esp_seqno', - 'idle_timeout', 'idle_timeoutinterval', 'ike_version', - 'include_local_lan', 'interface', 'ipv4_dns_server1', - 'ipv4_dns_server2', 'ipv4_dns_server3', 'ipv4_end_ip', - 'ipv4_exclude_range', 'ipv4_name', 'ipv4_netmask', - 'ipv4_split_exclude', 'ipv4_split_include', 'ipv4_start_ip', - 'ipv4_wins_server1', 'ipv4_wins_server2', 'ipv6_dns_server1', - 'ipv6_dns_server2', 'ipv6_dns_server3', 'ipv6_end_ip', - 'ipv6_exclude_range', 'ipv6_name', 'ipv6_prefix', - 'ipv6_split_exclude', 'ipv6_split_include', 'ipv6_start_ip', - 'keepalive', 'keylife', 'local_gw', - 'localid', 'localid_type', 'mesh_selector_type', - 'mode', 'mode_cfg', 'name', - 'nattraversal', 'negotiate_timeout', 'peer', - 'peergrp', 'peerid', 'peertype', - 'ppk', 'ppk_identity', 'ppk_secret', - 'priority', 'proposal', 'psksecret', - 'psksecret_remote', 'reauth', 'rekey', - 'remote_gw', 'remotegw_ddns', 'rsa_signature_format', - 'save_password', 'send_cert_chain', 'signature_hash_alg', - 'split_include_service', 'suite_b', 'type', - 'unity_support', 'usrgrp', 'wizard_type', - 'xauthtype'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def vpn_ipsec_phase1(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['vpn_ipsec_phase1'] and data['vpn_ipsec_phase1']: - state = data['vpn_ipsec_phase1']['state'] - else: - state = True - vpn_ipsec_phase1_data = data['vpn_ipsec_phase1'] - filtered_data = underscore_to_hyphen(filter_vpn_ipsec_phase1_data(vpn_ipsec_phase1_data)) - - if state == "present": - return fos.set('vpn.ipsec', - 'phase1', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('vpn.ipsec', - 'phase1', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_vpn_ipsec(data, fos): - - if data['vpn_ipsec_phase1']: - resp = vpn_ipsec_phase1(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "vpn_ipsec_phase1": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "acct_verify": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "add_gw_route": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "add_route": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "assign_ip": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "assign_ip_from": {"required": False, "type": "str", - "choices": ["range", "usrgrp", "dhcp", - "name"]}, - "authmethod": {"required": False, "type": "str", - "choices": ["psk", "signature"]}, - "authmethod_remote": {"required": False, "type": "str", - "choices": ["psk", "signature"]}, - "authpasswd": {"required": False, "type": "str"}, - "authusr": {"required": False, "type": "str"}, - "authusrgrp": {"required": False, "type": "str"}, - "auto_negotiate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "backup_gateway": {"required": False, "type": "list", - "options": { - "address": {"required": True, "type": "str"} - }}, - "banner": {"required": False, "type": "str"}, - "cert_id_validation": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "certificate": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "childless_ike": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "client_auto_negotiate": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "client_keep_alive": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "comments": {"required": False, "type": "str"}, - "dhgrp": {"required": False, "type": "str", - "choices": ["1", "2", "5", - "14", "15", "16", - "17", "18", "19", - "20", "21", "27", - "28", "29", "30", - "31"]}, - "digital_signature_auth": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "distance": {"required": False, "type": "int"}, - "dns_mode": {"required": False, "type": "str", - "choices": ["manual", "auto"]}, - "domain": {"required": False, "type": "str"}, - "dpd": {"required": False, "type": "str", - "choices": ["disable", "on-idle", "on-demand"]}, - "dpd_retrycount": {"required": False, "type": "int"}, - "dpd_retryinterval": {"required": False, "type": "str"}, - "eap": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "eap_identity": {"required": False, "type": "str", - "choices": ["use-id-payload", "send-request"]}, - "enforce_unique_id": {"required": False, "type": "str", - "choices": ["disable", "keep-new", "keep-old"]}, - "forticlient_enforcement": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "fragmentation": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "fragmentation_mtu": {"required": False, "type": "int"}, - "group_authentication": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "group_authentication_secret": {"required": False, "type": "str"}, - "ha_sync_esp_seqno": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "idle_timeout": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "idle_timeoutinterval": {"required": False, "type": "int"}, - "ike_version": {"required": False, "type": "str", - "choices": ["1", "2"]}, - "include_local_lan": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "interface": {"required": False, "type": "str"}, - "ipv4_dns_server1": {"required": False, "type": "str"}, - "ipv4_dns_server2": {"required": False, "type": "str"}, - "ipv4_dns_server3": {"required": False, "type": "str"}, - "ipv4_end_ip": {"required": False, "type": "str"}, - "ipv4_exclude_range": {"required": False, "type": "list", - "options": { - "end_ip": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "start_ip": {"required": False, "type": "str"} - }}, - "ipv4_name": {"required": False, "type": "str"}, - "ipv4_netmask": {"required": False, "type": "str"}, - "ipv4_split_exclude": {"required": False, "type": "str"}, - "ipv4_split_include": {"required": False, "type": "str"}, - "ipv4_start_ip": {"required": False, "type": "str"}, - "ipv4_wins_server1": {"required": False, "type": "str"}, - "ipv4_wins_server2": {"required": False, "type": "str"}, - "ipv6_dns_server1": {"required": False, "type": "str"}, - "ipv6_dns_server2": {"required": False, "type": "str"}, - "ipv6_dns_server3": {"required": False, "type": "str"}, - "ipv6_end_ip": {"required": False, "type": "str"}, - "ipv6_exclude_range": {"required": False, "type": "list", - "options": { - "end_ip": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "start_ip": {"required": False, "type": "str"} - }}, - "ipv6_name": {"required": False, "type": "str"}, - "ipv6_prefix": {"required": False, "type": "int"}, - "ipv6_split_exclude": {"required": False, "type": "str"}, - "ipv6_split_include": {"required": False, "type": "str"}, - "ipv6_start_ip": {"required": False, "type": "str"}, - "keepalive": {"required": False, "type": "int"}, - "keylife": {"required": False, "type": "int"}, - "local_gw": {"required": False, "type": "str"}, - "localid": {"required": False, "type": "str"}, - "localid_type": {"required": False, "type": "str", - "choices": ["auto", "fqdn", "user-fqdn", - "keyid", "address", "asn1dn"]}, - "mesh_selector_type": {"required": False, "type": "str", - "choices": ["disable", "subnet", "host"]}, - "mode": {"required": False, "type": "str", - "choices": ["aggressive", "main"]}, - "mode_cfg": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "name": {"required": True, "type": "str"}, - "nattraversal": {"required": False, "type": "str", - "choices": ["enable", "disable", "forced"]}, - "negotiate_timeout": {"required": False, "type": "int"}, - "peer": {"required": False, "type": "str"}, - "peergrp": {"required": False, "type": "str"}, - "peerid": {"required": False, "type": "str"}, - "peertype": {"required": False, "type": "str", - "choices": ["any", "one", "dialup", - "peer", "peergrp"]}, - "ppk": {"required": False, "type": "str", - "choices": ["disable", "allow", "require"]}, - "ppk_identity": {"required": False, "type": "str"}, - "ppk_secret": {"required": False, "type": "str"}, - "priority": {"required": False, "type": "int"}, - "proposal": {"required": False, "type": "str", - "choices": ["des-md5", "des-sha1", "des-sha256", - "des-sha384", "des-sha512"]}, - "psksecret": {"required": False, "type": "str"}, - "psksecret_remote": {"required": False, "type": "str"}, - "reauth": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "rekey": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "remote_gw": {"required": False, "type": "str"}, - "remotegw_ddns": {"required": False, "type": "str"}, - "rsa_signature_format": {"required": False, "type": "str", - "choices": ["pkcs1", "pss"]}, - "save_password": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "send_cert_chain": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "signature_hash_alg": {"required": False, "type": "str", - "choices": ["sha1", "sha2-256", "sha2-384", - "sha2-512"]}, - "split_include_service": {"required": False, "type": "str"}, - "suite_b": {"required": False, "type": "str", - "choices": ["disable", "suite-b-gcm-128", "suite-b-gcm-256"]}, - "type": {"required": False, "type": "str", - "choices": ["static", "dynamic", "ddns"]}, - "unity_support": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "usrgrp": {"required": False, "type": "str"}, - "wizard_type": {"required": False, "type": "str", - "choices": ["custom", "dialup-forticlient", "dialup-ios", - "dialup-android", "dialup-windows", "dialup-cisco", - "static-fortigate", "dialup-fortigate", "static-cisco", - "dialup-cisco-fw"]}, - "xauthtype": {"required": False, "type": "str", - "choices": ["disable", "client", "pap", - "chap", "auto"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_vpn_ipsec(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_vpn_ipsec(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1_interface.py b/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1_interface.py deleted file mode 100644 index 1646df559e0..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1_interface.py +++ /dev/null @@ -1,1500 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_vpn_ipsec_phase1_interface -short_description: Configure VPN remote gateway in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify vpn_ipsec feature and phase1_interface category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - vpn_ipsec_phase1_interface: - description: - - Configure VPN remote gateway. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - acct_verify: - description: - - Enable/disable verification of RADIUS accounting record. - type: str - choices: - - enable - - disable - add_gw_route: - description: - - Enable/disable automatically add a route to the remote gateway. - type: str - choices: - - enable - - disable - add_route: - description: - - Enable/disable control addition of a route to peer destination selector. - type: str - choices: - - disable - - enable - assign_ip: - description: - - Enable/disable assignment of IP to IPsec interface via configuration method. - type: str - choices: - - disable - - enable - assign_ip_from: - description: - - Method by which the IP address will be assigned. - type: str - choices: - - range - - usrgrp - - dhcp - - name - authmethod: - description: - - Authentication method. - type: str - choices: - - psk - - signature - authmethod_remote: - description: - - Authentication method (remote side). - type: str - choices: - - psk - - signature - authpasswd: - description: - - XAuth password (max 35 characters). - type: str - authusr: - description: - - XAuth user name. - type: str - authusrgrp: - description: - - Authentication user group. Source user.group.name. - type: str - auto_discovery_forwarder: - description: - - Enable/disable forwarding auto-discovery short-cut messages. - type: str - choices: - - enable - - disable - auto_discovery_psk: - description: - - Enable/disable use of pre-shared secrets for authentication of auto-discovery tunnels. - type: str - choices: - - enable - - disable - auto_discovery_receiver: - description: - - Enable/disable accepting auto-discovery short-cut messages. - type: str - choices: - - enable - - disable - auto_discovery_sender: - description: - - Enable/disable sending auto-discovery short-cut messages. - type: str - choices: - - enable - - disable - auto_negotiate: - description: - - Enable/disable automatic initiation of IKE SA negotiation. - type: str - choices: - - enable - - disable - backup_gateway: - description: - - Instruct unity clients about the backup gateway address(es). - type: list - suboptions: - address: - description: - - Address of backup gateway. - required: true - type: str - banner: - description: - - Message that unity client should display after connecting. - type: str - cert_id_validation: - description: - - Enable/disable cross validation of peer ID and the identity in the peer's certificate as specified in RFC 4945. - type: str - choices: - - enable - - disable - certificate: - description: - - The names of up to 4 signed personal certificates. - type: list - suboptions: - name: - description: - - Certificate name. Source vpn.certificate.local.name. - required: true - type: str - childless_ike: - description: - - Enable/disable childless IKEv2 initiation (RFC 6023). - type: str - choices: - - enable - - disable - client_auto_negotiate: - description: - - Enable/disable allowing the VPN client to bring up the tunnel when there is no traffic. - type: str - choices: - - disable - - enable - client_keep_alive: - description: - - Enable/disable allowing the VPN client to keep the tunnel up when there is no traffic. - type: str - choices: - - disable - - enable - comments: - description: - - Comment. - type: str - default_gw: - description: - - IPv4 address of default route gateway to use for traffic exiting the interface. - type: str - default_gw_priority: - description: - - Priority for default gateway route. A higher priority number signifies a less preferred route. - type: int - dhgrp: - description: - - DH group. - type: str - choices: - - 1 - - 2 - - 5 - - 14 - - 15 - - 16 - - 17 - - 18 - - 19 - - 20 - - 21 - - 27 - - 28 - - 29 - - 30 - - 31 - digital_signature_auth: - description: - - Enable/disable IKEv2 Digital Signature Authentication (RFC 7427). - type: str - choices: - - enable - - disable - distance: - description: - - Distance for routes added by IKE (1 - 255). - type: int - dns_mode: - description: - - DNS server mode. - type: str - choices: - - manual - - auto - domain: - description: - - Instruct unity clients about the default DNS domain. - type: str - dpd: - description: - - Dead Peer Detection mode. - type: str - choices: - - disable - - on-idle - - on-demand - dpd_retrycount: - description: - - Number of DPD retry attempts. - type: int - dpd_retryinterval: - description: - - DPD retry interval. - type: str - eap: - description: - - Enable/disable IKEv2 EAP authentication. - type: str - choices: - - enable - - disable - eap_identity: - description: - - IKEv2 EAP peer identity type. - type: str - choices: - - use-id-payload - - send-request - encap_local_gw4: - description: - - Local IPv4 address of GRE/VXLAN tunnel. - type: str - encap_local_gw6: - description: - - Local IPv6 address of GRE/VXLAN tunnel. - type: str - encap_remote_gw4: - description: - - Remote IPv4 address of GRE/VXLAN tunnel. - type: str - encap_remote_gw6: - description: - - Remote IPv6 address of GRE/VXLAN tunnel. - type: str - encapsulation: - description: - - Enable/disable GRE/VXLAN encapsulation. - type: str - choices: - - none - - gre - - vxlan - encapsulation_address: - description: - - Source for GRE/VXLAN tunnel address. - type: str - choices: - - ike - - ipv4 - - ipv6 - enforce_unique_id: - description: - - Enable/disable peer ID uniqueness check. - type: str - choices: - - disable - - keep-new - - keep-old - exchange_interface_ip: - description: - - Enable/disable exchange of IPsec interface IP address. - type: str - choices: - - enable - - disable - exchange_ip_addr4: - description: - - IPv4 address to exchange with peers. - type: str - exchange_ip_addr6: - description: - - IPv6 address to exchange with peers - type: str - forticlient_enforcement: - description: - - Enable/disable FortiClient enforcement. - type: str - choices: - - enable - - disable - fragmentation: - description: - - Enable/disable fragment IKE message on re-transmission. - type: str - choices: - - enable - - disable - fragmentation_mtu: - description: - - IKE fragmentation MTU (500 - 16000). - type: int - group_authentication: - description: - - Enable/disable IKEv2 IDi group authentication. - type: str - choices: - - enable - - disable - group_authentication_secret: - description: - - Password for IKEv2 IDi group authentication. (ASCII string or hexadecimal indicated by a leading 0x.) - type: str - ha_sync_esp_seqno: - description: - - Enable/disable sequence number jump ahead for IPsec HA. - type: str - choices: - - enable - - disable - idle_timeout: - description: - - Enable/disable IPsec tunnel idle timeout. - type: str - choices: - - enable - - disable - idle_timeoutinterval: - description: - - IPsec tunnel idle timeout in minutes (5 - 43200). - type: int - ike_version: - description: - - IKE protocol version. - type: str - choices: - - 1 - - 2 - include_local_lan: - description: - - Enable/disable allow local LAN access on unity clients. - type: str - choices: - - disable - - enable - interface: - description: - - Local physical, aggregate, or VLAN outgoing interface. Source system.interface.name. - type: str - ip_version: - description: - - IP version to use for VPN interface. - type: str - choices: - - 4 - - 6 - ipv4_dns_server1: - description: - - IPv4 DNS server 1. - type: str - ipv4_dns_server2: - description: - - IPv4 DNS server 2. - type: str - ipv4_dns_server3: - description: - - IPv4 DNS server 3. - type: str - ipv4_end_ip: - description: - - End of IPv4 range. - type: str - ipv4_exclude_range: - description: - - Configuration Method IPv4 exclude ranges. - type: list - suboptions: - end_ip: - description: - - End of IPv4 exclusive range. - type: str - id: - description: - - ID. - required: true - type: int - start_ip: - description: - - Start of IPv4 exclusive range. - type: str - ipv4_name: - description: - - IPv4 address name. Source firewall.address.name firewall.addrgrp.name. - type: str - ipv4_netmask: - description: - - IPv4 Netmask. - type: str - ipv4_split_exclude: - description: - - IPv4 subnets that should not be sent over the IPsec tunnel. Source firewall.address.name firewall.addrgrp.name. - type: str - ipv4_split_include: - description: - - IPv4 split-include subnets. Source firewall.address.name firewall.addrgrp.name. - type: str - ipv4_start_ip: - description: - - Start of IPv4 range. - type: str - ipv4_wins_server1: - description: - - WINS server 1. - type: str - ipv4_wins_server2: - description: - - WINS server 2. - type: str - ipv6_dns_server1: - description: - - IPv6 DNS server 1. - type: str - ipv6_dns_server2: - description: - - IPv6 DNS server 2. - type: str - ipv6_dns_server3: - description: - - IPv6 DNS server 3. - type: str - ipv6_end_ip: - description: - - End of IPv6 range. - type: str - ipv6_exclude_range: - description: - - Configuration method IPv6 exclude ranges. - type: list - suboptions: - end_ip: - description: - - End of IPv6 exclusive range. - type: str - id: - description: - - ID. - required: true - type: int - start_ip: - description: - - Start of IPv6 exclusive range. - type: str - ipv6_name: - description: - - IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name. - type: str - ipv6_prefix: - description: - - IPv6 prefix. - type: int - ipv6_split_exclude: - description: - - IPv6 subnets that should not be sent over the IPsec tunnel. Source firewall.address6.name firewall.addrgrp6.name. - type: str - ipv6_split_include: - description: - - IPv6 split-include subnets. Source firewall.address6.name firewall.addrgrp6.name. - type: str - ipv6_start_ip: - description: - - Start of IPv6 range. - type: str - keepalive: - description: - - NAT-T keep alive interval. - type: int - keylife: - description: - - Time to wait in seconds before phase 1 encryption key expires. - type: int - local_gw: - description: - - IPv4 address of the local gateway's external interface. - type: str - local_gw6: - description: - - IPv6 address of the local gateway's external interface. - type: str - localid: - description: - - Local ID. - type: str - localid_type: - description: - - Local ID type. - type: str - choices: - - auto - - fqdn - - user-fqdn - - keyid - - address - - asn1dn - mesh_selector_type: - description: - - Add selectors containing subsets of the configuration depending on traffic. - type: str - choices: - - disable - - subnet - - host - mode: - description: - - The ID protection mode used to establish a secure channel. - type: str - choices: - - aggressive - - main - mode_cfg: - description: - - Enable/disable configuration method. - type: str - choices: - - disable - - enable - monitor: - description: - - IPsec interface as backup for primary interface. Source vpn.ipsec.phase1-interface.name. - type: str - monitor_hold_down_delay: - description: - - Time to wait in seconds before recovery once primary re-establishes. - type: int - monitor_hold_down_time: - description: - - Time of day at which to fail back to primary after it re-establishes. - type: str - monitor_hold_down_type: - description: - - Recovery time method when primary interface re-establishes. - type: str - choices: - - immediate - - delay - - time - monitor_hold_down_weekday: - description: - - Day of the week to recover once primary re-establishes. - type: str - choices: - - everyday - - sunday - - monday - - tuesday - - wednesday - - thursday - - friday - - saturday - name: - description: - - IPsec remote gateway name. - required: true - type: str - nattraversal: - description: - - Enable/disable NAT traversal. - type: str - choices: - - enable - - disable - - forced - negotiate_timeout: - description: - - IKE SA negotiation timeout in seconds (1 - 300). - type: int - net_device: - description: - - Enable/disable kernel device creation for dialup instances. - type: str - choices: - - enable - - disable - passive_mode: - description: - - Enable/disable IPsec passive mode for static tunnels. - type: str - choices: - - enable - - disable - peer: - description: - - Accept this peer certificate. Source user.peer.name. - type: str - peergrp: - description: - - Accept this peer certificate group. Source user.peergrp.name. - type: str - peerid: - description: - - Accept this peer identity. - type: str - peertype: - description: - - Accept this peer type. - type: str - choices: - - any - - one - - dialup - - peer - - peergrp - ppk: - description: - - Enable/disable IKEv2 Postquantum Preshared Key (PPK). - type: str - choices: - - disable - - allow - - require - ppk_identity: - description: - - IKEv2 Postquantum Preshared Key Identity. - type: str - ppk_secret: - description: - - IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x). - type: str - priority: - description: - - Priority for routes added by IKE (0 - 4294967295). - type: int - proposal: - description: - - Phase1 proposal. - type: str - choices: - - des-md5 - - des-sha1 - - des-sha256 - - des-sha384 - - des-sha512 - psksecret: - description: - - Pre-shared secret for PSK authentication (ASCII string or hexadecimal encoded with a leading 0x). - type: str - psksecret_remote: - description: - - Pre-shared secret for remote side PSK authentication (ASCII string or hexadecimal encoded with a leading 0x). - type: str - reauth: - description: - - Enable/disable re-authentication upon IKE SA lifetime expiration. - type: str - choices: - - disable - - enable - rekey: - description: - - Enable/disable phase1 rekey. - type: str - choices: - - enable - - disable - remote_gw: - description: - - IPv4 address of the remote gateway's external interface. - type: str - remote_gw6: - description: - - IPv6 address of the remote gateway's external interface. - type: str - remotegw_ddns: - description: - - Domain name of remote gateway (eg. name.DDNS.com). - type: str - rsa_signature_format: - description: - - Digital Signature Authentication RSA signature format. - type: str - choices: - - pkcs1 - - pss - save_password: - description: - - Enable/disable saving XAuth username and password on VPN clients. - type: str - choices: - - disable - - enable - send_cert_chain: - description: - - Enable/disable sending certificate chain. - type: str - choices: - - enable - - disable - signature_hash_alg: - description: - - Digital Signature Authentication hash algorithms. - type: str - choices: - - sha1 - - sha2-256 - - sha2-384 - - sha2-512 - split_include_service: - description: - - Split-include services. Source firewall.service.group.name firewall.service.custom.name. - type: str - suite_b: - description: - - Use Suite-B. - type: str - choices: - - disable - - suite-b-gcm-128 - - suite-b-gcm-256 - tunnel_search: - description: - - Tunnel search method for when the interface is shared. - type: str - choices: - - selectors - - nexthop - type: - description: - - Remote gateway type. - type: str - choices: - - static - - dynamic - - ddns - unity_support: - description: - - Enable/disable support for Cisco UNITY Configuration Method extensions. - type: str - choices: - - disable - - enable - usrgrp: - description: - - User group name for dialup peers. Source user.group.name. - type: str - vni: - description: - - VNI of VXLAN tunnel. - type: int - wizard_type: - description: - - GUI VPN Wizard Type. - type: str - choices: - - custom - - dialup-forticlient - - dialup-ios - - dialup-android - - dialup-windows - - dialup-cisco - - static-fortigate - - dialup-fortigate - - static-cisco - - dialup-cisco-fw - xauthtype: - description: - - XAuth type. - type: str - choices: - - disable - - client - - pap - - chap - - auto -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure VPN remote gateway. - fortios_vpn_ipsec_phase1_interface: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - vpn_ipsec_phase1_interface: - acct_verify: "enable" - add_gw_route: "enable" - add_route: "disable" - assign_ip: "disable" - assign_ip_from: "range" - authmethod: "psk" - authmethod_remote: "psk" - authpasswd: "" - authusr: "" - authusrgrp: " (source user.group.name)" - auto_discovery_forwarder: "enable" - auto_discovery_psk: "enable" - auto_discovery_receiver: "enable" - auto_discovery_sender: "enable" - auto_negotiate: "enable" - backup_gateway: - - - address: "" - banner: "" - cert_id_validation: "enable" - certificate: - - - name: "default_name_23 (source vpn.certificate.local.name)" - childless_ike: "enable" - client_auto_negotiate: "disable" - client_keep_alive: "disable" - comments: "" - default_gw: "" - default_gw_priority: "29" - dhgrp: "1" - digital_signature_auth: "enable" - distance: "32" - dns_mode: "manual" - domain: "" - dpd: "disable" - dpd_retrycount: "36" - dpd_retryinterval: "" - eap: "enable" - eap_identity: "use-id-payload" - encap_local_gw4: "" - encap_local_gw6: "" - encap_remote_gw4: "" - encap_remote_gw6: "" - encapsulation: "none" - encapsulation_address: "ike" - enforce_unique_id: "disable" - exchange_interface_ip: "enable" - exchange_ip_addr4: "" - exchange_ip_addr6: "" - forticlient_enforcement: "enable" - fragmentation: "enable" - fragmentation_mtu: "52" - group_authentication: "enable" - group_authentication_secret: "" - ha_sync_esp_seqno: "enable" - idle_timeout: "enable" - idle_timeoutinterval: "57" - ike_version: "1" - include_local_lan: "disable" - interface: " (source system.interface.name)" - ip_version: "4" - ipv4_dns_server1: "" - ipv4_dns_server2: "" - ipv4_dns_server3: "" - ipv4_end_ip: "" - ipv4_exclude_range: - - - end_ip: "" - id: "68" - start_ip: "" - ipv4_name: " (source firewall.address.name firewall.addrgrp.name)" - ipv4_netmask: "" - ipv4_split_exclude: " (source firewall.address.name firewall.addrgrp.name)" - ipv4_split_include: " (source firewall.address.name firewall.addrgrp.name)" - ipv4_start_ip: "" - ipv4_wins_server1: "" - ipv4_wins_server2: "" - ipv6_dns_server1: "" - ipv6_dns_server2: "" - ipv6_dns_server3: "" - ipv6_end_ip: "" - ipv6_exclude_range: - - - end_ip: "" - id: "83" - start_ip: "" - ipv6_name: " (source firewall.address6.name firewall.addrgrp6.name)" - ipv6_prefix: "86" - ipv6_split_exclude: " (source firewall.address6.name firewall.addrgrp6.name)" - ipv6_split_include: " (source firewall.address6.name firewall.addrgrp6.name)" - ipv6_start_ip: "" - keepalive: "90" - keylife: "91" - local_gw: "" - local_gw6: "" - localid: "" - localid_type: "auto" - mesh_selector_type: "disable" - mode: "aggressive" - mode_cfg: "disable" - monitor: " (source vpn.ipsec.phase1-interface.name)" - monitor_hold_down_delay: "100" - monitor_hold_down_time: "" - monitor_hold_down_type: "immediate" - monitor_hold_down_weekday: "everyday" - name: "default_name_104" - nattraversal: "enable" - negotiate_timeout: "106" - net_device: "enable" - passive_mode: "enable" - peer: " (source user.peer.name)" - peergrp: " (source user.peergrp.name)" - peerid: "" - peertype: "any" - ppk: "disable" - ppk_identity: "" - ppk_secret: "" - priority: "116" - proposal: "des-md5" - psksecret: "" - psksecret_remote: "" - reauth: "disable" - rekey: "enable" - remote_gw: "" - remote_gw6: "" - remotegw_ddns: "" - rsa_signature_format: "pkcs1" - save_password: "disable" - send_cert_chain: "enable" - signature_hash_alg: "sha1" - split_include_service: " (source firewall.service.group.name firewall.service.custom.name)" - suite_b: "disable" - tunnel_search: "selectors" - type: "static" - unity_support: "disable" - usrgrp: " (source user.group.name)" - vni: "135" - wizard_type: "custom" - xauthtype: "disable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_vpn_ipsec_phase1_interface_data(json): - option_list = ['acct_verify', 'add_gw_route', 'add_route', - 'assign_ip', 'assign_ip_from', 'authmethod', - 'authmethod_remote', 'authpasswd', 'authusr', - 'authusrgrp', 'auto_discovery_forwarder', 'auto_discovery_psk', - 'auto_discovery_receiver', 'auto_discovery_sender', 'auto_negotiate', - 'backup_gateway', 'banner', 'cert_id_validation', - 'certificate', 'childless_ike', 'client_auto_negotiate', - 'client_keep_alive', 'comments', 'default_gw', - 'default_gw_priority', 'dhgrp', 'digital_signature_auth', - 'distance', 'dns_mode', 'domain', - 'dpd', 'dpd_retrycount', 'dpd_retryinterval', - 'eap', 'eap_identity', 'encap_local_gw4', - 'encap_local_gw6', 'encap_remote_gw4', 'encap_remote_gw6', - 'encapsulation', 'encapsulation_address', 'enforce_unique_id', - 'exchange_interface_ip', 'exchange_ip_addr4', 'exchange_ip_addr6', - 'forticlient_enforcement', 'fragmentation', 'fragmentation_mtu', - 'group_authentication', 'group_authentication_secret', 'ha_sync_esp_seqno', - 'idle_timeout', 'idle_timeoutinterval', 'ike_version', - 'include_local_lan', 'interface', 'ip_version', - 'ipv4_dns_server1', 'ipv4_dns_server2', 'ipv4_dns_server3', - 'ipv4_end_ip', 'ipv4_exclude_range', 'ipv4_name', - 'ipv4_netmask', 'ipv4_split_exclude', 'ipv4_split_include', - 'ipv4_start_ip', 'ipv4_wins_server1', 'ipv4_wins_server2', - 'ipv6_dns_server1', 'ipv6_dns_server2', 'ipv6_dns_server3', - 'ipv6_end_ip', 'ipv6_exclude_range', 'ipv6_name', - 'ipv6_prefix', 'ipv6_split_exclude', 'ipv6_split_include', - 'ipv6_start_ip', 'keepalive', 'keylife', - 'local_gw', 'local_gw6', 'localid', - 'localid_type', 'mesh_selector_type', 'mode', - 'mode_cfg', 'monitor', 'monitor_hold_down_delay', - 'monitor_hold_down_time', 'monitor_hold_down_type', 'monitor_hold_down_weekday', - 'name', 'nattraversal', 'negotiate_timeout', - 'net_device', 'passive_mode', 'peer', - 'peergrp', 'peerid', 'peertype', - 'ppk', 'ppk_identity', 'ppk_secret', - 'priority', 'proposal', 'psksecret', - 'psksecret_remote', 'reauth', 'rekey', - 'remote_gw', 'remote_gw6', 'remotegw_ddns', - 'rsa_signature_format', 'save_password', 'send_cert_chain', - 'signature_hash_alg', 'split_include_service', 'suite_b', - 'tunnel_search', 'type', 'unity_support', - 'usrgrp', 'vni', 'wizard_type', - 'xauthtype'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def vpn_ipsec_phase1_interface(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['vpn_ipsec_phase1_interface'] and data['vpn_ipsec_phase1_interface']: - state = data['vpn_ipsec_phase1_interface']['state'] - else: - state = True - vpn_ipsec_phase1_interface_data = data['vpn_ipsec_phase1_interface'] - filtered_data = underscore_to_hyphen(filter_vpn_ipsec_phase1_interface_data(vpn_ipsec_phase1_interface_data)) - - if state == "present": - return fos.set('vpn.ipsec', - 'phase1-interface', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('vpn.ipsec', - 'phase1-interface', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_vpn_ipsec(data, fos): - - if data['vpn_ipsec_phase1_interface']: - resp = vpn_ipsec_phase1_interface(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "vpn_ipsec_phase1_interface": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "acct_verify": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "add_gw_route": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "add_route": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "assign_ip": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "assign_ip_from": {"required": False, "type": "str", - "choices": ["range", "usrgrp", "dhcp", - "name"]}, - "authmethod": {"required": False, "type": "str", - "choices": ["psk", "signature"]}, - "authmethod_remote": {"required": False, "type": "str", - "choices": ["psk", "signature"]}, - "authpasswd": {"required": False, "type": "str"}, - "authusr": {"required": False, "type": "str"}, - "authusrgrp": {"required": False, "type": "str"}, - "auto_discovery_forwarder": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "auto_discovery_psk": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "auto_discovery_receiver": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "auto_discovery_sender": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "auto_negotiate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "backup_gateway": {"required": False, "type": "list", - "options": { - "address": {"required": True, "type": "str"} - }}, - "banner": {"required": False, "type": "str"}, - "cert_id_validation": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "certificate": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "childless_ike": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "client_auto_negotiate": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "client_keep_alive": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "comments": {"required": False, "type": "str"}, - "default_gw": {"required": False, "type": "str"}, - "default_gw_priority": {"required": False, "type": "int"}, - "dhgrp": {"required": False, "type": "str", - "choices": ["1", "2", "5", - "14", "15", "16", - "17", "18", "19", - "20", "21", "27", - "28", "29", "30", - "31"]}, - "digital_signature_auth": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "distance": {"required": False, "type": "int"}, - "dns_mode": {"required": False, "type": "str", - "choices": ["manual", "auto"]}, - "domain": {"required": False, "type": "str"}, - "dpd": {"required": False, "type": "str", - "choices": ["disable", "on-idle", "on-demand"]}, - "dpd_retrycount": {"required": False, "type": "int"}, - "dpd_retryinterval": {"required": False, "type": "str"}, - "eap": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "eap_identity": {"required": False, "type": "str", - "choices": ["use-id-payload", "send-request"]}, - "encap_local_gw4": {"required": False, "type": "str"}, - "encap_local_gw6": {"required": False, "type": "str"}, - "encap_remote_gw4": {"required": False, "type": "str"}, - "encap_remote_gw6": {"required": False, "type": "str"}, - "encapsulation": {"required": False, "type": "str", - "choices": ["none", "gre", "vxlan"]}, - "encapsulation_address": {"required": False, "type": "str", - "choices": ["ike", "ipv4", "ipv6"]}, - "enforce_unique_id": {"required": False, "type": "str", - "choices": ["disable", "keep-new", "keep-old"]}, - "exchange_interface_ip": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "exchange_ip_addr4": {"required": False, "type": "str"}, - "exchange_ip_addr6": {"required": False, "type": "str"}, - "forticlient_enforcement": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "fragmentation": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "fragmentation_mtu": {"required": False, "type": "int"}, - "group_authentication": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "group_authentication_secret": {"required": False, "type": "str"}, - "ha_sync_esp_seqno": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "idle_timeout": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "idle_timeoutinterval": {"required": False, "type": "int"}, - "ike_version": {"required": False, "type": "str", - "choices": ["1", "2"]}, - "include_local_lan": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "interface": {"required": False, "type": "str"}, - "ip_version": {"required": False, "type": "str", - "choices": ["4", "6"]}, - "ipv4_dns_server1": {"required": False, "type": "str"}, - "ipv4_dns_server2": {"required": False, "type": "str"}, - "ipv4_dns_server3": {"required": False, "type": "str"}, - "ipv4_end_ip": {"required": False, "type": "str"}, - "ipv4_exclude_range": {"required": False, "type": "list", - "options": { - "end_ip": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "start_ip": {"required": False, "type": "str"} - }}, - "ipv4_name": {"required": False, "type": "str"}, - "ipv4_netmask": {"required": False, "type": "str"}, - "ipv4_split_exclude": {"required": False, "type": "str"}, - "ipv4_split_include": {"required": False, "type": "str"}, - "ipv4_start_ip": {"required": False, "type": "str"}, - "ipv4_wins_server1": {"required": False, "type": "str"}, - "ipv4_wins_server2": {"required": False, "type": "str"}, - "ipv6_dns_server1": {"required": False, "type": "str"}, - "ipv6_dns_server2": {"required": False, "type": "str"}, - "ipv6_dns_server3": {"required": False, "type": "str"}, - "ipv6_end_ip": {"required": False, "type": "str"}, - "ipv6_exclude_range": {"required": False, "type": "list", - "options": { - "end_ip": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "start_ip": {"required": False, "type": "str"} - }}, - "ipv6_name": {"required": False, "type": "str"}, - "ipv6_prefix": {"required": False, "type": "int"}, - "ipv6_split_exclude": {"required": False, "type": "str"}, - "ipv6_split_include": {"required": False, "type": "str"}, - "ipv6_start_ip": {"required": False, "type": "str"}, - "keepalive": {"required": False, "type": "int"}, - "keylife": {"required": False, "type": "int"}, - "local_gw": {"required": False, "type": "str"}, - "local_gw6": {"required": False, "type": "str"}, - "localid": {"required": False, "type": "str"}, - "localid_type": {"required": False, "type": "str", - "choices": ["auto", "fqdn", "user-fqdn", - "keyid", "address", "asn1dn"]}, - "mesh_selector_type": {"required": False, "type": "str", - "choices": ["disable", "subnet", "host"]}, - "mode": {"required": False, "type": "str", - "choices": ["aggressive", "main"]}, - "mode_cfg": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "monitor": {"required": False, "type": "str"}, - "monitor_hold_down_delay": {"required": False, "type": "int"}, - "monitor_hold_down_time": {"required": False, "type": "str"}, - "monitor_hold_down_type": {"required": False, "type": "str", - "choices": ["immediate", "delay", "time"]}, - "monitor_hold_down_weekday": {"required": False, "type": "str", - "choices": ["everyday", "sunday", "monday", - "tuesday", "wednesday", "thursday", - "friday", "saturday"]}, - "name": {"required": True, "type": "str"}, - "nattraversal": {"required": False, "type": "str", - "choices": ["enable", "disable", "forced"]}, - "negotiate_timeout": {"required": False, "type": "int"}, - "net_device": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "passive_mode": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "peer": {"required": False, "type": "str"}, - "peergrp": {"required": False, "type": "str"}, - "peerid": {"required": False, "type": "str"}, - "peertype": {"required": False, "type": "str", - "choices": ["any", "one", "dialup", - "peer", "peergrp"]}, - "ppk": {"required": False, "type": "str", - "choices": ["disable", "allow", "require"]}, - "ppk_identity": {"required": False, "type": "str"}, - "ppk_secret": {"required": False, "type": "str"}, - "priority": {"required": False, "type": "int"}, - "proposal": {"required": False, "type": "str", - "choices": ["des-md5", "des-sha1", "des-sha256", - "des-sha384", "des-sha512"]}, - "psksecret": {"required": False, "type": "str"}, - "psksecret_remote": {"required": False, "type": "str"}, - "reauth": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "rekey": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "remote_gw": {"required": False, "type": "str"}, - "remote_gw6": {"required": False, "type": "str"}, - "remotegw_ddns": {"required": False, "type": "str"}, - "rsa_signature_format": {"required": False, "type": "str", - "choices": ["pkcs1", "pss"]}, - "save_password": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "send_cert_chain": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "signature_hash_alg": {"required": False, "type": "str", - "choices": ["sha1", "sha2-256", "sha2-384", - "sha2-512"]}, - "split_include_service": {"required": False, "type": "str"}, - "suite_b": {"required": False, "type": "str", - "choices": ["disable", "suite-b-gcm-128", "suite-b-gcm-256"]}, - "tunnel_search": {"required": False, "type": "str", - "choices": ["selectors", "nexthop"]}, - "type": {"required": False, "type": "str", - "choices": ["static", "dynamic", "ddns"]}, - "unity_support": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "usrgrp": {"required": False, "type": "str"}, - "vni": {"required": False, "type": "int"}, - "wizard_type": {"required": False, "type": "str", - "choices": ["custom", "dialup-forticlient", "dialup-ios", - "dialup-android", "dialup-windows", "dialup-cisco", - "static-fortigate", "dialup-fortigate", "static-cisco", - "dialup-cisco-fw"]}, - "xauthtype": {"required": False, "type": "str", - "choices": ["disable", "client", "pap", - "chap", "auto"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_vpn_ipsec(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_vpn_ipsec(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase2.py b/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase2.py deleted file mode 100644 index 7c80a86b984..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase2.py +++ /dev/null @@ -1,693 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_vpn_ipsec_phase2 -short_description: Configure VPN autokey tunnel in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify vpn_ipsec feature and phase2 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - vpn_ipsec_phase2: - description: - - Configure VPN autokey tunnel. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - add_route: - description: - - Enable/disable automatic route addition. - type: str - choices: - - phase1 - - enable - - disable - auto_negotiate: - description: - - Enable/disable IPsec SA auto-negotiation. - type: str - choices: - - enable - - disable - comments: - description: - - Comment. - type: str - dhcp_ipsec: - description: - - Enable/disable DHCP-IPsec. - type: str - choices: - - enable - - disable - dhgrp: - description: - - Phase2 DH group. - type: str - choices: - - 1 - - 2 - - 5 - - 14 - - 15 - - 16 - - 17 - - 18 - - 19 - - 20 - - 21 - - 27 - - 28 - - 29 - - 30 - - 31 - dst_addr_type: - description: - - Remote proxy ID type. - type: str - choices: - - subnet - - range - - ip - - name - dst_end_ip: - description: - - Remote proxy ID IPv4 end. - type: str - dst_end_ip6: - description: - - Remote proxy ID IPv6 end. - type: str - dst_name: - description: - - Remote proxy ID name. Source firewall.address.name firewall.addrgrp.name. - type: str - dst_name6: - description: - - Remote proxy ID name. Source firewall.address6.name firewall.addrgrp6.name. - type: str - dst_port: - description: - - Quick mode destination port (1 - 65535 or 0 for all). - type: int - dst_start_ip: - description: - - Remote proxy ID IPv4 start. - type: str - dst_start_ip6: - description: - - Remote proxy ID IPv6 start. - type: str - dst_subnet: - description: - - Remote proxy ID IPv4 subnet. - type: str - dst_subnet6: - description: - - Remote proxy ID IPv6 subnet. - type: str - encapsulation: - description: - - ESP encapsulation mode. - type: str - choices: - - tunnel-mode - - transport-mode - keepalive: - description: - - Enable/disable keep alive. - type: str - choices: - - enable - - disable - keylife_type: - description: - - Keylife type. - type: str - choices: - - seconds - - kbs - - both - keylifekbs: - description: - - Phase2 key life in number of bytes of traffic (5120 - 4294967295). - type: int - keylifeseconds: - description: - - Phase2 key life in time in seconds (120 - 172800). - type: int - l2tp: - description: - - Enable/disable L2TP over IPsec. - type: str - choices: - - enable - - disable - name: - description: - - IPsec tunnel name. - required: true - type: str - pfs: - description: - - Enable/disable PFS feature. - type: str - choices: - - enable - - disable - phase1name: - description: - - Phase 1 determines the options required for phase 2. Source vpn.ipsec.phase1.name. - type: str - proposal: - description: - - Phase2 proposal. - type: str - choices: - - null-md5 - - null-sha1 - - null-sha256 - - null-sha384 - - null-sha512 - - des-null - - des-md5 - - des-sha1 - - des-sha256 - - des-sha384 - - des-sha512 - protocol: - description: - - Quick mode protocol selector (1 - 255 or 0 for all). - type: int - replay: - description: - - Enable/disable replay detection. - type: str - choices: - - enable - - disable - route_overlap: - description: - - Action for overlapping routes. - type: str - choices: - - use-old - - use-new - - allow - selector_match: - description: - - Match type to use when comparing selectors. - type: str - choices: - - exact - - subset - - auto - single_source: - description: - - Enable/disable single source IP restriction. - type: str - choices: - - enable - - disable - src_addr_type: - description: - - Local proxy ID type. - type: str - choices: - - subnet - - range - - ip - - name - src_end_ip: - description: - - Local proxy ID end. - type: str - src_end_ip6: - description: - - Local proxy ID IPv6 end. - type: str - src_name: - description: - - Local proxy ID name. Source firewall.address.name firewall.addrgrp.name. - type: str - src_name6: - description: - - Local proxy ID name. Source firewall.address6.name firewall.addrgrp6.name. - type: str - src_port: - description: - - Quick mode source port (1 - 65535 or 0 for all). - type: int - src_start_ip: - description: - - Local proxy ID start. - type: str - src_start_ip6: - description: - - Local proxy ID IPv6 start. - type: str - src_subnet: - description: - - Local proxy ID subnet. - type: str - src_subnet6: - description: - - Local proxy ID IPv6 subnet. - type: str - use_natip: - description: - - Enable to use the FortiGate public IP as the source selector when outbound NAT is used. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure VPN autokey tunnel. - fortios_vpn_ipsec_phase2: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - vpn_ipsec_phase2: - add_route: "phase1" - auto_negotiate: "enable" - comments: "" - dhcp_ipsec: "enable" - dhgrp: "1" - dst_addr_type: "subnet" - dst_end_ip: "" - dst_end_ip6: "" - dst_name: " (source firewall.address.name firewall.addrgrp.name)" - dst_name6: " (source firewall.address6.name firewall.addrgrp6.name)" - dst_port: "13" - dst_start_ip: "" - dst_start_ip6: "" - dst_subnet: "" - dst_subnet6: "" - encapsulation: "tunnel-mode" - keepalive: "enable" - keylife_type: "seconds" - keylifekbs: "21" - keylifeseconds: "22" - l2tp: "enable" - name: "default_name_24" - pfs: "enable" - phase1name: " (source vpn.ipsec.phase1.name)" - proposal: "null-md5" - protocol: "28" - replay: "enable" - route_overlap: "use-old" - selector_match: "exact" - single_source: "enable" - src_addr_type: "subnet" - src_end_ip: "" - src_end_ip6: "" - src_name: " (source firewall.address.name firewall.addrgrp.name)" - src_name6: " (source firewall.address6.name firewall.addrgrp6.name)" - src_port: "38" - src_start_ip: "" - src_start_ip6: "" - src_subnet: "" - src_subnet6: "" - use_natip: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_vpn_ipsec_phase2_data(json): - option_list = ['add_route', 'auto_negotiate', 'comments', - 'dhcp_ipsec', 'dhgrp', 'dst_addr_type', - 'dst_end_ip', 'dst_end_ip6', 'dst_name', - 'dst_name6', 'dst_port', 'dst_start_ip', - 'dst_start_ip6', 'dst_subnet', 'dst_subnet6', - 'encapsulation', 'keepalive', 'keylife_type', - 'keylifekbs', 'keylifeseconds', 'l2tp', - 'name', 'pfs', 'phase1name', - 'proposal', 'protocol', 'replay', - 'route_overlap', 'selector_match', 'single_source', - 'src_addr_type', 'src_end_ip', 'src_end_ip6', - 'src_name', 'src_name6', 'src_port', - 'src_start_ip', 'src_start_ip6', 'src_subnet', - 'src_subnet6', 'use_natip'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def vpn_ipsec_phase2(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['vpn_ipsec_phase2'] and data['vpn_ipsec_phase2']: - state = data['vpn_ipsec_phase2']['state'] - else: - state = True - vpn_ipsec_phase2_data = data['vpn_ipsec_phase2'] - filtered_data = underscore_to_hyphen(filter_vpn_ipsec_phase2_data(vpn_ipsec_phase2_data)) - - if state == "present": - return fos.set('vpn.ipsec', - 'phase2', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('vpn.ipsec', - 'phase2', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_vpn_ipsec(data, fos): - - if data['vpn_ipsec_phase2']: - resp = vpn_ipsec_phase2(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "vpn_ipsec_phase2": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "add_route": {"required": False, "type": "str", - "choices": ["phase1", "enable", "disable"]}, - "auto_negotiate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "comments": {"required": False, "type": "str"}, - "dhcp_ipsec": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dhgrp": {"required": False, "type": "str", - "choices": ["1", "2", "5", - "14", "15", "16", - "17", "18", "19", - "20", "21", "27", - "28", "29", "30", - "31"]}, - "dst_addr_type": {"required": False, "type": "str", - "choices": ["subnet", "range", "ip", - "name"]}, - "dst_end_ip": {"required": False, "type": "str"}, - "dst_end_ip6": {"required": False, "type": "str"}, - "dst_name": {"required": False, "type": "str"}, - "dst_name6": {"required": False, "type": "str"}, - "dst_port": {"required": False, "type": "int"}, - "dst_start_ip": {"required": False, "type": "str"}, - "dst_start_ip6": {"required": False, "type": "str"}, - "dst_subnet": {"required": False, "type": "str"}, - "dst_subnet6": {"required": False, "type": "str"}, - "encapsulation": {"required": False, "type": "str", - "choices": ["tunnel-mode", "transport-mode"]}, - "keepalive": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "keylife_type": {"required": False, "type": "str", - "choices": ["seconds", "kbs", "both"]}, - "keylifekbs": {"required": False, "type": "int"}, - "keylifeseconds": {"required": False, "type": "int"}, - "l2tp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "name": {"required": True, "type": "str"}, - "pfs": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "phase1name": {"required": False, "type": "str"}, - "proposal": {"required": False, "type": "str", - "choices": ["null-md5", "null-sha1", "null-sha256", - "null-sha384", "null-sha512", "des-null", - "des-md5", "des-sha1", "des-sha256", - "des-sha384", "des-sha512"]}, - "protocol": {"required": False, "type": "int"}, - "replay": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "route_overlap": {"required": False, "type": "str", - "choices": ["use-old", "use-new", "allow"]}, - "selector_match": {"required": False, "type": "str", - "choices": ["exact", "subset", "auto"]}, - "single_source": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "src_addr_type": {"required": False, "type": "str", - "choices": ["subnet", "range", "ip", - "name"]}, - "src_end_ip": {"required": False, "type": "str"}, - "src_end_ip6": {"required": False, "type": "str"}, - "src_name": {"required": False, "type": "str"}, - "src_name6": {"required": False, "type": "str"}, - "src_port": {"required": False, "type": "int"}, - "src_start_ip": {"required": False, "type": "str"}, - "src_start_ip6": {"required": False, "type": "str"}, - "src_subnet": {"required": False, "type": "str"}, - "src_subnet6": {"required": False, "type": "str"}, - "use_natip": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_vpn_ipsec(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_vpn_ipsec(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase2_interface.py b/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase2_interface.py deleted file mode 100644 index e28b41ae2d4..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase2_interface.py +++ /dev/null @@ -1,788 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_vpn_ipsec_phase2_interface -short_description: Configure VPN autokey tunnel in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify vpn_ipsec feature and phase2_interface category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - vpn_ipsec_phase2_interface: - description: - - Configure VPN autokey tunnel. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - add_route: - description: - - Enable/disable automatic route addition. - type: str - choices: - - phase1 - - enable - - disable - auto_discovery_forwarder: - description: - - Enable/disable forwarding short-cut messages. - type: str - choices: - - phase1 - - enable - - disable - auto_discovery_sender: - description: - - Enable/disable sending short-cut messages. - type: str - choices: - - phase1 - - enable - - disable - auto_negotiate: - description: - - Enable/disable IPsec SA auto-negotiation. - type: str - choices: - - enable - - disable - comments: - description: - - Comment. - type: str - dhcp_ipsec: - description: - - Enable/disable DHCP-IPsec. - type: str - choices: - - enable - - disable - dhgrp: - description: - - Phase2 DH group. - type: str - choices: - - 1 - - 2 - - 5 - - 14 - - 15 - - 16 - - 17 - - 18 - - 19 - - 20 - - 21 - - 27 - - 28 - - 29 - - 30 - - 31 - dst_addr_type: - description: - - Remote proxy ID type. - type: str - choices: - - subnet - - range - - ip - - name - - subnet6 - - range6 - - ip6 - - name6 - dst_end_ip: - description: - - Remote proxy ID IPv4 end. - type: str - dst_end_ip6: - description: - - Remote proxy ID IPv6 end. - type: str - dst_name: - description: - - Remote proxy ID name. Source firewall.address.name firewall.addrgrp.name. - type: str - dst_name6: - description: - - Remote proxy ID name. Source firewall.address6.name firewall.addrgrp6.name. - type: str - dst_port: - description: - - Quick mode destination port (1 - 65535 or 0 for all). - type: int - dst_start_ip: - description: - - Remote proxy ID IPv4 start. - type: str - dst_start_ip6: - description: - - Remote proxy ID IPv6 start. - type: str - dst_subnet: - description: - - Remote proxy ID IPv4 subnet. - type: str - dst_subnet6: - description: - - Remote proxy ID IPv6 subnet. - type: str - encapsulation: - description: - - ESP encapsulation mode. - type: str - choices: - - tunnel-mode - - transport-mode - keepalive: - description: - - Enable/disable keep alive. - type: str - choices: - - enable - - disable - keylife_type: - description: - - Keylife type. - type: str - choices: - - seconds - - kbs - - both - keylifekbs: - description: - - Phase2 key life in number of bytes of traffic (5120 - 4294967295). - type: int - keylifeseconds: - description: - - Phase2 key life in time in seconds (120 - 172800). - type: int - l2tp: - description: - - Enable/disable L2TP over IPsec. - type: str - choices: - - enable - - disable - name: - description: - - IPsec tunnel name. - required: true - type: str - pfs: - description: - - Enable/disable PFS feature. - type: str - choices: - - enable - - disable - phase1name: - description: - - Phase 1 determines the options required for phase 2. Source vpn.ipsec.phase1-interface.name. - type: str - proposal: - description: - - Phase2 proposal. - type: list - choices: - - null-md5 - - null-sha1 - - null-sha256 - - null-sha384 - - null-sha512 - - des-null - - des-md5 - - des-sha1 - - des-sha256 - - des-sha384 - - des-sha512 - - 3des-null - - 3des-md5 - - 3des-sha1 - - 3des-sha256 - - 3des-sha384 - - 3des-sha512 - - aes128-null - - aes128-md5 - - aes128-sha1 - - aes128-sha256 - - aes128-sha384 - - aes128-sha512 - - aes128gcm - - aes192-null - - aes192-md5 - - aes192-sha1 - - aes192-sha256 - - aes192-sha384 - - aes192-sha512 - - aes256-null - - aes256-md5 - - aes256-sha1 - - aes256-sha256 - - aes256-sha384 - - aes256-sha512 - - aes256gcm - - chacha20poly1305 - - aria128-null - - aria128-md5 - - aria128-sha1 - - aria128-sha256 - - aria128-sha384 - - aria128-sha512 - - aria192-null - - aria192-md5 - - aria192-sha1 - - aria192-sha256 - - aria192-sha384 - - aria192-sha512 - - aria256-null - - aria256-md5 - - aria256-sha1 - - aria256-sha256 - - aria256-sha384 - - aria256-sha512 - - seed-null - - seed-md5 - - seed-sha1 - - seed-sha256 - - seed-sha384 - - seed-sha512 - protocol: - description: - - Quick mode protocol selector (1 - 255 or 0 for all). - type: int - replay: - description: - - Enable/disable replay detection. - type: str - choices: - - enable - - disable - route_overlap: - description: - - Action for overlapping routes. - type: str - choices: - - use-old - - use-new - - allow - single_source: - description: - - Enable/disable single source IP restriction. - type: str - choices: - - enable - - disable - src_addr_type: - description: - - Local proxy ID type. - type: str - choices: - - subnet - - range - - ip - - name - - subnet6 - - range6 - - ip6 - - name6 - src_end_ip: - description: - - Local proxy ID end. - type: str - src_end_ip6: - description: - - Local proxy ID IPv6 end. - type: str - src_name: - description: - - Local proxy ID name. Source firewall.address.name firewall.addrgrp.name. - type: str - src_name6: - description: - - Local proxy ID name. Source firewall.address6.name firewall.addrgrp6.name. - type: str - src_port: - description: - - Quick mode source port (1 - 65535 or 0 for all). - type: int - src_start_ip: - description: - - Local proxy ID start. - type: str - src_start_ip6: - description: - - Local proxy ID IPv6 start. - type: str - src_subnet: - description: - - Local proxy ID subnet. - type: str - src_subnet6: - description: - - Local proxy ID IPv6 subnet. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure VPN autokey tunnel. - fortios_vpn_ipsec_phase2_interface: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - vpn_ipsec_phase2_interface: - add_route: "phase1" - auto_discovery_forwarder: "phase1" - auto_discovery_sender: "phase1" - auto_negotiate: "enable" - comments: "" - dhcp_ipsec: "enable" - dhgrp: "1" - dst_addr_type: "subnet" - dst_end_ip: "" - dst_end_ip6: "" - dst_name: " (source firewall.address.name firewall.addrgrp.name)" - dst_name6: " (source firewall.address6.name firewall.addrgrp6.name)" - dst_port: "15" - dst_start_ip: "" - dst_start_ip6: "" - dst_subnet: "" - dst_subnet6: "" - encapsulation: "tunnel-mode" - keepalive: "enable" - keylife_type: "seconds" - keylifekbs: "23" - keylifeseconds: "24" - l2tp: "enable" - name: "default_name_26" - pfs: "enable" - phase1name: " (source vpn.ipsec.phase1-interface.name)" - proposal: "null-md5" - protocol: "30" - replay: "enable" - route_overlap: "use-old" - single_source: "enable" - src_addr_type: "subnet" - src_end_ip: "" - src_end_ip6: "" - src_name: " (source firewall.address.name firewall.addrgrp.name)" - src_name6: " (source firewall.address6.name firewall.addrgrp6.name)" - src_port: "39" - src_start_ip: "" - src_start_ip6: "" - src_subnet: "" - src_subnet6: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_vpn_ipsec_phase2_interface_data(json): - option_list = ['add_route', 'auto_discovery_forwarder', 'auto_discovery_sender', - 'auto_negotiate', 'comments', 'dhcp_ipsec', - 'dhgrp', 'dst_addr_type', 'dst_end_ip', - 'dst_end_ip6', 'dst_name', 'dst_name6', - 'dst_port', 'dst_start_ip', 'dst_start_ip6', - 'dst_subnet', 'dst_subnet6', 'encapsulation', - 'keepalive', 'keylife_type', 'keylifekbs', - 'keylifeseconds', 'l2tp', 'name', - 'pfs', 'phase1name', 'proposal', - 'protocol', 'replay', 'route_overlap', - 'single_source', 'src_addr_type', 'src_end_ip', - 'src_end_ip6', 'src_name', 'src_name6', - 'src_port', 'src_start_ip', 'src_start_ip6', - 'src_subnet', 'src_subnet6'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def flatten_multilists_attributes(data): - multilist_attrs = [[u'proposal']] - - for attr in multilist_attrs: - try: - path = "data['" + "']['".join(elem for elem in attr) + "']" - current_val = eval(path) - flattened_val = ' '.join(elem for elem in current_val) - exec(path + '= flattened_val') - except BaseException: - pass - - return data - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def vpn_ipsec_phase2_interface(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['vpn_ipsec_phase2_interface'] and data['vpn_ipsec_phase2_interface']: - state = data['vpn_ipsec_phase2_interface']['state'] - else: - state = True - vpn_ipsec_phase2_interface_data = data['vpn_ipsec_phase2_interface'] - vpn_ipsec_phase2_interface_data = flatten_multilists_attributes(vpn_ipsec_phase2_interface_data) - filtered_data = underscore_to_hyphen(filter_vpn_ipsec_phase2_interface_data(vpn_ipsec_phase2_interface_data)) - - if state == "present": - return fos.set('vpn.ipsec', - 'phase2-interface', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('vpn.ipsec', - 'phase2-interface', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_vpn_ipsec(data, fos): - - if data['vpn_ipsec_phase2_interface']: - resp = vpn_ipsec_phase2_interface(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "vpn_ipsec_phase2_interface": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "add_route": {"required": False, "type": "str", - "choices": ["phase1", "enable", "disable"]}, - "auto_discovery_forwarder": {"required": False, "type": "str", - "choices": ["phase1", "enable", "disable"]}, - "auto_discovery_sender": {"required": False, "type": "str", - "choices": ["phase1", "enable", "disable"]}, - "auto_negotiate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "comments": {"required": False, "type": "str"}, - "dhcp_ipsec": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dhgrp": {"required": False, "type": "str", - "choices": ["1", "2", "5", - "14", "15", "16", - "17", "18", "19", - "20", "21", "27", - "28", "29", "30", - "31"]}, - "dst_addr_type": {"required": False, "type": "str", - "choices": ["subnet", "range", "ip", - "name", "subnet6", "range6", - "ip6", "name6"]}, - "dst_end_ip": {"required": False, "type": "str"}, - "dst_end_ip6": {"required": False, "type": "str"}, - "dst_name": {"required": False, "type": "str"}, - "dst_name6": {"required": False, "type": "str"}, - "dst_port": {"required": False, "type": "int"}, - "dst_start_ip": {"required": False, "type": "str"}, - "dst_start_ip6": {"required": False, "type": "str"}, - "dst_subnet": {"required": False, "type": "str"}, - "dst_subnet6": {"required": False, "type": "str"}, - "encapsulation": {"required": False, "type": "str", - "choices": ["tunnel-mode", "transport-mode"]}, - "keepalive": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "keylife_type": {"required": False, "type": "str", - "choices": ["seconds", "kbs", "both"]}, - "keylifekbs": {"required": False, "type": "int"}, - "keylifeseconds": {"required": False, "type": "int"}, - "l2tp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "name": {"required": True, "type": "str"}, - "pfs": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "phase1name": {"required": False, "type": "str"}, - "proposal": {"required": False, "type": "list", - "choices": ["null-md5", "null-sha1", "null-sha256", - "null-sha384", "null-sha512", "des-null", - "des-md5", "des-sha1", "des-sha256", - "des-sha384", "des-sha512", "3des-null", - "3des-md5", "3des-sha1", "3des-sha256", - "3des-sha384", "3des-sha512", "aes128-null", - "aes128-md5", "aes128-sha1", "aes128-sha256", - "aes128-sha384", "aes128-sha512", "aes128gcm", - "aes192-null", "aes192-md5", "aes192-sha1", - "aes192-sha256", "aes192-sha384", "aes192-sha512", - "aes256-null", "aes256-md5", "aes256-sha1", - "aes256-sha256", "aes256-sha384", "aes256-sha512", - "aes256gcm", "chacha20poly1305", "aria128-null", - "aria128-md5", "aria128-sha1", "aria128-sha256", - "aria128-sha384", "aria128-sha512", "aria192-null", - "aria192-md5", "aria192-sha1", "aria192-sha256", - "aria192-sha384", "aria192-sha512", "aria256-null", - "aria256-md5", "aria256-sha1", "aria256-sha256", - "aria256-sha384", "aria256-sha512", "seed-null", - "seed-md5", "seed-sha1", "seed-sha256", - "seed-sha384", "seed-sha512"]}, - "protocol": {"required": False, "type": "int"}, - "replay": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "route_overlap": {"required": False, "type": "str", - "choices": ["use-old", "use-new", "allow"]}, - "single_source": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "src_addr_type": {"required": False, "type": "str", - "choices": ["subnet", "range", "ip", - "name", "subnet6", "range6", - "ip6", "name6"]}, - "src_end_ip": {"required": False, "type": "str"}, - "src_end_ip6": {"required": False, "type": "str"}, - "src_name": {"required": False, "type": "str"}, - "src_name6": {"required": False, "type": "str"}, - "src_port": {"required": False, "type": "int"}, - "src_start_ip": {"required": False, "type": "str"}, - "src_start_ip6": {"required": False, "type": "str"}, - "src_subnet": {"required": False, "type": "str"}, - "src_subnet6": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_vpn_ipsec(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_vpn_ipsec(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_l2tp.py b/lib/ansible/modules/network/fortios/fortios_vpn_l2tp.py deleted file mode 100644 index d74ce39d8a3..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_vpn_l2tp.py +++ /dev/null @@ -1,322 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_vpn_l2tp -short_description: Configure L2TP in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify vpn feature and l2tp category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - vpn_l2tp: - description: - - Configure L2TP. - default: null - type: dict - suboptions: - eip: - description: - - End IP. - type: str - enforce_ipsec: - description: - - Enable/disable IPsec enforcement. - type: str - choices: - - enable - - disable - sip: - description: - - Start IP. - type: str - status: - description: - - Enable/disable FortiGate as a L2TP gateway. - type: str - choices: - - enable - - disable - usrgrp: - description: - - User group. Source user.group.name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure L2TP. - fortios_vpn_l2tp: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - vpn_l2tp: - eip: "" - enforce_ipsec: "enable" - sip: "" - status: "enable" - usrgrp: " (source user.group.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_vpn_l2tp_data(json): - option_list = ['eip', 'enforce_ipsec', 'sip', - 'status', 'usrgrp'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def vpn_l2tp(data, fos): - vdom = data['vdom'] - vpn_l2tp_data = data['vpn_l2tp'] - filtered_data = underscore_to_hyphen(filter_vpn_l2tp_data(vpn_l2tp_data)) - - return fos.set('vpn', - 'l2tp', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_vpn(data, fos): - - if data['vpn_l2tp']: - resp = vpn_l2tp(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "vpn_l2tp": { - "required": False, "type": "dict", "default": None, - "options": { - "eip": {"required": False, "type": "str"}, - "enforce_ipsec": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sip": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "usrgrp": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_vpn(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_vpn(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_pptp.py b/lib/ansible/modules/network/fortios/fortios_vpn_pptp.py deleted file mode 100644 index 23e55b84545..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_vpn_pptp.py +++ /dev/null @@ -1,328 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_vpn_pptp -short_description: Configure PPTP in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify vpn feature and pptp category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - vpn_pptp: - description: - - Configure PPTP. - default: null - type: dict - suboptions: - eip: - description: - - End IP. - type: str - ip_mode: - description: - - IP assignment mode for PPTP client. - type: str - choices: - - range - - usrgrp - local_ip: - description: - - Local IP to be used for peer's remote IP. - type: str - sip: - description: - - Start IP. - type: str - status: - description: - - Enable/disable FortiGate as a PPTP gateway. - type: str - choices: - - enable - - disable - usrgrp: - description: - - User group. Source user.group.name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure PPTP. - fortios_vpn_pptp: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - vpn_pptp: - eip: "" - ip_mode: "range" - local_ip: "" - sip: "" - status: "enable" - usrgrp: " (source user.group.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_vpn_pptp_data(json): - option_list = ['eip', 'ip_mode', 'local_ip', - 'sip', 'status', 'usrgrp'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def vpn_pptp(data, fos): - vdom = data['vdom'] - vpn_pptp_data = data['vpn_pptp'] - filtered_data = underscore_to_hyphen(filter_vpn_pptp_data(vpn_pptp_data)) - - return fos.set('vpn', - 'pptp', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_vpn(data, fos): - - if data['vpn_pptp']: - resp = vpn_pptp(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "vpn_pptp": { - "required": False, "type": "dict", "default": None, - "options": { - "eip": {"required": False, "type": "str"}, - "ip_mode": {"required": False, "type": "str", - "choices": ["range", "usrgrp"]}, - "local_ip": {"required": False, "type": "str"}, - "sip": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "usrgrp": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_vpn(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_vpn(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_ssl_settings.py b/lib/ansible/modules/network/fortios/fortios_vpn_ssl_settings.py deleted file mode 100644 index 52d6bdf9d67..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_vpn_ssl_settings.py +++ /dev/null @@ -1,924 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_vpn_ssl_settings -short_description: Configure SSL VPN in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify vpn_ssl feature and settings category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - vpn_ssl_settings: - description: - - Configure SSL VPN. - default: null - type: dict - suboptions: - auth_timeout: - description: - - SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout). - type: int - authentication_rule: - description: - - Authentication rule for SSL VPN. - type: list - suboptions: - auth: - description: - - SSL VPN authentication method restriction. - type: str - choices: - - any - - local - - radius - - tacacs+ - - ldap - cipher: - description: - - SSL VPN cipher strength. - type: str - choices: - - any - - high - - medium - client_cert: - description: - - Enable/disable SSL VPN client certificate restrictive. - type: str - choices: - - enable - - disable - groups: - description: - - User groups. - type: list - suboptions: - name: - description: - - Group name. Source user.group.name. - required: true - type: str - id: - description: - - ID (0 - 4294967295). - required: true - type: int - portal: - description: - - SSL VPN portal. Source vpn.ssl.web.portal.name. - type: str - realm: - description: - - SSL VPN realm. Source vpn.ssl.web.realm.url-path. - type: str - source_address: - description: - - Source address of incoming traffic. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - source_address_negate: - description: - - Enable/disable negated source address match. - type: str - choices: - - enable - - disable - source_address6: - description: - - IPv6 source address of incoming traffic. - type: list - suboptions: - name: - description: - - IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name. - required: true - type: str - source_address6_negate: - description: - - Enable/disable negated source IPv6 address match. - type: str - choices: - - enable - - disable - source_interface: - description: - - SSL VPN source interface of incoming traffic. - type: list - suboptions: - name: - description: - - Interface name. Source system.interface.name system.zone.name. - required: true - type: str - users: - description: - - User name. - type: list - suboptions: - name: - description: - - User name. Source user.local.name. - required: true - type: str - auto_tunnel_static_route: - description: - - Enable to auto-create static routes for the SSL-VPN tunnel IP addresses. - type: str - choices: - - enable - - disable - banned_cipher: - description: - - Select one or more cipher technologies that cannot be used in SSL-VPN negotiations. - type: str - choices: - - RSA - - DH - - DHE - - ECDH - - ECDHE - - DSS - - ECDSA - - AES - - AESGCM - - CAMELLIA - - 3DES - - SHA1 - - SHA256 - - SHA384 - - STATIC - check_referer: - description: - - Enable/disable verification of referer field in HTTP request header. - type: str - choices: - - enable - - disable - default_portal: - description: - - Default SSL VPN portal. Source vpn.ssl.web.portal.name. - type: str - deflate_compression_level: - description: - - Compression level (0~9). - type: int - deflate_min_data_size: - description: - - Minimum amount of data that triggers compression (200 - 65535 bytes). - type: int - dns_server1: - description: - - DNS server 1. - type: str - dns_server2: - description: - - DNS server 2. - type: str - dns_suffix: - description: - - DNS suffix used for SSL-VPN clients. - type: str - dtls_hello_timeout: - description: - - SSLVPN maximum DTLS hello timeout (10 - 60 sec). - type: int - dtls_tunnel: - description: - - Enable DTLS to prevent eavesdropping, tampering, or message forgery. - type: str - choices: - - enable - - disable - force_two_factor_auth: - description: - - Enable to force two-factor authentication for all SSL-VPNs. - type: str - choices: - - enable - - disable - header_x_forwarded_for: - description: - - Forward the same, add, or remove HTTP header. - type: str - choices: - - pass - - add - - remove - http_compression: - description: - - Enable to allow HTTP compression over SSL-VPN tunnels. - type: str - choices: - - enable - - disable - http_only_cookie: - description: - - Enable/disable SSL-VPN support for HttpOnly cookies. - type: str - choices: - - enable - - disable - http_request_body_timeout: - description: - - SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec). - type: int - http_request_header_timeout: - description: - - SSL-VPN session is disconnected if an HTTP request header is not received within this time (1 - 60 sec). - type: int - https_redirect: - description: - - Enable/disable redirect of port 80 to SSL-VPN port. - type: str - choices: - - enable - - disable - idle_timeout: - description: - - SSL VPN disconnects if idle for specified time in seconds. - type: int - ipv6_dns_server1: - description: - - IPv6 DNS server 1. - type: str - ipv6_dns_server2: - description: - - IPv6 DNS server 2. - type: str - ipv6_wins_server1: - description: - - IPv6 WINS server 1. - type: str - ipv6_wins_server2: - description: - - IPv6 WINS server 2. - type: str - login_attempt_limit: - description: - - SSL VPN maximum login attempt times before block (0 - 10). - type: int - login_block_time: - description: - - Time for which a user is blocked from logging in after too many failed login attempts (0 - 86400 sec). - type: int - login_timeout: - description: - - SSLVPN maximum login timeout (10 - 180 sec). - type: int - port: - description: - - SSL-VPN access port (1 - 65535). - type: int - port_precedence: - description: - - Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface. - type: str - choices: - - enable - - disable - reqclientcert: - description: - - Enable to require client certificates for all SSL-VPN users. - type: str - choices: - - enable - - disable - route_source_interface: - description: - - Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface. - type: str - choices: - - enable - - disable - servercert: - description: - - Name of the server certificate to be used for SSL-VPNs. Source vpn.certificate.local.name. - type: str - source_address: - description: - - Source address of incoming traffic. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - source_address_negate: - description: - - Enable/disable negated source address match. - type: str - choices: - - enable - - disable - source_address6: - description: - - IPv6 source address of incoming traffic. - type: list - suboptions: - name: - description: - - IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name. - required: true - type: str - source_address6_negate: - description: - - Enable/disable negated source IPv6 address match. - type: str - choices: - - enable - - disable - source_interface: - description: - - SSL VPN source interface of incoming traffic. - type: list - suboptions: - name: - description: - - Interface name. Source system.interface.name system.zone.name. - required: true - type: str - ssl_client_renegotiation: - description: - - Enable to allow client renegotiation by the server if the tunnel goes down. - type: str - choices: - - disable - - enable - ssl_insert_empty_fragment: - description: - - Enable/disable insertion of empty fragment. - type: str - choices: - - enable - - disable - tlsv1_0: - description: - - Enable/disable TLSv1.0. - type: str - choices: - - enable - - disable - tlsv1_1: - description: - - Enable/disable TLSv1.1. - type: str - choices: - - enable - - disable - tlsv1_2: - description: - - Enable/disable TLSv1.2. - type: str - choices: - - enable - - disable - tunnel_ip_pools: - description: - - Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - tunnel_ipv6_pools: - description: - - Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address6.name firewall.addrgrp6.name. - required: true - type: str - unsafe_legacy_renegotiation: - description: - - Enable/disable unsafe legacy re-negotiation. - type: str - choices: - - enable - - disable - url_obscuration: - description: - - Enable to obscure the host name of the URL of the web browser display. - type: str - choices: - - enable - - disable - wins_server1: - description: - - WINS server 1. - type: str - wins_server2: - description: - - WINS server 2. - type: str - x_content_type_options: - description: - - Add HTTP X-Content-Type-Options header. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure SSL VPN. - fortios_vpn_ssl_settings: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - vpn_ssl_settings: - auth_timeout: "3" - authentication_rule: - - - auth: "any" - cipher: "any" - client_cert: "enable" - groups: - - - name: "default_name_9 (source user.group.name)" - id: "10" - portal: " (source vpn.ssl.web.portal.name)" - realm: " (source vpn.ssl.web.realm.url-path)" - source_address: - - - name: "default_name_14 (source firewall.address.name firewall.addrgrp.name)" - source_address_negate: "enable" - source_address6: - - - name: "default_name_17 (source firewall.address6.name firewall.addrgrp6.name)" - source_address6_negate: "enable" - source_interface: - - - name: "default_name_20 (source system.interface.name system.zone.name)" - users: - - - name: "default_name_22 (source user.local.name)" - auto_tunnel_static_route: "enable" - banned_cipher: "RSA" - check_referer: "enable" - default_portal: " (source vpn.ssl.web.portal.name)" - deflate_compression_level: "27" - deflate_min_data_size: "28" - dns_server1: "" - dns_server2: "" - dns_suffix: "" - dtls_hello_timeout: "32" - dtls_tunnel: "enable" - force_two_factor_auth: "enable" - header_x_forwarded_for: "pass" - http_compression: "enable" - http_only_cookie: "enable" - http_request_body_timeout: "38" - http_request_header_timeout: "39" - https_redirect: "enable" - idle_timeout: "41" - ipv6_dns_server1: "" - ipv6_dns_server2: "" - ipv6_wins_server1: "" - ipv6_wins_server2: "" - login_attempt_limit: "46" - login_block_time: "47" - login_timeout: "48" - port: "49" - port_precedence: "enable" - reqclientcert: "enable" - route_source_interface: "enable" - servercert: " (source vpn.certificate.local.name)" - source_address: - - - name: "default_name_55 (source firewall.address.name firewall.addrgrp.name)" - source_address_negate: "enable" - source_address6: - - - name: "default_name_58 (source firewall.address6.name firewall.addrgrp6.name)" - source_address6_negate: "enable" - source_interface: - - - name: "default_name_61 (source system.interface.name system.zone.name)" - ssl_client_renegotiation: "disable" - ssl_insert_empty_fragment: "enable" - tlsv1_0: "enable" - tlsv1_1: "enable" - tlsv1_2: "enable" - tunnel_ip_pools: - - - name: "default_name_68 (source firewall.address.name firewall.addrgrp.name)" - tunnel_ipv6_pools: - - - name: "default_name_70 (source firewall.address6.name firewall.addrgrp6.name)" - unsafe_legacy_renegotiation: "enable" - url_obscuration: "enable" - wins_server1: "" - wins_server2: "" - x_content_type_options: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_vpn_ssl_settings_data(json): - option_list = ['auth_timeout', 'authentication_rule', 'auto_tunnel_static_route', - 'banned_cipher', 'check_referer', 'default_portal', - 'deflate_compression_level', 'deflate_min_data_size', 'dns_server1', - 'dns_server2', 'dns_suffix', 'dtls_hello_timeout', - 'dtls_tunnel', 'force_two_factor_auth', 'header_x_forwarded_for', - 'http_compression', 'http_only_cookie', 'http_request_body_timeout', - 'http_request_header_timeout', 'https_redirect', 'idle_timeout', - 'ipv6_dns_server1', 'ipv6_dns_server2', 'ipv6_wins_server1', - 'ipv6_wins_server2', 'login_attempt_limit', 'login_block_time', - 'login_timeout', 'port', 'port_precedence', - 'reqclientcert', 'route_source_interface', 'servercert', - 'source_address', 'source_address_negate', 'source_address6', - 'source_address6_negate', 'source_interface', 'ssl_client_renegotiation', - 'ssl_insert_empty_fragment', 'tlsv1_0', 'tlsv1_1', - 'tlsv1_2', 'tunnel_ip_pools', 'tunnel_ipv6_pools', - 'unsafe_legacy_renegotiation', 'url_obscuration', 'wins_server1', - 'wins_server2', 'x_content_type_options'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def vpn_ssl_settings(data, fos): - vdom = data['vdom'] - vpn_ssl_settings_data = data['vpn_ssl_settings'] - filtered_data = underscore_to_hyphen(filter_vpn_ssl_settings_data(vpn_ssl_settings_data)) - - return fos.set('vpn.ssl', - 'settings', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_vpn_ssl(data, fos): - - if data['vpn_ssl_settings']: - resp = vpn_ssl_settings(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "vpn_ssl_settings": { - "required": False, "type": "dict", "default": None, - "options": { - "auth_timeout": {"required": False, "type": "int"}, - "authentication_rule": {"required": False, "type": "list", - "options": { - "auth": {"required": False, "type": "str", - "choices": ["any", "local", "radius", - "tacacs+", "ldap"]}, - "cipher": {"required": False, "type": "str", - "choices": ["any", "high", "medium"]}, - "client_cert": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "groups": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "id": {"required": True, "type": "int"}, - "portal": {"required": False, "type": "str"}, - "realm": {"required": False, "type": "str"}, - "source_address": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "source_address_negate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "source_address6": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "source_address6_negate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "source_interface": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "users": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }} - }}, - "auto_tunnel_static_route": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "banned_cipher": {"required": False, "type": "str", - "choices": ["RSA", "DH", "DHE", - "ECDH", "ECDHE", "DSS", - "ECDSA", "AES", "AESGCM", - "CAMELLIA", "3DES", "SHA1", - "SHA256", "SHA384", "STATIC"]}, - "check_referer": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "default_portal": {"required": False, "type": "str"}, - "deflate_compression_level": {"required": False, "type": "int"}, - "deflate_min_data_size": {"required": False, "type": "int"}, - "dns_server1": {"required": False, "type": "str"}, - "dns_server2": {"required": False, "type": "str"}, - "dns_suffix": {"required": False, "type": "str"}, - "dtls_hello_timeout": {"required": False, "type": "int"}, - "dtls_tunnel": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "force_two_factor_auth": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "header_x_forwarded_for": {"required": False, "type": "str", - "choices": ["pass", "add", "remove"]}, - "http_compression": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "http_only_cookie": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "http_request_body_timeout": {"required": False, "type": "int"}, - "http_request_header_timeout": {"required": False, "type": "int"}, - "https_redirect": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "idle_timeout": {"required": False, "type": "int"}, - "ipv6_dns_server1": {"required": False, "type": "str"}, - "ipv6_dns_server2": {"required": False, "type": "str"}, - "ipv6_wins_server1": {"required": False, "type": "str"}, - "ipv6_wins_server2": {"required": False, "type": "str"}, - "login_attempt_limit": {"required": False, "type": "int"}, - "login_block_time": {"required": False, "type": "int"}, - "login_timeout": {"required": False, "type": "int"}, - "port": {"required": False, "type": "int"}, - "port_precedence": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "reqclientcert": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "route_source_interface": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "servercert": {"required": False, "type": "str"}, - "source_address": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "source_address_negate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "source_address6": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "source_address6_negate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "source_interface": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "ssl_client_renegotiation": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "ssl_insert_empty_fragment": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "tlsv1_0": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "tlsv1_1": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "tlsv1_2": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "tunnel_ip_pools": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "tunnel_ipv6_pools": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "unsafe_legacy_renegotiation": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "url_obscuration": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "wins_server1": {"required": False, "type": "str"}, - "wins_server2": {"required": False, "type": "str"}, - "x_content_type_options": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_vpn_ssl(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_vpn_ssl(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_host_check_software.py b/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_host_check_software.py deleted file mode 100644 index 630ffaed5fa..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_host_check_software.py +++ /dev/null @@ -1,409 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_vpn_ssl_web_host_check_software -short_description: SSL-VPN host check software in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify vpn_ssl_web feature and host_check_software category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - vpn_ssl_web_host_check_software: - description: - - SSL-VPN host check software. - default: null - type: dict - suboptions: - check_item_list: - description: - - Check item list. - type: list - suboptions: - action: - description: - - Action. - type: str - choices: - - require - - deny - id: - description: - - ID (0 - 4294967295). - required: true - type: int - md5s: - description: - - MD5 checksum. - type: list - suboptions: - id: - description: - - Hex string of MD5 checksum. - required: true - type: str - target: - description: - - Target. - type: str - type: - description: - - Type. - type: str - choices: - - file - - registry - - process - version: - description: - - Version. - type: str - guid: - description: - - Globally unique ID. - type: str - name: - description: - - Name. - required: true - type: str - os_type: - description: - - OS type. - type: str - choices: - - windows - - macos - type: - description: - - Type. - type: str - choices: - - av - - fw - version: - description: - - Version. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: SSL-VPN host check software. - fortios_vpn_ssl_web_host_check_software: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - vpn_ssl_web_host_check_software: - check_item_list: - - - action: "require" - id: "5" - md5s: - - - id: "7" - target: "" - type: "file" - version: "" - guid: "" - name: "default_name_12" - os_type: "windows" - type: "av" - version: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_vpn_ssl_web_host_check_software_data(json): - option_list = ['check_item_list', 'guid', 'name', - 'os_type', 'type', 'version'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def vpn_ssl_web_host_check_software(data, fos): - vdom = data['vdom'] - state = data['state'] - vpn_ssl_web_host_check_software_data = data['vpn_ssl_web_host_check_software'] - filtered_data = underscore_to_hyphen(filter_vpn_ssl_web_host_check_software_data(vpn_ssl_web_host_check_software_data)) - - if state == "present": - return fos.set('vpn.ssl.web', - 'host-check-software', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('vpn.ssl.web', - 'host-check-software', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_vpn_ssl_web(data, fos): - - if data['vpn_ssl_web_host_check_software']: - resp = vpn_ssl_web_host_check_software(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "vpn_ssl_web_host_check_software": { - "required": False, "type": "dict", "default": None, - "options": { - "check_item_list": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["require", "deny"]}, - "id": {"required": True, "type": "int"}, - "md5s": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "str"} - }}, - "target": {"required": False, "type": "str"}, - "type": {"required": False, "type": "str", - "choices": ["file", "registry", "process"]}, - "version": {"required": False, "type": "str"} - }}, - "guid": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "os_type": {"required": False, "type": "str", - "choices": ["windows", "macos"]}, - "type": {"required": False, "type": "str", - "choices": ["av", "fw"]}, - "version": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_vpn_ssl_web(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_vpn_ssl_web(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_portal.py b/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_portal.py deleted file mode 100644 index 601575385bf..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_portal.py +++ /dev/null @@ -1,1255 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_vpn_ssl_web_portal -short_description: Portal in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify vpn_ssl_web feature and portal category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - vpn_ssl_web_portal: - description: - - Portal. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - allow_user_access: - description: - - Allow user access to SSL-VPN applications. - type: str - choices: - - web - - ftp - - smb - - telnet - - ssh - - vnc - - rdp - - ping - - citrix - - portforward - auto_connect: - description: - - Enable/disable automatic connect by client when system is up. - type: str - choices: - - enable - - disable - bookmark_group: - description: - - Portal bookmark group. - type: list - suboptions: - bookmarks: - description: - - Bookmark table. - type: list - suboptions: - additional_params: - description: - - Additional parameters. - type: str - apptype: - description: - - Application type. - type: str - choices: - - citrix - - ftp - - portforward - - rdp - - smb - - ssh - - telnet - - vnc - - web - description: - description: - - Description. - type: str - folder: - description: - - Network shared file folder parameter. - type: str - form_data: - description: - - Form data. - type: list - suboptions: - name: - description: - - Name. - required: true - type: str - value: - description: - - Value. - type: str - host: - description: - - Host name/IP parameter. - type: str - listening_port: - description: - - Listening port (0 - 65535). - type: int - load_balancing_info: - description: - - The load balancing information or cookie which should be provided to the connection broker. - type: str - logon_password: - description: - - Logon password. - type: str - logon_user: - description: - - Logon user. - type: str - name: - description: - - Bookmark name. - required: true - type: str - port: - description: - - Remote port. - type: int - preconnection_blob: - description: - - An arbitrary string which identifies the RDP source. - type: str - preconnection_id: - description: - - The numeric ID of the RDP source (0-2147483648). - type: int - remote_port: - description: - - Remote port (0 - 65535). - type: int - security: - description: - - Security mode for RDP connection. - type: str - choices: - - rdp - - nla - - tls - - any - server_layout: - description: - - Server side keyboard layout. - type: str - choices: - - de-de-qwertz - - en-gb-qwerty - - en-us-qwerty - - es-es-qwerty - - fr-fr-azerty - - fr-ch-qwertz - - it-it-qwerty - - ja-jp-qwerty - - pt-br-qwerty - - sv-se-qwerty - - tr-tr-qwerty - - failsafe - show_status_window: - description: - - Enable/disable showing of status window. - type: str - choices: - - enable - - disable - sso: - description: - - Single Sign-On. - type: str - choices: - - disable - - static - - auto - sso_credential: - description: - - Single sign-on credentials. - type: str - choices: - - sslvpn-login - - alternative - sso_credential_sent_once: - description: - - Single sign-on credentials are only sent once to remote server. - type: str - choices: - - enable - - disable - sso_password: - description: - - SSO password. - type: str - sso_username: - description: - - SSO user name. - type: str - url: - description: - - URL parameter. - type: str - name: - description: - - Bookmark group name. - required: true - type: str - custom_lang: - description: - - Change the web portal display language. Overrides config system global set language. You can use config system custom-language and - execute system custom-language to add custom language files. Source system.custom-language.name. - type: str - customize_forticlient_download_url: - description: - - Enable support of customized download URL for FortiClient. - type: str - choices: - - enable - - disable - display_bookmark: - description: - - Enable to display the web portal bookmark widget. - type: str - choices: - - enable - - disable - display_connection_tools: - description: - - Enable to display the web portal connection tools widget. - type: str - choices: - - enable - - disable - display_history: - description: - - Enable to display the web portal user login history widget. - type: str - choices: - - enable - - disable - display_status: - description: - - Enable to display the web portal status widget. - type: str - choices: - - enable - - disable - dns_server1: - description: - - IPv4 DNS server 1. - type: str - dns_server2: - description: - - IPv4 DNS server 2. - type: str - dns_suffix: - description: - - DNS suffix. - type: str - exclusive_routing: - description: - - Enable/disable all traffic go through tunnel only. - type: str - choices: - - enable - - disable - forticlient_download: - description: - - Enable/disable download option for FortiClient. - type: str - choices: - - enable - - disable - forticlient_download_method: - description: - - FortiClient download method. - type: str - choices: - - direct - - ssl-vpn - heading: - description: - - Web portal heading message. - type: str - hide_sso_credential: - description: - - Enable to prevent SSO credential being sent to client. - type: str - choices: - - enable - - disable - host_check: - description: - - Type of host checking performed on endpoints. - type: str - choices: - - none - - av - - fw - - av-fw - - custom - host_check_interval: - description: - - Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects. - type: int - host_check_policy: - description: - - One or more policies to require the endpoint to have specific security software. - type: list - suboptions: - name: - description: - - Host check software list name. Source vpn.ssl.web.host-check-software.name. - required: true - type: str - ip_mode: - description: - - Method by which users of this SSL-VPN tunnel obtain IP addresses. - type: str - choices: - - range - - user-group - ip_pools: - description: - - IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - ipv6_dns_server1: - description: - - IPv6 DNS server 1. - type: str - ipv6_dns_server2: - description: - - IPv6 DNS server 2. - type: str - ipv6_exclusive_routing: - description: - - Enable/disable all IPv6 traffic go through tunnel only. - type: str - choices: - - enable - - disable - ipv6_pools: - description: - - IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address6.name firewall.addrgrp6.name. - required: true - type: str - ipv6_service_restriction: - description: - - Enable/disable IPv6 tunnel service restriction. - type: str - choices: - - enable - - disable - ipv6_split_tunneling: - description: - - Enable/disable IPv6 split tunneling. - type: str - choices: - - enable - - disable - ipv6_split_tunneling_routing_address: - description: - - IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address6.name firewall.addrgrp6.name. - required: true - type: str - ipv6_tunnel_mode: - description: - - Enable/disable IPv6 SSL-VPN tunnel mode. - type: str - choices: - - enable - - disable - ipv6_wins_server1: - description: - - IPv6 WINS server 1. - type: str - ipv6_wins_server2: - description: - - IPv6 WINS server 2. - type: str - keep_alive: - description: - - Enable/disable automatic reconnect for FortiClient connections. - type: str - choices: - - enable - - disable - limit_user_logins: - description: - - Enable to limit each user to one SSL-VPN session at a time. - type: str - choices: - - enable - - disable - mac_addr_action: - description: - - Client MAC address action. - type: str - choices: - - allow - - deny - mac_addr_check: - description: - - Enable/disable MAC address host checking. - type: str - choices: - - enable - - disable - mac_addr_check_rule: - description: - - Client MAC address check rule. - type: list - suboptions: - mac_addr_list: - description: - - Client MAC address list. - type: list - suboptions: - addr: - description: - - Client MAC address. - required: true - type: str - mac_addr_mask: - description: - - Client MAC address mask. - type: int - name: - description: - - Client MAC address check rule name. - required: true - type: str - macos_forticlient_download_url: - description: - - Download URL for Mac FortiClient. - type: str - name: - description: - - Portal name. - required: true - type: str - os_check: - description: - - Enable to let the FortiGate decide action based on client OS. - type: str - choices: - - enable - - disable - os_check_list: - description: - - SSL VPN OS checks. - type: list - suboptions: - action: - description: - - OS check options. - type: str - choices: - - deny - - allow - - check-up-to-date - latest_patch_level: - description: - - Latest OS patch level. - type: str - name: - description: - - Name. - required: true - type: str - tolerance: - description: - - OS patch level tolerance. - type: int - redir_url: - description: - - Client login redirect URL. - type: str - save_password: - description: - - Enable/disable FortiClient saving the user's password. - type: str - choices: - - enable - - disable - service_restriction: - description: - - Enable/disable tunnel service restriction. - type: str - choices: - - enable - - disable - skip_check_for_unsupported_browser: - description: - - Enable to skip host check if browser does not support it. - type: str - choices: - - enable - - disable - skip_check_for_unsupported_os: - description: - - Enable to skip host check if client OS does not support it. - type: str - choices: - - enable - - disable - smb_ntlmv1_auth: - description: - - Enable support of NTLMv1 for Samba authentication. - type: str - choices: - - enable - - disable - smbv1: - description: - - Enable/disable support of SMBv1 for Samba. - type: str - choices: - - enable - - disable - split_dns: - description: - - Split DNS for SSL VPN. - type: list - suboptions: - dns_server1: - description: - - DNS server 1. - type: str - dns_server2: - description: - - DNS server 2. - type: str - domains: - description: - - Split DNS domains used for SSL-VPN clients separated by comma(,). - type: str - id: - description: - - ID. - required: true - type: int - ipv6_dns_server1: - description: - - IPv6 DNS server 1. - type: str - ipv6_dns_server2: - description: - - IPv6 DNS server 2. - type: str - split_tunneling: - description: - - Enable/disable IPv4 split tunneling. - type: str - choices: - - enable - - disable - split_tunneling_routing_address: - description: - - IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - theme: - description: - - Web portal color scheme. - type: str - choices: - - blue - - green - - red - - melongene - - mariner - tunnel_mode: - description: - - Enable/disable IPv4 SSL-VPN tunnel mode. - type: str - choices: - - enable - - disable - user_bookmark: - description: - - Enable to allow web portal users to create their own bookmarks. - type: str - choices: - - enable - - disable - user_group_bookmark: - description: - - Enable to allow web portal users to create bookmarks for all users in the same user group. - type: str - choices: - - enable - - disable - web_mode: - description: - - Enable/disable SSL VPN web mode. - type: str - choices: - - enable - - disable - windows_forticlient_download_url: - description: - - Download URL for Windows FortiClient. - type: str - wins_server1: - description: - - IPv4 WINS server 1. - type: str - wins_server2: - description: - - IPv4 WINS server 1. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Portal. - fortios_vpn_ssl_web_portal: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - vpn_ssl_web_portal: - allow_user_access: "web" - auto_connect: "enable" - bookmark_group: - - - bookmarks: - - - additional_params: "" - apptype: "citrix" - description: "" - folder: "" - form_data: - - - name: "default_name_12" - value: "" - host: "" - listening_port: "15" - load_balancing_info: "" - logon_password: "" - logon_user: "" - name: "default_name_19" - port: "20" - preconnection_blob: "" - preconnection_id: "22" - remote_port: "23" - security: "rdp" - server_layout: "de-de-qwertz" - show_status_window: "enable" - sso: "disable" - sso_credential: "sslvpn-login" - sso_credential_sent_once: "enable" - sso_password: "" - sso_username: "" - url: "myurl.com" - name: "default_name_33" - custom_lang: " (source system.custom-language.name)" - customize_forticlient_download_url: "enable" - display_bookmark: "enable" - display_connection_tools: "enable" - display_history: "enable" - display_status: "enable" - dns_server1: "" - dns_server2: "" - dns_suffix: "" - exclusive_routing: "enable" - forticlient_download: "enable" - forticlient_download_method: "direct" - heading: "" - hide_sso_credential: "enable" - host_check: "none" - host_check_interval: "49" - host_check_policy: - - - name: "default_name_51 (source vpn.ssl.web.host-check-software.name)" - ip_mode: "range" - ip_pools: - - - name: "default_name_54 (source firewall.address.name firewall.addrgrp.name)" - ipv6_dns_server1: "" - ipv6_dns_server2: "" - ipv6_exclusive_routing: "enable" - ipv6_pools: - - - name: "default_name_59 (source firewall.address6.name firewall.addrgrp6.name)" - ipv6_service_restriction: "enable" - ipv6_split_tunneling: "enable" - ipv6_split_tunneling_routing_address: - - - name: "default_name_63 (source firewall.address6.name firewall.addrgrp6.name)" - ipv6_tunnel_mode: "enable" - ipv6_wins_server1: "" - ipv6_wins_server2: "" - keep_alive: "enable" - limit_user_logins: "enable" - mac_addr_action: "allow" - mac_addr_check: "enable" - mac_addr_check_rule: - - - mac_addr_list: - - - addr: "" - mac_addr_mask: "74" - name: "default_name_75" - macos_forticlient_download_url: "" - name: "default_name_77" - os_check: "enable" - os_check_list: - - - action: "deny" - latest_patch_level: "" - name: "default_name_82" - tolerance: "83" - redir_url: "" - save_password: "enable" - service_restriction: "enable" - skip_check_for_unsupported_browser: "enable" - skip_check_for_unsupported_os: "enable" - smb_ntlmv1_auth: "enable" - smbv1: "enable" - split_dns: - - - dns_server1: "" - dns_server2: "" - domains: "" - id: "95" - ipv6_dns_server1: "" - ipv6_dns_server2: "" - split_tunneling: "enable" - split_tunneling_routing_address: - - - name: "default_name_100 (source firewall.address.name firewall.addrgrp.name)" - theme: "blue" - tunnel_mode: "enable" - user_bookmark: "enable" - user_group_bookmark: "enable" - web_mode: "enable" - windows_forticlient_download_url: "" - wins_server1: "" - wins_server2: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_vpn_ssl_web_portal_data(json): - option_list = ['allow_user_access', 'auto_connect', 'bookmark_group', - 'custom_lang', 'customize_forticlient_download_url', 'display_bookmark', - 'display_connection_tools', 'display_history', 'display_status', - 'dns_server1', 'dns_server2', 'dns_suffix', - 'exclusive_routing', 'forticlient_download', 'forticlient_download_method', - 'heading', 'hide_sso_credential', 'host_check', - 'host_check_interval', 'host_check_policy', 'ip_mode', - 'ip_pools', 'ipv6_dns_server1', 'ipv6_dns_server2', - 'ipv6_exclusive_routing', 'ipv6_pools', 'ipv6_service_restriction', - 'ipv6_split_tunneling', 'ipv6_split_tunneling_routing_address', 'ipv6_tunnel_mode', - 'ipv6_wins_server1', 'ipv6_wins_server2', 'keep_alive', - 'limit_user_logins', 'mac_addr_action', 'mac_addr_check', - 'mac_addr_check_rule', 'macos_forticlient_download_url', 'name', - 'os_check', 'os_check_list', 'redir_url', - 'save_password', 'service_restriction', 'skip_check_for_unsupported_browser', - 'skip_check_for_unsupported_os', 'smb_ntlmv1_auth', 'smbv1', - 'split_dns', 'split_tunneling', 'split_tunneling_routing_address', - 'theme', 'tunnel_mode', 'user_bookmark', - 'user_group_bookmark', 'web_mode', 'windows_forticlient_download_url', - 'wins_server1', 'wins_server2'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def vpn_ssl_web_portal(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['vpn_ssl_web_portal'] and data['vpn_ssl_web_portal']: - state = data['vpn_ssl_web_portal']['state'] - else: - state = True - vpn_ssl_web_portal_data = data['vpn_ssl_web_portal'] - filtered_data = underscore_to_hyphen(filter_vpn_ssl_web_portal_data(vpn_ssl_web_portal_data)) - - if state == "present": - return fos.set('vpn.ssl.web', - 'portal', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('vpn.ssl.web', - 'portal', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_vpn_ssl_web(data, fos): - - if data['vpn_ssl_web_portal']: - resp = vpn_ssl_web_portal(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "vpn_ssl_web_portal": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "allow_user_access": {"required": False, "type": "str", - "choices": ["web", "ftp", "smb", - "telnet", "ssh", "vnc", - "rdp", "ping", "citrix", - "portforward"]}, - "auto_connect": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "bookmark_group": {"required": False, "type": "list", - "options": { - "bookmarks": {"required": False, "type": "list", - "options": { - "additional_params": {"required": False, "type": "str"}, - "apptype": {"required": False, "type": "str", - "choices": ["citrix", "ftp", "portforward", - "rdp", "smb", "ssh", - "telnet", "vnc", "web"]}, - "description": {"required": False, "type": "str"}, - "folder": {"required": False, "type": "str"}, - "form_data": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"}, - "value": {"required": False, "type": "str"} - }}, - "host": {"required": False, "type": "str"}, - "listening_port": {"required": False, "type": "int"}, - "load_balancing_info": {"required": False, "type": "str"}, - "logon_password": {"required": False, "type": "str"}, - "logon_user": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "port": {"required": False, "type": "int"}, - "preconnection_blob": {"required": False, "type": "str"}, - "preconnection_id": {"required": False, "type": "int"}, - "remote_port": {"required": False, "type": "int"}, - "security": {"required": False, "type": "str", - "choices": ["rdp", "nla", "tls", - "any"]}, - "server_layout": {"required": False, "type": "str", - "choices": ["de-de-qwertz", "en-gb-qwerty", "en-us-qwerty", - "es-es-qwerty", "fr-fr-azerty", "fr-ch-qwertz", - "it-it-qwerty", "ja-jp-qwerty", "pt-br-qwerty", - "sv-se-qwerty", "tr-tr-qwerty", "failsafe"]}, - "show_status_window": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sso": {"required": False, "type": "str", - "choices": ["disable", "static", "auto"]}, - "sso_credential": {"required": False, "type": "str", - "choices": ["sslvpn-login", "alternative"]}, - "sso_credential_sent_once": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sso_password": {"required": False, "type": "str"}, - "sso_username": {"required": False, "type": "str"}, - "url": {"required": False, "type": "str"} - }}, - "name": {"required": True, "type": "str"} - }}, - "custom_lang": {"required": False, "type": "str"}, - "customize_forticlient_download_url": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "display_bookmark": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "display_connection_tools": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "display_history": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "display_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dns_server1": {"required": False, "type": "str"}, - "dns_server2": {"required": False, "type": "str"}, - "dns_suffix": {"required": False, "type": "str"}, - "exclusive_routing": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "forticlient_download": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "forticlient_download_method": {"required": False, "type": "str", - "choices": ["direct", "ssl-vpn"]}, - "heading": {"required": False, "type": "str"}, - "hide_sso_credential": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "host_check": {"required": False, "type": "str", - "choices": ["none", "av", "fw", - "av-fw", "custom"]}, - "host_check_interval": {"required": False, "type": "int"}, - "host_check_policy": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "ip_mode": {"required": False, "type": "str", - "choices": ["range", "user-group"]}, - "ip_pools": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "ipv6_dns_server1": {"required": False, "type": "str"}, - "ipv6_dns_server2": {"required": False, "type": "str"}, - "ipv6_exclusive_routing": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ipv6_pools": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "ipv6_service_restriction": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ipv6_split_tunneling": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ipv6_split_tunneling_routing_address": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "ipv6_tunnel_mode": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ipv6_wins_server1": {"required": False, "type": "str"}, - "ipv6_wins_server2": {"required": False, "type": "str"}, - "keep_alive": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "limit_user_logins": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "mac_addr_action": {"required": False, "type": "str", - "choices": ["allow", "deny"]}, - "mac_addr_check": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "mac_addr_check_rule": {"required": False, "type": "list", - "options": { - "mac_addr_list": {"required": False, "type": "list", - "options": { - "addr": {"required": True, "type": "str"} - }}, - "mac_addr_mask": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"} - }}, - "macos_forticlient_download_url": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "os_check": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "os_check_list": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["deny", "allow", "check-up-to-date"]}, - "latest_patch_level": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "tolerance": {"required": False, "type": "int"} - }}, - "redir_url": {"required": False, "type": "str"}, - "save_password": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "service_restriction": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "skip_check_for_unsupported_browser": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "skip_check_for_unsupported_os": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "smb_ntlmv1_auth": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "smbv1": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "split_dns": {"required": False, "type": "list", - "options": { - "dns_server1": {"required": False, "type": "str"}, - "dns_server2": {"required": False, "type": "str"}, - "domains": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "ipv6_dns_server1": {"required": False, "type": "str"}, - "ipv6_dns_server2": {"required": False, "type": "str"} - }}, - "split_tunneling": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "split_tunneling_routing_address": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "theme": {"required": False, "type": "str", - "choices": ["blue", "green", "red", - "melongene", "mariner"]}, - "tunnel_mode": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "user_bookmark": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "user_group_bookmark": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "web_mode": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "windows_forticlient_download_url": {"required": False, "type": "str"}, - "wins_server1": {"required": False, "type": "str"}, - "wins_server2": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_vpn_ssl_web(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_vpn_ssl_web(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_realm.py b/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_realm.py deleted file mode 100644 index cbfdb6da531..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_realm.py +++ /dev/null @@ -1,327 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_vpn_ssl_web_realm -short_description: Realm in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify vpn_ssl_web feature and realm category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - vpn_ssl_web_realm: - description: - - Realm. - default: null - type: dict - suboptions: - login_page: - description: - - Replacement HTML for SSL-VPN login page. - type: str - max_concurrent_user: - description: - - Maximum concurrent users (0 - 65535, 0 means unlimited). - type: int - url_path: - description: - - URL path to access SSL-VPN login page. - type: str - virtual_host: - description: - - Virtual host name for realm. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Realm. - fortios_vpn_ssl_web_realm: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - vpn_ssl_web_realm: - login_page: "" - max_concurrent_user: "4" - url_path: "" - virtual_host: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_vpn_ssl_web_realm_data(json): - option_list = ['login_page', 'max_concurrent_user', 'url_path', - 'virtual_host'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def vpn_ssl_web_realm(data, fos): - vdom = data['vdom'] - state = data['state'] - vpn_ssl_web_realm_data = data['vpn_ssl_web_realm'] - filtered_data = underscore_to_hyphen(filter_vpn_ssl_web_realm_data(vpn_ssl_web_realm_data)) - - if state == "present": - return fos.set('vpn.ssl.web', - 'realm', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('vpn.ssl.web', - 'realm', - mkey=filtered_data['url-path'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_vpn_ssl_web(data, fos): - - if data['vpn_ssl_web_realm']: - resp = vpn_ssl_web_realm(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "vpn_ssl_web_realm": { - "required": False, "type": "dict", "default": None, - "options": { - "login_page": {"required": False, "type": "str"}, - "max_concurrent_user": {"required": False, "type": "int"}, - "url_path": {"required": False, "type": "str"}, - "virtual_host": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_vpn_ssl_web(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_vpn_ssl_web(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_user_bookmark.py b/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_user_bookmark.py deleted file mode 100644 index 2c43dd07a48..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_user_bookmark.py +++ /dev/null @@ -1,541 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_vpn_ssl_web_user_bookmark -short_description: Configure SSL VPN user bookmark in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify vpn_ssl_web feature and user_bookmark category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - vpn_ssl_web_user_bookmark: - description: - - Configure SSL VPN user bookmark. - default: null - type: dict - suboptions: - bookmarks: - description: - - Bookmark table. - type: list - suboptions: - additional_params: - description: - - Additional parameters. - type: str - apptype: - description: - - Application type. - type: str - choices: - - citrix - - ftp - - portforward - - rdp - - smb - - ssh - - telnet - - vnc - - web - description: - description: - - Description. - type: str - folder: - description: - - Network shared file folder parameter. - type: str - form_data: - description: - - Form data. - type: list - suboptions: - name: - description: - - Name. - required: true - type: str - value: - description: - - Value. - type: str - host: - description: - - Host name/IP parameter. - type: str - listening_port: - description: - - Listening port (0 - 65535). - type: int - load_balancing_info: - description: - - The load balancing information or cookie which should be provided to the connection broker. - type: str - logon_password: - description: - - Logon password. - type: str - logon_user: - description: - - Logon user. - type: str - name: - description: - - Bookmark name. - required: true - type: str - port: - description: - - Remote port. - type: int - preconnection_blob: - description: - - An arbitrary string which identifies the RDP source. - type: str - preconnection_id: - description: - - The numeric ID of the RDP source (0-2147483648). - type: int - remote_port: - description: - - Remote port (0 - 65535). - type: int - security: - description: - - Security mode for RDP connection. - type: str - choices: - - rdp - - nla - - tls - - any - server_layout: - description: - - Server side keyboard layout. - type: str - choices: - - de-de-qwertz - - en-gb-qwerty - - en-us-qwerty - - es-es-qwerty - - fr-fr-azerty - - fr-ch-qwertz - - it-it-qwerty - - ja-jp-qwerty - - pt-br-qwerty - - sv-se-qwerty - - tr-tr-qwerty - - failsafe - show_status_window: - description: - - Enable/disable showing of status window. - type: str - choices: - - enable - - disable - sso: - description: - - Single Sign-On. - type: str - choices: - - disable - - static - - auto - sso_credential: - description: - - Single sign-on credentials. - type: str - choices: - - sslvpn-login - - alternative - sso_credential_sent_once: - description: - - Single sign-on credentials are only sent once to remote server. - type: str - choices: - - enable - - disable - sso_password: - description: - - SSO password. - type: str - sso_username: - description: - - SSO user name. - type: str - url: - description: - - URL parameter. - type: str - custom_lang: - description: - - Personal language. Source system.custom-language.name. - type: str - name: - description: - - User and group name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure SSL VPN user bookmark. - fortios_vpn_ssl_web_user_bookmark: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - vpn_ssl_web_user_bookmark: - bookmarks: - - - additional_params: "" - apptype: "citrix" - description: "" - folder: "" - form_data: - - - name: "default_name_9" - value: "" - host: "" - listening_port: "12" - load_balancing_info: "" - logon_password: "" - logon_user: "" - name: "default_name_16" - port: "17" - preconnection_blob: "" - preconnection_id: "19" - remote_port: "20" - security: "rdp" - server_layout: "de-de-qwertz" - show_status_window: "enable" - sso: "disable" - sso_credential: "sslvpn-login" - sso_credential_sent_once: "enable" - sso_password: "" - sso_username: "" - url: "myurl.com" - custom_lang: " (source system.custom-language.name)" - name: "default_name_31" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_vpn_ssl_web_user_bookmark_data(json): - option_list = ['bookmarks', 'custom_lang', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def vpn_ssl_web_user_bookmark(data, fos): - vdom = data['vdom'] - state = data['state'] - vpn_ssl_web_user_bookmark_data = data['vpn_ssl_web_user_bookmark'] - filtered_data = underscore_to_hyphen(filter_vpn_ssl_web_user_bookmark_data(vpn_ssl_web_user_bookmark_data)) - - if state == "present": - return fos.set('vpn.ssl.web', - 'user-bookmark', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('vpn.ssl.web', - 'user-bookmark', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_vpn_ssl_web(data, fos): - - if data['vpn_ssl_web_user_bookmark']: - resp = vpn_ssl_web_user_bookmark(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "vpn_ssl_web_user_bookmark": { - "required": False, "type": "dict", "default": None, - "options": { - "bookmarks": {"required": False, "type": "list", - "options": { - "additional_params": {"required": False, "type": "str"}, - "apptype": {"required": False, "type": "str", - "choices": ["citrix", "ftp", "portforward", - "rdp", "smb", "ssh", - "telnet", "vnc", "web"]}, - "description": {"required": False, "type": "str"}, - "folder": {"required": False, "type": "str"}, - "form_data": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"}, - "value": {"required": False, "type": "str"} - }}, - "host": {"required": False, "type": "str"}, - "listening_port": {"required": False, "type": "int"}, - "load_balancing_info": {"required": False, "type": "str"}, - "logon_password": {"required": False, "type": "str"}, - "logon_user": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "port": {"required": False, "type": "int"}, - "preconnection_blob": {"required": False, "type": "str"}, - "preconnection_id": {"required": False, "type": "int"}, - "remote_port": {"required": False, "type": "int"}, - "security": {"required": False, "type": "str", - "choices": ["rdp", "nla", "tls", - "any"]}, - "server_layout": {"required": False, "type": "str", - "choices": ["de-de-qwertz", "en-gb-qwerty", "en-us-qwerty", - "es-es-qwerty", "fr-fr-azerty", "fr-ch-qwertz", - "it-it-qwerty", "ja-jp-qwerty", "pt-br-qwerty", - "sv-se-qwerty", "tr-tr-qwerty", "failsafe"]}, - "show_status_window": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sso": {"required": False, "type": "str", - "choices": ["disable", "static", "auto"]}, - "sso_credential": {"required": False, "type": "str", - "choices": ["sslvpn-login", "alternative"]}, - "sso_credential_sent_once": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sso_password": {"required": False, "type": "str"}, - "sso_username": {"required": False, "type": "str"}, - "url": {"required": False, "type": "str"} - }}, - "custom_lang": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_vpn_ssl_web(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_vpn_ssl_web(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_user_group_bookmark.py b/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_user_group_bookmark.py deleted file mode 100644 index b0906819a6e..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_user_group_bookmark.py +++ /dev/null @@ -1,535 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_vpn_ssl_web_user_group_bookmark -short_description: Configure SSL VPN user group bookmark in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify vpn_ssl_web feature and user_group_bookmark category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - vpn_ssl_web_user_group_bookmark: - description: - - Configure SSL VPN user group bookmark. - default: null - type: dict - suboptions: - bookmarks: - description: - - Bookmark table. - type: list - suboptions: - additional_params: - description: - - Additional parameters. - type: str - apptype: - description: - - Application type. - type: str - choices: - - citrix - - ftp - - portforward - - rdp - - smb - - ssh - - telnet - - vnc - - web - description: - description: - - Description. - type: str - folder: - description: - - Network shared file folder parameter. - type: str - form_data: - description: - - Form data. - type: list - suboptions: - name: - description: - - Name. - required: true - type: str - value: - description: - - Value. - type: str - host: - description: - - Host name/IP parameter. - type: str - listening_port: - description: - - Listening port (0 - 65535). - type: int - load_balancing_info: - description: - - The load balancing information or cookie which should be provided to the connection broker. - type: str - logon_password: - description: - - Logon password. - type: str - logon_user: - description: - - Logon user. - type: str - name: - description: - - Bookmark name. - required: true - type: str - port: - description: - - Remote port. - type: int - preconnection_blob: - description: - - An arbitrary string which identifies the RDP source. - type: str - preconnection_id: - description: - - The numeric ID of the RDP source (0-2147483648). - type: int - remote_port: - description: - - Remote port (0 - 65535). - type: int - security: - description: - - Security mode for RDP connection. - type: str - choices: - - rdp - - nla - - tls - - any - server_layout: - description: - - Server side keyboard layout. - type: str - choices: - - de-de-qwertz - - en-gb-qwerty - - en-us-qwerty - - es-es-qwerty - - fr-fr-azerty - - fr-ch-qwertz - - it-it-qwerty - - ja-jp-qwerty - - pt-br-qwerty - - sv-se-qwerty - - tr-tr-qwerty - - failsafe - show_status_window: - description: - - Enable/disable showing of status window. - type: str - choices: - - enable - - disable - sso: - description: - - Single Sign-On. - type: str - choices: - - disable - - static - - auto - sso_credential: - description: - - Single sign-on credentials. - type: str - choices: - - sslvpn-login - - alternative - sso_credential_sent_once: - description: - - Single sign-on credentials are only sent once to remote server. - type: str - choices: - - enable - - disable - sso_password: - description: - - SSO password. - type: str - sso_username: - description: - - SSO user name. - type: str - url: - description: - - URL parameter. - type: str - name: - description: - - Group name. Source user.group.name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure SSL VPN user group bookmark. - fortios_vpn_ssl_web_user_group_bookmark: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - vpn_ssl_web_user_group_bookmark: - bookmarks: - - - additional_params: "" - apptype: "citrix" - description: "" - folder: "" - form_data: - - - name: "default_name_9" - value: "" - host: "" - listening_port: "12" - load_balancing_info: "" - logon_password: "" - logon_user: "" - name: "default_name_16" - port: "17" - preconnection_blob: "" - preconnection_id: "19" - remote_port: "20" - security: "rdp" - server_layout: "de-de-qwertz" - show_status_window: "enable" - sso: "disable" - sso_credential: "sslvpn-login" - sso_credential_sent_once: "enable" - sso_password: "" - sso_username: "" - url: "myurl.com" - name: "default_name_30 (source user.group.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_vpn_ssl_web_user_group_bookmark_data(json): - option_list = ['bookmarks', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def vpn_ssl_web_user_group_bookmark(data, fos): - vdom = data['vdom'] - state = data['state'] - vpn_ssl_web_user_group_bookmark_data = data['vpn_ssl_web_user_group_bookmark'] - filtered_data = underscore_to_hyphen(filter_vpn_ssl_web_user_group_bookmark_data(vpn_ssl_web_user_group_bookmark_data)) - - if state == "present": - return fos.set('vpn.ssl.web', - 'user-group-bookmark', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('vpn.ssl.web', - 'user-group-bookmark', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_vpn_ssl_web(data, fos): - - if data['vpn_ssl_web_user_group_bookmark']: - resp = vpn_ssl_web_user_group_bookmark(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "vpn_ssl_web_user_group_bookmark": { - "required": False, "type": "dict", "default": None, - "options": { - "bookmarks": {"required": False, "type": "list", - "options": { - "additional_params": {"required": False, "type": "str"}, - "apptype": {"required": False, "type": "str", - "choices": ["citrix", "ftp", "portforward", - "rdp", "smb", "ssh", - "telnet", "vnc", "web"]}, - "description": {"required": False, "type": "str"}, - "folder": {"required": False, "type": "str"}, - "form_data": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"}, - "value": {"required": False, "type": "str"} - }}, - "host": {"required": False, "type": "str"}, - "listening_port": {"required": False, "type": "int"}, - "load_balancing_info": {"required": False, "type": "str"}, - "logon_password": {"required": False, "type": "str"}, - "logon_user": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "port": {"required": False, "type": "int"}, - "preconnection_blob": {"required": False, "type": "str"}, - "preconnection_id": {"required": False, "type": "int"}, - "remote_port": {"required": False, "type": "int"}, - "security": {"required": False, "type": "str", - "choices": ["rdp", "nla", "tls", - "any"]}, - "server_layout": {"required": False, "type": "str", - "choices": ["de-de-qwertz", "en-gb-qwerty", "en-us-qwerty", - "es-es-qwerty", "fr-fr-azerty", "fr-ch-qwertz", - "it-it-qwerty", "ja-jp-qwerty", "pt-br-qwerty", - "sv-se-qwerty", "tr-tr-qwerty", "failsafe"]}, - "show_status_window": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sso": {"required": False, "type": "str", - "choices": ["disable", "static", "auto"]}, - "sso_credential": {"required": False, "type": "str", - "choices": ["sslvpn-login", "alternative"]}, - "sso_credential_sent_once": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sso_password": {"required": False, "type": "str"}, - "sso_username": {"required": False, "type": "str"}, - "url": {"required": False, "type": "str"} - }}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_vpn_ssl_web(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_vpn_ssl_web(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_waf_main_class.py b/lib/ansible/modules/network/fortios/fortios_waf_main_class.py deleted file mode 100644 index 555e3876d20..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_waf_main_class.py +++ /dev/null @@ -1,315 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_waf_main_class -short_description: Hidden table for datasource in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify waf feature and main_class category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - waf_main_class: - description: - - Hidden table for datasource. - default: null - type: dict - suboptions: - id: - description: - - Main signature class ID. - required: true - type: int - name: - description: - - Main signature class name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Hidden table for datasource. - fortios_waf_main_class: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - waf_main_class: - id: "3" - name: "default_name_4" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_waf_main_class_data(json): - option_list = ['id', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def waf_main_class(data, fos): - vdom = data['vdom'] - state = data['state'] - waf_main_class_data = data['waf_main_class'] - filtered_data = underscore_to_hyphen(filter_waf_main_class_data(waf_main_class_data)) - - if state == "present": - return fos.set('waf', - 'main-class', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('waf', - 'main-class', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_waf(data, fos): - - if data['waf_main_class']: - resp = waf_main_class(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "waf_main_class": { - "required": False, "type": "dict", "default": None, - "options": { - "id": {"required": True, "type": "int"}, - "name": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_waf(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_waf(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_waf_profile.py b/lib/ansible/modules/network/fortios/fortios_waf_profile.py deleted file mode 100644 index a8ac8337b8c..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_waf_profile.py +++ /dev/null @@ -1,1754 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_waf_profile -short_description: Web application firewall configuration in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify waf feature and profile category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - waf_profile: - description: - - Web application firewall configuration. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - address_list: - description: - - Black address list and white address list. - type: dict - suboptions: - blocked_address: - description: - - Blocked address. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - blocked_log: - description: - - Enable/disable logging on blocked addresses. - type: str - choices: - - enable - - disable - severity: - description: - - Severity. - type: str - choices: - - high - - medium - - low - status: - description: - - Status. - type: str - choices: - - enable - - disable - trusted_address: - description: - - Trusted address. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - comment: - description: - - Comment. - type: str - constraint: - description: - - WAF HTTP protocol restrictions. - type: dict - suboptions: - content_length: - description: - - HTTP content length in request. - type: dict - suboptions: - action: - description: - - Action. - type: str - choices: - - allow - - block - length: - description: - - Length of HTTP content in bytes (0 to 2147483647). - type: int - log: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - severity: - description: - - Severity. - type: str - choices: - - high - - medium - - low - status: - description: - - Enable/disable the constraint. - type: str - choices: - - enable - - disable - exception: - description: - - HTTP constraint exception. - type: list - suboptions: - address: - description: - - Host address. Source firewall.address.name firewall.addrgrp.name. - type: str - content_length: - description: - - HTTP content length in request. - type: str - choices: - - enable - - disable - header_length: - description: - - HTTP header length in request. - type: str - choices: - - enable - - disable - hostname: - description: - - Enable/disable hostname check. - type: str - choices: - - enable - - disable - id: - description: - - Exception ID. - required: true - type: int - line_length: - description: - - HTTP line length in request. - type: str - choices: - - enable - - disable - malformed: - description: - - Enable/disable malformed HTTP request check. - type: str - choices: - - enable - - disable - max_cookie: - description: - - Maximum number of cookies in HTTP request. - type: str - choices: - - enable - - disable - max_header_line: - description: - - Maximum number of HTTP header line. - type: str - choices: - - enable - - disable - max_range_segment: - description: - - Maximum number of range segments in HTTP range line. - type: str - choices: - - enable - - disable - max_url_param: - description: - - Maximum number of parameters in URL. - type: str - choices: - - enable - - disable - method: - description: - - Enable/disable HTTP method check. - type: str - choices: - - enable - - disable - param_length: - description: - - Maximum length of parameter in URL, HTTP POST request or HTTP body. - type: str - choices: - - enable - - disable - pattern: - description: - - URL pattern. - type: str - regex: - description: - - Enable/disable regular expression based pattern match. - type: str - choices: - - enable - - disable - url_param_length: - description: - - Maximum length of parameter in URL. - type: str - choices: - - enable - - disable - version: - description: - - Enable/disable HTTP version check. - type: str - choices: - - enable - - disable - header_length: - description: - - HTTP header length in request. - type: dict - suboptions: - action: - description: - - Action. - type: str - choices: - - allow - - block - length: - description: - - Length of HTTP header in bytes (0 to 2147483647). - type: int - log: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - severity: - description: - - Severity. - type: str - choices: - - high - - medium - - low - status: - description: - - Enable/disable the constraint. - type: str - choices: - - enable - - disable - hostname: - description: - - Enable/disable hostname check. - type: dict - suboptions: - action: - description: - - Action. - type: str - choices: - - allow - - block - log: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - severity: - description: - - Severity. - type: str - choices: - - high - - medium - - low - status: - description: - - Enable/disable the constraint. - type: str - choices: - - enable - - disable - line_length: - description: - - HTTP line length in request. - type: dict - suboptions: - action: - description: - - Action. - type: str - choices: - - allow - - block - length: - description: - - Length of HTTP line in bytes (0 to 2147483647). - type: int - log: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - severity: - description: - - Severity. - type: str - choices: - - high - - medium - - low - status: - description: - - Enable/disable the constraint. - type: str - choices: - - enable - - disable - malformed: - description: - - Enable/disable malformed HTTP request check. - type: dict - suboptions: - action: - description: - - Action. - type: str - choices: - - allow - - block - log: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - severity: - description: - - Severity. - type: str - choices: - - high - - medium - - low - status: - description: - - Enable/disable the constraint. - type: str - choices: - - enable - - disable - max_cookie: - description: - - Maximum number of cookies in HTTP request. - type: dict - suboptions: - action: - description: - - Action. - type: str - choices: - - allow - - block - log: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - max_cookie: - description: - - Maximum number of cookies in HTTP request (0 to 2147483647). - type: int - severity: - description: - - Severity. - type: str - choices: - - high - - medium - - low - status: - description: - - Enable/disable the constraint. - type: str - choices: - - enable - - disable - max_header_line: - description: - - Maximum number of HTTP header line. - type: dict - suboptions: - action: - description: - - Action. - type: str - choices: - - allow - - block - log: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - max_header_line: - description: - - Maximum number HTTP header lines (0 to 2147483647). - type: int - severity: - description: - - Severity. - type: str - choices: - - high - - medium - - low - status: - description: - - Enable/disable the constraint. - type: str - choices: - - enable - - disable - max_range_segment: - description: - - Maximum number of range segments in HTTP range line. - type: dict - suboptions: - action: - description: - - Action. - type: str - choices: - - allow - - block - log: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - max_range_segment: - description: - - Maximum number of range segments in HTTP range line (0 to 2147483647). - type: int - severity: - description: - - Severity. - type: str - choices: - - high - - medium - - low - status: - description: - - Enable/disable the constraint. - type: str - choices: - - enable - - disable - max_url_param: - description: - - Maximum number of parameters in URL. - type: dict - suboptions: - action: - description: - - Action. - type: str - choices: - - allow - - block - log: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - max_url_param: - description: - - Maximum number of parameters in URL (0 to 2147483647). - type: int - severity: - description: - - Severity. - type: str - choices: - - high - - medium - - low - status: - description: - - Enable/disable the constraint. - type: str - choices: - - enable - - disable - method: - description: - - Enable/disable HTTP method check. - type: dict - suboptions: - action: - description: - - Action. - type: str - choices: - - allow - - block - log: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - severity: - description: - - Severity. - type: str - choices: - - high - - medium - - low - status: - description: - - Enable/disable the constraint. - type: str - choices: - - enable - - disable - param_length: - description: - - Maximum length of parameter in URL, HTTP POST request or HTTP body. - type: dict - suboptions: - action: - description: - - Action. - type: str - choices: - - allow - - block - length: - description: - - Maximum length of parameter in URL, HTTP POST request or HTTP body in bytes (0 to 2147483647). - type: int - log: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - severity: - description: - - Severity. - type: str - choices: - - high - - medium - - low - status: - description: - - Enable/disable the constraint. - type: str - choices: - - enable - - disable - url_param_length: - description: - - Maximum length of parameter in URL. - type: dict - suboptions: - action: - description: - - Action. - type: str - choices: - - allow - - block - length: - description: - - Maximum length of URL parameter in bytes (0 to 2147483647). - type: int - log: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - severity: - description: - - Severity. - type: str - choices: - - high - - medium - - low - status: - description: - - Enable/disable the constraint. - type: str - choices: - - enable - - disable - version: - description: - - Enable/disable HTTP version check. - type: dict - suboptions: - action: - description: - - Action. - type: str - choices: - - allow - - block - log: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - severity: - description: - - Severity. - type: str - choices: - - high - - medium - - low - status: - description: - - Enable/disable the constraint. - type: str - choices: - - enable - - disable - extended_log: - description: - - Enable/disable extended logging. - type: str - choices: - - enable - - disable - external: - description: - - Disable/Enable external HTTP Inspection. - type: str - choices: - - disable - - enable - method: - description: - - Method restriction. - type: dict - suboptions: - default_allowed_methods: - description: - - Methods. - type: str - choices: - - get - - post - - put - - head - - connect - - trace - - options - - delete - - others - log: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - method_policy: - description: - - HTTP method policy. - type: list - suboptions: - address: - description: - - Host address. Source firewall.address.name firewall.addrgrp.name. - type: str - allowed_methods: - description: - - Allowed Methods. - type: str - choices: - - get - - post - - put - - head - - connect - - trace - - options - - delete - - others - id: - description: - - HTTP method policy ID. - required: true - type: int - pattern: - description: - - URL pattern. - type: str - regex: - description: - - Enable/disable regular expression based pattern match. - type: str - choices: - - enable - - disable - severity: - description: - - Severity. - type: str - choices: - - high - - medium - - low - status: - description: - - Status. - type: str - choices: - - enable - - disable - name: - description: - - WAF Profile name. - required: true - type: str - signature: - description: - - WAF signatures. - type: dict - suboptions: - credit_card_detection_threshold: - description: - - The minimum number of Credit cards to detect violation. - type: int - custom_signature: - description: - - Custom signature. - type: list - suboptions: - action: - description: - - Action. - type: str - choices: - - allow - - block - - erase - case_sensitivity: - description: - - Case sensitivity in pattern. - type: str - choices: - - disable - - enable - direction: - description: - - Traffic direction. - type: str - choices: - - request - - response - log: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - name: - description: - - Signature name. - required: true - type: str - pattern: - description: - - Match pattern. - type: str - severity: - description: - - Severity. - type: str - choices: - - high - - medium - - low - status: - description: - - Status. - type: str - choices: - - enable - - disable - target: - description: - - Match HTTP target. - type: str - choices: - - arg - - arg-name - - req-body - - req-cookie - - req-cookie-name - - req-filename - - req-header - - req-header-name - - req-raw-uri - - req-uri - - resp-body - - resp-hdr - - resp-status - disabled_signature: - description: - - Disabled signatures - type: list - suboptions: - id: - description: - - Signature ID. Source waf.signature.id. - required: true - type: int - disabled_sub_class: - description: - - Disabled signature subclasses. - type: list - suboptions: - id: - description: - - Signature subclass ID. Source waf.sub-class.id. - required: true - type: int - main_class: - description: - - Main signature class. - type: list - suboptions: - action: - description: - - Action. - type: str - choices: - - allow - - block - - erase - id: - description: - - Main signature class ID. Source waf.main-class.id. - required: true - type: int - log: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - severity: - description: - - Severity. - type: str - choices: - - high - - medium - - low - status: - description: - - Status. - type: str - choices: - - enable - - disable - url_access: - description: - - URL access list - type: list - suboptions: - access_pattern: - description: - - URL access pattern. - type: list - suboptions: - id: - description: - - URL access pattern ID. - required: true - type: int - negate: - description: - - Enable/disable match negation. - type: str - choices: - - enable - - disable - pattern: - description: - - URL pattern. - type: str - regex: - description: - - Enable/disable regular expression based pattern match. - type: str - choices: - - enable - - disable - srcaddr: - description: - - Source address. Source firewall.address.name firewall.addrgrp.name. - type: str - action: - description: - - Action. - type: str - choices: - - bypass - - permit - - block - address: - description: - - Host address. Source firewall.address.name firewall.addrgrp.name. - type: str - id: - description: - - URL access ID. - required: true - type: int - log: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - severity: - description: - - Severity. - type: str - choices: - - high - - medium - - low -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Web application firewall configuration. - fortios_waf_profile: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - waf_profile: - address_list: - blocked_address: - - - name: "default_name_5 (source firewall.address.name firewall.addrgrp.name)" - blocked_log: "enable" - severity: "high" - status: "enable" - trusted_address: - - - name: "default_name_10 (source firewall.address.name firewall.addrgrp.name)" - comment: "Comment." - constraint: - content_length: - action: "allow" - length: "15" - log: "enable" - severity: "high" - status: "enable" - exception: - - - address: " (source firewall.address.name firewall.addrgrp.name)" - content_length: "enable" - header_length: "enable" - hostname: "enable" - id: "24" - line_length: "enable" - malformed: "enable" - max_cookie: "enable" - max_header_line: "enable" - max_range_segment: "enable" - max_url_param: "enable" - method: "enable" - param_length: "enable" - pattern: "" - regex: "enable" - url_param_length: "enable" - version: "enable" - header_length: - action: "allow" - length: "39" - log: "enable" - severity: "high" - status: "enable" - hostname: - action: "allow" - log: "enable" - severity: "high" - status: "enable" - line_length: - action: "allow" - length: "50" - log: "enable" - severity: "high" - status: "enable" - malformed: - action: "allow" - log: "enable" - severity: "high" - status: "enable" - max_cookie: - action: "allow" - log: "enable" - max_cookie: "62" - severity: "high" - status: "enable" - max_header_line: - action: "allow" - log: "enable" - max_header_line: "68" - severity: "high" - status: "enable" - max_range_segment: - action: "allow" - log: "enable" - max_range_segment: "74" - severity: "high" - status: "enable" - max_url_param: - action: "allow" - log: "enable" - max_url_param: "80" - severity: "high" - status: "enable" - method: - action: "allow" - log: "enable" - severity: "high" - status: "enable" - param_length: - action: "allow" - length: "90" - log: "enable" - severity: "high" - status: "enable" - url_param_length: - action: "allow" - length: "96" - log: "enable" - severity: "high" - status: "enable" - version: - action: "allow" - log: "enable" - severity: "high" - status: "enable" - extended_log: "enable" - external: "disable" - method: - default_allowed_methods: "get" - log: "enable" - method_policy: - - - address: " (source firewall.address.name firewall.addrgrp.name)" - allowed_methods: "get" - id: "113" - pattern: "" - regex: "enable" - severity: "high" - status: "enable" - name: "default_name_118" - signature: - credit_card_detection_threshold: "120" - custom_signature: - - - action: "allow" - case_sensitivity: "disable" - direction: "request" - log: "enable" - name: "default_name_126" - pattern: "" - severity: "high" - status: "enable" - target: "arg" - disabled_signature: - - - id: "132 (source waf.signature.id)" - disabled_sub_class: - - - id: "134 (source waf.sub-class.id)" - main_class: - - - action: "allow" - id: "137 (source waf.main-class.id)" - log: "enable" - severity: "high" - status: "enable" - url_access: - - - access_pattern: - - - id: "143" - negate: "enable" - pattern: "" - regex: "enable" - srcaddr: " (source firewall.address.name firewall.addrgrp.name)" - action: "bypass" - address: " (source firewall.address.name firewall.addrgrp.name)" - id: "150" - log: "enable" - severity: "high" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_waf_profile_data(json): - option_list = ['address_list', 'comment', 'constraint', - 'extended_log', 'external', 'method', - 'name', 'signature', 'url_access'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def waf_profile(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['waf_profile'] and data['waf_profile']: - state = data['waf_profile']['state'] - else: - state = True - waf_profile_data = data['waf_profile'] - filtered_data = underscore_to_hyphen(filter_waf_profile_data(waf_profile_data)) - - if state == "present": - return fos.set('waf', - 'profile', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('waf', - 'profile', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_waf(data, fos): - - if data['waf_profile']: - resp = waf_profile(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "waf_profile": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "address_list": {"required": False, "type": "dict", - "options": { - "blocked_address": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "blocked_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "severity": {"required": False, "type": "str", - "choices": ["high", "medium", "low"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "trusted_address": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }} - }}, - "comment": {"required": False, "type": "str"}, - "constraint": {"required": False, "type": "dict", - "options": { - "content_length": {"required": False, "type": "dict", - "options": { - "action": {"required": False, "type": "str", - "choices": ["allow", "block"]}, - "length": {"required": False, "type": "int"}, - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "severity": {"required": False, "type": "str", - "choices": ["high", "medium", "low"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "exception": {"required": False, "type": "list", - "options": { - "address": {"required": False, "type": "str"}, - "content_length": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "header_length": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "hostname": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "id": {"required": True, "type": "int"}, - "line_length": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "malformed": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "max_cookie": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "max_header_line": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "max_range_segment": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "max_url_param": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "method": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "param_length": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "pattern": {"required": False, "type": "str"}, - "regex": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "url_param_length": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "version": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "header_length": {"required": False, "type": "dict", - "options": { - "action": {"required": False, "type": "str", - "choices": ["allow", "block"]}, - "length": {"required": False, "type": "int"}, - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "severity": {"required": False, "type": "str", - "choices": ["high", "medium", "low"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "hostname": {"required": False, "type": "dict", - "options": { - "action": {"required": False, "type": "str", - "choices": ["allow", "block"]}, - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "severity": {"required": False, "type": "str", - "choices": ["high", "medium", "low"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "line_length": {"required": False, "type": "dict", - "options": { - "action": {"required": False, "type": "str", - "choices": ["allow", "block"]}, - "length": {"required": False, "type": "int"}, - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "severity": {"required": False, "type": "str", - "choices": ["high", "medium", "low"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "malformed": {"required": False, "type": "dict", - "options": { - "action": {"required": False, "type": "str", - "choices": ["allow", "block"]}, - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "severity": {"required": False, "type": "str", - "choices": ["high", "medium", "low"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "max_cookie": {"required": False, "type": "dict", - "options": { - "action": {"required": False, "type": "str", - "choices": ["allow", "block"]}, - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "max_cookie": {"required": False, "type": "int"}, - "severity": {"required": False, "type": "str", - "choices": ["high", "medium", "low"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "max_header_line": {"required": False, "type": "dict", - "options": { - "action": {"required": False, "type": "str", - "choices": ["allow", "block"]}, - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "max_header_line": {"required": False, "type": "int"}, - "severity": {"required": False, "type": "str", - "choices": ["high", "medium", "low"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "max_range_segment": {"required": False, "type": "dict", - "options": { - "action": {"required": False, "type": "str", - "choices": ["allow", "block"]}, - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "max_range_segment": {"required": False, "type": "int"}, - "severity": {"required": False, "type": "str", - "choices": ["high", "medium", "low"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "max_url_param": {"required": False, "type": "dict", - "options": { - "action": {"required": False, "type": "str", - "choices": ["allow", "block"]}, - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "max_url_param": {"required": False, "type": "int"}, - "severity": {"required": False, "type": "str", - "choices": ["high", "medium", "low"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "method": {"required": False, "type": "dict", - "options": { - "action": {"required": False, "type": "str", - "choices": ["allow", "block"]}, - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "severity": {"required": False, "type": "str", - "choices": ["high", "medium", "low"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "param_length": {"required": False, "type": "dict", - "options": { - "action": {"required": False, "type": "str", - "choices": ["allow", "block"]}, - "length": {"required": False, "type": "int"}, - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "severity": {"required": False, "type": "str", - "choices": ["high", "medium", "low"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "url_param_length": {"required": False, "type": "dict", - "options": { - "action": {"required": False, "type": "str", - "choices": ["allow", "block"]}, - "length": {"required": False, "type": "int"}, - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "severity": {"required": False, "type": "str", - "choices": ["high", "medium", "low"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "version": {"required": False, "type": "dict", - "options": { - "action": {"required": False, "type": "str", - "choices": ["allow", "block"]}, - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "severity": {"required": False, "type": "str", - "choices": ["high", "medium", "low"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }} - }}, - "extended_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "external": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "method": {"required": False, "type": "dict", - "options": { - "default_allowed_methods": {"required": False, "type": "str", - "choices": ["get", "post", "put", - "head", "connect", "trace", - "options", "delete", "others"]}, - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "method_policy": {"required": False, "type": "list", - "options": { - "address": {"required": False, "type": "str"}, - "allowed_methods": {"required": False, "type": "str", - "choices": ["get", "post", "put", - "head", "connect", "trace", - "options", "delete", "others"]}, - "id": {"required": True, "type": "int"}, - "pattern": {"required": False, "type": "str"}, - "regex": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "severity": {"required": False, "type": "str", - "choices": ["high", "medium", "low"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "name": {"required": True, "type": "str"}, - "signature": {"required": False, "type": "dict", - "options": { - "credit_card_detection_threshold": {"required": False, "type": "int"}, - "custom_signature": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["allow", "block", "erase"]}, - "case_sensitivity": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "direction": {"required": False, "type": "str", - "choices": ["request", "response"]}, - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "name": {"required": True, "type": "str"}, - "pattern": {"required": False, "type": "str"}, - "severity": {"required": False, "type": "str", - "choices": ["high", "medium", "low"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "target": {"required": False, "type": "str", - "choices": ["arg", "arg-name", "req-body", - "req-cookie", "req-cookie-name", "req-filename", - "req-header", "req-header-name", "req-raw-uri", - "req-uri", "resp-body", "resp-hdr", - "resp-status"]} - }}, - "disabled_signature": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "disabled_sub_class": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "main_class": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["allow", "block", "erase"]}, - "id": {"required": True, "type": "int"}, - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "severity": {"required": False, "type": "str", - "choices": ["high", "medium", "low"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }} - }}, - "url_access": {"required": False, "type": "list", - "options": { - "access_pattern": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "negate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "pattern": {"required": False, "type": "str"}, - "regex": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "srcaddr": {"required": False, "type": "str"} - }}, - "action": {"required": False, "type": "str", - "choices": ["bypass", "permit", "block"]}, - "address": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "severity": {"required": False, "type": "str", - "choices": ["high", "medium", "low"]} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_waf(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_waf(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_waf_signature.py b/lib/ansible/modules/network/fortios/fortios_waf_signature.py deleted file mode 100644 index ffa7fb2dc12..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_waf_signature.py +++ /dev/null @@ -1,315 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_waf_signature -short_description: Hidden table for datasource in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify waf feature and signature category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - waf_signature: - description: - - Hidden table for datasource. - default: null - type: dict - suboptions: - desc: - description: - - Signature description. - type: str - id: - description: - - Signature ID. - required: true - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Hidden table for datasource. - fortios_waf_signature: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - waf_signature: - desc: "" - id: "4" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_waf_signature_data(json): - option_list = ['desc', 'id'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def waf_signature(data, fos): - vdom = data['vdom'] - state = data['state'] - waf_signature_data = data['waf_signature'] - filtered_data = underscore_to_hyphen(filter_waf_signature_data(waf_signature_data)) - - if state == "present": - return fos.set('waf', - 'signature', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('waf', - 'signature', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_waf(data, fos): - - if data['waf_signature']: - resp = waf_signature(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "waf_signature": { - "required": False, "type": "dict", "default": None, - "options": { - "desc": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_waf(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_waf(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_waf_sub_class.py b/lib/ansible/modules/network/fortios/fortios_waf_sub_class.py deleted file mode 100644 index 3c6d49d74a9..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_waf_sub_class.py +++ /dev/null @@ -1,315 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_waf_sub_class -short_description: Hidden table for datasource in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify waf feature and sub_class category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - waf_sub_class: - description: - - Hidden table for datasource. - default: null - type: dict - suboptions: - id: - description: - - Signature subclass ID. - required: true - type: int - name: - description: - - Signature subclass name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Hidden table for datasource. - fortios_waf_sub_class: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - waf_sub_class: - id: "3" - name: "default_name_4" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_waf_sub_class_data(json): - option_list = ['id', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def waf_sub_class(data, fos): - vdom = data['vdom'] - state = data['state'] - waf_sub_class_data = data['waf_sub_class'] - filtered_data = underscore_to_hyphen(filter_waf_sub_class_data(waf_sub_class_data)) - - if state == "present": - return fos.set('waf', - 'sub-class', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('waf', - 'sub-class', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_waf(data, fos): - - if data['waf_sub_class']: - resp = waf_sub_class(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "waf_sub_class": { - "required": False, "type": "dict", "default": None, - "options": { - "id": {"required": True, "type": "int"}, - "name": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_waf(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_waf(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wanopt_auth_group.py b/lib/ansible/modules/network/fortios/fortios_wanopt_auth_group.py deleted file mode 100644 index 14604642124..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wanopt_auth_group.py +++ /dev/null @@ -1,350 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wanopt_auth_group -short_description: Configure WAN optimization authentication groups in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wanopt feature and auth_group category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - wanopt_auth_group: - description: - - Configure WAN optimization authentication groups. - default: null - type: dict - suboptions: - auth_method: - description: - - Select certificate or pre-shared key authentication for this authentication group. - type: str - choices: - - cert - - psk - cert: - description: - - Name of certificate to identify this peer. Source vpn.certificate.local.name. - type: str - name: - description: - - Auth-group name. - required: true - type: str - peer: - description: - - If peer-accept is set to one, select the name of one peer to add to this authentication group. The peer must have added with the wanopt - peer command. Source wanopt.peer.peer-host-id. - type: str - peer_accept: - description: - - Determine if this auth group accepts, any peer, a list of defined peers, or just one peer. - type: str - choices: - - any - - defined - - one - psk: - description: - - Pre-shared key used by the peers in this authentication group. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure WAN optimization authentication groups. - fortios_wanopt_auth_group: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - wanopt_auth_group: - auth_method: "cert" - cert: " (source vpn.certificate.local.name)" - name: "default_name_5" - peer: " (source wanopt.peer.peer-host-id)" - peer_accept: "any" - psk: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wanopt_auth_group_data(json): - option_list = ['auth_method', 'cert', 'name', - 'peer', 'peer_accept', 'psk'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wanopt_auth_group(data, fos): - vdom = data['vdom'] - state = data['state'] - wanopt_auth_group_data = data['wanopt_auth_group'] - filtered_data = underscore_to_hyphen(filter_wanopt_auth_group_data(wanopt_auth_group_data)) - - if state == "present": - return fos.set('wanopt', - 'auth-group', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('wanopt', - 'auth-group', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wanopt(data, fos): - - if data['wanopt_auth_group']: - resp = wanopt_auth_group(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "wanopt_auth_group": { - "required": False, "type": "dict", "default": None, - "options": { - "auth_method": {"required": False, "type": "str", - "choices": ["cert", "psk"]}, - "cert": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "peer": {"required": False, "type": "str"}, - "peer_accept": {"required": False, "type": "str", - "choices": ["any", "defined", "one"]}, - "psk": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wanopt(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wanopt(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wanopt_cache_service.py b/lib/ansible/modules/network/fortios/fortios_wanopt_cache_service.py deleted file mode 100644 index 012d73199c7..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wanopt_cache_service.py +++ /dev/null @@ -1,401 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wanopt_cache_service -short_description: Designate cache-service for wan-optimization and webcache in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wanopt feature and cache_service category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - wanopt_cache_service: - description: - - Designate cache-service for wan-optimization and webcache. - default: null - type: dict - suboptions: - acceptable_connections: - description: - - Set strategy when accepting cache collaboration connection. - type: str - choices: - - any - - peers - collaboration: - description: - - Enable/disable cache-collaboration between cache-service clusters. - type: str - choices: - - enable - - disable - device_id: - description: - - Set identifier for this cache device. - type: str - dst_peer: - description: - - Modify cache-service destination peer list. - type: list - suboptions: - auth_type: - description: - - Set authentication type for this peer. - type: int - device_id: - description: - - Device ID of this peer. - type: str - encode_type: - description: - - Set encode type for this peer. - type: int - ip: - description: - - Set cluster IP address of this peer. - type: str - priority: - description: - - Set priority for this peer. - type: int - prefer_scenario: - description: - - Set the preferred cache behavior towards the balance between latency and hit-ratio. - type: str - choices: - - balance - - prefer-speed - - prefer-cache - src_peer: - description: - - Modify cache-service source peer list. - type: list - suboptions: - auth_type: - description: - - Set authentication type for this peer. - type: int - device_id: - description: - - Device ID of this peer. - type: str - encode_type: - description: - - Set encode type for this peer. - type: int - ip: - description: - - Set cluster IP address of this peer. - type: str - priority: - description: - - Set priority for this peer. - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Designate cache-service for wan-optimization and webcache. - fortios_wanopt_cache_service: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - wanopt_cache_service: - acceptable_connections: "any" - collaboration: "enable" - device_id: "" - dst_peer: - - - auth_type: "7" - device_id: "" - encode_type: "9" - ip: "" - priority: "11" - prefer_scenario: "balance" - src_peer: - - - auth_type: "14" - device_id: "" - encode_type: "16" - ip: "" - priority: "18" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wanopt_cache_service_data(json): - option_list = ['acceptable_connections', 'collaboration', 'device_id', - 'dst_peer', 'prefer_scenario', 'src_peer'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wanopt_cache_service(data, fos): - vdom = data['vdom'] - wanopt_cache_service_data = data['wanopt_cache_service'] - filtered_data = underscore_to_hyphen(filter_wanopt_cache_service_data(wanopt_cache_service_data)) - - return fos.set('wanopt', - 'cache-service', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wanopt(data, fos): - - if data['wanopt_cache_service']: - resp = wanopt_cache_service(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "wanopt_cache_service": { - "required": False, "type": "dict", "default": None, - "options": { - "acceptable_connections": {"required": False, "type": "str", - "choices": ["any", "peers"]}, - "collaboration": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "device_id": {"required": False, "type": "str"}, - "dst_peer": {"required": False, "type": "list", - "options": { - "auth_type": {"required": False, "type": "int"}, - "device_id": {"required": False, "type": "str"}, - "encode_type": {"required": False, "type": "int"}, - "ip": {"required": False, "type": "str"}, - "priority": {"required": False, "type": "int"} - }}, - "prefer_scenario": {"required": False, "type": "str", - "choices": ["balance", "prefer-speed", "prefer-cache"]}, - "src_peer": {"required": False, "type": "list", - "options": { - "auth_type": {"required": False, "type": "int"}, - "device_id": {"required": False, "type": "str"}, - "encode_type": {"required": False, "type": "int"}, - "ip": {"required": False, "type": "str"}, - "priority": {"required": False, "type": "int"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wanopt(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wanopt(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wanopt_content_delivery_network_rule.py b/lib/ansible/modules/network/fortios/fortios_wanopt_content_delivery_network_rule.py deleted file mode 100644 index ecc61d13f1b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wanopt_content_delivery_network_rule.py +++ /dev/null @@ -1,620 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wanopt_content_delivery_network_rule -short_description: Configure WAN optimization content delivery network rules in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wanopt feature and content_delivery_network_rule category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - wanopt_content_delivery_network_rule: - description: - - Configure WAN optimization content delivery network rules. - default: null - type: dict - suboptions: - category: - description: - - Content delivery network rule category. - type: str - choices: - - vcache - - youtube - comment: - description: - - Comment about this CDN-rule. - type: str - host_domain_name_suffix: - description: - - Suffix portion of the fully qualified domain name (eg. fortinet.com in "www.fortinet.com"). - type: list - suboptions: - name: - description: - - Suffix portion of the fully qualified domain name. - required: true - type: str - name: - description: - - Name of table. - required: true - type: str - request_cache_control: - description: - - Enable/disable HTTP request cache control. - type: str - choices: - - enable - - disable - response_cache_control: - description: - - Enable/disable HTTP response cache control. - type: str - choices: - - enable - - disable - response_expires: - description: - - Enable/disable HTTP response cache expires. - type: str - choices: - - enable - - disable - rules: - description: - - WAN optimization content delivery network rule entries. - type: list - suboptions: - content_id: - description: - - Content ID settings. - type: dict - suboptions: - end_direction: - description: - - Search direction from end-str match. - type: str - choices: - - forward - - backward - end_skip: - description: - - Number of characters in URL to skip after end-str has been matched. - type: int - end_str: - description: - - String from which to end search. - type: str - range_str: - description: - - Name of content ID within the start string and end string. - type: str - start_direction: - description: - - Search direction from start-str match. - type: str - choices: - - forward - - backward - start_skip: - description: - - Number of characters in URL to skip after start-str has been matched. - type: int - start_str: - description: - - String from which to start search. - type: str - target: - description: - - Option in HTTP header or URL parameter to match. - type: str - choices: - - path - - parameter - - referrer - - youtube-map - - youtube-id - - youku-id - - hls-manifest - - dash-manifest - - hls-fragment - - dash-fragment - match_entries: - description: - - List of entries to match. - type: list - suboptions: - id: - description: - - Rule ID. - required: true - type: int - pattern: - description: - - Pattern string for matching target (Referrer or URL pattern, eg. "a", "a*c", "*a*", "a*c*e", and "*"). - type: list - suboptions: - string: - description: - - Pattern strings. - required: true - type: str - target: - description: - - Option in HTTP header or URL parameter to match. - type: str - choices: - - path - - parameter - - referrer - - youtube-map - - youtube-id - - youku-id - match_mode: - description: - - Match criteria for collecting content ID. - type: str - choices: - - all - - any - name: - description: - - WAN optimization content delivery network rule name. - required: true - type: str - skip_entries: - description: - - List of entries to skip. - type: list - suboptions: - id: - description: - - Rule ID. - required: true - type: int - pattern: - description: - - Pattern string for matching target (Referrer or URL pattern, eg. "a", "a*c", "*a*", "a*c*e", and "*"). - type: list - suboptions: - string: - description: - - Pattern strings. - required: true - type: str - target: - description: - - Option in HTTP header or URL parameter to match. - type: str - choices: - - path - - parameter - - referrer - - youtube-map - - youtube-id - - youku-id - skip_rule_mode: - description: - - Skip mode when evaluating skip-rules. - type: str - choices: - - all - - any - status: - description: - - Enable/disable WAN optimization content delivery network rules. - type: str - choices: - - enable - - disable - text_response_vcache: - description: - - Enable/disable caching of text responses. - type: str - choices: - - enable - - disable - updateserver: - description: - - Enable/disable update server. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure WAN optimization content delivery network rules. - fortios_wanopt_content_delivery_network_rule: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - wanopt_content_delivery_network_rule: - category: "vcache" - comment: "Comment about this CDN-rule." - host_domain_name_suffix: - - - name: "default_name_6" - name: "default_name_7" - request_cache_control: "enable" - response_cache_control: "enable" - response_expires: "enable" - rules: - - - content_id: - end_direction: "forward" - end_skip: "14" - end_str: "" - range_str: "" - start_direction: "forward" - start_skip: "18" - start_str: "" - target: "path" - match_entries: - - - id: "22" - pattern: - - - string: "" - target: "path" - match_mode: "all" - name: "default_name_27" - skip_entries: - - - id: "29" - pattern: - - - string: "" - target: "path" - skip_rule_mode: "all" - status: "enable" - text_response_vcache: "enable" - updateserver: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wanopt_content_delivery_network_rule_data(json): - option_list = ['category', 'comment', 'host_domain_name_suffix', - 'name', 'request_cache_control', 'response_cache_control', - 'response_expires', 'rules', 'status', - 'text_response_vcache', 'updateserver'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wanopt_content_delivery_network_rule(data, fos): - vdom = data['vdom'] - state = data['state'] - wanopt_content_delivery_network_rule_data = data['wanopt_content_delivery_network_rule'] - filtered_data = underscore_to_hyphen(filter_wanopt_content_delivery_network_rule_data(wanopt_content_delivery_network_rule_data)) - - if state == "present": - return fos.set('wanopt', - 'content-delivery-network-rule', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('wanopt', - 'content-delivery-network-rule', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wanopt(data, fos): - - if data['wanopt_content_delivery_network_rule']: - resp = wanopt_content_delivery_network_rule(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "wanopt_content_delivery_network_rule": { - "required": False, "type": "dict", "default": None, - "options": { - "category": {"required": False, "type": "str", - "choices": ["vcache", "youtube"]}, - "comment": {"required": False, "type": "str"}, - "host_domain_name_suffix": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "name": {"required": True, "type": "str"}, - "request_cache_control": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "response_cache_control": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "response_expires": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "rules": {"required": False, "type": "list", - "options": { - "content_id": {"required": False, "type": "dict", - "options": { - "end_direction": {"required": False, "type": "str", - "choices": ["forward", "backward"]}, - "end_skip": {"required": False, "type": "int"}, - "end_str": {"required": False, "type": "str"}, - "range_str": {"required": False, "type": "str"}, - "start_direction": {"required": False, "type": "str", - "choices": ["forward", "backward"]}, - "start_skip": {"required": False, "type": "int"}, - "start_str": {"required": False, "type": "str"}, - "target": {"required": False, "type": "str", - "choices": ["path", "parameter", "referrer", - "youtube-map", "youtube-id", "youku-id", - "hls-manifest", "dash-manifest", "hls-fragment", - "dash-fragment"]} - }}, - "match_entries": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "pattern": {"required": False, "type": "list", - "options": { - "string": {"required": True, "type": "str"} - }}, - "target": {"required": False, "type": "str", - "choices": ["path", "parameter", "referrer", - "youtube-map", "youtube-id", "youku-id"]} - }}, - "match_mode": {"required": False, "type": "str", - "choices": ["all", "any"]}, - "name": {"required": True, "type": "str"}, - "skip_entries": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "pattern": {"required": False, "type": "list", - "options": { - "string": {"required": True, "type": "str"} - }}, - "target": {"required": False, "type": "str", - "choices": ["path", "parameter", "referrer", - "youtube-map", "youtube-id", "youku-id"]} - }}, - "skip_rule_mode": {"required": False, "type": "str", - "choices": ["all", "any"]} - }}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "text_response_vcache": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "updateserver": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wanopt(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wanopt(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wanopt_peer.py b/lib/ansible/modules/network/fortios/fortios_wanopt_peer.py deleted file mode 100644 index 514185fd00d..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wanopt_peer.py +++ /dev/null @@ -1,314 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wanopt_peer -short_description: Configure WAN optimization peers in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wanopt feature and peer category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - wanopt_peer: - description: - - Configure WAN optimization peers. - default: null - type: dict - suboptions: - ip: - description: - - Peer IP address. - type: str - peer_host_id: - description: - - Peer host ID. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure WAN optimization peers. - fortios_wanopt_peer: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - wanopt_peer: - ip: "" - peer_host_id: "myhostname" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wanopt_peer_data(json): - option_list = ['ip', 'peer_host_id'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wanopt_peer(data, fos): - vdom = data['vdom'] - state = data['state'] - wanopt_peer_data = data['wanopt_peer'] - filtered_data = underscore_to_hyphen(filter_wanopt_peer_data(wanopt_peer_data)) - - if state == "present": - return fos.set('wanopt', - 'peer', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('wanopt', - 'peer', - mkey=filtered_data['peer-host-id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wanopt(data, fos): - - if data['wanopt_peer']: - resp = wanopt_peer(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "wanopt_peer": { - "required": False, "type": "dict", "default": None, - "options": { - "ip": {"required": False, "type": "str"}, - "peer_host_id": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wanopt(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wanopt(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wanopt_profile.py b/lib/ansible/modules/network/fortios/fortios_wanopt_profile.py deleted file mode 100644 index 09bc5a20a08..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wanopt_profile.py +++ /dev/null @@ -1,790 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wanopt_profile -short_description: Configure WAN optimization profiles in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wanopt feature and profile category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - wanopt_profile: - description: - - Configure WAN optimization profiles. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - auth_group: - description: - - Optionally add an authentication group to restrict access to the WAN Optimization tunnel to peers in the authentication group. Source - wanopt.auth-group.name. - type: str - cifs: - description: - - Enable/disable CIFS (Windows sharing) WAN Optimization and configure CIFS WAN Optimization features. - type: dict - suboptions: - byte_caching: - description: - - Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in - future serving if from the cache. - type: str - choices: - - enable - - disable - log_traffic: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - port: - description: - - Single port number or port number range for CIFS. Only packets with a destination port number that matches this port number or - range are accepted by this profile. - type: int - prefer_chunking: - description: - - Select dynamic or fixed-size data chunking for HTTP WAN Optimization. - type: str - choices: - - dynamic - - fix - secure_tunnel: - description: - - Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810). - type: str - choices: - - enable - - disable - status: - description: - - Enable/disable HTTP WAN Optimization. - type: str - choices: - - enable - - disable - tunnel_sharing: - description: - - Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols. - type: str - choices: - - private - - shared - - express-shared - comments: - description: - - Comment. - type: str - ftp: - description: - - Enable/disable FTP WAN Optimization and configure FTP WAN Optimization features. - type: dict - suboptions: - byte_caching: - description: - - Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in - future serving if from the cache. - type: str - choices: - - enable - - disable - log_traffic: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - port: - description: - - Single port number or port number range for FTP. Only packets with a destination port number that matches this port number or - range are accepted by this profile. - type: int - prefer_chunking: - description: - - Select dynamic or fixed-size data chunking for HTTP WAN Optimization. - type: str - choices: - - dynamic - - fix - secure_tunnel: - description: - - Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810). - type: str - choices: - - enable - - disable - status: - description: - - Enable/disable HTTP WAN Optimization. - type: str - choices: - - enable - - disable - tunnel_sharing: - description: - - Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols. - type: str - choices: - - private - - shared - - express-shared - http: - description: - - Enable/disable HTTP WAN Optimization and configure HTTP WAN Optimization features. - type: dict - suboptions: - byte_caching: - description: - - Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in - future serving if from the cache. - type: str - choices: - - enable - - disable - log_traffic: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - port: - description: - - Single port number or port number range for HTTP. Only packets with a destination port number that matches this port number or - range are accepted by this profile. - type: int - prefer_chunking: - description: - - Select dynamic or fixed-size data chunking for HTTP WAN Optimization. - type: str - choices: - - dynamic - - fix - secure_tunnel: - description: - - Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810). - type: str - choices: - - enable - - disable - ssl: - description: - - Enable/disable SSL/TLS offloading (hardware acceleration) for HTTPS traffic in this tunnel. - type: str - choices: - - enable - - disable - ssl_port: - description: - - Port on which to expect HTTPS traffic for SSL/TLS offloading. - type: int - status: - description: - - Enable/disable HTTP WAN Optimization. - type: str - choices: - - enable - - disable - tunnel_non_http: - description: - - Configure how to process non-HTTP traffic when a profile configured for HTTP traffic accepts a non-HTTP session. Can occur if an - application sends non-HTTP traffic using an HTTP destination port. - type: str - choices: - - enable - - disable - tunnel_sharing: - description: - - Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols. - type: str - choices: - - private - - shared - - express-shared - unknown_http_version: - description: - - How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1. - type: str - choices: - - reject - - tunnel - - best-effort - mapi: - description: - - Enable/disable MAPI email WAN Optimization and configure MAPI WAN Optimization features. - type: dict - suboptions: - byte_caching: - description: - - Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in - future serving if from the cache. - type: str - choices: - - enable - - disable - log_traffic: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - port: - description: - - Single port number or port number range for MAPI. Only packets with a destination port number that matches this port number or - range are accepted by this profile. - type: int - secure_tunnel: - description: - - Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810). - type: str - choices: - - enable - - disable - status: - description: - - Enable/disable HTTP WAN Optimization. - type: str - choices: - - enable - - disable - tunnel_sharing: - description: - - Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols. - type: str - choices: - - private - - shared - - express-shared - name: - description: - - Profile name. - required: true - type: str - tcp: - description: - - Enable/disable TCP WAN Optimization and configure TCP WAN Optimization features. - type: dict - suboptions: - byte_caching: - description: - - Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in - future serving if from the cache. - type: str - choices: - - enable - - disable - byte_caching_opt: - description: - - Select whether TCP byte-caching uses system memory only or both memory and disk space. - type: str - choices: - - mem-only - - mem-disk - log_traffic: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - port: - description: - - Single port number or port number range for TCP. Only packets with a destination port number that matches this port number or - range are accepted by this profile. - type: str - secure_tunnel: - description: - - Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810). - type: str - choices: - - enable - - disable - ssl: - description: - - Enable/disable SSL/TLS offloading. - type: str - choices: - - enable - - disable - ssl_port: - description: - - Port on which to expect HTTPS traffic for SSL/TLS offloading. - type: int - status: - description: - - Enable/disable HTTP WAN Optimization. - type: str - choices: - - enable - - disable - tunnel_sharing: - description: - - Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols. - type: str - choices: - - private - - shared - - express-shared - transparent: - description: - - Enable/disable transparent mode. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure WAN optimization profiles. - fortios_wanopt_profile: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - wanopt_profile: - auth_group: " (source wanopt.auth-group.name)" - cifs: - byte_caching: "enable" - log_traffic: "enable" - port: "7" - prefer_chunking: "dynamic" - secure_tunnel: "enable" - status: "enable" - tunnel_sharing: "private" - comments: "" - ftp: - byte_caching: "enable" - log_traffic: "enable" - port: "16" - prefer_chunking: "dynamic" - secure_tunnel: "enable" - status: "enable" - tunnel_sharing: "private" - http: - byte_caching: "enable" - log_traffic: "enable" - port: "24" - prefer_chunking: "dynamic" - secure_tunnel: "enable" - ssl: "enable" - ssl_port: "28" - status: "enable" - tunnel_non_http: "enable" - tunnel_sharing: "private" - unknown_http_version: "reject" - mapi: - byte_caching: "enable" - log_traffic: "enable" - port: "36" - secure_tunnel: "enable" - status: "enable" - tunnel_sharing: "private" - name: "default_name_40" - tcp: - byte_caching: "enable" - byte_caching_opt: "mem-only" - log_traffic: "enable" - port: "" - secure_tunnel: "enable" - ssl: "enable" - ssl_port: "48" - status: "enable" - tunnel_sharing: "private" - transparent: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wanopt_profile_data(json): - option_list = ['auth_group', 'cifs', 'comments', - 'ftp', 'http', 'mapi', - 'name', 'tcp', 'transparent'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wanopt_profile(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['wanopt_profile'] and data['wanopt_profile']: - state = data['wanopt_profile']['state'] - else: - state = True - wanopt_profile_data = data['wanopt_profile'] - filtered_data = underscore_to_hyphen(filter_wanopt_profile_data(wanopt_profile_data)) - - if state == "present": - return fos.set('wanopt', - 'profile', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('wanopt', - 'profile', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wanopt(data, fos): - - if data['wanopt_profile']: - resp = wanopt_profile(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "wanopt_profile": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "auth_group": {"required": False, "type": "str"}, - "cifs": {"required": False, "type": "dict", - "options": { - "byte_caching": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "log_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "port": {"required": False, "type": "int"}, - "prefer_chunking": {"required": False, "type": "str", - "choices": ["dynamic", "fix"]}, - "secure_tunnel": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "tunnel_sharing": {"required": False, "type": "str", - "choices": ["private", "shared", "express-shared"]} - }}, - "comments": {"required": False, "type": "str"}, - "ftp": {"required": False, "type": "dict", - "options": { - "byte_caching": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "log_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "port": {"required": False, "type": "int"}, - "prefer_chunking": {"required": False, "type": "str", - "choices": ["dynamic", "fix"]}, - "secure_tunnel": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "tunnel_sharing": {"required": False, "type": "str", - "choices": ["private", "shared", "express-shared"]} - }}, - "http": {"required": False, "type": "dict", - "options": { - "byte_caching": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "log_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "port": {"required": False, "type": "int"}, - "prefer_chunking": {"required": False, "type": "str", - "choices": ["dynamic", "fix"]}, - "secure_tunnel": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssl": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssl_port": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "tunnel_non_http": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "tunnel_sharing": {"required": False, "type": "str", - "choices": ["private", "shared", "express-shared"]}, - "unknown_http_version": {"required": False, "type": "str", - "choices": ["reject", "tunnel", "best-effort"]} - }}, - "mapi": {"required": False, "type": "dict", - "options": { - "byte_caching": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "log_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "port": {"required": False, "type": "int"}, - "secure_tunnel": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "tunnel_sharing": {"required": False, "type": "str", - "choices": ["private", "shared", "express-shared"]} - }}, - "name": {"required": True, "type": "str"}, - "tcp": {"required": False, "type": "dict", - "options": { - "byte_caching": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "byte_caching_opt": {"required": False, "type": "str", - "choices": ["mem-only", "mem-disk"]}, - "log_traffic": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "port": {"required": False, "type": "str"}, - "secure_tunnel": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssl": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssl_port": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "tunnel_sharing": {"required": False, "type": "str", - "choices": ["private", "shared", "express-shared"]} - }}, - "transparent": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wanopt(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wanopt(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wanopt_remote_storage.py b/lib/ansible/modules/network/fortios/fortios_wanopt_remote_storage.py deleted file mode 100644 index b9f2ce6ca90..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wanopt_remote_storage.py +++ /dev/null @@ -1,312 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wanopt_remote_storage -short_description: Configure a remote cache device as Web cache storage in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wanopt feature and remote_storage category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - wanopt_remote_storage: - description: - - Configure a remote cache device as Web cache storage. - default: null - type: dict - suboptions: - local_cache_id: - description: - - ID that this device uses to connect to the remote device. - type: str - remote_cache_id: - description: - - ID of the remote device to which the device connects. - type: str - remote_cache_ip: - description: - - IP address of the remote device to which the device connects. - type: str - status: - description: - - Enable/disable using remote device as Web cache storage. - type: str - choices: - - disable - - enable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure a remote cache device as Web cache storage. - fortios_wanopt_remote_storage: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - wanopt_remote_storage: - local_cache_id: "" - remote_cache_id: "" - remote_cache_ip: "" - status: "disable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wanopt_remote_storage_data(json): - option_list = ['local_cache_id', 'remote_cache_id', 'remote_cache_ip', - 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wanopt_remote_storage(data, fos): - vdom = data['vdom'] - wanopt_remote_storage_data = data['wanopt_remote_storage'] - filtered_data = underscore_to_hyphen(filter_wanopt_remote_storage_data(wanopt_remote_storage_data)) - - return fos.set('wanopt', - 'remote-storage', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wanopt(data, fos): - - if data['wanopt_remote_storage']: - resp = wanopt_remote_storage(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "wanopt_remote_storage": { - "required": False, "type": "dict", "default": None, - "options": { - "local_cache_id": {"required": False, "type": "str"}, - "remote_cache_id": {"required": False, "type": "str"}, - "remote_cache_ip": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["disable", "enable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wanopt(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wanopt(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wanopt_settings.py b/lib/ansible/modules/network/fortios/fortios_wanopt_settings.py deleted file mode 100644 index 521776293f5..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wanopt_settings.py +++ /dev/null @@ -1,309 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wanopt_settings -short_description: Configure WAN optimization settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wanopt feature and settings category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - wanopt_settings: - description: - - Configure WAN optimization settings. - default: null - type: dict - suboptions: - auto_detect_algorithm: - description: - - Auto detection algorithms used in tunnel negotiations. - type: str - choices: - - simple - - diff-req-resp - host_id: - description: - - Local host ID (must also be entered in the remote FortiGate's peer list). - type: str - tunnel_ssl_algorithm: - description: - - Relative strength of encryption algorithms accepted during tunnel negotiation. - type: str - choices: - - low -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure WAN optimization settings. - fortios_wanopt_settings: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - wanopt_settings: - auto_detect_algorithm: "simple" - host_id: "myhostname" - tunnel_ssl_algorithm: "low" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wanopt_settings_data(json): - option_list = ['auto_detect_algorithm', 'host_id', 'tunnel_ssl_algorithm'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wanopt_settings(data, fos): - vdom = data['vdom'] - wanopt_settings_data = data['wanopt_settings'] - filtered_data = underscore_to_hyphen(filter_wanopt_settings_data(wanopt_settings_data)) - - return fos.set('wanopt', - 'settings', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wanopt(data, fos): - - if data['wanopt_settings']: - resp = wanopt_settings(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "wanopt_settings": { - "required": False, "type": "dict", "default": None, - "options": { - "auto_detect_algorithm": {"required": False, "type": "str", - "choices": ["simple", "diff-req-resp"]}, - "host_id": {"required": False, "type": "str"}, - "tunnel_ssl_algorithm": {"required": False, "type": "str", - "choices": ["low"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wanopt(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wanopt(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wanopt_webcache.py b/lib/ansible/modules/network/fortios/fortios_wanopt_webcache.py deleted file mode 100644 index 10e16b6000b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wanopt_webcache.py +++ /dev/null @@ -1,436 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wanopt_webcache -short_description: Configure global Web cache settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wanopt feature and webcache category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - wanopt_webcache: - description: - - Configure global Web cache settings. - default: null - type: dict - suboptions: - always_revalidate: - description: - - Enable/disable revalidation of requested cached objects, which have content on the server, before serving it to the client. - type: str - choices: - - enable - - disable - cache_by_default: - description: - - Enable/disable caching content that lacks explicit caching policies from the server. - type: str - choices: - - enable - - disable - cache_cookie: - description: - - Enable/disable caching cookies. Since cookies contain information for or about individual users, they not usually cached. - type: str - choices: - - enable - - disable - cache_expired: - description: - - Enable/disable caching type-1 objects that are already expired on arrival. - type: str - choices: - - enable - - disable - default_ttl: - description: - - Default object expiry time . This only applies to those objects that do not have an expiry time set by the web server. - type: int - external: - description: - - Enable/disable external Web caching. - type: str - choices: - - enable - - disable - fresh_factor: - description: - - Frequency that the server is checked to see if any objects have expired (1 - 100). The higher the fresh factor, the less often the - checks occur. - type: int - host_validate: - description: - - "Enable/disable validating Host: with original server IP." - type: str - choices: - - enable - - disable - ignore_conditional: - description: - - Enable/disable controlling the behavior of cache-control HTTP 1.1 header values. - type: str - choices: - - enable - - disable - ignore_ie_reload: - description: - - "Enable/disable ignoring the PNC-interpretation of Internet Explorer's Accept: / header." - type: str - choices: - - enable - - disable - ignore_ims: - description: - - Enable/disable ignoring the if-modified-since (IMS) header. - type: str - choices: - - enable - - disable - ignore_pnc: - description: - - Enable/disable ignoring the pragma no-cache (PNC) header. - type: str - choices: - - enable - - disable - max_object_size: - description: - - Maximum cacheable object size in kB (1 - 2147483 kb (2GB). All objects that exceed this are delivered to the client but not stored in - the web cache. - type: int - max_ttl: - description: - - Maximum time an object can stay in the web cache without checking to see if it has expired on the server . - type: int - min_ttl: - description: - - Minimum time an object can stay in the web cache without checking to see if it has expired on the server . - type: int - neg_resp_time: - description: - - Time in minutes to cache negative responses or errors (0 - 4294967295). - type: int - reval_pnc: - description: - - Enable/disable revalidation of pragma-no-cache (PNC) to address bandwidth concerns. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure global Web cache settings. - fortios_wanopt_webcache: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - wanopt_webcache: - always_revalidate: "enable" - cache_by_default: "enable" - cache_cookie: "enable" - cache_expired: "enable" - default_ttl: "7" - external: "enable" - fresh_factor: "9" - host_validate: "enable" - ignore_conditional: "enable" - ignore_ie_reload: "enable" - ignore_ims: "enable" - ignore_pnc: "enable" - max_object_size: "15" - max_ttl: "16" - min_ttl: "17" - neg_resp_time: "18" - reval_pnc: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wanopt_webcache_data(json): - option_list = ['always_revalidate', 'cache_by_default', 'cache_cookie', - 'cache_expired', 'default_ttl', 'external', - 'fresh_factor', 'host_validate', 'ignore_conditional', - 'ignore_ie_reload', 'ignore_ims', 'ignore_pnc', - 'max_object_size', 'max_ttl', 'min_ttl', - 'neg_resp_time', 'reval_pnc'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wanopt_webcache(data, fos): - vdom = data['vdom'] - wanopt_webcache_data = data['wanopt_webcache'] - filtered_data = underscore_to_hyphen(filter_wanopt_webcache_data(wanopt_webcache_data)) - - return fos.set('wanopt', - 'webcache', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wanopt(data, fos): - - if data['wanopt_webcache']: - resp = wanopt_webcache(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "wanopt_webcache": { - "required": False, "type": "dict", "default": None, - "options": { - "always_revalidate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "cache_by_default": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "cache_cookie": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "cache_expired": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "default_ttl": {"required": False, "type": "int"}, - "external": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "fresh_factor": {"required": False, "type": "int"}, - "host_validate": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ignore_conditional": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ignore_ie_reload": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ignore_ims": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ignore_pnc": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "max_object_size": {"required": False, "type": "int"}, - "max_ttl": {"required": False, "type": "int"}, - "min_ttl": {"required": False, "type": "int"}, - "neg_resp_time": {"required": False, "type": "int"}, - "reval_pnc": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wanopt(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wanopt(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_web_proxy_debug_url.py b/lib/ansible/modules/network/fortios/fortios_web_proxy_debug_url.py deleted file mode 100644 index a4ea10a7da0..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_web_proxy_debug_url.py +++ /dev/null @@ -1,336 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_web_proxy_debug_url -short_description: Configure debug URL addresses in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify web_proxy feature and debug_url category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - web_proxy_debug_url: - description: - - Configure debug URL addresses. - default: null - type: dict - suboptions: - exact: - description: - - Enable/disable matching the exact path. - type: str - choices: - - enable - - disable - name: - description: - - Debug URL name. - required: true - type: str - status: - description: - - Enable/disable this URL exemption. - type: str - choices: - - enable - - disable - url_pattern: - description: - - URL exemption pattern. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure debug URL addresses. - fortios_web_proxy_debug_url: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - web_proxy_debug_url: - exact: "enable" - name: "default_name_4" - status: "enable" - url_pattern: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_web_proxy_debug_url_data(json): - option_list = ['exact', 'name', 'status', - 'url_pattern'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def web_proxy_debug_url(data, fos): - vdom = data['vdom'] - state = data['state'] - web_proxy_debug_url_data = data['web_proxy_debug_url'] - filtered_data = underscore_to_hyphen(filter_web_proxy_debug_url_data(web_proxy_debug_url_data)) - - if state == "present": - return fos.set('web-proxy', - 'debug-url', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('web-proxy', - 'debug-url', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_web_proxy(data, fos): - - if data['web_proxy_debug_url']: - resp = web_proxy_debug_url(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "web_proxy_debug_url": { - "required": False, "type": "dict", "default": None, - "options": { - "exact": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "name": {"required": True, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "url_pattern": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_web_proxy(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_web_proxy(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_web_proxy_explicit.py b/lib/ansible/modules/network/fortios/fortios_web_proxy_explicit.py deleted file mode 100644 index 4268d64aba1..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_web_proxy_explicit.py +++ /dev/null @@ -1,595 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_web_proxy_explicit -short_description: Configure explicit Web proxy settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify web_proxy feature and explicit category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - web_proxy_explicit: - description: - - Configure explicit Web proxy settings. - default: null - type: dict - suboptions: - ftp_incoming_port: - description: - - Accept incoming FTP-over-HTTP requests on one or more ports (0 - 65535). - type: str - ftp_over_http: - description: - - Enable to proxy FTP-over-HTTP sessions sent from a web browser. - type: str - choices: - - enable - - disable - http_incoming_port: - description: - - Accept incoming HTTP requests on one or more ports (0 - 65535). - type: str - https_incoming_port: - description: - - Accept incoming HTTPS requests on one or more ports (0 - 65535). - type: str - https_replacement_message: - description: - - Enable/disable sending the client a replacement message for HTTPS requests. - type: str - choices: - - enable - - disable - incoming_ip: - description: - - Restrict the explicit HTTP proxy to only accept sessions from this IP address. An interface must have this IP address. - type: str - incoming_ip6: - description: - - Restrict the explicit web proxy to only accept sessions from this IPv6 address. An interface must have this IPv6 address. - type: str - ipv6_status: - description: - - Enable/disable allowing an IPv6 web proxy destination in policies and all IPv6 related entries in this command. - type: str - choices: - - enable - - disable - message_upon_server_error: - description: - - Enable/disable displaying a replacement message when a server error is detected. - type: str - choices: - - enable - - disable - outgoing_ip: - description: - - Outgoing HTTP requests will have this IP address as their source address. An interface must have this IP address. - type: str - outgoing_ip6: - description: - - Outgoing HTTP requests will leave this IPv6. Multiple interfaces can be specified. Interfaces must have these IPv6 addresses. - type: str - pac_file_data: - description: - - PAC file contents enclosed in quotes (maximum of 256K bytes). - type: str - pac_file_name: - description: - - Pac file name. - type: str - pac_file_server_port: - description: - - Port number that PAC traffic from client web browsers uses to connect to the explicit web proxy (0 - 65535). - type: str - pac_file_server_status: - description: - - Enable/disable Proxy Auto-Configuration (PAC) for users of this explicit proxy profile. - type: str - choices: - - enable - - disable - pac_file_url: - description: - - PAC file access URL. - type: str - pac_policy: - description: - - PAC policies. - type: list - suboptions: - comments: - description: - - Optional comments. - type: str - dstaddr: - description: - - Destination address objects. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - pac_file_data: - description: - - PAC file contents enclosed in quotes (maximum of 256K bytes). - type: str - pac_file_name: - description: - - Pac file name. - type: str - policyid: - description: - - Policy ID. - required: true - type: int - srcaddr: - description: - - Source address objects. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name. - required: true - type: str - srcaddr6: - description: - - Source address6 objects. - type: list - suboptions: - name: - description: - - Address name. Source firewall.address6.name firewall.addrgrp6.name. - required: true - type: str - status: - description: - - Enable/disable policy. - type: str - choices: - - enable - - disable - pref_dns_result: - description: - - Prefer resolving addresses using the configured IPv4 or IPv6 DNS server . - type: str - choices: - - ipv4 - - ipv6 - realm: - description: - - Authentication realm used to identify the explicit web proxy (maximum of 63 characters). - type: str - sec_default_action: - description: - - Accept or deny explicit web proxy sessions when no web proxy firewall policy exists. - type: str - choices: - - accept - - deny - socks: - description: - - Enable/disable the SOCKS proxy. - type: str - choices: - - enable - - disable - socks_incoming_port: - description: - - Accept incoming SOCKS proxy requests on one or more ports (0 - 65535). - type: str - ssl_algorithm: - description: - - "Relative strength of encryption algorithms accepted in HTTPS deep scan: high, medium, or low." - type: str - choices: - - low - status: - description: - - Enable/disable the explicit Web proxy for HTTP and HTTPS session. - type: str - choices: - - enable - - disable - strict_guest: - description: - - Enable/disable strict guest user checking by the explicit web proxy. - type: str - choices: - - enable - - disable - trace_auth_no_rsp: - description: - - Enable/disable logging timed-out authentication requests. - type: str - choices: - - enable - - disable - unknown_http_version: - description: - - Either reject unknown HTTP traffic as malformed or handle unknown HTTP traffic as best as the proxy server can. - type: str - choices: - - reject - - best-effort -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure explicit Web proxy settings. - fortios_web_proxy_explicit: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - web_proxy_explicit: - ftp_incoming_port: "" - ftp_over_http: "enable" - http_incoming_port: "" - https_incoming_port: "" - https_replacement_message: "enable" - incoming_ip: "" - incoming_ip6: "" - ipv6_status: "enable" - message_upon_server_error: "enable" - outgoing_ip: "" - outgoing_ip6: "" - pac_file_data: "" - pac_file_name: "" - pac_file_server_port: "" - pac_file_server_status: "enable" - pac_file_url: "" - pac_policy: - - - comments: "" - dstaddr: - - - name: "default_name_22 (source firewall.address.name firewall.addrgrp.name)" - pac_file_data: "" - pac_file_name: "" - policyid: "25" - srcaddr: - - - name: "default_name_27 (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name)" - srcaddr6: - - - name: "default_name_29 (source firewall.address6.name firewall.addrgrp6.name)" - status: "enable" - pref_dns_result: "ipv4" - realm: "" - sec_default_action: "accept" - socks: "enable" - socks_incoming_port: "" - ssl_algorithm: "low" - status: "enable" - strict_guest: "enable" - trace_auth_no_rsp: "enable" - unknown_http_version: "reject" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_web_proxy_explicit_data(json): - option_list = ['ftp_incoming_port', 'ftp_over_http', 'http_incoming_port', - 'https_incoming_port', 'https_replacement_message', 'incoming_ip', - 'incoming_ip6', 'ipv6_status', 'message_upon_server_error', - 'outgoing_ip', 'outgoing_ip6', 'pac_file_data', - 'pac_file_name', 'pac_file_server_port', 'pac_file_server_status', - 'pac_file_url', 'pac_policy', 'pref_dns_result', - 'realm', 'sec_default_action', 'socks', - 'socks_incoming_port', 'ssl_algorithm', 'status', - 'strict_guest', 'trace_auth_no_rsp', 'unknown_http_version'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def web_proxy_explicit(data, fos): - vdom = data['vdom'] - web_proxy_explicit_data = data['web_proxy_explicit'] - filtered_data = underscore_to_hyphen(filter_web_proxy_explicit_data(web_proxy_explicit_data)) - - return fos.set('web-proxy', - 'explicit', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_web_proxy(data, fos): - - if data['web_proxy_explicit']: - resp = web_proxy_explicit(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "web_proxy_explicit": { - "required": False, "type": "dict", "default": None, - "options": { - "ftp_incoming_port": {"required": False, "type": "str"}, - "ftp_over_http": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "http_incoming_port": {"required": False, "type": "str"}, - "https_incoming_port": {"required": False, "type": "str"}, - "https_replacement_message": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "incoming_ip": {"required": False, "type": "str"}, - "incoming_ip6": {"required": False, "type": "str"}, - "ipv6_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "message_upon_server_error": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "outgoing_ip": {"required": False, "type": "str"}, - "outgoing_ip6": {"required": False, "type": "str"}, - "pac_file_data": {"required": False, "type": "str"}, - "pac_file_name": {"required": False, "type": "str"}, - "pac_file_server_port": {"required": False, "type": "str"}, - "pac_file_server_status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "pac_file_url": {"required": False, "type": "str"}, - "pac_policy": {"required": False, "type": "list", - "options": { - "comments": {"required": False, "type": "str"}, - "dstaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "pac_file_data": {"required": False, "type": "str"}, - "pac_file_name": {"required": False, "type": "str"}, - "policyid": {"required": True, "type": "int"}, - "srcaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "srcaddr6": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "pref_dns_result": {"required": False, "type": "str", - "choices": ["ipv4", "ipv6"]}, - "realm": {"required": False, "type": "str"}, - "sec_default_action": {"required": False, "type": "str", - "choices": ["accept", "deny"]}, - "socks": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "socks_incoming_port": {"required": False, "type": "str"}, - "ssl_algorithm": {"required": False, "type": "str", - "choices": ["low"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "strict_guest": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "trace_auth_no_rsp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "unknown_http_version": {"required": False, "type": "str", - "choices": ["reject", "best-effort"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_web_proxy(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_web_proxy(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_web_proxy_forward_server.py b/lib/ansible/modules/network/fortios/fortios_web_proxy_forward_server.py deleted file mode 100644 index 30974558c72..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_web_proxy_forward_server.py +++ /dev/null @@ -1,373 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_web_proxy_forward_server -short_description: Configure forward-server addresses in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify web_proxy feature and forward_server category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - web_proxy_forward_server: - description: - - Configure forward-server addresses. - default: null - type: dict - suboptions: - addr_type: - description: - - "Address type of the forwarding proxy server: IP or FQDN." - type: str - choices: - - ip - - fqdn - comment: - description: - - Comment. - type: str - fqdn: - description: - - Forward server Fully Qualified Domain Name (FQDN). - type: str - healthcheck: - description: - - Enable/disable forward server health checking. Attempts to connect through the remote forwarding server to a destination to verify that - the forwarding server is operating normally. - type: str - choices: - - disable - - enable - ip: - description: - - Forward proxy server IP address. - type: str - monitor: - description: - - "URL for forward server health check monitoring ." - type: str - name: - description: - - Server name. - required: true - type: str - port: - description: - - Port number that the forwarding server expects to receive HTTP sessions on (1 - 65535). - type: int - server_down_option: - description: - - "Action to take when the forward server is found to be down: block sessions until the server is back up or pass sessions to their - destination." - type: str - choices: - - block - - pass -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure forward-server addresses. - fortios_web_proxy_forward_server: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - web_proxy_forward_server: - addr_type: "ip" - comment: "Comment." - fqdn: "" - healthcheck: "disable" - ip: "" - monitor: "" - name: "default_name_9" - port: "10" - server_down_option: "block" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_web_proxy_forward_server_data(json): - option_list = ['addr_type', 'comment', 'fqdn', - 'healthcheck', 'ip', 'monitor', - 'name', 'port', 'server_down_option'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def web_proxy_forward_server(data, fos): - vdom = data['vdom'] - state = data['state'] - web_proxy_forward_server_data = data['web_proxy_forward_server'] - filtered_data = underscore_to_hyphen(filter_web_proxy_forward_server_data(web_proxy_forward_server_data)) - - if state == "present": - return fos.set('web-proxy', - 'forward-server', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('web-proxy', - 'forward-server', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_web_proxy(data, fos): - - if data['web_proxy_forward_server']: - resp = web_proxy_forward_server(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "web_proxy_forward_server": { - "required": False, "type": "dict", "default": None, - "options": { - "addr_type": {"required": False, "type": "str", - "choices": ["ip", "fqdn"]}, - "comment": {"required": False, "type": "str"}, - "fqdn": {"required": False, "type": "str"}, - "healthcheck": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "ip": {"required": False, "type": "str"}, - "monitor": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "port": {"required": False, "type": "int"}, - "server_down_option": {"required": False, "type": "str", - "choices": ["block", "pass"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_web_proxy(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_web_proxy(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_web_proxy_forward_server_group.py b/lib/ansible/modules/network/fortios/fortios_web_proxy_forward_server_group.py deleted file mode 100644 index ab7a45e033f..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_web_proxy_forward_server_group.py +++ /dev/null @@ -1,366 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_web_proxy_forward_server_group -short_description: Configure a forward server group consisting or multiple forward servers. Supports failover and load balancing in Fortinet's FortiOS and - FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify web_proxy feature and forward_server_group category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - web_proxy_forward_server_group: - description: - - Configure a forward server group consisting or multiple forward servers. Supports failover and load balancing. - default: null - type: dict - suboptions: - affinity: - description: - - Enable/disable affinity, attaching a source-ip's traffic to the assigned forwarding server until the forward-server-affinity-timeout is - reached (under web-proxy global). - type: str - choices: - - enable - - disable - group_down_option: - description: - - "Action to take when all of the servers in the forward server group are down: block sessions until at least one server is back up or - pass sessions to their destination." - type: str - choices: - - block - - pass - ldb_method: - description: - - "Load balance method: weighted or least-session." - type: str - choices: - - weighted - - least-session - name: - description: - - Configure a forward server group consisting one or multiple forward servers. Supports failover and load balancing. - required: true - type: str - server_list: - description: - - Add web forward servers to a list to form a server group. Optionally assign weights to each server. - type: list - suboptions: - name: - description: - - Forward server name. Source web-proxy.forward-server.name. - required: true - type: str - weight: - description: - - Optionally assign a weight of the forwarding server for weighted load balancing (1 - 100) - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure a forward server group consisting or multiple forward servers. Supports failover and load balancing. - fortios_web_proxy_forward_server_group: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - web_proxy_forward_server_group: - affinity: "enable" - group_down_option: "block" - ldb_method: "weighted" - name: "default_name_6" - server_list: - - - name: "default_name_8 (source web-proxy.forward-server.name)" - weight: "9" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_web_proxy_forward_server_group_data(json): - option_list = ['affinity', 'group_down_option', 'ldb_method', - 'name', 'server_list'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def web_proxy_forward_server_group(data, fos): - vdom = data['vdom'] - state = data['state'] - web_proxy_forward_server_group_data = data['web_proxy_forward_server_group'] - filtered_data = underscore_to_hyphen(filter_web_proxy_forward_server_group_data(web_proxy_forward_server_group_data)) - - if state == "present": - return fos.set('web-proxy', - 'forward-server-group', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('web-proxy', - 'forward-server-group', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_web_proxy(data, fos): - - if data['web_proxy_forward_server_group']: - resp = web_proxy_forward_server_group(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "web_proxy_forward_server_group": { - "required": False, "type": "dict", "default": None, - "options": { - "affinity": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "group_down_option": {"required": False, "type": "str", - "choices": ["block", "pass"]}, - "ldb_method": {"required": False, "type": "str", - "choices": ["weighted", "least-session"]}, - "name": {"required": True, "type": "str"}, - "server_list": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"}, - "weight": {"required": False, "type": "int"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_web_proxy(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_web_proxy(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_web_proxy_global.py b/lib/ansible/modules/network/fortios/fortios_web_proxy_global.py deleted file mode 100644 index 008ddff7151..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_web_proxy_global.py +++ /dev/null @@ -1,431 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_web_proxy_global -short_description: Configure Web proxy global settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify web_proxy feature and global category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - web_proxy_global: - description: - - Configure Web proxy global settings. - default: null - type: dict - suboptions: - fast_policy_match: - description: - - Enable/disable fast matching algorithm for explicit and transparent proxy policy. - type: str - choices: - - enable - - disable - forward_proxy_auth: - description: - - Enable/disable forwarding proxy authentication headers. - type: str - choices: - - enable - - disable - forward_server_affinity_timeout: - description: - - Period of time before the source IP's traffic is no longer assigned to the forwarding server (6 - 60 min). - type: int - learn_client_ip: - description: - - Enable/disable learning the client's IP address from headers. - type: str - choices: - - enable - - disable - learn_client_ip_from_header: - description: - - Learn client IP address from the specified headers. - type: str - choices: - - true-client-ip - - x-real-ip - - x-forwarded-for - learn_client_ip_srcaddr: - description: - - Source address name (srcaddr or srcaddr6 must be set). - type: list - suboptions: - name: - description: - - Address name. Source firewall.address.name firewall.addrgrp.name. - required: true - type: str - learn_client_ip_srcaddr6: - description: - - IPv6 Source address name (srcaddr or srcaddr6 must be set). - type: list - suboptions: - name: - description: - - Address name. Source firewall.address6.name firewall.addrgrp6.name. - required: true - type: str - max_message_length: - description: - - Maximum length of HTTP message, not including body (16 - 256 Kbytes). - type: int - max_request_length: - description: - - Maximum length of HTTP request line (2 - 64 Kbytes). - type: int - max_waf_body_cache_length: - description: - - Maximum length of HTTP messages processed by Web Application Firewall (WAF) (10 - 1024 Kbytes). - type: int - proxy_fqdn: - description: - - Fully Qualified Domain Name (FQDN) that clients connect to to connect to the explicit web proxy. - type: str - strict_web_check: - description: - - Enable/disable strict web checking to block web sites that send incorrect headers that don't conform to HTTP 1.1. - type: str - choices: - - enable - - disable - tunnel_non_http: - description: - - Enable/disable allowing non-HTTP traffic. Allowed non-HTTP traffic is tunneled. - type: str - choices: - - enable - - disable - unknown_http_version: - description: - - "Action to take when an unknown version of HTTP is encountered: reject, allow (tunnel), or proceed with best-effort." - type: str - choices: - - reject - - tunnel - - best-effort - webproxy_profile: - description: - - Name of the web proxy profile to apply when explicit proxy traffic is allowed by default and traffic is accepted that does not match an - explicit proxy policy. Source web-proxy.profile.name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure Web proxy global settings. - fortios_web_proxy_global: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - web_proxy_global: - fast_policy_match: "enable" - forward_proxy_auth: "enable" - forward_server_affinity_timeout: "5" - learn_client_ip: "enable" - learn_client_ip_from_header: "true-client-ip" - learn_client_ip_srcaddr: - - - name: "default_name_9 (source firewall.address.name firewall.addrgrp.name)" - learn_client_ip_srcaddr6: - - - name: "default_name_11 (source firewall.address6.name firewall.addrgrp6.name)" - max_message_length: "12" - max_request_length: "13" - max_waf_body_cache_length: "14" - proxy_fqdn: "" - strict_web_check: "enable" - tunnel_non_http: "enable" - unknown_http_version: "reject" - webproxy_profile: " (source web-proxy.profile.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_web_proxy_global_data(json): - option_list = ['fast_policy_match', 'forward_proxy_auth', 'forward_server_affinity_timeout', - 'learn_client_ip', 'learn_client_ip_from_header', 'learn_client_ip_srcaddr', - 'learn_client_ip_srcaddr6', 'max_message_length', 'max_request_length', - 'max_waf_body_cache_length', 'proxy_fqdn', 'strict_web_check', - 'tunnel_non_http', 'unknown_http_version', 'webproxy_profile'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def web_proxy_global(data, fos): - vdom = data['vdom'] - web_proxy_global_data = data['web_proxy_global'] - filtered_data = underscore_to_hyphen(filter_web_proxy_global_data(web_proxy_global_data)) - - return fos.set('web-proxy', - 'global', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_web_proxy(data, fos): - - if data['web_proxy_global']: - resp = web_proxy_global(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "web_proxy_global": { - "required": False, "type": "dict", "default": None, - "options": { - "fast_policy_match": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "forward_proxy_auth": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "forward_server_affinity_timeout": {"required": False, "type": "int"}, - "learn_client_ip": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "learn_client_ip_from_header": {"required": False, "type": "str", - "choices": ["true-client-ip", "x-real-ip", "x-forwarded-for"]}, - "learn_client_ip_srcaddr": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "learn_client_ip_srcaddr6": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "max_message_length": {"required": False, "type": "int"}, - "max_request_length": {"required": False, "type": "int"}, - "max_waf_body_cache_length": {"required": False, "type": "int"}, - "proxy_fqdn": {"required": False, "type": "str"}, - "strict_web_check": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "tunnel_non_http": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "unknown_http_version": {"required": False, "type": "str", - "choices": ["reject", "tunnel", "best-effort"]}, - "webproxy_profile": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_web_proxy(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_web_proxy(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_web_proxy_profile.py b/lib/ansible/modules/network/fortios/fortios_web_proxy_profile.py deleted file mode 100644 index 6af78a097af..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_web_proxy_profile.py +++ /dev/null @@ -1,473 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_web_proxy_profile -short_description: Configure web proxy profiles in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify web_proxy feature and profile category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - web_proxy_profile: - description: - - Configure web proxy profiles. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - header_client_ip: - description: - - "Action to take on the HTTP client-IP header in forwarded requests: forwards (pass), adds, or removes the HTTP header." - type: str - choices: - - pass - - add - - remove - header_front_end_https: - description: - - "Action to take on the HTTP front-end-HTTPS header in forwarded requests: forwards (pass), adds, or removes the HTTP header." - type: str - choices: - - pass - - add - - remove - header_via_request: - description: - - "Action to take on the HTTP via header in forwarded requests: forwards (pass), adds, or removes the HTTP header." - type: str - choices: - - pass - - add - - remove - header_via_response: - description: - - "Action to take on the HTTP via header in forwarded responses: forwards (pass), adds, or removes the HTTP header." - type: str - choices: - - pass - - add - - remove - header_x_authenticated_groups: - description: - - "Action to take on the HTTP x-authenticated-groups header in forwarded requests: forwards (pass), adds, or removes the HTTP header." - type: str - choices: - - pass - - add - - remove - header_x_authenticated_user: - description: - - "Action to take on the HTTP x-authenticated-user header in forwarded requests: forwards (pass), adds, or removes the HTTP header." - type: str - choices: - - pass - - add - - remove - header_x_forwarded_for: - description: - - "Action to take on the HTTP x-forwarded-for header in forwarded requests: forwards (pass), adds, or removes the HTTP header." - type: str - choices: - - pass - - add - - remove - headers: - description: - - Configure HTTP forwarded requests headers. - type: list - suboptions: - action: - description: - - Action when HTTP the header forwarded. - type: str - choices: - - add-to-request - - add-to-response - - remove-from-request - - remove-from-response - content: - description: - - HTTP header's content. - type: str - id: - description: - - HTTP forwarded header id. - required: true - type: int - name: - description: - - HTTP forwarded header name. - type: str - log_header_change: - description: - - Enable/disable logging HTTP header changes. - type: str - choices: - - enable - - disable - name: - description: - - Profile name. - required: true - type: str - strip_encoding: - description: - - Enable/disable stripping unsupported encoding from the request header. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure web proxy profiles. - fortios_web_proxy_profile: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - web_proxy_profile: - header_client_ip: "pass" - header_front_end_https: "pass" - header_via_request: "pass" - header_via_response: "pass" - header_x_authenticated_groups: "pass" - header_x_authenticated_user: "pass" - header_x_forwarded_for: "pass" - headers: - - - action: "add-to-request" - content: "" - id: "13" - name: "default_name_14" - log_header_change: "enable" - name: "default_name_16" - strip_encoding: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_web_proxy_profile_data(json): - option_list = ['header_client_ip', 'header_front_end_https', 'header_via_request', - 'header_via_response', 'header_x_authenticated_groups', 'header_x_authenticated_user', - 'header_x_forwarded_for', 'headers', 'log_header_change', - 'name', 'strip_encoding'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def web_proxy_profile(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['web_proxy_profile'] and data['web_proxy_profile']: - state = data['web_proxy_profile']['state'] - else: - state = True - web_proxy_profile_data = data['web_proxy_profile'] - filtered_data = underscore_to_hyphen(filter_web_proxy_profile_data(web_proxy_profile_data)) - - if state == "present": - return fos.set('web-proxy', - 'profile', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('web-proxy', - 'profile', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_web_proxy(data, fos): - - if data['web_proxy_profile']: - resp = web_proxy_profile(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "web_proxy_profile": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "header_client_ip": {"required": False, "type": "str", - "choices": ["pass", "add", "remove"]}, - "header_front_end_https": {"required": False, "type": "str", - "choices": ["pass", "add", "remove"]}, - "header_via_request": {"required": False, "type": "str", - "choices": ["pass", "add", "remove"]}, - "header_via_response": {"required": False, "type": "str", - "choices": ["pass", "add", "remove"]}, - "header_x_authenticated_groups": {"required": False, "type": "str", - "choices": ["pass", "add", "remove"]}, - "header_x_authenticated_user": {"required": False, "type": "str", - "choices": ["pass", "add", "remove"]}, - "header_x_forwarded_for": {"required": False, "type": "str", - "choices": ["pass", "add", "remove"]}, - "headers": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["add-to-request", "add-to-response", "remove-from-request", - "remove-from-response"]}, - "content": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "name": {"required": False, "type": "str"} - }}, - "log_header_change": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "name": {"required": True, "type": "str"}, - "strip_encoding": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_web_proxy(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_web_proxy(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_web_proxy_url_match.py b/lib/ansible/modules/network/fortios/fortios_web_proxy_url_match.py deleted file mode 100644 index 202222eecbc..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_web_proxy_url_match.py +++ /dev/null @@ -1,348 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_web_proxy_url_match -short_description: Exempt URLs from web proxy forwarding and caching in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify web_proxy feature and url_match category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - web_proxy_url_match: - description: - - Exempt URLs from web proxy forwarding and caching. - default: null - type: dict - suboptions: - cache_exemption: - description: - - Enable/disable exempting this URL pattern from caching. - type: str - choices: - - enable - - disable - comment: - description: - - Comment. - type: str - forward_server: - description: - - Forward server name. Source web-proxy.forward-server.name web-proxy.forward-server-group.name. - type: str - name: - description: - - Configure a name for the URL to be exempted. - required: true - type: str - status: - description: - - Enable/disable exempting the URLs matching the URL pattern from web proxy forwarding and caching. - type: str - choices: - - enable - - disable - url_pattern: - description: - - URL pattern to be exempted from web proxy forwarding and caching. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Exempt URLs from web proxy forwarding and caching. - fortios_web_proxy_url_match: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - web_proxy_url_match: - cache_exemption: "enable" - comment: "Comment." - forward_server: " (source web-proxy.forward-server.name web-proxy.forward-server-group.name)" - name: "default_name_6" - status: "enable" - url_pattern: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_web_proxy_url_match_data(json): - option_list = ['cache_exemption', 'comment', 'forward_server', - 'name', 'status', 'url_pattern'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def web_proxy_url_match(data, fos): - vdom = data['vdom'] - state = data['state'] - web_proxy_url_match_data = data['web_proxy_url_match'] - filtered_data = underscore_to_hyphen(filter_web_proxy_url_match_data(web_proxy_url_match_data)) - - if state == "present": - return fos.set('web-proxy', - 'url-match', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('web-proxy', - 'url-match', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_web_proxy(data, fos): - - if data['web_proxy_url_match']: - resp = web_proxy_url_match(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "web_proxy_url_match": { - "required": False, "type": "dict", "default": None, - "options": { - "cache_exemption": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "comment": {"required": False, "type": "str"}, - "forward_server": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "url_pattern": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_web_proxy(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_web_proxy(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_web_proxy_wisp.py b/lib/ansible/modules/network/fortios/fortios_web_proxy_wisp.py deleted file mode 100644 index 4b19e15901d..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_web_proxy_wisp.py +++ /dev/null @@ -1,347 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_web_proxy_wisp -short_description: Configure Wireless Internet service provider (WISP) servers in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify web_proxy feature and wisp category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - web_proxy_wisp: - description: - - Configure Wireless Internet service provider (WISP) servers. - default: null - type: dict - suboptions: - comment: - description: - - Comment. - type: str - max_connections: - description: - - Maximum number of web proxy WISP connections (4 - 4096). - type: int - name: - description: - - Server name. - required: true - type: str - outgoing_ip: - description: - - WISP outgoing IP address. - type: str - server_ip: - description: - - WISP server IP address. - type: str - server_port: - description: - - WISP server port (1 - 65535). - type: int - timeout: - description: - - Period of time before WISP requests time out (1 - 15 sec). - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure Wireless Internet service provider (WISP) servers. - fortios_web_proxy_wisp: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - web_proxy_wisp: - comment: "Comment." - max_connections: "4" - name: "default_name_5" - outgoing_ip: "" - server_ip: "" - server_port: "8" - timeout: "9" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_web_proxy_wisp_data(json): - option_list = ['comment', 'max_connections', 'name', - 'outgoing_ip', 'server_ip', 'server_port', - 'timeout'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def web_proxy_wisp(data, fos): - vdom = data['vdom'] - state = data['state'] - web_proxy_wisp_data = data['web_proxy_wisp'] - filtered_data = underscore_to_hyphen(filter_web_proxy_wisp_data(web_proxy_wisp_data)) - - if state == "present": - return fos.set('web-proxy', - 'wisp', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('web-proxy', - 'wisp', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_web_proxy(data, fos): - - if data['web_proxy_wisp']: - resp = web_proxy_wisp(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "web_proxy_wisp": { - "required": False, "type": "dict", "default": None, - "options": { - "comment": {"required": False, "type": "str"}, - "max_connections": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "outgoing_ip": {"required": False, "type": "str"}, - "server_ip": {"required": False, "type": "str"}, - "server_port": {"required": False, "type": "int"}, - "timeout": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_web_proxy(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_web_proxy(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_webfilter.py b/lib/ansible/modules/network/fortios/fortios_webfilter.py deleted file mode 100644 index 84000dc2802..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_webfilter.py +++ /dev/null @@ -1,530 +0,0 @@ -#!/usr/bin/python - -# Copyright: (c) 2018, Fortinet, Inc. -# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) - -from __future__ import (absolute_import, division, print_function) - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_webfilter -short_description: Configure webfilter capabilities of FortiGate and FortiOS. -description: - - This module is able to configure a FortiGate or FortiOS by - allowing the user to configure webfilter feature. For now it - is able to handle url and content filtering capabilities. The - module uses FortiGate REST API internally to configure the device. - -version_added: "2.6" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate ip address. - required: true - username: - description: - - FortiOS or FortiGate username. - required: true - password: - description: - - FortiOS or FortiGate password. - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - default: "root" - webfilter_url: - description: - - Container for a group of url entries that the FortiGate - must act upon - suboptions: - id: - description: - - Id of URL filter list. - required: true - name: - description: - - Name of URL filter list. - required: true - comment: - description: - - Optional comments. - one-arm-ips-urlfilter: - description: - - Enable/disable DNS resolver for one-arm IPS URL filter operation. - choices: - - enable - - disable - default: disable - ip-addr-block: - description: - - Enable/disable blocking URLs when the hostname appears as an IP address. - choices: - - enable - - disable - default: disable - entries: - description: - - URL filter entries. - default: [] - suboptions: - id: - description: - - Id of URL. - required: true - url: - description: - - URL to be filtered. - required: true - type: - description: - - Filter type (simple, regex, or wildcard). - required: true - choices: - - simple - - regex - - wildcard - action: - description: - - Action to take for URL filter matches. - required: true - choices: - - exempt - - block - - allow - - monitor - status: - description: - - Enable/disable this URL filter. - required: true - choices: - - enable - - disable - exempt: - description: - - If action is set to exempt, select the security profile - operations that exempt URLs skip. Separate multiple - options with a space. - required: true - choices: - - av - - web-content - - activex-java-cookie - - dlp - - fortiguard - - range-block - - pass - - all - web-proxy-profile: - description: - - Web proxy profile. - required: true - referrer-host: - description: - - Referrer host name. - required: true - state: - description: - - Configures the intended state of this object on the FortiGate. - When this value is set to I(present), the object is configured - on the device and when this value is set to I(absent) the - object is removed from the device. - required: true - choices: - - absent - - present - webfilter_content: - description: - - Container for a group of content-filtering entries that - the FortiGate must act upon - suboptions: - id: - description: - - Id of content-filter list. - required: true - name: - description: - - Name of content-filter list. - comment: - description: - - Optional comments. - entries: - description: - - Content filter entries. - default: [] - suboptions: - name: - description: - - Banned word. - required: true - pattern-type: - description: - - Banned word pattern type. It can be a wildcard pattern or Perl regular expression. - required: true - choices: - - wildcard - - regexp - status: - description: - - Enable/disable banned word. - required: true - choices: - - enable - - disable - lang: - description: - - Language of banned word. - required: true - choices: - - western - - simch - - trach - - japanese - - korean - - french - - thai - - spanish - - cyrillic - score: - description: - - Score, to be applied every time the word appears on a web page. - required: true - action: - description: - - Block or exempt word when a match is found. - required: true - choices: - - block - - exempt - state: - description: - - Configures the intended state of this object on the FortiGate. - When this value is set to I(present), the object is configured - on the device and when this value is set to I(absent) the - object is removed from the device. - required: true - choices: - - absent - - present -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - tasks: - - name: Configure url to be filtered by fortigate - fortios_webfilter: - host: "{{ host }}" - username: "{{ username}}" - password: "{{ password }}" - vdom: "{{ vdom }}" - webfilter_url: - state: "present" - id: "1" - name: "default" - comment: "mycomment" - one-arm-ips-url-filter: "disable" - ip-addr-block: "disable" - entries: - - id: "1" - url: "www.test1.com" - type: "simple" - action: "exempt" - status: "enable" - exempt: "pass" - web-proxy-profile: "" - referrrer-host: "" - - id: "2" - url: "www.test2.com" - type: "simple" - action: "exempt" - status: "enable" - exempt: "pass" - web-proxy-profile: "" - referrrer-host: "" - - -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - tasks: - - name: Configure web content filtering in fortigate - fortios_webfilter: - host: "{{ host }}" - username: "{{ username}}" - password: "{{ password }}" - vdom: "{{ vdom }}" - webfilter_content: - id: "1" - name: "default" - comment: "" - entries: - - name: "1" - pattern-type: "www.test45.com" - status: "enable" - lang: "western" - score: 40 - action: "block" - - name: "2" - pattern-type: "www.test46.com" - status: "enable" - lang: "western" - score: 42 - action: "block" - state: "present" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "key1" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule - -fos = None - - -def login(data): - host = data['host'] - username = data['username'] - password = data['password'] - - fos.debug('on') - fos.https('off') - - fos.login(host, username, password) - - -def filter_wf_url_data(json): - option_list = ['id', 'name', 'comment', - 'one-arm-ips-urlfilter', - 'ip-addr-block', 'entries'] - dictionary = {} - - for attribute in option_list: - if attribute in json: - dictionary[attribute] = json[attribute] - - return dictionary - - -def filter_wf_content_data(json): - option_list = ['id', 'name', 'comment', - 'entries'] - dictionary = {} - - for attribute in option_list: - if attribute in json: - dictionary[attribute] = json[attribute] - - return dictionary - - -def webfilter_url(data, fos): - vdom = data['vdom'] - wf_url_data = data['webfilter_url'] - url_data = filter_wf_url_data(wf_url_data) - - if wf_url_data['state'] == "present": - return fos.set('webfilter', - 'urlfilter', - data=url_data, - vdom=vdom) - - elif wf_url_data['state'] == "absent": - return fos.delete('webfilter', - 'urlfilter', - mkey=url_data['id'], - vdom=vdom) - - -def webfilter_content(data, fos): - vdom = data['vdom'] - wf_content_data = data['webfilter_content'] - content_data = filter_wf_content_data(wf_content_data) - - if wf_content_data['state'] == "present": - return fos.set('webfilter', - 'content', - data=content_data, - vdom=vdom) - - elif wf_content_data['state'] == "absent": - return fos.delete('webfilter', - 'content', - mkey=content_data['id'], - vdom=vdom) - - -def fortios_webfilter(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - fos.https('off') - fos.login(host, username, password) - - methodlist = ['webfilter_url', 'webfilter_content', 'webfilter_profile'] - for method in methodlist: - if data[method]: - resp = eval(method)(data, fos) - break - - fos.logout() - return not resp['status'] == "success", resp['status'] == "success", resp - - -def main(): - fields = { - "host": {"required": True, "type": "str"}, - "username": {"required": True, "type": "str"}, - "password": {"required": False, "type": "str", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "webfilter_url": { - "required": False, "type": "dict", - "options": { - "state": {"required": True, "type": "str"}, - "id": {"required": True, "type": "str"}, - "name": {"required": True, "type": "str"}, - "comment": {"required": False, "type": "str", "default": ""}, - "one-arm-ips-urlfilter": {"required": False, "type": "str", "default": "disable", - "choices": ["enable", "disable"]}, - "ip-addr-block": {"required": False, "type": "str", "default": "disable", - "choices": ["enable", "disable"]}, - "entries": { - "required": False, "type": "list", "default": [], - "options": { - "id": {"required": True, "type": "integer"}, - "url": {"required": True, "type": "string"}, - "type": {"required": True, "type": "string", "choices": ["simple", "regex", "wildcard"]}, - "action": {"required": True, "type": "string", - "choices": ["exempt", "block", "allow", "monitor"]}, - "status": {"required": True, "type": "string", "choices": ["enable", "disable"]}, - "exempt": {"required": True, "type": "string", - "choices": ["av", "web-content", "activex-java-cookie", "dlp", "fortiguard", - "range-block", "pass", "all"]}, - "web-proxy-profile": {"required": True, "type": "string"}, - "referrer-host": {"required": True, "type": "string"} - } - } - } - }, - "webfilter_content": { - "required": False, "type": "dict", - "options": { - "state": {"required": True, "type": "str"}, - "id": {"required": True, "type": "str"}, - "name": {"required": True, "type": "str"}, - "comment": {"required": False, "type": "str", "default": ""}, - "entries": { - "required": False, "type": "list", "default": [], - "options": { - "name": {"required": True, "type": "string"}, - "pattern-type": {"required": True, "type": "string", "choices": ["wildcard", "regexp"]}, - "status": {"required": True, "type": "string", "choices": ["enable", "disable"]}, - "lang": {"required": True, "type": "string", - "choices": ["western", "simch", "trach", "japanese", "korean", "french", "thai", - "spanish", "cyrillic"]}, - "score": {"required": True, "type": "integer"}, - "action": {"required": True, "type": "string", "choices": ["block", "exempt"]}, - } - } - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - is_error, has_changed, result = fortios_webfilter(module.params, fos) - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_webfilter_content.py b/lib/ansible/modules/network/fortios/fortios_webfilter_content.py deleted file mode 100644 index 3b9cda9e281..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_webfilter_content.py +++ /dev/null @@ -1,416 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_webfilter_content -short_description: Configure Web filter banned word table in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify webfilter feature and content category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - webfilter_content: - description: - - Configure Web filter banned word table. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - comment: - description: - - Optional comments. - type: str - entries: - description: - - Configure banned word entries. - type: list - suboptions: - action: - description: - - Block or exempt word when a match is found. - type: str - choices: - - block - - exempt - lang: - description: - - Language of banned word. - type: str - choices: - - western - - simch - - trach - - japanese - - korean - - french - - thai - - spanish - - cyrillic - name: - description: - - Banned word. - required: true - type: str - pattern_type: - description: - - "Banned word pattern type: wildcard pattern or Perl regular expression." - type: str - choices: - - wildcard - - regexp - score: - description: - - Score, to be applied every time the word appears on a web page (0 - 4294967295). - type: int - status: - description: - - Enable/disable banned word. - type: str - choices: - - enable - - disable - id: - description: - - ID. - required: true - type: int - name: - description: - - Name of table. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure Web filter banned word table. - fortios_webfilter_content: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - webfilter_content: - comment: "Optional comments." - entries: - - - action: "block" - lang: "western" - name: "default_name_7" - pattern_type: "wildcard" - score: "9" - status: "enable" - id: "11" - name: "default_name_12" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_webfilter_content_data(json): - option_list = ['comment', 'entries', 'id', - 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def webfilter_content(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['webfilter_content'] and data['webfilter_content']: - state = data['webfilter_content']['state'] - else: - state = True - webfilter_content_data = data['webfilter_content'] - filtered_data = underscore_to_hyphen(filter_webfilter_content_data(webfilter_content_data)) - - if state == "present": - return fos.set('webfilter', - 'content', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('webfilter', - 'content', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_webfilter(data, fos): - - if data['webfilter_content']: - resp = webfilter_content(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "webfilter_content": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "comment": {"required": False, "type": "str"}, - "entries": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["block", "exempt"]}, - "lang": {"required": False, "type": "str", - "choices": ["western", "simch", "trach", - "japanese", "korean", "french", - "thai", "spanish", "cyrillic"]}, - "name": {"required": True, "type": "str"}, - "pattern_type": {"required": False, "type": "str", - "choices": ["wildcard", "regexp"]}, - "score": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "id": {"required": True, "type": "int"}, - "name": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_webfilter(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_webfilter(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_webfilter_content_header.py b/lib/ansible/modules/network/fortios/fortios_webfilter_content_header.py deleted file mode 100644 index fc8078fc7d8..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_webfilter_content_header.py +++ /dev/null @@ -1,378 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_webfilter_content_header -short_description: Configure content types used by Web filter in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify webfilter feature and content_header category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - webfilter_content_header: - description: - - Configure content types used by Web filter. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - comment: - description: - - Optional comments. - type: str - entries: - description: - - Configure content types used by web filter. - type: list - suboptions: - action: - description: - - Action to take for this content type. - type: str - choices: - - block - - allow - - exempt - category: - description: - - Categories that this content type applies to. - type: str - pattern: - description: - - Content type (regular expression). - required: true - type: str - id: - description: - - ID. - required: true - type: int - name: - description: - - Name of table. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure content types used by Web filter. - fortios_webfilter_content_header: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - webfilter_content_header: - comment: "Optional comments." - entries: - - - action: "block" - category: "" - pattern: "" - id: "8" - name: "default_name_9" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_webfilter_content_header_data(json): - option_list = ['comment', 'entries', 'id', - 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def webfilter_content_header(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['webfilter_content_header'] and data['webfilter_content_header']: - state = data['webfilter_content_header']['state'] - else: - state = True - webfilter_content_header_data = data['webfilter_content_header'] - filtered_data = underscore_to_hyphen(filter_webfilter_content_header_data(webfilter_content_header_data)) - - if state == "present": - return fos.set('webfilter', - 'content-header', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('webfilter', - 'content-header', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_webfilter(data, fos): - - if data['webfilter_content_header']: - resp = webfilter_content_header(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "webfilter_content_header": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "comment": {"required": False, "type": "str"}, - "entries": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["block", "allow", "exempt"]}, - "category": {"required": False, "type": "str"}, - "pattern": {"required": True, "type": "str"} - }}, - "id": {"required": True, "type": "int"}, - "name": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_webfilter(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_webfilter(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_webfilter_fortiguard.py b/lib/ansible/modules/network/fortios/fortios_webfilter_fortiguard.py deleted file mode 100644 index 0180df88d28..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_webfilter_fortiguard.py +++ /dev/null @@ -1,373 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_webfilter_fortiguard -short_description: Configure FortiGuard Web Filter service in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify webfilter feature and fortiguard category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - webfilter_fortiguard: - description: - - Configure FortiGuard Web Filter service. - default: null - type: dict - suboptions: - cache_mem_percent: - description: - - Maximum percentage of available memory allocated to caching (1 - 15%). - type: int - cache_mode: - description: - - Cache entry expiration mode. - type: str - choices: - - ttl - - db-ver - cache_prefix_match: - description: - - Enable/disable prefix matching in the cache. - type: str - choices: - - enable - - disable - close_ports: - description: - - Close ports used for HTTP/HTTPS override authentication and disable user overrides. - type: str - choices: - - enable - - disable - ovrd_auth_https: - description: - - Enable/disable use of HTTPS for override authentication. - type: str - choices: - - enable - - disable - ovrd_auth_port: - description: - - Port to use for FortiGuard Web Filter override authentication. - type: int - ovrd_auth_port_http: - description: - - Port to use for FortiGuard Web Filter HTTP override authentication - type: int - ovrd_auth_port_https: - description: - - Port to use for FortiGuard Web Filter HTTPS override authentication. - type: int - ovrd_auth_port_warning: - description: - - Port to use for FortiGuard Web Filter Warning override authentication. - type: int - request_packet_size_limit: - description: - - Limit size of URL request packets sent to FortiGuard server (0 for default). - type: int - warn_auth_https: - description: - - Enable/disable use of HTTPS for warning and authentication. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiGuard Web Filter service. - fortios_webfilter_fortiguard: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - webfilter_fortiguard: - cache_mem_percent: "3" - cache_mode: "ttl" - cache_prefix_match: "enable" - close_ports: "enable" - ovrd_auth_https: "enable" - ovrd_auth_port: "8" - ovrd_auth_port_http: "9" - ovrd_auth_port_https: "10" - ovrd_auth_port_warning: "11" - request_packet_size_limit: "12" - warn_auth_https: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_webfilter_fortiguard_data(json): - option_list = ['cache_mem_percent', 'cache_mode', 'cache_prefix_match', - 'close_ports', 'ovrd_auth_https', 'ovrd_auth_port', - 'ovrd_auth_port_http', 'ovrd_auth_port_https', 'ovrd_auth_port_warning', - 'request_packet_size_limit', 'warn_auth_https'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def webfilter_fortiguard(data, fos): - vdom = data['vdom'] - webfilter_fortiguard_data = data['webfilter_fortiguard'] - filtered_data = underscore_to_hyphen(filter_webfilter_fortiguard_data(webfilter_fortiguard_data)) - - return fos.set('webfilter', - 'fortiguard', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_webfilter(data, fos): - - if data['webfilter_fortiguard']: - resp = webfilter_fortiguard(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "webfilter_fortiguard": { - "required": False, "type": "dict", "default": None, - "options": { - "cache_mem_percent": {"required": False, "type": "int"}, - "cache_mode": {"required": False, "type": "str", - "choices": ["ttl", "db-ver"]}, - "cache_prefix_match": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "close_ports": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ovrd_auth_https": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ovrd_auth_port": {"required": False, "type": "int"}, - "ovrd_auth_port_http": {"required": False, "type": "int"}, - "ovrd_auth_port_https": {"required": False, "type": "int"}, - "ovrd_auth_port_warning": {"required": False, "type": "int"}, - "request_packet_size_limit": {"required": False, "type": "int"}, - "warn_auth_https": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_webfilter(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_webfilter(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_webfilter_ftgd_local_cat.py b/lib/ansible/modules/network/fortios/fortios_webfilter_ftgd_local_cat.py deleted file mode 100644 index 4153577d213..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_webfilter_ftgd_local_cat.py +++ /dev/null @@ -1,347 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_webfilter_ftgd_local_cat -short_description: Configure FortiGuard Web Filter local categories in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify webfilter feature and ftgd_local_cat category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - webfilter_ftgd_local_cat: - description: - - Configure FortiGuard Web Filter local categories. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - desc: - description: - - Local category description. - required: true - type: str - id: - description: - - Local category ID. - type: int - status: - description: - - Enable/disable the local category. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiGuard Web Filter local categories. - fortios_webfilter_ftgd_local_cat: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - webfilter_ftgd_local_cat: - desc: "" - id: "4" - status: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_webfilter_ftgd_local_cat_data(json): - option_list = ['desc', 'id', 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def webfilter_ftgd_local_cat(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['webfilter_ftgd_local_cat'] and data['webfilter_ftgd_local_cat']: - state = data['webfilter_ftgd_local_cat']['state'] - else: - state = True - webfilter_ftgd_local_cat_data = data['webfilter_ftgd_local_cat'] - filtered_data = underscore_to_hyphen(filter_webfilter_ftgd_local_cat_data(webfilter_ftgd_local_cat_data)) - - if state == "present": - return fos.set('webfilter', - 'ftgd-local-cat', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('webfilter', - 'ftgd-local-cat', - mkey=filtered_data['desc'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_webfilter(data, fos): - - if data['webfilter_ftgd_local_cat']: - resp = webfilter_ftgd_local_cat(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "webfilter_ftgd_local_cat": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "desc": {"required": True, "type": "str"}, - "id": {"required": False, "type": "int"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_webfilter(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_webfilter(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_webfilter_ftgd_local_rating.py b/lib/ansible/modules/network/fortios/fortios_webfilter_ftgd_local_rating.py deleted file mode 100644 index 5b985251fba..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_webfilter_ftgd_local_rating.py +++ /dev/null @@ -1,347 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_webfilter_ftgd_local_rating -short_description: Configure local FortiGuard Web Filter local ratings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify webfilter feature and ftgd_local_rating category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - webfilter_ftgd_local_rating: - description: - - Configure local FortiGuard Web Filter local ratings. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - rating: - description: - - Local rating. - type: str - status: - description: - - Enable/disable local rating. - type: str - choices: - - enable - - disable - url: - description: - - URL to rate locally. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure local FortiGuard Web Filter local ratings. - fortios_webfilter_ftgd_local_rating: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - webfilter_ftgd_local_rating: - rating: "" - status: "enable" - url: "myurl.com" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_webfilter_ftgd_local_rating_data(json): - option_list = ['rating', 'status', 'url'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def webfilter_ftgd_local_rating(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['webfilter_ftgd_local_rating'] and data['webfilter_ftgd_local_rating']: - state = data['webfilter_ftgd_local_rating']['state'] - else: - state = True - webfilter_ftgd_local_rating_data = data['webfilter_ftgd_local_rating'] - filtered_data = underscore_to_hyphen(filter_webfilter_ftgd_local_rating_data(webfilter_ftgd_local_rating_data)) - - if state == "present": - return fos.set('webfilter', - 'ftgd-local-rating', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('webfilter', - 'ftgd-local-rating', - mkey=filtered_data['url'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_webfilter(data, fos): - - if data['webfilter_ftgd_local_rating']: - resp = webfilter_ftgd_local_rating(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "webfilter_ftgd_local_rating": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "rating": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "url": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_webfilter(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_webfilter(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_webfilter_ips_urlfilter_cache_setting.py b/lib/ansible/modules/network/fortios/fortios_webfilter_ips_urlfilter_cache_setting.py deleted file mode 100644 index 156fe2c9de7..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_webfilter_ips_urlfilter_cache_setting.py +++ /dev/null @@ -1,296 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_webfilter_ips_urlfilter_cache_setting -short_description: Configure IPS URL filter cache settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify webfilter feature and ips_urlfilter_cache_setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - webfilter_ips_urlfilter_cache_setting: - description: - - Configure IPS URL filter cache settings. - default: null - type: dict - suboptions: - dns_retry_interval: - description: - - Retry interval. Refresh DNS faster than TTL to capture multiple IPs for hosts. 0 means use DNS server's TTL only. - type: int - extended_ttl: - description: - - Extend time to live beyond reported by DNS. 0 means use DNS server's TTL - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPS URL filter cache settings. - fortios_webfilter_ips_urlfilter_cache_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - webfilter_ips_urlfilter_cache_setting: - dns_retry_interval: "3" - extended_ttl: "4" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_webfilter_ips_urlfilter_cache_setting_data(json): - option_list = ['dns_retry_interval', 'extended_ttl'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def webfilter_ips_urlfilter_cache_setting(data, fos): - vdom = data['vdom'] - webfilter_ips_urlfilter_cache_setting_data = data['webfilter_ips_urlfilter_cache_setting'] - filtered_data = underscore_to_hyphen(filter_webfilter_ips_urlfilter_cache_setting_data(webfilter_ips_urlfilter_cache_setting_data)) - - return fos.set('webfilter', - 'ips-urlfilter-cache-setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_webfilter(data, fos): - - if data['webfilter_ips_urlfilter_cache_setting']: - resp = webfilter_ips_urlfilter_cache_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "webfilter_ips_urlfilter_cache_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "dns_retry_interval": {"required": False, "type": "int"}, - "extended_ttl": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_webfilter(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_webfilter(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_webfilter_ips_urlfilter_setting.py b/lib/ansible/modules/network/fortios/fortios_webfilter_ips_urlfilter_setting.py deleted file mode 100644 index c8dfdc57975..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_webfilter_ips_urlfilter_setting.py +++ /dev/null @@ -1,309 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_webfilter_ips_urlfilter_setting -short_description: Configure IPS URL filter settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify webfilter feature and ips_urlfilter_setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - webfilter_ips_urlfilter_setting: - description: - - Configure IPS URL filter settings. - default: null - type: dict - suboptions: - device: - description: - - Interface for this route. Source system.interface.name. - type: str - distance: - description: - - Administrative distance (1 - 255) for this route. - type: int - gateway: - description: - - Gateway IP address for this route. - type: str - geo_filter: - description: - - Filter based on geographical location. Route will NOT be installed if the resolved IP address belongs to the country in the filter. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPS URL filter settings. - fortios_webfilter_ips_urlfilter_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - webfilter_ips_urlfilter_setting: - device: " (source system.interface.name)" - distance: "4" - gateway: "" - geo_filter: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_webfilter_ips_urlfilter_setting_data(json): - option_list = ['device', 'distance', 'gateway', - 'geo_filter'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def webfilter_ips_urlfilter_setting(data, fos): - vdom = data['vdom'] - webfilter_ips_urlfilter_setting_data = data['webfilter_ips_urlfilter_setting'] - filtered_data = underscore_to_hyphen(filter_webfilter_ips_urlfilter_setting_data(webfilter_ips_urlfilter_setting_data)) - - return fos.set('webfilter', - 'ips-urlfilter-setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_webfilter(data, fos): - - if data['webfilter_ips_urlfilter_setting']: - resp = webfilter_ips_urlfilter_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "webfilter_ips_urlfilter_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "device": {"required": False, "type": "str"}, - "distance": {"required": False, "type": "int"}, - "gateway": {"required": False, "type": "str"}, - "geo_filter": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_webfilter(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_webfilter(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_webfilter_ips_urlfilter_setting6.py b/lib/ansible/modules/network/fortios/fortios_webfilter_ips_urlfilter_setting6.py deleted file mode 100644 index a65b13fc34a..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_webfilter_ips_urlfilter_setting6.py +++ /dev/null @@ -1,309 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_webfilter_ips_urlfilter_setting6 -short_description: Configure IPS URL filter settings for IPv6 in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify webfilter feature and ips_urlfilter_setting6 category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - webfilter_ips_urlfilter_setting6: - description: - - Configure IPS URL filter settings for IPv6. - default: null - type: dict - suboptions: - device: - description: - - Interface for this route. Source system.interface.name. - type: str - distance: - description: - - Administrative distance (1 - 255) for this route. - type: int - gateway6: - description: - - Gateway IPv6 address for this route. - type: str - geo_filter: - description: - - Filter based on geographical location. Route will NOT be installed if the resolved IPv6 address belongs to the country in the filter. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IPS URL filter settings for IPv6. - fortios_webfilter_ips_urlfilter_setting6: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - webfilter_ips_urlfilter_setting6: - device: " (source system.interface.name)" - distance: "4" - gateway6: "" - geo_filter: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_webfilter_ips_urlfilter_setting6_data(json): - option_list = ['device', 'distance', 'gateway6', - 'geo_filter'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def webfilter_ips_urlfilter_setting6(data, fos): - vdom = data['vdom'] - webfilter_ips_urlfilter_setting6_data = data['webfilter_ips_urlfilter_setting6'] - filtered_data = underscore_to_hyphen(filter_webfilter_ips_urlfilter_setting6_data(webfilter_ips_urlfilter_setting6_data)) - - return fos.set('webfilter', - 'ips-urlfilter-setting6', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_webfilter(data, fos): - - if data['webfilter_ips_urlfilter_setting6']: - resp = webfilter_ips_urlfilter_setting6(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "webfilter_ips_urlfilter_setting6": { - "required": False, "type": "dict", "default": None, - "options": { - "device": {"required": False, "type": "str"}, - "distance": {"required": False, "type": "int"}, - "gateway6": {"required": False, "type": "str"}, - "geo_filter": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_webfilter(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_webfilter(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_webfilter_override.py b/lib/ansible/modules/network/fortios/fortios_webfilter_override.py deleted file mode 100644 index 3907d1c90b0..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_webfilter_override.py +++ /dev/null @@ -1,405 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_webfilter_override -short_description: Configure FortiGuard Web Filter administrative overrides in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify webfilter feature and override category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - webfilter_override: - description: - - Configure FortiGuard Web Filter administrative overrides. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - expires: - description: - - "Override expiration date and time, from 5 minutes to 365 from now (format: yyyy/mm/dd hh:mm:ss)." - type: str - id: - description: - - Override rule ID. - required: true - type: int - initiator: - description: - - Initiating user of override (read-only setting). - type: str - ip: - description: - - IPv4 address which the override applies. - type: str - ip6: - description: - - IPv6 address which the override applies. - type: str - new_profile: - description: - - Name of the new web filter profile used by the override. Source webfilter.profile.name. - type: str - old_profile: - description: - - Name of the web filter profile which the override applies. Source webfilter.profile.name. - type: str - scope: - description: - - Override either the specific user, user group, IPv4 address, or IPv6 address. - type: str - choices: - - user - - user-group - - ip - - ip6 - status: - description: - - Enable/disable override rule. - type: str - choices: - - enable - - disable - user: - description: - - Name of the user which the override applies. - type: str - user_group: - description: - - Specify the user group for which the override applies. Source user.group.name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure FortiGuard Web Filter administrative overrides. - fortios_webfilter_override: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - webfilter_override: - expires: "" - id: "4" - initiator: "" - ip: "" - ip6: "" - new_profile: " (source webfilter.profile.name)" - old_profile: " (source webfilter.profile.name)" - scope: "user" - status: "enable" - user: "" - user_group: " (source user.group.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_webfilter_override_data(json): - option_list = ['expires', 'id', 'initiator', - 'ip', 'ip6', 'new_profile', - 'old_profile', 'scope', 'status', - 'user', 'user_group'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def webfilter_override(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['webfilter_override'] and data['webfilter_override']: - state = data['webfilter_override']['state'] - else: - state = True - webfilter_override_data = data['webfilter_override'] - filtered_data = underscore_to_hyphen(filter_webfilter_override_data(webfilter_override_data)) - - if state == "present": - return fos.set('webfilter', - 'override', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('webfilter', - 'override', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_webfilter(data, fos): - - if data['webfilter_override']: - resp = webfilter_override(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "webfilter_override": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "expires": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "initiator": {"required": False, "type": "str"}, - "ip": {"required": False, "type": "str"}, - "ip6": {"required": False, "type": "str"}, - "new_profile": {"required": False, "type": "str"}, - "old_profile": {"required": False, "type": "str"}, - "scope": {"required": False, "type": "str", - "choices": ["user", "user-group", "ip", - "ip6"]}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "user": {"required": False, "type": "str"}, - "user_group": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_webfilter(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_webfilter(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_webfilter_profile.py b/lib/ansible/modules/network/fortios/fortios_webfilter_profile.py deleted file mode 100644 index 1b53663fea2..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_webfilter_profile.py +++ /dev/null @@ -1,1153 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_webfilter_profile -short_description: Configure Web filter profiles in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify webfilter feature and profile category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - webfilter_profile: - description: - - Configure Web filter profiles. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - comment: - description: - - Optional comments. - type: str - extended_log: - description: - - Enable/disable extended logging for web filtering. - type: str - choices: - - enable - - disable - ftgd_wf: - description: - - FortiGuard Web Filter settings. - type: dict - suboptions: - exempt_quota: - description: - - Do not stop quota for these categories. - type: str - filters: - description: - - FortiGuard filters. - type: list - suboptions: - action: - description: - - Action to take for matches. - type: str - choices: - - block - - authenticate - - monitor - - warning - auth_usr_grp: - description: - - Groups with permission to authenticate. - type: str - suboptions: - name: - description: - - User group name. Source user.group.name. - required: true - type: str - category: - description: - - Categories and groups the filter examines. - type: int - id: - description: - - ID number. - required: true - type: int - log: - description: - - Enable/disable logging. - type: str - choices: - - enable - - disable - override_replacemsg: - description: - - Override replacement message. - type: str - warn_duration: - description: - - Duration of warnings. - type: str - warning_duration_type: - description: - - Re-display warning after closing browser or after a timeout. - type: str - choices: - - session - - timeout - warning_prompt: - description: - - Warning prompts in each category or each domain. - type: str - choices: - - per-domain - - per-category - max_quota_timeout: - description: - - Maximum FortiGuard quota used by single page view in seconds (excludes streams). - type: int - options: - description: - - Options for FortiGuard Web Filter. - type: str - choices: - - error-allow - - rate-server-ip - - connect-request-bypass - - ftgd-disable - ovrd: - description: - - Allow web filter profile overrides. - type: str - quota: - description: - - FortiGuard traffic quota settings. - type: list - suboptions: - category: - description: - - FortiGuard categories to apply quota to (category action must be set to monitor). - type: str - duration: - description: - - Duration of quota. - type: str - id: - description: - - ID number. - required: true - type: int - override_replacemsg: - description: - - Override replacement message. - type: str - type: - description: - - Quota type. - type: str - choices: - - time - - traffic - unit: - description: - - Traffic quota unit of measurement. - type: str - choices: - - B - - KB - - MB - - GB - value: - description: - - Traffic quota value. - type: int - rate_crl_urls: - description: - - Enable/disable rating CRL by URL. - type: str - choices: - - disable - - enable - rate_css_urls: - description: - - Enable/disable rating CSS by URL. - type: str - choices: - - disable - - enable - rate_image_urls: - description: - - Enable/disable rating images by URL. - type: str - choices: - - disable - - enable - rate_javascript_urls: - description: - - Enable/disable rating JavaScript by URL. - type: str - choices: - - disable - - enable - https_replacemsg: - description: - - Enable replacement messages for HTTPS. - type: str - choices: - - enable - - disable - inspection_mode: - description: - - Web filtering inspection mode. - type: str - choices: - - proxy - - flow-based - log_all_url: - description: - - Enable/disable logging all URLs visited. - type: str - choices: - - enable - - disable - name: - description: - - Profile name. - required: true - type: str - options: - description: - - Options. - type: str - choices: - - activexfilter - - cookiefilter - - javafilter - - block-invalid-url - - jscript - - js - - vbs - - unknown - - intrinsic - - wf-referer - - wf-cookie - - per-user-bwl - override: - description: - - Web Filter override settings. - type: dict - suboptions: - ovrd_cookie: - description: - - Allow/deny browser-based (cookie) overrides. - type: str - choices: - - allow - - deny - ovrd_dur: - description: - - Override duration. - type: str - ovrd_dur_mode: - description: - - Override duration mode. - type: str - choices: - - constant - - ask - ovrd_scope: - description: - - Override scope. - type: str - choices: - - user - - user-group - - ip - - browser - - ask - ovrd_user_group: - description: - - User groups with permission to use the override. - type: str - suboptions: - name: - description: - - User group name. Source user.group.name. - required: true - type: str - profile: - description: - - Web filter profile with permission to create overrides. - type: list - suboptions: - name: - description: - - Web profile. Source webfilter.profile.name. - required: true - type: str - profile_attribute: - description: - - Profile attribute to retrieve from the RADIUS server. - type: str - choices: - - User-Name - - NAS-IP-Address - - Framed-IP-Address - - Framed-IP-Netmask - - Filter-Id - - Login-IP-Host - - Reply-Message - - Callback-Number - - Callback-Id - - Framed-Route - - Framed-IPX-Network - - Class - - Called-Station-Id - - Calling-Station-Id - - NAS-Identifier - - Proxy-State - - Login-LAT-Service - - Login-LAT-Node - - Login-LAT-Group - - Framed-AppleTalk-Zone - - Acct-Session-Id - - Acct-Multi-Session-Id - profile_type: - description: - - Override profile type. - type: str - choices: - - list - - radius - ovrd_perm: - description: - - Permitted override types. - type: str - choices: - - bannedword-override - - urlfilter-override - - fortiguard-wf-override - - contenttype-check-override - post_action: - description: - - Action taken for HTTP POST traffic. - type: str - choices: - - normal - - block - replacemsg_group: - description: - - Replacement message group. Source system.replacemsg-group.name. - type: str - web: - description: - - Web content filtering settings. - type: dict - suboptions: - blacklist: - description: - - Enable/disable automatic addition of URLs detected by FortiSandbox to blacklist. - type: str - choices: - - enable - - disable - bword_table: - description: - - Banned word table ID. Source webfilter.content.id. - type: int - bword_threshold: - description: - - Banned word score threshold. - type: int - content_header_list: - description: - - Content header list. Source webfilter.content-header.id. - type: int - keyword_match: - description: - - Search keywords to log when match is found. - type: str - suboptions: - pattern: - description: - - Pattern/keyword to search for. - required: true - type: str - log_search: - description: - - Enable/disable logging all search phrases. - type: str - choices: - - enable - - disable - safe_search: - description: - - Safe search type. - type: str - choices: - - url - - header - urlfilter_table: - description: - - URL filter table ID. Source webfilter.urlfilter.id. - type: int - whitelist: - description: - - FortiGuard whitelist settings. - type: str - choices: - - exempt-av - - exempt-webcontent - - exempt-activex-java-cookie - - exempt-dlp - - exempt-rangeblock - - extended-log-others - youtube_restrict: - description: - - YouTube EDU filter level. - type: str - choices: - - none - - strict - - moderate - web_content_log: - description: - - Enable/disable logging logging blocked web content. - type: str - choices: - - enable - - disable - web_extended_all_action_log: - description: - - Enable/disable extended any filter action logging for web filtering. - type: str - choices: - - enable - - disable - web_filter_activex_log: - description: - - Enable/disable logging ActiveX. - type: str - choices: - - enable - - disable - web_filter_applet_log: - description: - - Enable/disable logging Java applets. - type: str - choices: - - enable - - disable - web_filter_command_block_log: - description: - - Enable/disable logging blocked commands. - type: str - choices: - - enable - - disable - web_filter_cookie_log: - description: - - Enable/disable logging cookie filtering. - type: str - choices: - - enable - - disable - web_filter_cookie_removal_log: - description: - - Enable/disable logging blocked cookies. - type: str - choices: - - enable - - disable - web_filter_js_log: - description: - - Enable/disable logging Java scripts. - type: str - choices: - - enable - - disable - web_filter_jscript_log: - description: - - Enable/disable logging JScripts. - type: str - choices: - - enable - - disable - web_filter_referer_log: - description: - - Enable/disable logging referrers. - type: str - choices: - - enable - - disable - web_filter_unknown_log: - description: - - Enable/disable logging unknown scripts. - type: str - choices: - - enable - - disable - web_filter_vbs_log: - description: - - Enable/disable logging VBS scripts. - type: str - choices: - - enable - - disable - web_ftgd_err_log: - description: - - Enable/disable logging rating errors. - type: str - choices: - - enable - - disable - web_ftgd_quota_usage: - description: - - Enable/disable logging daily quota usage. - type: str - choices: - - enable - - disable - web_invalid_domain_log: - description: - - Enable/disable logging invalid domain names. - type: str - choices: - - enable - - disable - web_url_log: - description: - - Enable/disable logging URL filtering. - type: str - choices: - - enable - - disable - wisp: - description: - - Enable/disable web proxy WISP. - type: str - choices: - - enable - - disable - wisp_algorithm: - description: - - WISP server selection algorithm. - type: str - choices: - - primary-secondary - - round-robin - - auto-learning - wisp_servers: - description: - - WISP servers. - type: list - suboptions: - name: - description: - - Server name. Source web-proxy.wisp.name. - required: true - type: str - youtube_channel_filter: - description: - - YouTube channel filter. - type: list - suboptions: - channel_id: - description: - - YouTube channel ID to be filtered. - type: str - comment: - description: - - Comment. - type: str - id: - description: - - ID. - required: true - type: int - youtube_channel_status: - description: - - YouTube channel filter status. - type: str - choices: - - disable - - blacklist - - whitelist -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure Web filter profiles. - fortios_webfilter_profile: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - webfilter_profile: - comment: "Optional comments." - extended_log: "enable" - ftgd_wf: - exempt_quota: "" - filters: - - - action: "block" - auth_usr_grp: - - - name: "default_name_10 (source user.group.name)" - category: "11" - id: "12" - log: "enable" - override_replacemsg: "" - warn_duration: "" - warning_duration_type: "session" - warning_prompt: "per-domain" - max_quota_timeout: "18" - options: "error-allow" - ovrd: "" - quota: - - - category: "" - duration: "" - id: "24" - override_replacemsg: "" - type: "time" - unit: "B" - value: "28" - rate_crl_urls: "disable" - rate_css_urls: "disable" - rate_image_urls: "disable" - rate_javascript_urls: "disable" - https_replacemsg: "enable" - inspection_mode: "proxy" - log_all_url: "enable" - name: "default_name_36" - options: "activexfilter" - override: - ovrd_cookie: "allow" - ovrd_dur: "" - ovrd_dur_mode: "constant" - ovrd_scope: "user" - ovrd_user_group: - - - name: "default_name_44 (source user.group.name)" - profile: - - - name: "default_name_46 (source webfilter.profile.name)" - profile_attribute: "User-Name" - profile_type: "list" - ovrd_perm: "bannedword-override" - post_action: "normal" - replacemsg_group: " (source system.replacemsg-group.name)" - web: - blacklist: "enable" - bword_table: "54 (source webfilter.content.id)" - bword_threshold: "55" - content_header_list: "56 (source webfilter.content-header.id)" - keyword_match: - - - pattern: "" - log_search: "enable" - safe_search: "url" - urlfilter_table: "61 (source webfilter.urlfilter.id)" - whitelist: "exempt-av" - youtube_restrict: "none" - web_content_log: "enable" - web_extended_all_action_log: "enable" - web_filter_activex_log: "enable" - web_filter_applet_log: "enable" - web_filter_command_block_log: "enable" - web_filter_cookie_log: "enable" - web_filter_cookie_removal_log: "enable" - web_filter_js_log: "enable" - web_filter_jscript_log: "enable" - web_filter_referer_log: "enable" - web_filter_unknown_log: "enable" - web_filter_vbs_log: "enable" - web_ftgd_err_log: "enable" - web_ftgd_quota_usage: "enable" - web_invalid_domain_log: "enable" - web_url_log: "enable" - wisp: "enable" - wisp_algorithm: "primary-secondary" - wisp_servers: - - - name: "default_name_83 (source web-proxy.wisp.name)" - youtube_channel_filter: - - - channel_id: "" - comment: "Comment." - id: "87" - youtube_channel_status: "disable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_webfilter_profile_data(json): - option_list = ['comment', 'extended_log', 'ftgd_wf', - 'https_replacemsg', 'inspection_mode', 'log_all_url', - 'name', 'options', 'override', - 'ovrd_perm', 'post_action', 'replacemsg_group', - 'web', 'web_content_log', 'web_extended_all_action_log', - 'web_filter_activex_log', 'web_filter_applet_log', 'web_filter_command_block_log', - 'web_filter_cookie_log', 'web_filter_cookie_removal_log', 'web_filter_js_log', - 'web_filter_jscript_log', 'web_filter_referer_log', 'web_filter_unknown_log', - 'web_filter_vbs_log', 'web_ftgd_err_log', 'web_ftgd_quota_usage', - 'web_invalid_domain_log', 'web_url_log', 'wisp', - 'wisp_algorithm', 'wisp_servers', 'youtube_channel_filter', - 'youtube_channel_status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def webfilter_profile(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['webfilter_profile'] and data['webfilter_profile']: - state = data['webfilter_profile']['state'] - else: - state = True - webfilter_profile_data = data['webfilter_profile'] - filtered_data = underscore_to_hyphen(filter_webfilter_profile_data(webfilter_profile_data)) - - if state == "present": - return fos.set('webfilter', - 'profile', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('webfilter', - 'profile', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_webfilter(data, fos): - - if data['webfilter_profile']: - resp = webfilter_profile(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "webfilter_profile": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "comment": {"required": False, "type": "str"}, - "extended_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ftgd_wf": {"required": False, "type": "dict", - "options": { - "exempt_quota": {"required": False, "type": "str"}, - "filters": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["block", "authenticate", "monitor", - "warning"]}, - "auth_usr_grp": {"required": False, "type": "str", - "options": { - "name": {"required": True, "type": "str"} - }}, - "category": {"required": False, "type": "int"}, - "id": {"required": True, "type": "int"}, - "log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "override_replacemsg": {"required": False, "type": "str"}, - "warn_duration": {"required": False, "type": "str"}, - "warning_duration_type": {"required": False, "type": "str", - "choices": ["session", "timeout"]}, - "warning_prompt": {"required": False, "type": "str", - "choices": ["per-domain", "per-category"]} - }}, - "max_quota_timeout": {"required": False, "type": "int"}, - "options": {"required": False, "type": "str", - "choices": ["error-allow", "rate-server-ip", "connect-request-bypass", - "ftgd-disable"]}, - "ovrd": {"required": False, "type": "str"}, - "quota": {"required": False, "type": "list", - "options": { - "category": {"required": False, "type": "str"}, - "duration": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "override_replacemsg": {"required": False, "type": "str"}, - "type": {"required": False, "type": "str", - "choices": ["time", "traffic"]}, - "unit": {"required": False, "type": "str", - "choices": ["B", "KB", "MB", - "GB"]}, - "value": {"required": False, "type": "int"} - }}, - "rate_crl_urls": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "rate_css_urls": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "rate_image_urls": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "rate_javascript_urls": {"required": False, "type": "str", - "choices": ["disable", "enable"]} - }}, - "https_replacemsg": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "inspection_mode": {"required": False, "type": "str", - "choices": ["proxy", "flow-based"]}, - "log_all_url": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "name": {"required": True, "type": "str"}, - "options": {"required": False, "type": "str", - "choices": ["activexfilter", "cookiefilter", "javafilter", - "block-invalid-url", "jscript", "js", - "vbs", "unknown", "intrinsic", - "wf-referer", "wf-cookie", "per-user-bwl"]}, - "override": {"required": False, "type": "dict", - "options": { - "ovrd_cookie": {"required": False, "type": "str", - "choices": ["allow", "deny"]}, - "ovrd_dur": {"required": False, "type": "str"}, - "ovrd_dur_mode": {"required": False, "type": "str", - "choices": ["constant", "ask"]}, - "ovrd_scope": {"required": False, "type": "str", - "choices": ["user", "user-group", "ip", - "browser", "ask"]}, - "ovrd_user_group": {"required": False, "type": "str", - "options": { - "name": {"required": True, "type": "str"} - }}, - "profile": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "profile_attribute": {"required": False, "type": "str", - "choices": ["User-Name", "NAS-IP-Address", "Framed-IP-Address", - "Framed-IP-Netmask", "Filter-Id", "Login-IP-Host", - "Reply-Message", "Callback-Number", "Callback-Id", - "Framed-Route", "Framed-IPX-Network", "Class", - "Called-Station-Id", "Calling-Station-Id", "NAS-Identifier", - "Proxy-State", "Login-LAT-Service", "Login-LAT-Node", - "Login-LAT-Group", "Framed-AppleTalk-Zone", "Acct-Session-Id", - "Acct-Multi-Session-Id"]}, - "profile_type": {"required": False, "type": "str", - "choices": ["list", "radius"]} - }}, - "ovrd_perm": {"required": False, "type": "str", - "choices": ["bannedword-override", "urlfilter-override", "fortiguard-wf-override", - "contenttype-check-override"]}, - "post_action": {"required": False, "type": "str", - "choices": ["normal", "block"]}, - "replacemsg_group": {"required": False, "type": "str"}, - "web": {"required": False, "type": "dict", - "options": { - "blacklist": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "bword_table": {"required": False, "type": "int"}, - "bword_threshold": {"required": False, "type": "int"}, - "content_header_list": {"required": False, "type": "int"}, - "keyword_match": {"required": False, "type": "str", - "options": { - "pattern": {"required": True, "type": "str"} - }}, - "log_search": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "safe_search": {"required": False, "type": "str", - "choices": ["url", "header"]}, - "urlfilter_table": {"required": False, "type": "int"}, - "whitelist": {"required": False, "type": "str", - "choices": ["exempt-av", "exempt-webcontent", "exempt-activex-java-cookie", - "exempt-dlp", "exempt-rangeblock", "extended-log-others"]}, - "youtube_restrict": {"required": False, "type": "str", - "choices": ["none", "strict", "moderate"]} - }}, - "web_content_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "web_extended_all_action_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "web_filter_activex_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "web_filter_applet_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "web_filter_command_block_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "web_filter_cookie_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "web_filter_cookie_removal_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "web_filter_js_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "web_filter_jscript_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "web_filter_referer_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "web_filter_unknown_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "web_filter_vbs_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "web_ftgd_err_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "web_ftgd_quota_usage": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "web_invalid_domain_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "web_url_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "wisp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "wisp_algorithm": {"required": False, "type": "str", - "choices": ["primary-secondary", "round-robin", "auto-learning"]}, - "wisp_servers": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "youtube_channel_filter": {"required": False, "type": "list", - "options": { - "channel_id": {"required": False, "type": "str"}, - "comment": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"} - }}, - "youtube_channel_status": {"required": False, "type": "str", - "choices": ["disable", "blacklist", "whitelist"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_webfilter(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_webfilter(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_webfilter_search_engine.py b/lib/ansible/modules/network/fortios/fortios_webfilter_search_engine.py deleted file mode 100644 index e0ba09b8c3b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_webfilter_search_engine.py +++ /dev/null @@ -1,378 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_webfilter_search_engine -short_description: Configure web filter search engines in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify webfilter feature and search_engine category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - webfilter_search_engine: - description: - - Configure web filter search engines. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - charset: - description: - - Search engine charset. - type: str - choices: - - utf-8 - - gb2312 - hostname: - description: - - Hostname (regular expression). - type: str - name: - description: - - Search engine name. - required: true - type: str - query: - description: - - Code used to prefix a query (must end with an equals character). - type: str - safesearch: - description: - - Safe search method. You can disable safe search, add the safe search string to URLs, or insert a safe search header. - type: str - choices: - - disable - - url - - header - safesearch_str: - description: - - Safe search parameter used in the URL. - type: str - url: - description: - - URL (regular expression). - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure web filter search engines. - fortios_webfilter_search_engine: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - webfilter_search_engine: - charset: "utf-8" - hostname: "myhostname" - name: "default_name_5" - query: "" - safesearch: "disable" - safesearch_str: "" - url: "myurl.com" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_webfilter_search_engine_data(json): - option_list = ['charset', 'hostname', 'name', - 'query', 'safesearch', 'safesearch_str', - 'url'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def webfilter_search_engine(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['webfilter_search_engine'] and data['webfilter_search_engine']: - state = data['webfilter_search_engine']['state'] - else: - state = True - webfilter_search_engine_data = data['webfilter_search_engine'] - filtered_data = underscore_to_hyphen(filter_webfilter_search_engine_data(webfilter_search_engine_data)) - - if state == "present": - return fos.set('webfilter', - 'search-engine', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('webfilter', - 'search-engine', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_webfilter(data, fos): - - if data['webfilter_search_engine']: - resp = webfilter_search_engine(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "webfilter_search_engine": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "charset": {"required": False, "type": "str", - "choices": ["utf-8", "gb2312"]}, - "hostname": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "query": {"required": False, "type": "str"}, - "safesearch": {"required": False, "type": "str", - "choices": ["disable", "url", "header"]}, - "safesearch_str": {"required": False, "type": "str"}, - "url": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_webfilter(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_webfilter(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_webfilter_urlfilter.py b/lib/ansible/modules/network/fortios/fortios_webfilter_urlfilter.py deleted file mode 100644 index 2784ed7a59d..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_webfilter_urlfilter.py +++ /dev/null @@ -1,462 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_webfilter_urlfilter -short_description: Configure URL filter lists in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify webfilter feature and urlfilter category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - webfilter_urlfilter: - description: - - Configure URL filter lists. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - comment: - description: - - Optional comments. - type: str - entries: - description: - - URL filter entries. - type: list - suboptions: - action: - description: - - Action to take for URL filter matches. - type: str - choices: - - exempt - - block - - allow - - monitor - dns_address_family: - description: - - Resolve IPv4 address, IPv6 address, or both from DNS server. - type: str - choices: - - ipv4 - - ipv6 - - both - exempt: - description: - - If action is set to exempt, select the security profile operations that exempt URLs skip. Separate multiple options with a space. - type: str - choices: - - av - - web-content - - activex-java-cookie - - dlp - - fortiguard - - range-block - - pass - - all - id: - description: - - Id. - required: true - type: int - referrer_host: - description: - - Referrer host name. - type: str - status: - description: - - Enable/disable this URL filter. - type: str - choices: - - enable - - disable - type: - description: - - Filter type (simple, regex, or wildcard). - type: str - choices: - - simple - - regex - - wildcard - url: - description: - - URL to be filtered. - type: str - web_proxy_profile: - description: - - Web proxy profile. Source web-proxy.profile.name. - type: str - id: - description: - - ID. - required: true - type: int - ip_addr_block: - description: - - Enable/disable blocking URLs when the hostname appears as an IP address. - type: str - choices: - - enable - - disable - name: - description: - - Name of URL filter list. - type: str - one_arm_ips_urlfilter: - description: - - Enable/disable DNS resolver for one-arm IPS URL filter operation. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure URL filter lists. - fortios_webfilter_urlfilter: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - webfilter_urlfilter: - comment: "Optional comments." - entries: - - - action: "exempt" - dns_address_family: "ipv4" - exempt: "av" - id: "8" - referrer_host: "myhostname" - status: "enable" - type: "simple" - url: "myurl.com" - web_proxy_profile: " (source web-proxy.profile.name)" - id: "14" - ip_addr_block: "enable" - name: "default_name_16" - one_arm_ips_urlfilter: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_webfilter_urlfilter_data(json): - option_list = ['comment', 'entries', 'id', - 'ip_addr_block', 'name', 'one_arm_ips_urlfilter'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def webfilter_urlfilter(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['webfilter_urlfilter'] and data['webfilter_urlfilter']: - state = data['webfilter_urlfilter']['state'] - else: - state = True - webfilter_urlfilter_data = data['webfilter_urlfilter'] - filtered_data = underscore_to_hyphen(filter_webfilter_urlfilter_data(webfilter_urlfilter_data)) - - if state == "present": - return fos.set('webfilter', - 'urlfilter', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('webfilter', - 'urlfilter', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_webfilter(data, fos): - - if data['webfilter_urlfilter']: - resp = webfilter_urlfilter(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "webfilter_urlfilter": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "comment": {"required": False, "type": "str"}, - "entries": {"required": False, "type": "list", - "options": { - "action": {"required": False, "type": "str", - "choices": ["exempt", "block", "allow", - "monitor"]}, - "dns_address_family": {"required": False, "type": "str", - "choices": ["ipv4", "ipv6", "both"]}, - "exempt": {"required": False, "type": "str", - "choices": ["av", "web-content", "activex-java-cookie", - "dlp", "fortiguard", "range-block", - "pass", "all"]}, - "id": {"required": True, "type": "int"}, - "referrer_host": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "type": {"required": False, "type": "str", - "choices": ["simple", "regex", "wildcard"]}, - "url": {"required": False, "type": "str"}, - "web_proxy_profile": {"required": False, "type": "str"} - }}, - "id": {"required": True, "type": "int"}, - "ip_addr_block": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "name": {"required": False, "type": "str"}, - "one_arm_ips_urlfilter": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_webfilter(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_webfilter(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_ap_status.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_ap_status.py deleted file mode 100644 index 97f48bb6365..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_ap_status.py +++ /dev/null @@ -1,333 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wireless_controller_ap_status -short_description: Configure access point status (rogue | accepted | suppressed) in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wireless_controller feature and ap_status category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - wireless_controller_ap_status: - description: - - Configure access point status (rogue | accepted | suppressed). - default: null - type: dict - suboptions: - bssid: - description: - - Access Point's (AP's) BSSID. - type: str - id: - description: - - AP ID. - required: true - type: int - ssid: - description: - - Access Point's (AP's) SSID. - type: str - status: - description: - - "Access Point's (AP's) status: rogue, accepted, or suppressed." - type: str - choices: - - rogue - - accepted - - suppressed -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure access point status (rogue | accepted | suppressed). - fortios_wireless_controller_ap_status: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - wireless_controller_ap_status: - bssid: "" - id: "4" - ssid: "" - status: "rogue" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wireless_controller_ap_status_data(json): - option_list = ['bssid', 'id', 'ssid', - 'status'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wireless_controller_ap_status(data, fos): - vdom = data['vdom'] - state = data['state'] - wireless_controller_ap_status_data = data['wireless_controller_ap_status'] - filtered_data = underscore_to_hyphen(filter_wireless_controller_ap_status_data(wireless_controller_ap_status_data)) - - if state == "present": - return fos.set('wireless-controller', - 'ap-status', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('wireless-controller', - 'ap-status', - mkey=filtered_data['id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wireless_controller(data, fos): - - if data['wireless_controller_ap_status']: - resp = wireless_controller_ap_status(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "wireless_controller_ap_status": { - "required": False, "type": "dict", "default": None, - "options": { - "bssid": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"}, - "ssid": {"required": False, "type": "str"}, - "status": {"required": False, "type": "str", - "choices": ["rogue", "accepted", "suppressed"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_ble_profile.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_ble_profile.py deleted file mode 100644 index 7712011901b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_ble_profile.py +++ /dev/null @@ -1,413 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wireless_controller_ble_profile -short_description: Configure Bluetooth Low Energy profile in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wireless_controller feature and ble_profile category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - wireless_controller_ble_profile: - description: - - Configure Bluetooth Low Energy profile. - default: null - type: dict - suboptions: - advertising: - description: - - Advertising type. - type: str - choices: - - ibeacon - - eddystone-uid - - eddystone-url - beacon_interval: - description: - - Beacon interval . - type: int - ble_scanning: - description: - - Enable/disable Bluetooth Low Energy (BLE) scanning. - type: str - choices: - - enable - - disable - comment: - description: - - Comment. - type: str - eddystone_instance: - description: - - Eddystone instance ID. - type: str - eddystone_namespace: - description: - - Eddystone namespace ID. - type: str - eddystone_url: - description: - - Eddystone URL. - type: str - eddystone_url_encode_hex: - description: - - Eddystone encoded URL hexadecimal string - type: str - ibeacon_uuid: - description: - - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). - type: str - major_id: - description: - - Major ID. - type: int - minor_id: - description: - - Minor ID. - type: int - name: - description: - - Bluetooth Low Energy profile name. - required: true - type: str - txpower: - description: - - Transmit power level . - type: str - choices: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - - 8 - - 9 - - 10 - - 11 - - 12 -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure Bluetooth Low Energy profile. - fortios_wireless_controller_ble_profile: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - wireless_controller_ble_profile: - advertising: "ibeacon" - beacon_interval: "4" - ble_scanning: "enable" - comment: "Comment." - eddystone_instance: "" - eddystone_namespace: "" - eddystone_url: "" - eddystone_url_encode_hex: "" - ibeacon_uuid: "" - major_id: "12" - minor_id: "13" - name: "default_name_14" - txpower: "0" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wireless_controller_ble_profile_data(json): - option_list = ['advertising', 'beacon_interval', 'ble_scanning', - 'comment', 'eddystone_instance', 'eddystone_namespace', - 'eddystone_url', 'eddystone_url_encode_hex', 'ibeacon_uuid', - 'major_id', 'minor_id', 'name', - 'txpower'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wireless_controller_ble_profile(data, fos): - vdom = data['vdom'] - state = data['state'] - wireless_controller_ble_profile_data = data['wireless_controller_ble_profile'] - filtered_data = underscore_to_hyphen(filter_wireless_controller_ble_profile_data(wireless_controller_ble_profile_data)) - - if state == "present": - return fos.set('wireless-controller', - 'ble-profile', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('wireless-controller', - 'ble-profile', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wireless_controller(data, fos): - - if data['wireless_controller_ble_profile']: - resp = wireless_controller_ble_profile(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "wireless_controller_ble_profile": { - "required": False, "type": "dict", "default": None, - "options": { - "advertising": {"required": False, "type": "str", - "choices": ["ibeacon", "eddystone-uid", "eddystone-url"]}, - "beacon_interval": {"required": False, "type": "int"}, - "ble_scanning": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "comment": {"required": False, "type": "str"}, - "eddystone_instance": {"required": False, "type": "str"}, - "eddystone_namespace": {"required": False, "type": "str"}, - "eddystone_url": {"required": False, "type": "str"}, - "eddystone_url_encode_hex": {"required": False, "type": "str"}, - "ibeacon_uuid": {"required": False, "type": "str"}, - "major_id": {"required": False, "type": "int"}, - "minor_id": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "txpower": {"required": False, "type": "str", - "choices": ["0", "1", "2", - "3", "4", "5", - "6", "7", "8", - "9", "10", "11", - "12"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_bonjour_profile.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_bonjour_profile.py deleted file mode 100644 index 8f9fccafb85..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_bonjour_profile.py +++ /dev/null @@ -1,375 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wireless_controller_bonjour_profile -short_description: Configure Bonjour profiles. Bonjour is Apple's zero configuration networking protocol. Bonjour profiles allow APs and FortiAPs to connect - to networks using Bonjour in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wireless_controller feature and bonjour_profile category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - wireless_controller_bonjour_profile: - description: - - Configure Bonjour profiles. Bonjour is Apple's zero configuration networking protocol. Bonjour profiles allow APs and FortiAPs to connect to - networks using Bonjour. - default: null - type: dict - suboptions: - comment: - description: - - Comment. - type: str - name: - description: - - Bonjour profile name. - required: true - type: str - policy_list: - description: - - Bonjour policy list. - type: list - suboptions: - description: - description: - - Description. - type: str - from_vlan: - description: - - VLAN ID from which the Bonjour service is advertised (0 - 4094). - type: str - policy_id: - description: - - Policy ID. - type: int - services: - description: - - Bonjour services for the VLAN connecting to the Bonjour network. - type: str - choices: - - all - - airplay - - afp - - bit-torrent - - ftp - - ichat - - itunes - - printers - - samba - - scanners - - ssh - - chromecast - to_vlan: - description: - - VLAN ID to which the Bonjour service is made available (0 - 4094). - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure Bonjour profiles. Bonjour is Apple's zero configuration networking protocol. Bonjour profiles allow APs and FortiAPs to connect to - networks using Bonjour. - fortios_wireless_controller_bonjour_profile: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - wireless_controller_bonjour_profile: - comment: "Comment." - name: "default_name_4" - policy_list: - - - description: "" - from_vlan: "" - policy_id: "8" - services: "all" - to_vlan: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wireless_controller_bonjour_profile_data(json): - option_list = ['comment', 'name', 'policy_list'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wireless_controller_bonjour_profile(data, fos): - vdom = data['vdom'] - state = data['state'] - wireless_controller_bonjour_profile_data = data['wireless_controller_bonjour_profile'] - filtered_data = underscore_to_hyphen(filter_wireless_controller_bonjour_profile_data(wireless_controller_bonjour_profile_data)) - - if state == "present": - return fos.set('wireless-controller', - 'bonjour-profile', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('wireless-controller', - 'bonjour-profile', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wireless_controller(data, fos): - - if data['wireless_controller_bonjour_profile']: - resp = wireless_controller_bonjour_profile(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "wireless_controller_bonjour_profile": { - "required": False, "type": "dict", "default": None, - "options": { - "comment": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "policy_list": {"required": False, "type": "list", - "options": { - "description": {"required": False, "type": "str"}, - "from_vlan": {"required": False, "type": "str"}, - "policy_id": {"required": False, "type": "int"}, - "services": {"required": False, "type": "str", - "choices": ["all", "airplay", "afp", - "bit-torrent", "ftp", "ichat", - "itunes", "printers", "samba", - "scanners", "ssh", "chromecast"]}, - "to_vlan": {"required": False, "type": "str"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_global.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_global.py deleted file mode 100644 index 12f6c8707b5..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_global.py +++ /dev/null @@ -1,422 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wireless_controller_global -short_description: Configure wireless controller global settings in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wireless_controller feature and global category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - wireless_controller_global: - description: - - Configure wireless controller global settings. - default: null - type: dict - suboptions: - ap_log_server: - description: - - Enable/disable configuring APs or FortiAPs to send log messages to a syslog server . - type: str - choices: - - enable - - disable - ap_log_server_ip: - description: - - IP address that APs or FortiAPs send log messages to. - type: str - ap_log_server_port: - description: - - Port that APs or FortiAPs send log messages to. - type: int - control_message_offload: - description: - - Configure CAPWAP control message data channel offload. - type: str - choices: - - ebp-frame - - aeroscout-tag - - ap-list - - sta-list - - sta-cap-list - - stats - - aeroscout-mu - data_ethernet_II: - description: - - Configure the wireless controller to use Ethernet II or 802.3 frames with 802.3 data tunnel mode . - type: str - choices: - - enable - - disable - discovery_mc_addr: - description: - - Multicast IP address for AP discovery . - type: str - fiapp_eth_type: - description: - - Ethernet type for Fortinet Inter-Access Point Protocol (IAPP), or IEEE 802.11f, packets (0 - 65535). - type: int - image_download: - description: - - Enable/disable WTP image download at join time. - type: str - choices: - - enable - - disable - ipsec_base_ip: - description: - - Base IP address for IPsec VPN tunnels between the access points and the wireless controller . - type: str - link_aggregation: - description: - - Enable/disable calculating the CAPWAP transmit hash to load balance sessions to link aggregation nodes . - type: str - choices: - - enable - - disable - location: - description: - - Description of the location of the wireless controller. - type: str - max_clients: - description: - - Maximum number of clients that can connect simultaneously . - type: int - max_retransmit: - description: - - Maximum number of tunnel packet retransmissions (0 - 64). - type: int - mesh_eth_type: - description: - - Mesh Ethernet identifier included in backhaul packets (0 - 65535). - type: int - name: - description: - - Name of the wireless controller. - type: str - rogue_scan_mac_adjacency: - description: - - Maximum numerical difference between an AP's Ethernet and wireless MAC values to match for rogue detection (0 - 31). - type: int - wtp_share: - description: - - Enable/disable sharing of WTPs between VDOMs. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure wireless controller global settings. - fortios_wireless_controller_global: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - wireless_controller_global: - ap_log_server: "enable" - ap_log_server_ip: "" - ap_log_server_port: "5" - control_message_offload: "ebp-frame" - data_ethernet_II: "enable" - discovery_mc_addr: "" - fiapp_eth_type: "9" - image_download: "enable" - ipsec_base_ip: "" - link_aggregation: "enable" - location: "" - max_clients: "14" - max_retransmit: "15" - mesh_eth_type: "16" - name: "default_name_17" - rogue_scan_mac_adjacency: "18" - wtp_share: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wireless_controller_global_data(json): - option_list = ['ap_log_server', 'ap_log_server_ip', 'ap_log_server_port', - 'control_message_offload', 'data_ethernet_II', 'discovery_mc_addr', - 'fiapp_eth_type', 'image_download', 'ipsec_base_ip', - 'link_aggregation', 'location', 'max_clients', - 'max_retransmit', 'mesh_eth_type', 'name', - 'rogue_scan_mac_adjacency', 'wtp_share'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wireless_controller_global(data, fos): - vdom = data['vdom'] - wireless_controller_global_data = data['wireless_controller_global'] - filtered_data = underscore_to_hyphen(filter_wireless_controller_global_data(wireless_controller_global_data)) - - return fos.set('wireless-controller', - 'global', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wireless_controller(data, fos): - - if data['wireless_controller_global']: - resp = wireless_controller_global(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "wireless_controller_global": { - "required": False, "type": "dict", "default": None, - "options": { - "ap_log_server": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ap_log_server_ip": {"required": False, "type": "str"}, - "ap_log_server_port": {"required": False, "type": "int"}, - "control_message_offload": {"required": False, "type": "str", - "choices": ["ebp-frame", "aeroscout-tag", "ap-list", - "sta-list", "sta-cap-list", "stats", - "aeroscout-mu"]}, - "data_ethernet_II": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "discovery_mc_addr": {"required": False, "type": "str"}, - "fiapp_eth_type": {"required": False, "type": "int"}, - "image_download": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ipsec_base_ip": {"required": False, "type": "str"}, - "link_aggregation": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "location": {"required": False, "type": "str"}, - "max_clients": {"required": False, "type": "int"}, - "max_retransmit": {"required": False, "type": "int"}, - "mesh_eth_type": {"required": False, "type": "int"}, - "name": {"required": False, "type": "str"}, - "rogue_scan_mac_adjacency": {"required": False, "type": "int"}, - "wtp_share": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_anqp_3gpp_cellular.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_anqp_3gpp_cellular.py deleted file mode 100644 index b7207585c56..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_anqp_3gpp_cellular.py +++ /dev/null @@ -1,338 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wireless_controller_hotspot20_anqp_3gpp_cellular -short_description: Configure 3GPP public land mobile network (PLMN) in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wireless_controller_hotspot20 feature and anqp_3gpp_cellular category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - wireless_controller_hotspot20_anqp_3gpp_cellular: - description: - - Configure 3GPP public land mobile network (PLMN). - default: null - type: dict - suboptions: - mcc_mnc_list: - description: - - Mobile Country Code and Mobile Network Code configuration. - type: list - suboptions: - id: - description: - - ID. - required: true - type: int - mcc: - description: - - Mobile country code. - type: str - mnc: - description: - - Mobile network code. - type: str - name: - description: - - 3GPP PLMN name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure 3GPP public land mobile network (PLMN). - fortios_wireless_controller_hotspot20_anqp_3gpp_cellular: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - wireless_controller_hotspot20_anqp_3gpp_cellular: - mcc_mnc_list: - - - id: "4" - mcc: "" - mnc: "" - name: "default_name_7" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wireless_controller_hotspot20_anqp_3gpp_cellular_data(json): - option_list = ['mcc_mnc_list', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wireless_controller_hotspot20_anqp_3gpp_cellular(data, fos): - vdom = data['vdom'] - state = data['state'] - wireless_controller_hotspot20_anqp_3gpp_cellular_data = data['wireless_controller_hotspot20_anqp_3gpp_cellular'] - filtered_data = underscore_to_hyphen(filter_wireless_controller_hotspot20_anqp_3gpp_cellular_data(wireless_controller_hotspot20_anqp_3gpp_cellular_data)) - - if state == "present": - return fos.set('wireless-controller.hotspot20', - 'anqp-3gpp-cellular', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('wireless-controller.hotspot20', - 'anqp-3gpp-cellular', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wireless_controller_hotspot20(data, fos): - - if data['wireless_controller_hotspot20_anqp_3gpp_cellular']: - resp = wireless_controller_hotspot20_anqp_3gpp_cellular(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "wireless_controller_hotspot20_anqp_3gpp_cellular": { - "required": False, "type": "dict", "default": None, - "options": { - "mcc_mnc_list": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "mcc": {"required": False, "type": "str"}, - "mnc": {"required": False, "type": "str"} - }}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_anqp_ip_address_type.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_anqp_ip_address_type.py deleted file mode 100644 index da402b36711..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_anqp_ip_address_type.py +++ /dev/null @@ -1,339 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wireless_controller_hotspot20_anqp_ip_address_type -short_description: Configure IP address type availability in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wireless_controller_hotspot20 feature and anqp_ip_address_type category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - wireless_controller_hotspot20_anqp_ip_address_type: - description: - - Configure IP address type availability. - default: null - type: dict - suboptions: - ipv4_address_type: - description: - - IPv4 address type. - type: str - choices: - - not-available - - public - - port-restricted - - single-NATed-private - - double-NATed-private - - port-restricted-and-single-NATed - - port-restricted-and-double-NATed - - not-known - ipv6_address_type: - description: - - IPv6 address type. - type: str - choices: - - not-available - - available - - not-known - name: - description: - - IP type name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure IP address type availability. - fortios_wireless_controller_hotspot20_anqp_ip_address_type: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - wireless_controller_hotspot20_anqp_ip_address_type: - ipv4_address_type: "not-available" - ipv6_address_type: "not-available" - name: "default_name_5" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wireless_controller_hotspot20_anqp_ip_address_type_data(json): - option_list = ['ipv4_address_type', 'ipv6_address_type', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wireless_controller_hotspot20_anqp_ip_address_type(data, fos): - vdom = data['vdom'] - state = data['state'] - wireless_controller_hotspot20_anqp_ip_address_type_data = data['wireless_controller_hotspot20_anqp_ip_address_type'] - filtered_data = \ - underscore_to_hyphen(filter_wireless_controller_hotspot20_anqp_ip_address_type_data(wireless_controller_hotspot20_anqp_ip_address_type_data)) - - if state == "present": - return fos.set('wireless-controller.hotspot20', - 'anqp-ip-address-type', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('wireless-controller.hotspot20', - 'anqp-ip-address-type', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wireless_controller_hotspot20(data, fos): - - if data['wireless_controller_hotspot20_anqp_ip_address_type']: - resp = wireless_controller_hotspot20_anqp_ip_address_type(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "wireless_controller_hotspot20_anqp_ip_address_type": { - "required": False, "type": "dict", "default": None, - "options": { - "ipv4_address_type": {"required": False, "type": "str", - "choices": ["not-available", "public", "port-restricted", - "single-NATed-private", "double-NATed-private", "port-restricted-and-single-NATed", - "port-restricted-and-double-NATed", "not-known"]}, - "ipv6_address_type": {"required": False, "type": "str", - "choices": ["not-available", "available", "not-known"]}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_anqp_nai_realm.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_anqp_nai_realm.py deleted file mode 100644 index a21018d5dca..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_anqp_nai_realm.py +++ /dev/null @@ -1,455 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wireless_controller_hotspot20_anqp_nai_realm -short_description: Configure network access identifier (NAI) realm in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wireless_controller_hotspot20 feature and anqp_nai_realm category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.4 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - wireless_controller_hotspot20_anqp_nai_realm: - description: - - Configure network access identifier (NAI) realm. - default: null - type: dict - suboptions: - nai_list: - description: - - NAI list. - type: list - suboptions: - eap_method: - description: - - EAP Methods. - type: list - suboptions: - auth_param: - description: - - EAP auth param. - type: str - suboptions: - id: - description: - - ID of authentication parameter. - type: str - choices: - - non-eap-inner-auth - - inner-auth-eap - - credential - - tunneled-credential - index: - description: - - Param index. - required: true - type: int - val: - description: - - Value of authentication parameter. - type: str - choices: - - eap-identity - - eap-md5 - - eap-tls - - eap-ttls - - eap-peap - - eap-sim - - eap-aka - - eap-aka-prime - - non-eap-pap - - non-eap-chap - - non-eap-mschap - - non-eap-mschapv2 - - cred-sim - - cred-usim - - cred-nfc - - cred-hardware-token - - cred-softoken - - cred-certificate - - cred-user-pwd - - cred-none - - cred-vendor-specific - - tun-cred-sim - - tun-cred-usim - - tun-cred-nfc - - tun-cred-hardware-token - - tun-cred-softoken - - tun-cred-certificate - - tun-cred-user-pwd - - tun-cred-anonymous - - tun-cred-vendor-specific - index: - description: - - EAP method index. - required: true - type: int - method: - description: - - EAP method type. - type: str - choices: - - eap-identity - - eap-md5 - - eap-tls - - eap-ttls - - eap-peap - - eap-sim - - eap-aka - - eap-aka-prime - encoding: - description: - - Enable/disable format in accordance with IETF RFC 4282. - type: str - choices: - - disable - - enable - nai_realm: - description: - - Configure NAI realms (delimited by a semi-colon character). - type: str - name: - description: - - NAI realm name. - required: true - type: str - name: - description: - - NAI realm list name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure network access identifier (NAI) realm. - fortios_wireless_controller_hotspot20_anqp_nai_realm: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - wireless_controller_hotspot20_anqp_nai_realm: - nai_list: - - - eap_method: - - - auth_param: - - - id: "6" - index: "7" - val: "eap-identity" - index: "9" - method: "eap-identity" - encoding: "disable" - nai_realm: "" - name: "default_name_13" - name: "default_name_14" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wireless_controller_hotspot20_anqp_nai_realm_data(json): - option_list = ['nai_list', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wireless_controller_hotspot20_anqp_nai_realm(data, fos): - vdom = data['vdom'] - state = data['state'] - wireless_controller_hotspot20_anqp_nai_realm_data = data['wireless_controller_hotspot20_anqp_nai_realm'] - filtered_data = underscore_to_hyphen(filter_wireless_controller_hotspot20_anqp_nai_realm_data(wireless_controller_hotspot20_anqp_nai_realm_data)) - - if state == "present": - return fos.set('wireless-controller.hotspot20', - 'anqp-nai-realm', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('wireless-controller.hotspot20', - 'anqp-nai-realm', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wireless_controller_hotspot20(data, fos): - - if data['wireless_controller_hotspot20_anqp_nai_realm']: - resp = wireless_controller_hotspot20_anqp_nai_realm(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "wireless_controller_hotspot20_anqp_nai_realm": { - "required": False, "type": "dict", "default": None, - "options": { - "nai_list": {"required": False, "type": "list", - "options": { - "eap_method": {"required": False, "type": "list", - "options": { - "auth_param": {"required": False, "type": "str", - "options": { - "id": {"required": False, "type": "str", - "choices": ["non-eap-inner-auth", "inner-auth-eap", "credential", - "tunneled-credential"]}, - "index": {"required": True, "type": "int"}, - "val": {"required": False, "type": "str", - "choices": ["eap-identity", "eap-md5", "eap-tls", - "eap-ttls", "eap-peap", "eap-sim", - "eap-aka", "eap-aka-prime", "non-eap-pap", - "non-eap-chap", "non-eap-mschap", "non-eap-mschapv2", - "cred-sim", "cred-usim", "cred-nfc", - "cred-hardware-token", "cred-softoken", "cred-certificate", - "cred-user-pwd", "cred-none", "cred-vendor-specific", - "tun-cred-sim", "tun-cred-usim", "tun-cred-nfc", - "tun-cred-hardware-token", "tun-cred-softoken", - "tun-cred-certificate", "tun-cred-user-pwd", - "tun-cred-anonymous", "tun-cred-vendor-specific"]} - }}, - "index": {"required": True, "type": "int"}, - "method": {"required": False, "type": "str", - "choices": ["eap-identity", "eap-md5", "eap-tls", - "eap-ttls", "eap-peap", "eap-sim", - "eap-aka", "eap-aka-prime"]} - }}, - "encoding": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "nai_realm": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"} - }}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_anqp_network_auth_type.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_anqp_network_auth_type.py deleted file mode 100644 index b9fbb180d20..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_anqp_network_auth_type.py +++ /dev/null @@ -1,329 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wireless_controller_hotspot20_anqp_network_auth_type -short_description: Configure network authentication type in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wireless_controller_hotspot20 feature and anqp_network_auth_type category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - wireless_controller_hotspot20_anqp_network_auth_type: - description: - - Configure network authentication type. - default: null - type: dict - suboptions: - auth_type: - description: - - Network authentication type. - type: str - choices: - - acceptance-of-terms - - online-enrollment - - http-redirection - - dns-redirection - name: - description: - - Authentication type name. - required: true - type: str - url: - description: - - Redirect URL. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure network authentication type. - fortios_wireless_controller_hotspot20_anqp_network_auth_type: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - wireless_controller_hotspot20_anqp_network_auth_type: - auth_type: "acceptance-of-terms" - name: "default_name_4" - url: "myurl.com" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wireless_controller_hotspot20_anqp_network_auth_type_data(json): - option_list = ['auth_type', 'name', 'url'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wireless_controller_hotspot20_anqp_network_auth_type(data, fos): - vdom = data['vdom'] - state = data['state'] - wireless_controller_hotspot20_anqp_network_auth_type_data = data['wireless_controller_hotspot20_anqp_network_auth_type'] - filtered_data = \ - underscore_to_hyphen(filter_wireless_controller_hotspot20_anqp_network_auth_type_data(wireless_controller_hotspot20_anqp_network_auth_type_data)) - - if state == "present": - return fos.set('wireless-controller.hotspot20', - 'anqp-network-auth-type', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('wireless-controller.hotspot20', - 'anqp-network-auth-type', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wireless_controller_hotspot20(data, fos): - - if data['wireless_controller_hotspot20_anqp_network_auth_type']: - resp = wireless_controller_hotspot20_anqp_network_auth_type(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "wireless_controller_hotspot20_anqp_network_auth_type": { - "required": False, "type": "dict", "default": None, - "options": { - "auth_type": {"required": False, "type": "str", - "choices": ["acceptance-of-terms", "online-enrollment", "http-redirection", - "dns-redirection"]}, - "name": {"required": True, "type": "str"}, - "url": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_anqp_roaming_consortium.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_anqp_roaming_consortium.py deleted file mode 100644 index ce5a74bcb1f..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_anqp_roaming_consortium.py +++ /dev/null @@ -1,339 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wireless_controller_hotspot20_anqp_roaming_consortium -short_description: Configure roaming consortium in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wireless_controller_hotspot20 feature and anqp_roaming_consortium category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - wireless_controller_hotspot20_anqp_roaming_consortium: - description: - - Configure roaming consortium. - default: null - type: dict - suboptions: - name: - description: - - Roaming consortium name. - required: true - type: str - oi_list: - description: - - Organization identifier list. - type: list - suboptions: - comment: - description: - - Comment. - type: str - index: - description: - - OI index. - required: true - type: int - oi: - description: - - Organization identifier. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure roaming consortium. - fortios_wireless_controller_hotspot20_anqp_roaming_consortium: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - wireless_controller_hotspot20_anqp_roaming_consortium: - name: "default_name_3" - oi_list: - - - comment: "Comment." - index: "6" - oi: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wireless_controller_hotspot20_anqp_roaming_consortium_data(json): - option_list = ['name', 'oi_list'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wireless_controller_hotspot20_anqp_roaming_consortium(data, fos): - vdom = data['vdom'] - state = data['state'] - wireless_controller_hotspot20_anqp_roaming_consortium_data = data['wireless_controller_hotspot20_anqp_roaming_consortium'] - filtered_data = \ - underscore_to_hyphen(filter_wireless_controller_hotspot20_anqp_roaming_consortium_data(wireless_controller_hotspot20_anqp_roaming_consortium_data)) - - if state == "present": - return fos.set('wireless-controller.hotspot20', - 'anqp-roaming-consortium', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('wireless-controller.hotspot20', - 'anqp-roaming-consortium', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wireless_controller_hotspot20(data, fos): - - if data['wireless_controller_hotspot20_anqp_roaming_consortium']: - resp = wireless_controller_hotspot20_anqp_roaming_consortium(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "wireless_controller_hotspot20_anqp_roaming_consortium": { - "required": False, "type": "dict", "default": None, - "options": { - "name": {"required": True, "type": "str"}, - "oi_list": {"required": False, "type": "list", - "options": { - "comment": {"required": False, "type": "str"}, - "index": {"required": True, "type": "int"}, - "oi": {"required": False, "type": "str"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_anqp_venue_name.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_anqp_venue_name.py deleted file mode 100644 index 3a71ca89086..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_anqp_venue_name.py +++ /dev/null @@ -1,338 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wireless_controller_hotspot20_anqp_venue_name -short_description: Configure venue name duple in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wireless_controller_hotspot20 feature and anqp_venue_name category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - wireless_controller_hotspot20_anqp_venue_name: - description: - - Configure venue name duple. - default: null - type: dict - suboptions: - name: - description: - - Name of venue name duple. - required: true - type: str - value_list: - description: - - Name list. - type: list - suboptions: - index: - description: - - Value index. - required: true - type: int - lang: - description: - - Language code. - type: str - value: - description: - - Venue name value. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure venue name duple. - fortios_wireless_controller_hotspot20_anqp_venue_name: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - wireless_controller_hotspot20_anqp_venue_name: - name: "default_name_3" - value_list: - - - index: "5" - lang: "" - value: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wireless_controller_hotspot20_anqp_venue_name_data(json): - option_list = ['name', 'value_list'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wireless_controller_hotspot20_anqp_venue_name(data, fos): - vdom = data['vdom'] - state = data['state'] - wireless_controller_hotspot20_anqp_venue_name_data = data['wireless_controller_hotspot20_anqp_venue_name'] - filtered_data = underscore_to_hyphen(filter_wireless_controller_hotspot20_anqp_venue_name_data(wireless_controller_hotspot20_anqp_venue_name_data)) - - if state == "present": - return fos.set('wireless-controller.hotspot20', - 'anqp-venue-name', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('wireless-controller.hotspot20', - 'anqp-venue-name', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wireless_controller_hotspot20(data, fos): - - if data['wireless_controller_hotspot20_anqp_venue_name']: - resp = wireless_controller_hotspot20_anqp_venue_name(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "wireless_controller_hotspot20_anqp_venue_name": { - "required": False, "type": "dict", "default": None, - "options": { - "name": {"required": True, "type": "str"}, - "value_list": {"required": False, "type": "list", - "options": { - "index": {"required": True, "type": "int"}, - "lang": {"required": False, "type": "str"}, - "value": {"required": False, "type": "str"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_h2qp_conn_capability.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_h2qp_conn_capability.py deleted file mode 100644 index fe6dfcbc06d..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_h2qp_conn_capability.py +++ /dev/null @@ -1,434 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wireless_controller_hotspot20_h2qp_conn_capability -short_description: Configure connection capability in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wireless_controller_hotspot20 feature and h2qp_conn_capability category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - wireless_controller_hotspot20_h2qp_conn_capability: - description: - - Configure connection capability. - default: null - type: dict - suboptions: - esp_port: - description: - - Set ESP port service (used by IPsec VPNs) status. - type: str - choices: - - closed - - open - - unknown - ftp_port: - description: - - Set FTP port service status. - type: str - choices: - - closed - - open - - unknown - http_port: - description: - - Set HTTP port service status. - type: str - choices: - - closed - - open - - unknown - icmp_port: - description: - - Set ICMP port service status. - type: str - choices: - - closed - - open - - unknown - ikev2_port: - description: - - Set IKEv2 port service for IPsec VPN status. - type: str - choices: - - closed - - open - - unknown - ikev2_xx_port: - description: - - Set UDP port 4500 (which may be used by IKEv2 for IPsec VPN) service status. - type: str - choices: - - closed - - open - - unknown - name: - description: - - Connection capability name. - required: true - type: str - pptp_vpn_port: - description: - - Set Point to Point Tunneling Protocol (PPTP) VPN port service status. - type: str - choices: - - closed - - open - - unknown - ssh_port: - description: - - Set SSH port service status. - type: str - choices: - - closed - - open - - unknown - tls_port: - description: - - Set TLS VPN (HTTPS) port service status. - type: str - choices: - - closed - - open - - unknown - voip_tcp_port: - description: - - Set VoIP TCP port service status. - type: str - choices: - - closed - - open - - unknown - voip_udp_port: - description: - - Set VoIP UDP port service status. - type: str - choices: - - closed - - open - - unknown -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure connection capability. - fortios_wireless_controller_hotspot20_h2qp_conn_capability: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - wireless_controller_hotspot20_h2qp_conn_capability: - esp_port: "closed" - ftp_port: "closed" - http_port: "closed" - icmp_port: "closed" - ikev2_port: "closed" - ikev2_xx_port: "closed" - name: "default_name_9" - pptp_vpn_port: "closed" - ssh_port: "closed" - tls_port: "closed" - voip_tcp_port: "closed" - voip_udp_port: "closed" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wireless_controller_hotspot20_h2qp_conn_capability_data(json): - option_list = ['esp_port', 'ftp_port', 'http_port', - 'icmp_port', 'ikev2_port', 'ikev2_xx_port', - 'name', 'pptp_vpn_port', 'ssh_port', - 'tls_port', 'voip_tcp_port', 'voip_udp_port'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wireless_controller_hotspot20_h2qp_conn_capability(data, fos): - vdom = data['vdom'] - state = data['state'] - wireless_controller_hotspot20_h2qp_conn_capability_data = data['wireless_controller_hotspot20_h2qp_conn_capability'] - filtered_data = \ - underscore_to_hyphen(filter_wireless_controller_hotspot20_h2qp_conn_capability_data(wireless_controller_hotspot20_h2qp_conn_capability_data)) - - if state == "present": - return fos.set('wireless-controller.hotspot20', - 'h2qp-conn-capability', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('wireless-controller.hotspot20', - 'h2qp-conn-capability', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wireless_controller_hotspot20(data, fos): - - if data['wireless_controller_hotspot20_h2qp_conn_capability']: - resp = wireless_controller_hotspot20_h2qp_conn_capability(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "wireless_controller_hotspot20_h2qp_conn_capability": { - "required": False, "type": "dict", "default": None, - "options": { - "esp_port": {"required": False, "type": "str", - "choices": ["closed", "open", "unknown"]}, - "ftp_port": {"required": False, "type": "str", - "choices": ["closed", "open", "unknown"]}, - "http_port": {"required": False, "type": "str", - "choices": ["closed", "open", "unknown"]}, - "icmp_port": {"required": False, "type": "str", - "choices": ["closed", "open", "unknown"]}, - "ikev2_port": {"required": False, "type": "str", - "choices": ["closed", "open", "unknown"]}, - "ikev2_xx_port": {"required": False, "type": "str", - "choices": ["closed", "open", "unknown"]}, - "name": {"required": True, "type": "str"}, - "pptp_vpn_port": {"required": False, "type": "str", - "choices": ["closed", "open", "unknown"]}, - "ssh_port": {"required": False, "type": "str", - "choices": ["closed", "open", "unknown"]}, - "tls_port": {"required": False, "type": "str", - "choices": ["closed", "open", "unknown"]}, - "voip_tcp_port": {"required": False, "type": "str", - "choices": ["closed", "open", "unknown"]}, - "voip_udp_port": {"required": False, "type": "str", - "choices": ["closed", "open", "unknown"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_h2qp_operator_name.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_h2qp_operator_name.py deleted file mode 100644 index 424a18f7889..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_h2qp_operator_name.py +++ /dev/null @@ -1,338 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wireless_controller_hotspot20_h2qp_operator_name -short_description: Configure operator friendly name in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wireless_controller_hotspot20 feature and h2qp_operator_name category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - wireless_controller_hotspot20_h2qp_operator_name: - description: - - Configure operator friendly name. - default: null - type: dict - suboptions: - name: - description: - - Friendly name ID. - required: true - type: str - value_list: - description: - - Name list. - type: list - suboptions: - index: - description: - - Value index. - required: true - type: int - lang: - description: - - Language code. - type: str - value: - description: - - Friendly name value. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure operator friendly name. - fortios_wireless_controller_hotspot20_h2qp_operator_name: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - wireless_controller_hotspot20_h2qp_operator_name: - name: "default_name_3" - value_list: - - - index: "5" - lang: "" - value: "" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wireless_controller_hotspot20_h2qp_operator_name_data(json): - option_list = ['name', 'value_list'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wireless_controller_hotspot20_h2qp_operator_name(data, fos): - vdom = data['vdom'] - state = data['state'] - wireless_controller_hotspot20_h2qp_operator_name_data = data['wireless_controller_hotspot20_h2qp_operator_name'] - filtered_data = underscore_to_hyphen(filter_wireless_controller_hotspot20_h2qp_operator_name_data(wireless_controller_hotspot20_h2qp_operator_name_data)) - - if state == "present": - return fos.set('wireless-controller.hotspot20', - 'h2qp-operator-name', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('wireless-controller.hotspot20', - 'h2qp-operator-name', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wireless_controller_hotspot20(data, fos): - - if data['wireless_controller_hotspot20_h2qp_operator_name']: - resp = wireless_controller_hotspot20_h2qp_operator_name(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "wireless_controller_hotspot20_h2qp_operator_name": { - "required": False, "type": "dict", "default": None, - "options": { - "name": {"required": True, "type": "str"}, - "value_list": {"required": False, "type": "list", - "options": { - "index": {"required": True, "type": "int"}, - "lang": {"required": False, "type": "str"}, - "value": {"required": False, "type": "str"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_h2qp_osu_provider.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_h2qp_osu_provider.py deleted file mode 100644 index ab4e2bda7fd..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_h2qp_osu_provider.py +++ /dev/null @@ -1,397 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wireless_controller_hotspot20_h2qp_osu_provider -short_description: Configure online sign up (OSU) provider list in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wireless_controller_hotspot20 feature and h2qp_osu_provider category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - wireless_controller_hotspot20_h2qp_osu_provider: - description: - - Configure online sign up (OSU) provider list. - default: null - type: dict - suboptions: - friendly_name: - description: - - OSU provider friendly name. - type: list - suboptions: - friendly_name: - description: - - OSU provider friendly name. - type: str - index: - description: - - OSU provider friendly name index. - required: true - type: int - lang: - description: - - Language code. - type: str - icon: - description: - - OSU provider icon. Source wireless-controller.hotspot20.icon.name. - type: str - name: - description: - - OSU provider ID. - required: true - type: str - osu_method: - description: - - OSU method list. - type: str - choices: - - oma-dm - - soap-xml-spp - - reserved - osu_nai: - description: - - OSU NAI. - type: str - server_uri: - description: - - Server URI. - type: str - service_description: - description: - - OSU service name. - type: list - suboptions: - lang: - description: - - Language code. - type: str - service_description: - description: - - Service description. - type: str - service_id: - description: - - OSU service ID. - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure online sign up (OSU) provider list. - fortios_wireless_controller_hotspot20_h2qp_osu_provider: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - wireless_controller_hotspot20_h2qp_osu_provider: - friendly_name: - - - friendly_name: "" - index: "5" - lang: "" - icon: " (source wireless-controller.hotspot20.icon.name)" - name: "default_name_8" - osu_method: "oma-dm" - osu_nai: "" - server_uri: "" - service_description: - - - lang: "" - service_description: "" - service_id: "15" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wireless_controller_hotspot20_h2qp_osu_provider_data(json): - option_list = ['friendly_name', 'icon', 'name', - 'osu_method', 'osu_nai', 'server_uri', - 'service_description'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wireless_controller_hotspot20_h2qp_osu_provider(data, fos): - vdom = data['vdom'] - state = data['state'] - wireless_controller_hotspot20_h2qp_osu_provider_data = data['wireless_controller_hotspot20_h2qp_osu_provider'] - filtered_data = underscore_to_hyphen(filter_wireless_controller_hotspot20_h2qp_osu_provider_data(wireless_controller_hotspot20_h2qp_osu_provider_data)) - - if state == "present": - return fos.set('wireless-controller.hotspot20', - 'h2qp-osu-provider', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('wireless-controller.hotspot20', - 'h2qp-osu-provider', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wireless_controller_hotspot20(data, fos): - - if data['wireless_controller_hotspot20_h2qp_osu_provider']: - resp = wireless_controller_hotspot20_h2qp_osu_provider(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "wireless_controller_hotspot20_h2qp_osu_provider": { - "required": False, "type": "dict", "default": None, - "options": { - "friendly_name": {"required": False, "type": "list", - "options": { - "friendly_name": {"required": False, "type": "str"}, - "index": {"required": True, "type": "int"}, - "lang": {"required": False, "type": "str"} - }}, - "icon": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "osu_method": {"required": False, "type": "str", - "choices": ["oma-dm", "soap-xml-spp", "reserved"]}, - "osu_nai": {"required": False, "type": "str"}, - "server_uri": {"required": False, "type": "str"}, - "service_description": {"required": False, "type": "list", - "options": { - "lang": {"required": False, "type": "str"}, - "service_description": {"required": False, "type": "str"}, - "service_id": {"required": False, "type": "int"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_h2qp_wan_metric.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_h2qp_wan_metric.py deleted file mode 100644 index 80d1161c5a4..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_h2qp_wan_metric.py +++ /dev/null @@ -1,372 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wireless_controller_hotspot20_h2qp_wan_metric -short_description: Configure WAN metrics in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wireless_controller_hotspot20 feature and h2qp_wan_metric category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - wireless_controller_hotspot20_h2qp_wan_metric: - description: - - Configure WAN metrics. - default: null - type: dict - suboptions: - downlink_load: - description: - - Downlink load. - type: int - downlink_speed: - description: - - Downlink speed (in kilobits/s). - type: int - link_at_capacity: - description: - - Link at capacity. - type: str - choices: - - enable - - disable - link_status: - description: - - Link status. - type: str - choices: - - up - - down - - in-test - load_measurement_duration: - description: - - Load measurement duration (in tenths of a second). - type: int - name: - description: - - WAN metric name. - required: true - type: str - symmetric_wan_link: - description: - - WAN link symmetry. - type: str - choices: - - symmetric - - asymmetric - uplink_load: - description: - - Uplink load. - type: int - uplink_speed: - description: - - Uplink speed (in kilobits/s). - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure WAN metrics. - fortios_wireless_controller_hotspot20_h2qp_wan_metric: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - wireless_controller_hotspot20_h2qp_wan_metric: - downlink_load: "3" - downlink_speed: "4" - link_at_capacity: "enable" - link_status: "up" - load_measurement_duration: "7" - name: "default_name_8" - symmetric_wan_link: "symmetric" - uplink_load: "10" - uplink_speed: "11" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wireless_controller_hotspot20_h2qp_wan_metric_data(json): - option_list = ['downlink_load', 'downlink_speed', 'link_at_capacity', - 'link_status', 'load_measurement_duration', 'name', - 'symmetric_wan_link', 'uplink_load', 'uplink_speed'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wireless_controller_hotspot20_h2qp_wan_metric(data, fos): - vdom = data['vdom'] - state = data['state'] - wireless_controller_hotspot20_h2qp_wan_metric_data = data['wireless_controller_hotspot20_h2qp_wan_metric'] - filtered_data = underscore_to_hyphen(filter_wireless_controller_hotspot20_h2qp_wan_metric_data(wireless_controller_hotspot20_h2qp_wan_metric_data)) - - if state == "present": - return fos.set('wireless-controller.hotspot20', - 'h2qp-wan-metric', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('wireless-controller.hotspot20', - 'h2qp-wan-metric', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wireless_controller_hotspot20(data, fos): - - if data['wireless_controller_hotspot20_h2qp_wan_metric']: - resp = wireless_controller_hotspot20_h2qp_wan_metric(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "wireless_controller_hotspot20_h2qp_wan_metric": { - "required": False, "type": "dict", "default": None, - "options": { - "downlink_load": {"required": False, "type": "int"}, - "downlink_speed": {"required": False, "type": "int"}, - "link_at_capacity": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "link_status": {"required": False, "type": "str", - "choices": ["up", "down", "in-test"]}, - "load_measurement_duration": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "symmetric_wan_link": {"required": False, "type": "str", - "choices": ["symmetric", "asymmetric"]}, - "uplink_load": {"required": False, "type": "int"}, - "uplink_speed": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_hs_profile.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_hs_profile.py deleted file mode 100644 index 97e732fabd9..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_hs_profile.py +++ /dev/null @@ -1,654 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wireless_controller_hotspot20_hs_profile -short_description: Configure hotspot profile in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wireless_controller_hotspot20 feature and hs_profile category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.4 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - wireless_controller_hotspot20_hs_profile: - description: - - Configure hotspot profile. - default: null - type: dict - suboptions: - access_network_asra: - description: - - Enable/disable additional step required for access (ASRA). - type: str - choices: - - enable - - disable - access_network_esr: - description: - - Enable/disable emergency services reachable (ESR). - type: str - choices: - - enable - - disable - access_network_internet: - description: - - Enable/disable connectivity to the Internet. - type: str - choices: - - enable - - disable - access_network_type: - description: - - Access network type. - type: str - choices: - - private-network - - private-network-with-guest-access - - chargeable-public-network - - free-public-network - - personal-device-network - - emergency-services-only-network - - test-or-experimental - - wildcard - access_network_uesa: - description: - - Enable/disable unauthenticated emergency service accessible (UESA). - type: str - choices: - - enable - - disable - anqp_domain_id: - description: - - ANQP Domain ID (0-65535). - type: int - bss_transition: - description: - - Enable/disable basic service set (BSS) transition Support. - type: str - choices: - - enable - - disable - conn_cap: - description: - - Connection capability name. Source wireless-controller.hotspot20.h2qp-conn-capability.name. - type: str - deauth_request_timeout: - description: - - Deauthentication request timeout (in seconds). - type: int - dgaf: - description: - - Enable/disable downstream group-addressed forwarding (DGAF). - type: str - choices: - - enable - - disable - domain_name: - description: - - Domain name. - type: str - gas_comeback_delay: - description: - - GAS comeback delay (0 or 100 - 4000 milliseconds). - type: int - gas_fragmentation_limit: - description: - - GAS fragmentation limit (512 - 4096). - type: int - hessid: - description: - - Homogeneous extended service set identifier (HESSID). - type: str - ip_addr_type: - description: - - IP address type name. Source wireless-controller.hotspot20.anqp-ip-address-type.name. - type: str - l2tif: - description: - - Enable/disable Layer 2 traffic inspection and filtering. - type: str - choices: - - enable - - disable - nai_realm: - description: - - NAI realm list name. Source wireless-controller.hotspot20.anqp-nai-realm.name. - type: str - name: - description: - - Hotspot profile name. - required: true - type: str - network_auth: - description: - - Network authentication name. Source wireless-controller.hotspot20.anqp-network-auth-type.name. - type: str - oper_friendly_name: - description: - - Operator friendly name. Source wireless-controller.hotspot20.h2qp-operator-name.name. - type: str - osu_provider: - description: - - Manually selected list of OSU provider(s). - type: list - suboptions: - name: - description: - - OSU provider name. Source wireless-controller.hotspot20.h2qp-osu-provider.name. - required: true - type: str - osu_ssid: - description: - - Online sign up (OSU) SSID. - type: str - pame_bi: - description: - - Enable/disable Pre-Association Message Exchange BSSID Independent (PAME-BI). - type: str - choices: - - disable - - enable - proxy_arp: - description: - - Enable/disable Proxy ARP. - type: str - choices: - - enable - - disable - qos_map: - description: - - QoS MAP set ID. Source wireless-controller.hotspot20.qos-map.name. - type: str - roaming_consortium: - description: - - Roaming consortium list name. Source wireless-controller.hotspot20.anqp-roaming-consortium.name. - type: str - venue_group: - description: - - Venue group. - type: str - choices: - - unspecified - - assembly - - business - - educational - - factory - - institutional - - mercantile - - residential - - storage - - utility - - vehicular - - outdoor - venue_name: - description: - - Venue name. Source wireless-controller.hotspot20.anqp-venue-name.name. - type: str - venue_type: - description: - - Venue type. - type: str - choices: - - unspecified - - arena - - stadium - - passenger-terminal - - amphitheater - - amusement-park - - place-of-worship - - convention-center - - library - - museum - - restaurant - - theater - - bar - - coffee-shop - - zoo-or-aquarium - - emergency-center - - doctor-office - - bank - - fire-station - - police-station - - post-office - - professional-office - - research-facility - - attorney-office - - primary-school - - secondary-school - - university-or-college - - factory - - hospital - - long-term-care-facility - - rehab-center - - group-home - - prison-or-jail - - retail-store - - grocery-market - - auto-service-station - - shopping-mall - - gas-station - - private - - hotel-or-motel - - dormitory - - boarding-house - - automobile - - airplane - - bus - - ferry - - ship-or-boat - - train - - motor-bike - - muni-mesh-network - - city-park - - rest-area - - traffic-control - - bus-stop - - kiosk - wan_metrics: - description: - - WAN metric name. Source wireless-controller.hotspot20.h2qp-wan-metric.name. - type: str - wnm_sleep_mode: - description: - - Enable/disable wireless network management (WNM) sleep mode. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure hotspot profile. - fortios_wireless_controller_hotspot20_hs_profile: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - wireless_controller_hotspot20_hs_profile: - access_network_asra: "enable" - access_network_esr: "enable" - access_network_internet: "enable" - access_network_type: "private-network" - access_network_uesa: "enable" - anqp_domain_id: "9" - bss_transition: "enable" - conn_cap: " (source wireless-controller.hotspot20.h2qp-conn-capability.name)" - deauth_request_timeout: "12" - dgaf: "enable" - domain_name: "" - gas_comeback_delay: "15" - gas_fragmentation_limit: "16" - hessid: "" - ip_addr_type: " (source wireless-controller.hotspot20.anqp-ip-address-type.name)" - l2tif: "enable" - nai_realm: " (source wireless-controller.hotspot20.anqp-nai-realm.name)" - name: "default_name_21" - network_auth: " (source wireless-controller.hotspot20.anqp-network-auth-type.name)" - oper_friendly_name: " (source wireless-controller.hotspot20.h2qp-operator-name.name)" - osu_provider: - - - name: "default_name_25 (source wireless-controller.hotspot20.h2qp-osu-provider.name)" - osu_ssid: "" - pame_bi: "disable" - proxy_arp: "enable" - qos_map: " (source wireless-controller.hotspot20.qos-map.name)" - roaming_consortium: " (source wireless-controller.hotspot20.anqp-roaming-consortium.name)" - venue_group: "unspecified" - venue_name: " (source wireless-controller.hotspot20.anqp-venue-name.name)" - venue_type: "unspecified" - wan_metrics: " (source wireless-controller.hotspot20.h2qp-wan-metric.name)" - wnm_sleep_mode: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wireless_controller_hotspot20_hs_profile_data(json): - option_list = ['access_network_asra', 'access_network_esr', - 'access_network_internet', 'access_network_type', 'access_network_uesa', - 'anqp_domain_id', 'bss_transition', 'conn_cap', - 'deauth_request_timeout', 'dgaf', 'domain_name', - 'gas_comeback_delay', 'gas_fragmentation_limit', 'hessid', - 'ip_addr_type', 'l2tif', 'nai_realm', - 'name', 'network_auth', 'oper_friendly_name', - 'osu_provider', 'osu_ssid', 'pame_bi', - 'proxy_arp', 'qos_map', 'roaming_consortium', - 'venue_group', 'venue_name', 'venue_type', - 'wan_metrics', 'wnm_sleep_mode'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wireless_controller_hotspot20_hs_profile(data, fos): - vdom = data['vdom'] - state = data['state'] - wireless_controller_hotspot20_hs_profile_data = data['wireless_controller_hotspot20_hs_profile'] - filtered_data = underscore_to_hyphen(filter_wireless_controller_hotspot20_hs_profile_data(wireless_controller_hotspot20_hs_profile_data)) - - if state == "present": - return fos.set('wireless-controller.hotspot20', - 'hs-profile', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('wireless-controller.hotspot20', - 'hs-profile', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wireless_controller_hotspot20(data, fos): - - if data['wireless_controller_hotspot20_hs_profile']: - resp = wireless_controller_hotspot20_hs_profile(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "wireless_controller_hotspot20_hs_profile": { - "required": False, "type": "dict", "default": None, - "options": { - "access_network_asra": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "access_network_esr": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "access_network_internet": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "access_network_type": {"required": False, "type": "str", - "choices": ["private-network", "private-network-with-guest-access", "chargeable-public-network", - "free-public-network", "personal-device-network", "emergency-services-only-network", - "test-or-experimental", "wildcard"]}, - "access_network_uesa": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "anqp_domain_id": {"required": False, "type": "int"}, - "bss_transition": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "conn_cap": {"required": False, "type": "str"}, - "deauth_request_timeout": {"required": False, "type": "int"}, - "dgaf": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "domain_name": {"required": False, "type": "str"}, - "gas_comeback_delay": {"required": False, "type": "int"}, - "gas_fragmentation_limit": {"required": False, "type": "int"}, - "hessid": {"required": False, "type": "str"}, - "ip_addr_type": {"required": False, "type": "str"}, - "l2tif": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "nai_realm": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "network_auth": {"required": False, "type": "str"}, - "oper_friendly_name": {"required": False, "type": "str"}, - "osu_provider": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "osu_ssid": {"required": False, "type": "str"}, - "pame_bi": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "proxy_arp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "qos_map": {"required": False, "type": "str"}, - "roaming_consortium": {"required": False, "type": "str"}, - "venue_group": {"required": False, "type": "str", - "choices": ["unspecified", "assembly", "business", - "educational", "factory", "institutional", - "mercantile", "residential", "storage", - "utility", "vehicular", "outdoor"]}, - "venue_name": {"required": False, "type": "str"}, - "venue_type": {"required": False, "type": "str", - "choices": ["unspecified", "arena", "stadium", - "passenger-terminal", "amphitheater", "amusement-park", - "place-of-worship", "convention-center", "library", - "museum", "restaurant", "theater", - "bar", "coffee-shop", "zoo-or-aquarium", - "emergency-center", "doctor-office", "bank", - "fire-station", "police-station", "post-office", - "professional-office", "research-facility", "attorney-office", - "primary-school", "secondary-school", "university-or-college", - "factory", "hospital", "long-term-care-facility", - "rehab-center", "group-home", "prison-or-jail", - "retail-store", "grocery-market", "auto-service-station", - "shopping-mall", "gas-station", "private", - "hotel-or-motel", "dormitory", "boarding-house", - "automobile", "airplane", "bus", - "ferry", "ship-or-boat", "train", - "motor-bike", "muni-mesh-network", "city-park", - "rest-area", "traffic-control", "bus-stop", - "kiosk"]}, - "wan_metrics": {"required": False, "type": "str"}, - "wnm_sleep_mode": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_icon.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_icon.py deleted file mode 100644 index 47f399df9c8..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_icon.py +++ /dev/null @@ -1,364 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wireless_controller_hotspot20_icon -short_description: Configure OSU provider icon in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wireless_controller_hotspot20 feature and icon category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - wireless_controller_hotspot20_icon: - description: - - Configure OSU provider icon. - default: null - type: dict - suboptions: - icon_list: - description: - - Icon list. - type: list - suboptions: - file: - description: - - Icon file. - type: str - height: - description: - - Icon height. - type: int - lang: - description: - - Language code. - type: str - name: - description: - - Icon name. - required: true - type: str - type: - description: - - Icon type. - type: str - choices: - - bmp - - gif - - jpeg - - png - - tiff - width: - description: - - Icon width. - type: int - name: - description: - - Icon list ID. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure OSU provider icon. - fortios_wireless_controller_hotspot20_icon: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - wireless_controller_hotspot20_icon: - icon_list: - - - file: "" - height: "5" - lang: "" - name: "default_name_7" - type: "bmp" - width: "9" - name: "default_name_10" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wireless_controller_hotspot20_icon_data(json): - option_list = ['icon_list', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wireless_controller_hotspot20_icon(data, fos): - vdom = data['vdom'] - state = data['state'] - wireless_controller_hotspot20_icon_data = data['wireless_controller_hotspot20_icon'] - filtered_data = underscore_to_hyphen(filter_wireless_controller_hotspot20_icon_data(wireless_controller_hotspot20_icon_data)) - - if state == "present": - return fos.set('wireless-controller.hotspot20', - 'icon', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('wireless-controller.hotspot20', - 'icon', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wireless_controller_hotspot20(data, fos): - - if data['wireless_controller_hotspot20_icon']: - resp = wireless_controller_hotspot20_icon(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "wireless_controller_hotspot20_icon": { - "required": False, "type": "dict", "default": None, - "options": { - "icon_list": {"required": False, "type": "list", - "options": { - "file": {"required": False, "type": "str"}, - "height": {"required": False, "type": "int"}, - "lang": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "type": {"required": False, "type": "str", - "choices": ["bmp", "gif", "jpeg", - "png", "tiff"]}, - "width": {"required": False, "type": "int"} - }}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_qos_map.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_qos_map.py deleted file mode 100644 index 613476e3470..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_qos_map.py +++ /dev/null @@ -1,373 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wireless_controller_hotspot20_qos_map -short_description: Configure QoS map set in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wireless_controller_hotspot20 feature and qos_map category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - wireless_controller_hotspot20_qos_map: - description: - - Configure QoS map set. - default: null - type: dict - suboptions: - dscp_except: - description: - - Differentiated Services Code Point (DSCP) exceptions. - type: list - suboptions: - dscp: - description: - - DSCP value. - type: int - index: - description: - - DSCP exception index. - required: true - type: int - up: - description: - - User priority. - type: int - dscp_range: - description: - - Differentiated Services Code Point (DSCP) ranges. - type: list - suboptions: - high: - description: - - DSCP high value. - type: int - index: - description: - - DSCP range index. - required: true - type: int - low: - description: - - DSCP low value. - type: int - up: - description: - - User priority. - type: int - name: - description: - - QOS-MAP name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure QoS map set. - fortios_wireless_controller_hotspot20_qos_map: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - wireless_controller_hotspot20_qos_map: - dscp_except: - - - dscp: "4" - index: "5" - up: "6" - dscp_range: - - - high: "8" - index: "9" - low: "10" - up: "11" - name: "default_name_12" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wireless_controller_hotspot20_qos_map_data(json): - option_list = ['dscp_except', 'dscp_range', 'name'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wireless_controller_hotspot20_qos_map(data, fos): - vdom = data['vdom'] - state = data['state'] - wireless_controller_hotspot20_qos_map_data = data['wireless_controller_hotspot20_qos_map'] - filtered_data = underscore_to_hyphen(filter_wireless_controller_hotspot20_qos_map_data(wireless_controller_hotspot20_qos_map_data)) - - if state == "present": - return fos.set('wireless-controller.hotspot20', - 'qos-map', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('wireless-controller.hotspot20', - 'qos-map', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wireless_controller_hotspot20(data, fos): - - if data['wireless_controller_hotspot20_qos_map']: - resp = wireless_controller_hotspot20_qos_map(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "wireless_controller_hotspot20_qos_map": { - "required": False, "type": "dict", "default": None, - "options": { - "dscp_except": {"required": False, "type": "list", - "options": { - "dscp": {"required": False, "type": "int"}, - "index": {"required": True, "type": "int"}, - "up": {"required": False, "type": "int"} - }}, - "dscp_range": {"required": False, "type": "list", - "options": { - "high": {"required": False, "type": "int"}, - "index": {"required": True, "type": "int"}, - "low": {"required": False, "type": "int"}, - "up": {"required": False, "type": "int"} - }}, - "name": {"required": True, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_inter_controller.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_inter_controller.py deleted file mode 100644 index e5105850fdc..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_inter_controller.py +++ /dev/null @@ -1,362 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wireless_controller_inter_controller -short_description: Configure inter wireless controller operation in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wireless_controller feature and inter_controller category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - wireless_controller_inter_controller: - description: - - Configure inter wireless controller operation. - default: null - type: dict - suboptions: - fast_failover_max: - description: - - Maximum number of retransmissions for fast failover HA messages between peer wireless controllers (3 - 64). - type: int - fast_failover_wait: - description: - - Minimum wait time before an AP transitions from secondary controller to primary controller (10 - 86400 sec). - type: int - inter_controller_key: - description: - - Secret key for inter-controller communications. - type: str - inter_controller_mode: - description: - - Configure inter-controller mode (disable, l2-roaming, 1+1). - type: str - choices: - - disable - - l2-roaming - - 1+1 - inter_controller_peer: - description: - - Fast failover peer wireless controller list. - type: list - suboptions: - id: - description: - - ID. - required: true - type: int - peer_ip: - description: - - Peer wireless controller's IP address. - type: str - peer_port: - description: - - Port used by the wireless controller's for inter-controller communications (1024 - 49150). - type: int - peer_priority: - description: - - Peer wireless controller's priority (primary or secondary). - type: str - choices: - - primary - - secondary - inter_controller_pri: - description: - - Configure inter-controller's priority (primary or secondary). - type: str - choices: - - primary - - secondary -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure inter wireless controller operation. - fortios_wireless_controller_inter_controller: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - wireless_controller_inter_controller: - fast_failover_max: "3" - fast_failover_wait: "4" - inter_controller_key: "" - inter_controller_mode: "disable" - inter_controller_peer: - - - id: "8" - peer_ip: "" - peer_port: "10" - peer_priority: "primary" - inter_controller_pri: "primary" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wireless_controller_inter_controller_data(json): - option_list = ['fast_failover_max', 'fast_failover_wait', 'inter_controller_key', - 'inter_controller_mode', 'inter_controller_peer', 'inter_controller_pri'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wireless_controller_inter_controller(data, fos): - vdom = data['vdom'] - wireless_controller_inter_controller_data = data['wireless_controller_inter_controller'] - filtered_data = underscore_to_hyphen(filter_wireless_controller_inter_controller_data(wireless_controller_inter_controller_data)) - - return fos.set('wireless-controller', - 'inter-controller', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wireless_controller(data, fos): - - if data['wireless_controller_inter_controller']: - resp = wireless_controller_inter_controller(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "wireless_controller_inter_controller": { - "required": False, "type": "dict", "default": None, - "options": { - "fast_failover_max": {"required": False, "type": "int"}, - "fast_failover_wait": {"required": False, "type": "int"}, - "inter_controller_key": {"required": False, "type": "str"}, - "inter_controller_mode": {"required": False, "type": "str", - "choices": ["disable", "l2-roaming", "1+1"]}, - "inter_controller_peer": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "peer_ip": {"required": False, "type": "str"}, - "peer_port": {"required": False, "type": "int"}, - "peer_priority": {"required": False, "type": "str", - "choices": ["primary", "secondary"]} - }}, - "inter_controller_pri": {"required": False, "type": "str", - "choices": ["primary", "secondary"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_qos_profile.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_qos_profile.py deleted file mode 100644 index 54abaab8089..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_qos_profile.py +++ /dev/null @@ -1,484 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wireless_controller_qos_profile -short_description: Configure WiFi quality of service (QoS) profiles in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wireless_controller feature and qos_profile category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - wireless_controller_qos_profile: - description: - - Configure WiFi quality of service (QoS) profiles. - default: null - type: dict - suboptions: - bandwidth_admission_control: - description: - - Enable/disable WMM bandwidth admission control. - type: str - choices: - - enable - - disable - bandwidth_capacity: - description: - - Maximum bandwidth capacity allowed (1 - 600000 Kbps). - type: int - burst: - description: - - Enable/disable client rate burst. - type: str - choices: - - enable - - disable - call_admission_control: - description: - - Enable/disable WMM call admission control. - type: str - choices: - - enable - - disable - call_capacity: - description: - - Maximum number of Voice over WLAN (VoWLAN) phones allowed (0 - 60). - type: int - comment: - description: - - Comment. - type: str - downlink: - description: - - Maximum downlink bandwidth for Virtual Access Points (VAPs) (0 - 2097152 Kbps). - type: int - downlink_sta: - description: - - Maximum downlink bandwidth for clients (0 - 2097152 Kbps). - type: int - dscp_wmm_be: - description: - - DSCP mapping for best effort access . - type: list - suboptions: - id: - description: - - DSCP WMM mapping numbers (0 - 63). - required: true - type: int - dscp_wmm_bk: - description: - - DSCP mapping for background access . - type: list - suboptions: - id: - description: - - DSCP WMM mapping numbers (0 - 63). - required: true - type: int - dscp_wmm_mapping: - description: - - Enable/disable Differentiated Services Code Point (DSCP) mapping. - type: str - choices: - - enable - - disable - dscp_wmm_vi: - description: - - DSCP mapping for video access . - type: list - suboptions: - id: - description: - - DSCP WMM mapping numbers (0 - 63). - required: true - type: int - dscp_wmm_vo: - description: - - DSCP mapping for voice access . - type: list - suboptions: - id: - description: - - DSCP WMM mapping numbers (0 - 63). - required: true - type: int - name: - description: - - WiFi QoS profile name. - required: true - type: str - uplink: - description: - - Maximum uplink bandwidth for Virtual Access Points (VAPs) (0 - 2097152 Kbps). - type: int - uplink_sta: - description: - - Maximum uplink bandwidth for clients (0 - 2097152 Kbps). - type: int - wmm: - description: - - Enable/disable WiFi multi-media (WMM) control. - type: str - choices: - - enable - - disable - wmm_uapsd: - description: - - Enable/disable WMM Unscheduled Automatic Power Save Delivery (U-APSD) power save mode. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure WiFi quality of service (QoS) profiles. - fortios_wireless_controller_qos_profile: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - wireless_controller_qos_profile: - bandwidth_admission_control: "enable" - bandwidth_capacity: "4" - burst: "enable" - call_admission_control: "enable" - call_capacity: "7" - comment: "Comment." - downlink: "9" - downlink_sta: "10" - dscp_wmm_be: - - - id: "12" - dscp_wmm_bk: - - - id: "14" - dscp_wmm_mapping: "enable" - dscp_wmm_vi: - - - id: "17" - dscp_wmm_vo: - - - id: "19" - name: "default_name_20" - uplink: "21" - uplink_sta: "22" - wmm: "enable" - wmm_uapsd: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wireless_controller_qos_profile_data(json): - option_list = ['bandwidth_admission_control', 'bandwidth_capacity', 'burst', - 'call_admission_control', 'call_capacity', 'comment', - 'downlink', 'downlink_sta', 'dscp_wmm_be', - 'dscp_wmm_bk', 'dscp_wmm_mapping', 'dscp_wmm_vi', - 'dscp_wmm_vo', 'name', 'uplink', - 'uplink_sta', 'wmm', 'wmm_uapsd'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wireless_controller_qos_profile(data, fos): - vdom = data['vdom'] - state = data['state'] - wireless_controller_qos_profile_data = data['wireless_controller_qos_profile'] - filtered_data = underscore_to_hyphen(filter_wireless_controller_qos_profile_data(wireless_controller_qos_profile_data)) - - if state == "present": - return fos.set('wireless-controller', - 'qos-profile', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('wireless-controller', - 'qos-profile', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wireless_controller(data, fos): - - if data['wireless_controller_qos_profile']: - resp = wireless_controller_qos_profile(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "wireless_controller_qos_profile": { - "required": False, "type": "dict", "default": None, - "options": { - "bandwidth_admission_control": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "bandwidth_capacity": {"required": False, "type": "int"}, - "burst": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "call_admission_control": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "call_capacity": {"required": False, "type": "int"}, - "comment": {"required": False, "type": "str"}, - "downlink": {"required": False, "type": "int"}, - "downlink_sta": {"required": False, "type": "int"}, - "dscp_wmm_be": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "dscp_wmm_bk": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "dscp_wmm_mapping": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dscp_wmm_vi": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "dscp_wmm_vo": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"} - }}, - "name": {"required": True, "type": "str"}, - "uplink": {"required": False, "type": "int"}, - "uplink_sta": {"required": False, "type": "int"}, - "wmm": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "wmm_uapsd": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_setting.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_setting.py deleted file mode 100644 index 62c130ec2e8..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_setting.py +++ /dev/null @@ -1,489 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wireless_controller_setting -short_description: VDOM wireless controller configuration in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wireless_controller feature and setting category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - wireless_controller_setting: - description: - - VDOM wireless controller configuration. - default: null - type: dict - suboptions: - account_id: - description: - - FortiCloud customer account ID. - type: str - country: - description: - - Country or region in which the FortiGate is located. The country determines the 802.11 bands and channels that are available. - type: str - choices: - - NA - - AL - - DZ - - AO - - AR - - AM - - AU - - AT - - AZ - - BH - - BD - - BB - - BY - - BE - - BZ - - BO - - BA - - BR - - BN - - BG - - KH - - CL - - CN - - CO - - CR - - HR - - CY - - CZ - - DK - - DO - - EC - - EG - - SV - - EE - - FI - - FR - - GE - - DE - - GR - - GL - - GD - - GU - - GT - - HT - - HN - - HK - - HU - - IS - - IN - - ID - - IR - - IE - - IL - - IT - - JM - - JO - - KZ - - KE - - KP - - KR - - KW - - LV - - LB - - LI - - LT - - LU - - MO - - MK - - MY - - MT - - MX - - MC - - MA - - MZ - - MM - - NP - - NL - - AN - - AW - - NZ - - NO - - OM - - PK - - PA - - PG - - PY - - PE - - PH - - PL - - PT - - PR - - QA - - RO - - RU - - RW - - SA - - RS - - ME - - SG - - SK - - SI - - ZA - - ES - - LK - - SE - - SD - - CH - - SY - - TW - - TZ - - TH - - TT - - TN - - TR - - AE - - UA - - GB - - US - - PS - - UY - - UZ - - VE - - VN - - YE - - ZB - - ZW - - JP - - CA - duplicate_ssid: - description: - - Enable/disable allowing Virtual Access Points (VAPs) to use the same SSID name in the same VDOM. - type: str - choices: - - enable - - disable - fapc_compatibility: - description: - - Enable/disable FAP-C series compatibility. - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: VDOM wireless controller configuration. - fortios_wireless_controller_setting: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - wireless_controller_setting: - account_id: "" - country: "NA" - duplicate_ssid: "enable" - fapc_compatibility: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wireless_controller_setting_data(json): - option_list = ['account_id', 'country', 'duplicate_ssid', - 'fapc_compatibility'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wireless_controller_setting(data, fos): - vdom = data['vdom'] - wireless_controller_setting_data = data['wireless_controller_setting'] - filtered_data = underscore_to_hyphen(filter_wireless_controller_setting_data(wireless_controller_setting_data)) - - return fos.set('wireless-controller', - 'setting', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wireless_controller(data, fos): - - if data['wireless_controller_setting']: - resp = wireless_controller_setting(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "wireless_controller_setting": { - "required": False, "type": "dict", "default": None, - "options": { - "account_id": {"required": False, "type": "str"}, - "country": {"required": False, "type": "str", - "choices": ["NA", "AL", "DZ", - "AO", "AR", "AM", - "AU", "AT", "AZ", - "BH", "BD", "BB", - "BY", "BE", "BZ", - "BO", "BA", "BR", - "BN", "BG", "KH", - "CL", "CN", "CO", - "CR", "HR", "CY", - "CZ", "DK", "DO", - "EC", "EG", "SV", - "EE", "FI", "FR", - "GE", "DE", "GR", - "GL", "GD", "GU", - "GT", "HT", "HN", - "HK", "HU", "IS", - "IN", "ID", "IR", - "IE", "IL", "IT", - "JM", "JO", "KZ", - "KE", "KP", "KR", - "KW", "LV", "LB", - "LI", "LT", "LU", - "MO", "MK", "MY", - "MT", "MX", "MC", - "MA", "MZ", "MM", - "NP", "NL", "AN", - "AW", "NZ", "NO", - "OM", "PK", "PA", - "PG", "PY", "PE", - "PH", "PL", "PT", - "PR", "QA", "RO", - "RU", "RW", "SA", - "RS", "ME", "SG", - "SK", "SI", "ZA", - "ES", "LK", "SE", - "SD", "CH", "SY", - "TW", "TZ", "TH", - "TT", "TN", "TR", - "AE", "UA", "GB", - "US", "PS", "UY", - "UZ", "VE", "VN", - "YE", "ZB", "ZW", - "JP", "CA"]}, - "duplicate_ssid": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "fapc_compatibility": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_timers.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_timers.py deleted file mode 100644 index afa72c31425..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_timers.py +++ /dev/null @@ -1,399 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wireless_controller_timers -short_description: Configure CAPWAP timers in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wireless_controller feature and timers category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - wireless_controller_timers: - description: - - Configure CAPWAP timers. - default: null - type: dict - suboptions: - ble_scan_report_intv: - description: - - Time between running Bluetooth Low Energy (BLE) reports (10 - 3600 sec). - type: int - client_idle_timeout: - description: - - Time after which a client is considered idle and times out (20 - 3600 sec). - type: int - darrp_day: - description: - - Weekday on which to run DARRP optimization. - type: str - choices: - - sunday - - monday - - tuesday - - wednesday - - thursday - - friday - - saturday - darrp_optimize: - description: - - Time for running Dynamic Automatic Radio Resource Provisioning (DARRP) optimizations (0 - 86400 sec). - type: int - darrp_time: - description: - - Time at which DARRP optimizations run (you can add up to 8 times). - type: list - suboptions: - time: - description: - - Time. - required: true - type: str - discovery_interval: - description: - - Time between discovery requests (2 - 180 sec). - type: int - echo_interval: - description: - - Time between echo requests sent by the managed WTP, AP, or FortiAP (1 - 255 sec). - type: int - fake_ap_log: - description: - - Time between recording logs about fake APs if periodic fake AP logging is configured (0 - 1440 min). - type: int - ipsec_intf_cleanup: - description: - - Time period to keep IPsec VPN interfaces up after WTP sessions are disconnected (30 - 3600 sec). - type: int - radio_stats_interval: - description: - - Time between running radio reports (1 - 255 sec). - type: int - rogue_ap_log: - description: - - Time between logging rogue AP messages if periodic rogue AP logging is configured (0 - 1440 min). - type: int - sta_capability_interval: - description: - - Time between running station capability reports (1 - 255 sec). - type: int - sta_locate_timer: - description: - - Time between running client presence flushes to remove clients that are listed but no longer present (0 - 86400 sec). - type: int - sta_stats_interval: - description: - - Time between running client (station) reports (1 - 255 sec). - type: int - vap_stats_interval: - description: - - Time between running Virtual Access Point (VAP) reports (1 - 255 sec). - type: int -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure CAPWAP timers. - fortios_wireless_controller_timers: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - wireless_controller_timers: - ble_scan_report_intv: "3" - client_idle_timeout: "4" - darrp_day: "sunday" - darrp_optimize: "6" - darrp_time: - - - time: "" - discovery_interval: "9" - echo_interval: "10" - fake_ap_log: "11" - ipsec_intf_cleanup: "12" - radio_stats_interval: "13" - rogue_ap_log: "14" - sta_capability_interval: "15" - sta_locate_timer: "16" - sta_stats_interval: "17" - vap_stats_interval: "18" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wireless_controller_timers_data(json): - option_list = ['ble_scan_report_intv', 'client_idle_timeout', 'darrp_day', - 'darrp_optimize', 'darrp_time', 'discovery_interval', - 'echo_interval', 'fake_ap_log', 'ipsec_intf_cleanup', - 'radio_stats_interval', 'rogue_ap_log', 'sta_capability_interval', - 'sta_locate_timer', 'sta_stats_interval', 'vap_stats_interval'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wireless_controller_timers(data, fos): - vdom = data['vdom'] - wireless_controller_timers_data = data['wireless_controller_timers'] - filtered_data = underscore_to_hyphen(filter_wireless_controller_timers_data(wireless_controller_timers_data)) - - return fos.set('wireless-controller', - 'timers', - data=filtered_data, - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wireless_controller(data, fos): - - if data['wireless_controller_timers']: - resp = wireless_controller_timers(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "wireless_controller_timers": { - "required": False, "type": "dict", "default": None, - "options": { - "ble_scan_report_intv": {"required": False, "type": "int"}, - "client_idle_timeout": {"required": False, "type": "int"}, - "darrp_day": {"required": False, "type": "str", - "choices": ["sunday", "monday", "tuesday", - "wednesday", "thursday", "friday", - "saturday"]}, - "darrp_optimize": {"required": False, "type": "int"}, - "darrp_time": {"required": False, "type": "list", - "options": { - "time": {"required": True, "type": "str"} - }}, - "discovery_interval": {"required": False, "type": "int"}, - "echo_interval": {"required": False, "type": "int"}, - "fake_ap_log": {"required": False, "type": "int"}, - "ipsec_intf_cleanup": {"required": False, "type": "int"}, - "radio_stats_interval": {"required": False, "type": "int"}, - "rogue_ap_log": {"required": False, "type": "int"}, - "sta_capability_interval": {"required": False, "type": "int"}, - "sta_locate_timer": {"required": False, "type": "int"}, - "sta_stats_interval": {"required": False, "type": "int"}, - "vap_stats_interval": {"required": False, "type": "int"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_utm_profile.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_utm_profile.py deleted file mode 100644 index 60ffd969712..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_utm_profile.py +++ /dev/null @@ -1,384 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wireless_controller_utm_profile -short_description: Configure UTM (Unified Threat Management) profile in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wireless_controller feature and utm_profile category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - wireless_controller_utm_profile: - description: - - Configure UTM (Unified Threat Management) profile. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - antivirus_profile: - description: - - AntiVirus profile name. Source antivirus.profile.name. - type: str - application_list: - description: - - Application control list name. Source application.list.name. - type: str - comment: - description: - - Comment. - type: str - ips_sensor: - description: - - IPS sensor name. Source ips.sensor.name. - type: str - name: - description: - - UTM profile name. - required: true - type: str - scan_botnet_connections: - description: - - Block or monitor connections to Botnet servers or disable Botnet scanning. - type: str - choices: - - disable - - monitor - - block - utm_log: - description: - - Enable/disable UTM logging. - type: str - choices: - - enable - - disable - webfilter_profile: - description: - - WebFilter profile name. Source webfilter.profile.name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure UTM (Unified Threat Management) profile. - fortios_wireless_controller_utm_profile: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - wireless_controller_utm_profile: - antivirus_profile: " (source antivirus.profile.name)" - application_list: " (source application.list.name)" - comment: "Comment." - ips_sensor: " (source ips.sensor.name)" - name: "default_name_7" - scan_botnet_connections: "disable" - utm_log: "enable" - webfilter_profile: " (source webfilter.profile.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wireless_controller_utm_profile_data(json): - option_list = ['antivirus_profile', 'application_list', 'comment', - 'ips_sensor', 'name', 'scan_botnet_connections', - 'utm_log', 'webfilter_profile'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wireless_controller_utm_profile(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['wireless_controller_utm_profile'] and data['wireless_controller_utm_profile']: - state = data['wireless_controller_utm_profile']['state'] - else: - state = True - wireless_controller_utm_profile_data = data['wireless_controller_utm_profile'] - filtered_data = underscore_to_hyphen(filter_wireless_controller_utm_profile_data(wireless_controller_utm_profile_data)) - - if state == "present": - return fos.set('wireless-controller', - 'utm-profile', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('wireless-controller', - 'utm-profile', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wireless_controller(data, fos): - - if data['wireless_controller_utm_profile']: - resp = wireless_controller_utm_profile(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "wireless_controller_utm_profile": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "antivirus_profile": {"required": False, "type": "str"}, - "application_list": {"required": False, "type": "str"}, - "comment": {"required": False, "type": "str"}, - "ips_sensor": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "scan_botnet_connections": {"required": False, "type": "str", - "choices": ["disable", "monitor", "block"]}, - "utm_log": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "webfilter_profile": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_vap.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_vap.py deleted file mode 100644 index eaee736aa6b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_vap.py +++ /dev/null @@ -1,1491 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wireless_controller_vap -short_description: Configure Virtual Access Points (VAPs) in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wireless_controller feature and vap category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - wireless_controller_vap: - description: - - Configure Virtual Access Points (VAPs). - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - acct_interim_interval: - description: - - WiFi RADIUS accounting interim interval (60 - 86400 sec). - type: int - alias: - description: - - Alias. - type: str - auth: - description: - - Authentication protocol. - type: str - choices: - - psk - - radius - - usergroup - broadcast_ssid: - description: - - Enable/disable broadcasting the SSID . - type: str - choices: - - enable - - disable - broadcast_suppression: - description: - - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless - network. - type: str - choices: - - dhcp-up - - dhcp-down - - dhcp-starvation - - arp-known - - arp-unknown - - arp-reply - - arp-poison - - arp-proxy - - netbios-ns - - netbios-ds - - ipv6 - - all-other-mc - - all-other-bc - captive_portal_ac_name: - description: - - Local-bridging captive portal ac-name. - type: str - captive_portal_macauth_radius_secret: - description: - - Secret key to access the macauth RADIUS server. - type: str - captive_portal_macauth_radius_server: - description: - - Captive portal external RADIUS server domain name or IP address. - type: str - captive_portal_radius_secret: - description: - - Secret key to access the RADIUS server. - type: str - captive_portal_radius_server: - description: - - Captive portal RADIUS server domain name or IP address. - type: str - captive_portal_session_timeout_interval: - description: - - Session timeout interval (0 - 864000 sec). - type: int - dhcp_lease_time: - description: - - DHCP lease time in seconds for NAT IP address. - type: int - dhcp_option82_circuit_id_insertion: - description: - - Enable/disable DHCP option 82 circuit-id insert . - type: str - choices: - - style-1 - - style-2 - - disable - dhcp_option82_insertion: - description: - - Enable/disable DHCP option 82 insert . - type: str - choices: - - enable - - disable - dhcp_option82_remote_id_insertion: - description: - - Enable/disable DHCP option 82 remote-id insert . - type: str - choices: - - style-1 - - disable - dynamic_vlan: - description: - - Enable/disable dynamic VLAN assignment. - type: str - choices: - - enable - - disable - eap_reauth: - description: - - Enable/disable EAP re-authentication for WPA-Enterprise security. - type: str - choices: - - enable - - disable - eap_reauth_intv: - description: - - EAP re-authentication interval (1800 - 864000 sec). - type: int - eapol_key_retries: - description: - - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) . - type: str - choices: - - disable - - enable - encrypt: - description: - - Encryption protocol to use (only available when security is set to a WPA type). - type: str - choices: - - TKIP - - AES - - TKIP-AES - external_fast_roaming: - description: - - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate . - type: str - choices: - - enable - - disable - external_logout: - description: - - URL of external authentication logout server. - type: str - external_web: - description: - - URL of external authentication web server. - type: str - fast_bss_transition: - description: - - Enable/disable 802.11r Fast BSS Transition (FT) . - type: str - choices: - - disable - - enable - fast_roaming: - description: - - Enable/disable fast-roaming, or pre-authentication, where supported by clients . - type: str - choices: - - enable - - disable - ft_mobility_domain: - description: - - Mobility domain identifier in FT (1 - 65535). - type: int - ft_over_ds: - description: - - Enable/disable FT over the Distribution System (DS). - type: str - choices: - - disable - - enable - ft_r0_key_lifetime: - description: - - Lifetime of the PMK-R0 key in FT, 1-65535 minutes. - type: int - gtk_rekey: - description: - - Enable/disable GTK rekey for WPA security. - type: str - choices: - - enable - - disable - gtk_rekey_intv: - description: - - GTK rekey interval (1800 - 864000 sec). - type: int - hotspot20_profile: - description: - - Hotspot 2.0 profile name. - type: str - intra_vap_privacy: - description: - - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) . - type: str - choices: - - enable - - disable - ip: - description: - - IP address and subnet mask for the local standalone NAT subnet. - type: str - key: - description: - - WEP Key. - type: str - keyindex: - description: - - WEP key index (1 - 4). - type: int - ldpc: - description: - - VAP low-density parity-check (LDPC) coding configuration. - type: str - choices: - - disable - - rx - - tx - - rxtx - local_authentication: - description: - - Enable/disable AP local authentication. - type: str - choices: - - enable - - disable - local_bridging: - description: - - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP . - type: str - choices: - - enable - - disable - local_lan: - description: - - Allow/deny traffic destined for a Class A, B, or C private IP address . - type: str - choices: - - allow - - deny - local_standalone: - description: - - Enable/disable AP local standalone . - type: str - choices: - - enable - - disable - local_standalone_nat: - description: - - Enable/disable AP local standalone NAT mode. - type: str - choices: - - enable - - disable - mac_auth_bypass: - description: - - Enable/disable MAC authentication bypass. - type: str - choices: - - enable - - disable - mac_filter: - description: - - Enable/disable MAC filtering to block wireless clients by mac address. - type: str - choices: - - enable - - disable - mac_filter_list: - description: - - Create a list of MAC addresses for MAC address filtering. - type: list - suboptions: - id: - description: - - ID. - required: true - type: int - mac: - description: - - MAC address. - type: str - mac_filter_policy: - description: - - Deny or allow the client with this MAC address. - type: str - choices: - - allow - - deny - mac_filter_policy_other: - description: - - Allow or block clients with MAC addresses that are not in the filter list. - type: str - choices: - - allow - - deny - max_clients: - description: - - Maximum number of clients that can connect simultaneously to the VAP . - type: int - max_clients_ap: - description: - - Maximum number of clients that can connect simultaneously to each radio . - type: int - me_disable_thresh: - description: - - Disable multicast enhancement when this many clients are receiving multicast traffic. - type: int - mesh_backhaul: - description: - - Enable/disable using this VAP as a WiFi mesh backhaul . This entry is only available when security is set to a WPA type or open. - type: str - choices: - - enable - - disable - mpsk: - description: - - Enable/disable multiple pre-shared keys (PSKs.) - type: str - choices: - - enable - - disable - mpsk_concurrent_clients: - description: - - Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled. - type: int - mpsk_key: - description: - - Pre-shared keys that can be used to connect to this virtual access point. - type: list - suboptions: - comment: - description: - - Comment. - type: str - concurrent_clients: - description: - - Number of clients that can connect using this pre-shared key. - type: str - key_name: - description: - - Pre-shared key name. - type: str - passphrase: - description: - - WPA Pre-shared key. - type: str - multicast_enhance: - description: - - Enable/disable converting multicast to unicast to improve performance . - type: str - choices: - - enable - - disable - multicast_rate: - description: - - Multicast rate (0, 6000, 12000, or 24000 kbps). - type: str - choices: - - 0 - - 6000 - - 12000 - - 24000 - name: - description: - - Virtual AP name. - required: true - type: str - okc: - description: - - Enable/disable Opportunistic Key Caching (OKC) . - type: str - choices: - - disable - - enable - passphrase: - description: - - WPA pre-shard key (PSK) to be used to authenticate WiFi users. - type: str - pmf: - description: - - Protected Management Frames (PMF) support . - type: str - choices: - - disable - - enable - - optional - pmf_assoc_comeback_timeout: - description: - - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec). - type: int - pmf_sa_query_retry_timeout: - description: - - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec). - type: int - portal_message_override_group: - description: - - Replacement message group for this VAP (only available when security is set to a captive portal type). - type: str - portal_message_overrides: - description: - - Individual message overrides. - type: dict - suboptions: - auth_disclaimer_page: - description: - - Override auth-disclaimer-page message with message from portal-message-overrides group. - type: str - auth_login_failed_page: - description: - - Override auth-login-failed-page message with message from portal-message-overrides group. - type: str - auth_login_page: - description: - - Override auth-login-page message with message from portal-message-overrides group. - type: str - auth_reject_page: - description: - - Override auth-reject-page message with message from portal-message-overrides group. - type: str - portal_type: - description: - - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. - type: str - choices: - - auth - - auth+disclaimer - - disclaimer - - email-collect - - cmcc - - cmcc-macauth - - auth-mac - probe_resp_suppression: - description: - - Enable/disable probe response suppression (to ignore weak signals) . - type: str - choices: - - enable - - disable - probe_resp_threshold: - description: - - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20). - type: str - ptk_rekey: - description: - - Enable/disable PTK rekey for WPA-Enterprise security. - type: str - choices: - - enable - - disable - ptk_rekey_intv: - description: - - PTK rekey interval (1800 - 864000 sec). - type: int - qos_profile: - description: - - Quality of service profile name. - type: str - quarantine: - description: - - Enable/disable station quarantine . - type: str - choices: - - enable - - disable - radio_2g_threshold: - description: - - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20). - type: str - radio_5g_threshold: - description: - - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20). - type: str - radio_sensitivity: - description: - - Enable/disable software radio sensitivity (to ignore weak signals) . - type: str - choices: - - enable - - disable - radius_mac_auth: - description: - - Enable/disable RADIUS-based MAC authentication of clients . - type: str - choices: - - enable - - disable - radius_mac_auth_server: - description: - - RADIUS-based MAC authentication server. - type: str - radius_mac_auth_usergroups: - description: - - Selective user groups that are permitted for RADIUS mac authentication. - type: list - suboptions: - name: - description: - - User group name. - required: true - type: str - radius_server: - description: - - RADIUS server to be used to authenticate WiFi users. - type: str - rates_11a: - description: - - Allowed data rates for 802.11a. - type: str - choices: - - 1 - - 1-basic - - 2 - - 2-basic - - 5.5 - - 5.5-basic - - 11 - - 11-basic - - 6 - - 6-basic - - 9 - - 9-basic - - 12 - - 12-basic - - 18 - - 18-basic - - 24 - - 24-basic - - 36 - - 36-basic - - 48 - - 48-basic - - 54 - - 54-basic - rates_11ac_ss12: - description: - - Allowed data rates for 802.11ac with 1 or 2 spatial streams. - type: str - choices: - - mcs0/1 - - mcs1/1 - - mcs2/1 - - mcs3/1 - - mcs4/1 - - mcs5/1 - - mcs6/1 - - mcs7/1 - - mcs8/1 - - mcs9/1 - - mcs10/1 - - mcs11/1 - - mcs0/2 - - mcs1/2 - - mcs2/2 - - mcs3/2 - - mcs4/2 - - mcs5/2 - - mcs6/2 - - mcs7/2 - - mcs8/2 - - mcs9/2 - - mcs10/2 - - mcs11/2 - rates_11ac_ss34: - description: - - Allowed data rates for 802.11ac with 3 or 4 spatial streams. - type: str - choices: - - mcs0/3 - - mcs1/3 - - mcs2/3 - - mcs3/3 - - mcs4/3 - - mcs5/3 - - mcs6/3 - - mcs7/3 - - mcs8/3 - - mcs9/3 - - mcs10/3 - - mcs11/3 - - mcs0/4 - - mcs1/4 - - mcs2/4 - - mcs3/4 - - mcs4/4 - - mcs5/4 - - mcs6/4 - - mcs7/4 - - mcs8/4 - - mcs9/4 - - mcs10/4 - - mcs11/4 - rates_11bg: - description: - - Allowed data rates for 802.11b/g. - type: str - choices: - - 1 - - 1-basic - - 2 - - 2-basic - - 5.5 - - 5.5-basic - - 11 - - 11-basic - - 6 - - 6-basic - - 9 - - 9-basic - - 12 - - 12-basic - - 18 - - 18-basic - - 24 - - 24-basic - - 36 - - 36-basic - - 48 - - 48-basic - - 54 - - 54-basic - rates_11n_ss12: - description: - - Allowed data rates for 802.11n with 1 or 2 spatial streams. - type: str - choices: - - mcs0/1 - - mcs1/1 - - mcs2/1 - - mcs3/1 - - mcs4/1 - - mcs5/1 - - mcs6/1 - - mcs7/1 - - mcs8/2 - - mcs9/2 - - mcs10/2 - - mcs11/2 - - mcs12/2 - - mcs13/2 - - mcs14/2 - - mcs15/2 - rates_11n_ss34: - description: - - Allowed data rates for 802.11n with 3 or 4 spatial streams. - type: str - choices: - - mcs16/3 - - mcs17/3 - - mcs18/3 - - mcs19/3 - - mcs20/3 - - mcs21/3 - - mcs22/3 - - mcs23/3 - - mcs24/4 - - mcs25/4 - - mcs26/4 - - mcs27/4 - - mcs28/4 - - mcs29/4 - - mcs30/4 - - mcs31/4 - schedule: - description: - - VAP schedule name. - type: str - security: - description: - - Security mode for the wireless interface . - type: str - choices: - - open - - captive-portal - - wep64 - - wep128 - - wpa-personal - - wpa-personal+captive-portal - - wpa-enterprise - - wpa-only-personal - - wpa-only-personal+captive-portal - - wpa-only-enterprise - - wpa2-only-personal - - wpa2-only-personal+captive-portal - - wpa2-only-enterprise - - osen - security_exempt_list: - description: - - Optional security exempt list for captive portal authentication. - type: str - security_obsolete_option: - description: - - Enable/disable obsolete security options. - type: str - choices: - - enable - - disable - security_redirect_url: - description: - - Optional URL for redirecting users after they pass captive portal authentication. - type: str - selected_usergroups: - description: - - Selective user groups that are permitted to authenticate. - type: list - suboptions: - name: - description: - - User group name. - required: true - type: str - split_tunneling: - description: - - Enable/disable split tunneling . - type: str - choices: - - enable - - disable - ssid: - description: - - IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their - computers to access this SSID name. - type: str - tkip_counter_measure: - description: - - Enable/disable TKIP counter measure. - type: str - choices: - - enable - - disable - usergroup: - description: - - Firewall user group to be used to authenticate WiFi users. - type: list - suboptions: - name: - description: - - User group name. - required: true - type: str - utm_profile: - description: - - UTM profile name. - type: str - vdom: - description: - - Name of the VDOM that the Virtual AP has been added to. Source system.vdom.name. - type: str - vlan_auto: - description: - - Enable/disable automatic management of SSID VLAN interface. - type: str - choices: - - enable - - disable - vlan_pool: - description: - - VLAN pool. - type: list - suboptions: - id: - description: - - ID. - required: true - type: int - wtp_group: - description: - - WTP group name. - type: str - vlan_pooling: - description: - - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools . When set to wtp-group, VLAN - pooling occurs with VLAN assignment by wtp-group. - type: str - choices: - - wtp-group - - round-robin - - hash - - disable - vlanid: - description: - - Optional VLAN ID. - type: int - voice_enterprise: - description: - - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming . - type: str - choices: - - disable - - enable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure Virtual Access Points (VAPs). - fortios_wireless_controller_vap: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - wireless_controller_vap: - acct_interim_interval: "3" - alias: "" - auth: "psk" - broadcast_ssid: "enable" - broadcast_suppression: "dhcp-up" - captive_portal_ac_name: "" - captive_portal_macauth_radius_secret: "" - captive_portal_macauth_radius_server: "" - captive_portal_radius_secret: "" - captive_portal_radius_server: "" - captive_portal_session_timeout_interval: "13" - dhcp_lease_time: "14" - dhcp_option82_circuit_id_insertion: "style-1" - dhcp_option82_insertion: "enable" - dhcp_option82_remote_id_insertion: "style-1" - dynamic_vlan: "enable" - eap_reauth: "enable" - eap_reauth_intv: "20" - eapol_key_retries: "disable" - encrypt: "TKIP" - external_fast_roaming: "enable" - external_logout: "" - external_web: "" - fast_bss_transition: "disable" - fast_roaming: "enable" - ft_mobility_domain: "28" - ft_over_ds: "disable" - ft_r0_key_lifetime: "30" - gtk_rekey: "enable" - gtk_rekey_intv: "32" - hotspot20_profile: "" - intra_vap_privacy: "enable" - ip: "" - key: "" - keyindex: "37" - ldpc: "disable" - local_authentication: "enable" - local_bridging: "enable" - local_lan: "allow" - local_standalone: "enable" - local_standalone_nat: "enable" - mac_auth_bypass: "enable" - mac_filter: "enable" - mac_filter_list: - - - id: "47" - mac: "" - mac_filter_policy: "allow" - mac_filter_policy_other: "allow" - max_clients: "51" - max_clients_ap: "52" - me_disable_thresh: "53" - mesh_backhaul: "enable" - mpsk: "enable" - mpsk_concurrent_clients: "56" - mpsk_key: - - - comment: "Comment." - concurrent_clients: "" - key_name: "" - passphrase: "" - multicast_enhance: "enable" - multicast_rate: "0" - name: "default_name_64" - okc: "disable" - passphrase: "" - pmf: "disable" - pmf_assoc_comeback_timeout: "68" - pmf_sa_query_retry_timeout: "69" - portal_message_override_group: "" - portal_message_overrides: - auth_disclaimer_page: "" - auth_login_failed_page: "" - auth_login_page: "" - auth_reject_page: "" - portal_type: "auth" - probe_resp_suppression: "enable" - probe_resp_threshold: "" - ptk_rekey: "enable" - ptk_rekey_intv: "80" - qos_profile: "" - quarantine: "enable" - radio_2g_threshold: "" - radio_5g_threshold: "" - radio_sensitivity: "enable" - radius_mac_auth: "enable" - radius_mac_auth_server: "" - radius_mac_auth_usergroups: - - - name: "default_name_89" - radius_server: "" - rates_11a: "1" - rates_11ac_ss12: "mcs0/1" - rates_11ac_ss34: "mcs0/3" - rates_11bg: "1" - rates_11n_ss12: "mcs0/1" - rates_11n_ss34: "mcs16/3" - schedule: "" - security: "open" - security_exempt_list: "" - security_obsolete_option: "enable" - security_redirect_url: "" - selected_usergroups: - - - name: "default_name_103" - split_tunneling: "enable" - ssid: "" - tkip_counter_measure: "enable" - usergroup: - - - name: "default_name_108" - utm_profile: "" - vdom: " (source system.vdom.name)" - vlan_auto: "enable" - vlan_pool: - - - id: "113" - wtp_group: "" - vlan_pooling: "wtp-group" - vlanid: "116" - voice_enterprise: "disable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wireless_controller_vap_data(json): - option_list = ['acct_interim_interval', 'alias', 'auth', - 'broadcast_ssid', 'broadcast_suppression', 'captive_portal_ac_name', - 'captive_portal_macauth_radius_secret', 'captive_portal_macauth_radius_server', 'captive_portal_radius_secret', - 'captive_portal_radius_server', 'captive_portal_session_timeout_interval', 'dhcp_lease_time', - 'dhcp_option82_circuit_id_insertion', 'dhcp_option82_insertion', 'dhcp_option82_remote_id_insertion', - 'dynamic_vlan', 'eap_reauth', 'eap_reauth_intv', - 'eapol_key_retries', 'encrypt', 'external_fast_roaming', - 'external_logout', 'external_web', 'fast_bss_transition', - 'fast_roaming', 'ft_mobility_domain', 'ft_over_ds', - 'ft_r0_key_lifetime', 'gtk_rekey', 'gtk_rekey_intv', - 'hotspot20_profile', 'intra_vap_privacy', 'ip', - 'key', 'keyindex', 'ldpc', - 'local_authentication', 'local_bridging', 'local_lan', - 'local_standalone', 'local_standalone_nat', 'mac_auth_bypass', - 'mac_filter', 'mac_filter_list', 'mac_filter_policy_other', - 'max_clients', 'max_clients_ap', 'me_disable_thresh', - 'mesh_backhaul', 'mpsk', 'mpsk_concurrent_clients', - 'mpsk_key', 'multicast_enhance', 'multicast_rate', - 'name', 'okc', 'passphrase', - 'pmf', 'pmf_assoc_comeback_timeout', 'pmf_sa_query_retry_timeout', - 'portal_message_override_group', 'portal_message_overrides', 'portal_type', - 'probe_resp_suppression', 'probe_resp_threshold', 'ptk_rekey', - 'ptk_rekey_intv', 'qos_profile', 'quarantine', - 'radio_2g_threshold', 'radio_5g_threshold', 'radio_sensitivity', - 'radius_mac_auth', 'radius_mac_auth_server', 'radius_mac_auth_usergroups', - 'radius_server', 'rates_11a', 'rates_11ac_ss12', - 'rates_11ac_ss34', 'rates_11bg', 'rates_11n_ss12', - 'rates_11n_ss34', 'schedule', 'security', - 'security_exempt_list', 'security_obsolete_option', 'security_redirect_url', - 'selected_usergroups', 'split_tunneling', 'ssid', - 'tkip_counter_measure', 'usergroup', 'utm_profile', - 'vdom', 'vlan_auto', 'vlan_pool', - 'vlan_pooling', 'vlanid', 'voice_enterprise'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wireless_controller_vap(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['wireless_controller_vap'] and data['wireless_controller_vap']: - state = data['wireless_controller_vap']['state'] - else: - state = True - wireless_controller_vap_data = data['wireless_controller_vap'] - filtered_data = underscore_to_hyphen(filter_wireless_controller_vap_data(wireless_controller_vap_data)) - - if state == "present": - return fos.set('wireless-controller', - 'vap', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('wireless-controller', - 'vap', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wireless_controller(data, fos): - - if data['wireless_controller_vap']: - resp = wireless_controller_vap(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "wireless_controller_vap": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "acct_interim_interval": {"required": False, "type": "int"}, - "alias": {"required": False, "type": "str"}, - "auth": {"required": False, "type": "str", - "choices": ["psk", "radius", "usergroup"]}, - "broadcast_ssid": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "broadcast_suppression": {"required": False, "type": "str", - "choices": ["dhcp-up", "dhcp-down", "dhcp-starvation", - "arp-known", "arp-unknown", "arp-reply", - "arp-poison", "arp-proxy", "netbios-ns", - "netbios-ds", "ipv6", "all-other-mc", - "all-other-bc"]}, - "captive_portal_ac_name": {"required": False, "type": "str"}, - "captive_portal_macauth_radius_secret": {"required": False, "type": "str"}, - "captive_portal_macauth_radius_server": {"required": False, "type": "str"}, - "captive_portal_radius_secret": {"required": False, "type": "str"}, - "captive_portal_radius_server": {"required": False, "type": "str"}, - "captive_portal_session_timeout_interval": {"required": False, "type": "int"}, - "dhcp_lease_time": {"required": False, "type": "int"}, - "dhcp_option82_circuit_id_insertion": {"required": False, "type": "str", - "choices": ["style-1", "style-2", "disable"]}, - "dhcp_option82_insertion": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dhcp_option82_remote_id_insertion": {"required": False, "type": "str", - "choices": ["style-1", "disable"]}, - "dynamic_vlan": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "eap_reauth": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "eap_reauth_intv": {"required": False, "type": "int"}, - "eapol_key_retries": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "encrypt": {"required": False, "type": "str", - "choices": ["TKIP", "AES", "TKIP-AES"]}, - "external_fast_roaming": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "external_logout": {"required": False, "type": "str"}, - "external_web": {"required": False, "type": "str"}, - "fast_bss_transition": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "fast_roaming": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ft_mobility_domain": {"required": False, "type": "int"}, - "ft_over_ds": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "ft_r0_key_lifetime": {"required": False, "type": "int"}, - "gtk_rekey": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "gtk_rekey_intv": {"required": False, "type": "int"}, - "hotspot20_profile": {"required": False, "type": "str"}, - "intra_vap_privacy": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ip": {"required": False, "type": "str"}, - "key": {"required": False, "type": "str"}, - "keyindex": {"required": False, "type": "int"}, - "ldpc": {"required": False, "type": "str", - "choices": ["disable", "rx", "tx", - "rxtx"]}, - "local_authentication": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_bridging": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_lan": {"required": False, "type": "str", - "choices": ["allow", "deny"]}, - "local_standalone": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "local_standalone_nat": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "mac_auth_bypass": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "mac_filter": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "mac_filter_list": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "mac": {"required": False, "type": "str"}, - "mac_filter_policy": {"required": False, "type": "str", - "choices": ["allow", "deny"]} - }}, - "mac_filter_policy_other": {"required": False, "type": "str", - "choices": ["allow", "deny"]}, - "max_clients": {"required": False, "type": "int"}, - "max_clients_ap": {"required": False, "type": "int"}, - "me_disable_thresh": {"required": False, "type": "int"}, - "mesh_backhaul": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "mpsk": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "mpsk_concurrent_clients": {"required": False, "type": "int"}, - "mpsk_key": {"required": False, "type": "list", - "options": { - "comment": {"required": False, "type": "str"}, - "concurrent_clients": {"required": False, "type": "str"}, - "key_name": {"required": False, "type": "str"}, - "passphrase": {"required": False, "type": "str"} - }}, - "multicast_enhance": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "multicast_rate": {"required": False, "type": "str", - "choices": ["0", "6000", "12000", - "24000"]}, - "name": {"required": True, "type": "str"}, - "okc": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "passphrase": {"required": False, "type": "str"}, - "pmf": {"required": False, "type": "str", - "choices": ["disable", "enable", "optional"]}, - "pmf_assoc_comeback_timeout": {"required": False, "type": "int"}, - "pmf_sa_query_retry_timeout": {"required": False, "type": "int"}, - "portal_message_override_group": {"required": False, "type": "str"}, - "portal_message_overrides": {"required": False, "type": "dict", - "options": { - "auth_disclaimer_page": {"required": False, "type": "str"}, - "auth_login_failed_page": {"required": False, "type": "str"}, - "auth_login_page": {"required": False, "type": "str"}, - "auth_reject_page": {"required": False, "type": "str"} - }}, - "portal_type": {"required": False, "type": "str", - "choices": ["auth", "auth+disclaimer", "disclaimer", - "email-collect", "cmcc", "cmcc-macauth", - "auth-mac"]}, - "probe_resp_suppression": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "probe_resp_threshold": {"required": False, "type": "str"}, - "ptk_rekey": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ptk_rekey_intv": {"required": False, "type": "int"}, - "qos_profile": {"required": False, "type": "str"}, - "quarantine": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "radio_2g_threshold": {"required": False, "type": "str"}, - "radio_5g_threshold": {"required": False, "type": "str"}, - "radio_sensitivity": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "radius_mac_auth": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "radius_mac_auth_server": {"required": False, "type": "str"}, - "radius_mac_auth_usergroups": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "radius_server": {"required": False, "type": "str"}, - "rates_11a": {"required": False, "type": "str", - "choices": ["1", "1-basic", "2", - "2-basic", "5.5", "5.5-basic", - "11", "11-basic", "6", - "6-basic", "9", "9-basic", - "12", "12-basic", "18", - "18-basic", "24", "24-basic", - "36", "36-basic", "48", - "48-basic", "54", "54-basic"]}, - "rates_11ac_ss12": {"required": False, "type": "str", - "choices": ["mcs0/1", "mcs1/1", "mcs2/1", - "mcs3/1", "mcs4/1", "mcs5/1", - "mcs6/1", "mcs7/1", "mcs8/1", - "mcs9/1", "mcs10/1", "mcs11/1", - "mcs0/2", "mcs1/2", "mcs2/2", - "mcs3/2", "mcs4/2", "mcs5/2", - "mcs6/2", "mcs7/2", "mcs8/2", - "mcs9/2", "mcs10/2", "mcs11/2"]}, - "rates_11ac_ss34": {"required": False, "type": "str", - "choices": ["mcs0/3", "mcs1/3", "mcs2/3", - "mcs3/3", "mcs4/3", "mcs5/3", - "mcs6/3", "mcs7/3", "mcs8/3", - "mcs9/3", "mcs10/3", "mcs11/3", - "mcs0/4", "mcs1/4", "mcs2/4", - "mcs3/4", "mcs4/4", "mcs5/4", - "mcs6/4", "mcs7/4", "mcs8/4", - "mcs9/4", "mcs10/4", "mcs11/4"]}, - "rates_11bg": {"required": False, "type": "str", - "choices": ["1", "1-basic", "2", - "2-basic", "5.5", "5.5-basic", - "11", "11-basic", "6", - "6-basic", "9", "9-basic", - "12", "12-basic", "18", - "18-basic", "24", "24-basic", - "36", "36-basic", "48", - "48-basic", "54", "54-basic"]}, - "rates_11n_ss12": {"required": False, "type": "str", - "choices": ["mcs0/1", "mcs1/1", "mcs2/1", - "mcs3/1", "mcs4/1", "mcs5/1", - "mcs6/1", "mcs7/1", "mcs8/2", - "mcs9/2", "mcs10/2", "mcs11/2", - "mcs12/2", "mcs13/2", "mcs14/2", - "mcs15/2"]}, - "rates_11n_ss34": {"required": False, "type": "str", - "choices": ["mcs16/3", "mcs17/3", "mcs18/3", - "mcs19/3", "mcs20/3", "mcs21/3", - "mcs22/3", "mcs23/3", "mcs24/4", - "mcs25/4", "mcs26/4", "mcs27/4", - "mcs28/4", "mcs29/4", "mcs30/4", - "mcs31/4"]}, - "schedule": {"required": False, "type": "str"}, - "security": {"required": False, "type": "str", - "choices": ["open", "captive-portal", "wep64", - "wep128", "wpa-personal", "wpa-personal+captive-portal", - "wpa-enterprise", "wpa-only-personal", "wpa-only-personal+captive-portal", - "wpa-only-enterprise", "wpa2-only-personal", "wpa2-only-personal+captive-portal", - "wpa2-only-enterprise", "osen"]}, - "security_exempt_list": {"required": False, "type": "str"}, - "security_obsolete_option": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "security_redirect_url": {"required": False, "type": "str"}, - "selected_usergroups": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "split_tunneling": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ssid": {"required": False, "type": "str"}, - "tkip_counter_measure": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "usergroup": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "utm_profile": {"required": False, "type": "str"}, - "vdom": {"required": False, "type": "str"}, - "vlan_auto": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "vlan_pool": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "wtp_group": {"required": False, "type": "str"} - }}, - "vlan_pooling": {"required": False, "type": "str", - "choices": ["wtp-group", "round-robin", "hash", - "disable"]}, - "vlanid": {"required": False, "type": "int"}, - "voice_enterprise": {"required": False, "type": "str", - "choices": ["disable", "enable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_vap_group.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_vap_group.py deleted file mode 100644 index ff3688061a6..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_vap_group.py +++ /dev/null @@ -1,332 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wireless_controller_vap_group -short_description: Configure virtual Access Point (VAP) groups in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wireless_controller feature and vap_group category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - wireless_controller_vap_group: - description: - - Configure virtual Access Point (VAP) groups. - default: null - type: dict - suboptions: - comment: - description: - - Comment. - type: str - name: - description: - - Group Name - required: true - type: str - vaps: - description: - - List of SSIDs to be included in the VAP group. - type: list - suboptions: - name: - description: - - vap name Source wireless-controller.vap.name. - required: true - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure virtual Access Point (VAP) groups. - fortios_wireless_controller_vap_group: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - wireless_controller_vap_group: - comment: "Comment." - name: "default_name_4" - vaps: - - - name: "default_name_6 (source wireless-controller.vap.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wireless_controller_vap_group_data(json): - option_list = ['comment', 'name', 'vaps'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wireless_controller_vap_group(data, fos): - vdom = data['vdom'] - state = data['state'] - wireless_controller_vap_group_data = data['wireless_controller_vap_group'] - filtered_data = underscore_to_hyphen(filter_wireless_controller_vap_group_data(wireless_controller_vap_group_data)) - - if state == "present": - return fos.set('wireless-controller', - 'vap-group', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('wireless-controller', - 'vap-group', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wireless_controller(data, fos): - - if data['wireless_controller_vap_group']: - resp = wireless_controller_vap_group(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "wireless_controller_vap_group": { - "required": False, "type": "dict", "default": None, - "options": { - "comment": {"required": False, "type": "str"}, - "name": {"required": True, "type": "str"}, - "vaps": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_wids_profile.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_wids_profile.py deleted file mode 100644 index a96816e3104..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_wids_profile.py +++ /dev/null @@ -1,727 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wireless_controller_wids_profile -short_description: Configure wireless intrusion detection system (WIDS) profiles in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wireless_controller feature and wids_profile category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - wireless_controller_wids_profile: - description: - - Configure wireless intrusion detection system (WIDS) profiles. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - ap_auto_suppress: - description: - - Enable/disable on-wire rogue AP auto-suppression . - type: str - choices: - - enable - - disable - ap_bgscan_disable_day: - description: - - Optionally turn off scanning for one or more days of the week. Separate the days with a space. By default, no days are set. - type: str - choices: - - sunday - - monday - - tuesday - - wednesday - - thursday - - friday - - saturday - ap_bgscan_disable_end: - description: - - "End time, using a 24-hour clock in the format of hh:mm, for disabling background scanning ." - type: str - ap_bgscan_disable_start: - description: - - "Start time, using a 24-hour clock in the format of hh:mm, for disabling background scanning ." - type: str - ap_bgscan_duration: - description: - - Listening time on a scanning channel (10 - 1000 msec). - type: int - ap_bgscan_idle: - description: - - Waiting time for channel inactivity before scanning this channel (0 - 1000 msec). - type: int - ap_bgscan_intv: - description: - - Period of time between scanning two channels (1 - 600 sec). - type: int - ap_bgscan_period: - description: - - Period of time between background scans (60 - 3600 sec). - type: int - ap_bgscan_report_intv: - description: - - Period of time between background scan reports (15 - 600 sec). - type: int - ap_fgscan_report_intv: - description: - - Period of time between foreground scan reports (15 - 600 sec). - type: int - ap_scan: - description: - - Enable/disable rogue AP detection. - type: str - choices: - - disable - - enable - ap_scan_passive: - description: - - Enable/disable passive scanning. Enable means do not send probe request on any channels . - type: str - choices: - - enable - - disable - asleap_attack: - description: - - Enable/disable asleap attack detection . - type: str - choices: - - enable - - disable - assoc_flood_thresh: - description: - - The threshold value for association frame flooding. - type: int - assoc_flood_time: - description: - - Number of seconds after which a station is considered not connected. - type: int - assoc_frame_flood: - description: - - Enable/disable association frame flooding detection . - type: str - choices: - - enable - - disable - auth_flood_thresh: - description: - - The threshold value for authentication frame flooding. - type: int - auth_flood_time: - description: - - Number of seconds after which a station is considered not connected. - type: int - auth_frame_flood: - description: - - Enable/disable authentication frame flooding detection . - type: str - choices: - - enable - - disable - comment: - description: - - Comment. - type: str - deauth_broadcast: - description: - - Enable/disable broadcasting de-authentication detection . - type: str - choices: - - enable - - disable - deauth_unknown_src_thresh: - description: - - "Threshold value per second to deauth unknown src for DoS attack (0: no limit)." - type: int - eapol_fail_flood: - description: - - Enable/disable EAPOL-Failure flooding (to AP) detection . - type: str - choices: - - enable - - disable - eapol_fail_intv: - description: - - The detection interval for EAPOL-Failure flooding (1 - 3600 sec). - type: int - eapol_fail_thresh: - description: - - The threshold value for EAPOL-Failure flooding in specified interval. - type: int - eapol_logoff_flood: - description: - - Enable/disable EAPOL-Logoff flooding (to AP) detection . - type: str - choices: - - enable - - disable - eapol_logoff_intv: - description: - - The detection interval for EAPOL-Logoff flooding (1 - 3600 sec). - type: int - eapol_logoff_thresh: - description: - - The threshold value for EAPOL-Logoff flooding in specified interval. - type: int - eapol_pre_fail_flood: - description: - - Enable/disable premature EAPOL-Failure flooding (to STA) detection . - type: str - choices: - - enable - - disable - eapol_pre_fail_intv: - description: - - The detection interval for premature EAPOL-Failure flooding (1 - 3600 sec). - type: int - eapol_pre_fail_thresh: - description: - - The threshold value for premature EAPOL-Failure flooding in specified interval. - type: int - eapol_pre_succ_flood: - description: - - Enable/disable premature EAPOL-Success flooding (to STA) detection . - type: str - choices: - - enable - - disable - eapol_pre_succ_intv: - description: - - The detection interval for premature EAPOL-Success flooding (1 - 3600 sec). - type: int - eapol_pre_succ_thresh: - description: - - The threshold value for premature EAPOL-Success flooding in specified interval. - type: int - eapol_start_flood: - description: - - Enable/disable EAPOL-Start flooding (to AP) detection . - type: str - choices: - - enable - - disable - eapol_start_intv: - description: - - The detection interval for EAPOL-Start flooding (1 - 3600 sec). - type: int - eapol_start_thresh: - description: - - The threshold value for EAPOL-Start flooding in specified interval. - type: int - eapol_succ_flood: - description: - - Enable/disable EAPOL-Success flooding (to AP) detection . - type: str - choices: - - enable - - disable - eapol_succ_intv: - description: - - The detection interval for EAPOL-Success flooding (1 - 3600 sec). - type: int - eapol_succ_thresh: - description: - - The threshold value for EAPOL-Success flooding in specified interval. - type: int - invalid_mac_oui: - description: - - Enable/disable invalid MAC OUI detection. - type: str - choices: - - enable - - disable - long_duration_attack: - description: - - Enable/disable long duration attack detection based on user configured threshold . - type: str - choices: - - enable - - disable - long_duration_thresh: - description: - - Threshold value for long duration attack detection (1000 - 32767 usec). - type: int - name: - description: - - WIDS profile name. - required: true - type: str - null_ssid_probe_resp: - description: - - Enable/disable null SSID probe response detection . - type: str - choices: - - enable - - disable - sensor_mode: - description: - - Scan WiFi nearby stations . - type: str - choices: - - disable - - foreign - - both - spoofed_deauth: - description: - - Enable/disable spoofed de-authentication attack detection . - type: str - choices: - - enable - - disable - weak_wep_iv: - description: - - Enable/disable weak WEP IV (Initialization Vector) detection . - type: str - choices: - - enable - - disable - wireless_bridge: - description: - - Enable/disable wireless bridge detection . - type: str - choices: - - enable - - disable -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure wireless intrusion detection system (WIDS) profiles. - fortios_wireless_controller_wids_profile: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - wireless_controller_wids_profile: - ap_auto_suppress: "enable" - ap_bgscan_disable_day: "sunday" - ap_bgscan_disable_end: "" - ap_bgscan_disable_start: "" - ap_bgscan_duration: "7" - ap_bgscan_idle: "8" - ap_bgscan_intv: "9" - ap_bgscan_period: "10" - ap_bgscan_report_intv: "11" - ap_fgscan_report_intv: "12" - ap_scan: "disable" - ap_scan_passive: "enable" - asleap_attack: "enable" - assoc_flood_thresh: "16" - assoc_flood_time: "17" - assoc_frame_flood: "enable" - auth_flood_thresh: "19" - auth_flood_time: "20" - auth_frame_flood: "enable" - comment: "Comment." - deauth_broadcast: "enable" - deauth_unknown_src_thresh: "24" - eapol_fail_flood: "enable" - eapol_fail_intv: "26" - eapol_fail_thresh: "27" - eapol_logoff_flood: "enable" - eapol_logoff_intv: "29" - eapol_logoff_thresh: "30" - eapol_pre_fail_flood: "enable" - eapol_pre_fail_intv: "32" - eapol_pre_fail_thresh: "33" - eapol_pre_succ_flood: "enable" - eapol_pre_succ_intv: "35" - eapol_pre_succ_thresh: "36" - eapol_start_flood: "enable" - eapol_start_intv: "38" - eapol_start_thresh: "39" - eapol_succ_flood: "enable" - eapol_succ_intv: "41" - eapol_succ_thresh: "42" - invalid_mac_oui: "enable" - long_duration_attack: "enable" - long_duration_thresh: "45" - name: "default_name_46" - null_ssid_probe_resp: "enable" - sensor_mode: "disable" - spoofed_deauth: "enable" - weak_wep_iv: "enable" - wireless_bridge: "enable" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wireless_controller_wids_profile_data(json): - option_list = ['ap_auto_suppress', 'ap_bgscan_disable_day', 'ap_bgscan_disable_end', - 'ap_bgscan_disable_start', 'ap_bgscan_duration', 'ap_bgscan_idle', - 'ap_bgscan_intv', 'ap_bgscan_period', 'ap_bgscan_report_intv', - 'ap_fgscan_report_intv', 'ap_scan', 'ap_scan_passive', - 'asleap_attack', 'assoc_flood_thresh', 'assoc_flood_time', - 'assoc_frame_flood', 'auth_flood_thresh', 'auth_flood_time', - 'auth_frame_flood', 'comment', 'deauth_broadcast', - 'deauth_unknown_src_thresh', 'eapol_fail_flood', 'eapol_fail_intv', - 'eapol_fail_thresh', 'eapol_logoff_flood', 'eapol_logoff_intv', - 'eapol_logoff_thresh', 'eapol_pre_fail_flood', 'eapol_pre_fail_intv', - 'eapol_pre_fail_thresh', 'eapol_pre_succ_flood', 'eapol_pre_succ_intv', - 'eapol_pre_succ_thresh', 'eapol_start_flood', 'eapol_start_intv', - 'eapol_start_thresh', 'eapol_succ_flood', 'eapol_succ_intv', - 'eapol_succ_thresh', 'invalid_mac_oui', 'long_duration_attack', - 'long_duration_thresh', 'name', 'null_ssid_probe_resp', - 'sensor_mode', 'spoofed_deauth', 'weak_wep_iv', - 'wireless_bridge'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wireless_controller_wids_profile(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['wireless_controller_wids_profile'] and data['wireless_controller_wids_profile']: - state = data['wireless_controller_wids_profile']['state'] - else: - state = True - wireless_controller_wids_profile_data = data['wireless_controller_wids_profile'] - filtered_data = underscore_to_hyphen(filter_wireless_controller_wids_profile_data(wireless_controller_wids_profile_data)) - - if state == "present": - return fos.set('wireless-controller', - 'wids-profile', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('wireless-controller', - 'wids-profile', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wireless_controller(data, fos): - - if data['wireless_controller_wids_profile']: - resp = wireless_controller_wids_profile(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "wireless_controller_wids_profile": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "ap_auto_suppress": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ap_bgscan_disable_day": {"required": False, "type": "str", - "choices": ["sunday", "monday", "tuesday", - "wednesday", "thursday", "friday", - "saturday"]}, - "ap_bgscan_disable_end": {"required": False, "type": "str"}, - "ap_bgscan_disable_start": {"required": False, "type": "str"}, - "ap_bgscan_duration": {"required": False, "type": "int"}, - "ap_bgscan_idle": {"required": False, "type": "int"}, - "ap_bgscan_intv": {"required": False, "type": "int"}, - "ap_bgscan_period": {"required": False, "type": "int"}, - "ap_bgscan_report_intv": {"required": False, "type": "int"}, - "ap_fgscan_report_intv": {"required": False, "type": "int"}, - "ap_scan": {"required": False, "type": "str", - "choices": ["disable", "enable"]}, - "ap_scan_passive": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "asleap_attack": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "assoc_flood_thresh": {"required": False, "type": "int"}, - "assoc_flood_time": {"required": False, "type": "int"}, - "assoc_frame_flood": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "auth_flood_thresh": {"required": False, "type": "int"}, - "auth_flood_time": {"required": False, "type": "int"}, - "auth_frame_flood": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "comment": {"required": False, "type": "str"}, - "deauth_broadcast": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "deauth_unknown_src_thresh": {"required": False, "type": "int"}, - "eapol_fail_flood": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "eapol_fail_intv": {"required": False, "type": "int"}, - "eapol_fail_thresh": {"required": False, "type": "int"}, - "eapol_logoff_flood": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "eapol_logoff_intv": {"required": False, "type": "int"}, - "eapol_logoff_thresh": {"required": False, "type": "int"}, - "eapol_pre_fail_flood": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "eapol_pre_fail_intv": {"required": False, "type": "int"}, - "eapol_pre_fail_thresh": {"required": False, "type": "int"}, - "eapol_pre_succ_flood": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "eapol_pre_succ_intv": {"required": False, "type": "int"}, - "eapol_pre_succ_thresh": {"required": False, "type": "int"}, - "eapol_start_flood": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "eapol_start_intv": {"required": False, "type": "int"}, - "eapol_start_thresh": {"required": False, "type": "int"}, - "eapol_succ_flood": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "eapol_succ_intv": {"required": False, "type": "int"}, - "eapol_succ_thresh": {"required": False, "type": "int"}, - "invalid_mac_oui": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "long_duration_attack": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "long_duration_thresh": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "null_ssid_probe_resp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "sensor_mode": {"required": False, "type": "str", - "choices": ["disable", "foreign", "both"]}, - "spoofed_deauth": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "weak_wep_iv": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "wireless_bridge": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp.py deleted file mode 100644 index e22c52bc89f..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp.py +++ /dev/null @@ -1,1157 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wireless_controller_wtp -short_description: Configure Wireless Termination Points (WTPs), that is, FortiAPs or APs to be managed by FortiGate in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wireless_controller feature and wtp category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - wireless_controller_wtp: - description: - - Configure Wireless Termination Points (WTPs), that is, FortiAPs or APs to be managed by FortiGate. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - admin: - description: - - Configure how the FortiGate operating as a wireless controller discovers and manages this WTP, AP or FortiAP. - type: str - choices: - - discovered - - disable - - enable - allowaccess: - description: - - Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space. - type: str - choices: - - telnet - - http - - https - - ssh - bonjour_profile: - description: - - Bonjour profile name. Source wireless-controller.bonjour-profile.name. - type: str - coordinate_enable: - description: - - Enable/disable WTP coordinates (X,Y axis). - type: str - choices: - - enable - - disable - coordinate_latitude: - description: - - WTP latitude coordinate. - type: str - coordinate_longitude: - description: - - WTP longitude coordinate. - type: str - coordinate_x: - description: - - X axis coordinate. - type: str - coordinate_y: - description: - - Y axis coordinate. - type: str - image_download: - description: - - Enable/disable WTP image download. - type: str - choices: - - enable - - disable - index: - description: - - Index (0 - 4294967295). - type: int - ip_fragment_preventing: - description: - - Method by which IP fragmentation is prevented for CAPWAP tunneled control and data packets . - type: str - choices: - - tcp-mss-adjust - - icmp-unreachable - lan: - description: - - WTP LAN port mapping. - type: dict - suboptions: - port_mode: - description: - - LAN port mode. - type: str - choices: - - offline - - nat-to-wan - - bridge-to-wan - - bridge-to-ssid - port_ssid: - description: - - Bridge LAN port to SSID. Source wireless-controller.vap.name. - type: str - port1_mode: - description: - - LAN port 1 mode. - type: str - choices: - - offline - - nat-to-wan - - bridge-to-wan - - bridge-to-ssid - port1_ssid: - description: - - Bridge LAN port 1 to SSID. Source wireless-controller.vap.name. - type: str - port2_mode: - description: - - LAN port 2 mode. - type: str - choices: - - offline - - nat-to-wan - - bridge-to-wan - - bridge-to-ssid - port2_ssid: - description: - - Bridge LAN port 2 to SSID. Source wireless-controller.vap.name. - type: str - port3_mode: - description: - - LAN port 3 mode. - type: str - choices: - - offline - - nat-to-wan - - bridge-to-wan - - bridge-to-ssid - port3_ssid: - description: - - Bridge LAN port 3 to SSID. Source wireless-controller.vap.name. - type: str - port4_mode: - description: - - LAN port 4 mode. - type: str - choices: - - offline - - nat-to-wan - - bridge-to-wan - - bridge-to-ssid - port4_ssid: - description: - - Bridge LAN port 4 to SSID. Source wireless-controller.vap.name. - type: str - port5_mode: - description: - - LAN port 5 mode. - type: str - choices: - - offline - - nat-to-wan - - bridge-to-wan - - bridge-to-ssid - port5_ssid: - description: - - Bridge LAN port 5 to SSID. Source wireless-controller.vap.name. - type: str - port6_mode: - description: - - LAN port 6 mode. - type: str - choices: - - offline - - nat-to-wan - - bridge-to-wan - - bridge-to-ssid - port6_ssid: - description: - - Bridge LAN port 6 to SSID. Source wireless-controller.vap.name. - type: str - port7_mode: - description: - - LAN port 7 mode. - type: str - choices: - - offline - - nat-to-wan - - bridge-to-wan - - bridge-to-ssid - port7_ssid: - description: - - Bridge LAN port 7 to SSID. Source wireless-controller.vap.name. - type: str - port8_mode: - description: - - LAN port 8 mode. - type: str - choices: - - offline - - nat-to-wan - - bridge-to-wan - - bridge-to-ssid - port8_ssid: - description: - - Bridge LAN port 8 to SSID. Source wireless-controller.vap.name. - type: str - led_state: - description: - - Enable to allow the FortiAPs LEDs to light. Disable to keep the LEDs off. You may want to keep the LEDs off so they are not distracting - in low light areas etc. - type: str - choices: - - enable - - disable - location: - description: - - Field for describing the physical location of the WTP, AP or FortiAP. - type: str - login_passwd: - description: - - Set the managed WTP, FortiAP, or AP's administrator password. - type: str - login_passwd_change: - description: - - Change or reset the administrator password of a managed WTP, FortiAP or AP (yes, default, or no). - type: str - choices: - - yes - - default - - no - mesh_bridge_enable: - description: - - Enable/disable mesh Ethernet bridge when WTP is configured as a mesh branch/leaf AP. - type: str - choices: - - default - - enable - - disable - name: - description: - - WTP, AP or FortiAP configuration name. - type: str - override_allowaccess: - description: - - Enable to override the WTP profile management access configuration. - type: str - choices: - - enable - - disable - override_ip_fragment: - description: - - Enable/disable overriding the WTP profile IP fragment prevention setting. - type: str - choices: - - enable - - disable - override_lan: - description: - - Enable to override the WTP profile LAN port setting. - type: str - choices: - - enable - - disable - override_led_state: - description: - - Enable to override the profile LED state setting for this FortiAP. You must enable this option to use the led-state command to turn off - the FortiAP's LEDs. - type: str - choices: - - enable - - disable - override_login_passwd_change: - description: - - Enable to override the WTP profile login-password (administrator password) setting. - type: str - choices: - - enable - - disable - override_split_tunnel: - description: - - Enable/disable overriding the WTP profile split tunneling setting. - type: str - choices: - - enable - - disable - override_wan_port_mode: - description: - - Enable/disable overriding the wan-port-mode in the WTP profile. - type: str - choices: - - enable - - disable - radio_1: - description: - - Configuration options for radio 1. - type: dict - suboptions: - auto_power_high: - description: - - Automatic transmission power high limit in decibels (dB) of the measured power referenced to one milliwatt (mW), or dBm (10 - 17 - dBm). - type: int - auto_power_level: - description: - - Enable/disable automatic power-level adjustment to prevent co-channel interference . - type: str - choices: - - enable - - disable - auto_power_low: - description: - - Automatic transmission power low limit in dBm (the actual range of transmit power depends on the AP platform type). - type: int - band: - description: - - WiFi band that Radio 1 operates on. - type: str - choices: - - 802.11a - - 802.11b - - 802.11g - - 802.11n - - 802.11n-5G - - 802.11n,g-only - - 802.11g-only - - 802.11n-only - - 802.11n-5G-only - - 802.11ac - - 802.11ac,n-only - - 802.11ac-only - channel: - description: - - Selected list of wireless radio channels. - type: list - suboptions: - chan: - description: - - Channel number. - required: true - type: str - override_analysis: - description: - - Enable to override the WTP profile spectrum analysis configuration. - type: str - choices: - - enable - - disable - override_band: - description: - - Enable to override the WTP profile band setting. - type: str - choices: - - enable - - disable - override_channel: - description: - - Enable to override WTP profile channel settings. - type: str - choices: - - enable - - disable - override_txpower: - description: - - Enable to override the WTP profile power level configuration. - type: str - choices: - - enable - - disable - override_vaps: - description: - - Enable to override WTP profile Virtual Access Point (VAP) settings. - type: str - choices: - - enable - - disable - power_level: - description: - - Radio power level as a percentage of the maximum transmit power (0 - 100). - type: int - radio_id: - description: - - radio-id - type: int - spectrum_analysis: - description: - - Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. - type: str - choices: - - enable - - disable - vap_all: - description: - - Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) . - type: str - choices: - - enable - - disable - vaps: - description: - - Manually selected list of Virtual Access Points (VAPs). - type: list - suboptions: - name: - description: - - Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name wireless-controller.vap.name. - required: true - type: str - radio_2: - description: - - Configuration options for radio 2. - type: dict - suboptions: - auto_power_high: - description: - - Automatic transmission power high limit in decibels (dB) of the measured power referenced to one milliwatt (mW), or dBm (10 - 17 - dBm). - type: int - auto_power_level: - description: - - Enable/disable automatic power-level adjustment to prevent co-channel interference . - type: str - choices: - - enable - - disable - auto_power_low: - description: - - Automatic transmission power low limit in dBm (the actual range of transmit power depends on the AP platform type). - type: int - band: - description: - - WiFi band that Radio 1 operates on. - type: str - choices: - - 802.11a - - 802.11b - - 802.11g - - 802.11n - - 802.11n-5G - - 802.11n,g-only - - 802.11g-only - - 802.11n-only - - 802.11n-5G-only - - 802.11ac - - 802.11ac,n-only - - 802.11ac-only - channel: - description: - - Selected list of wireless radio channels. - type: list - suboptions: - chan: - description: - - Channel number. - required: true - type: str - override_analysis: - description: - - Enable to override the WTP profile spectrum analysis configuration. - type: str - choices: - - enable - - disable - override_band: - description: - - Enable to override the WTP profile band setting. - type: str - choices: - - enable - - disable - override_channel: - description: - - Enable to override WTP profile channel settings. - type: str - choices: - - enable - - disable - override_txpower: - description: - - Enable to override the WTP profile power level configuration. - type: str - choices: - - enable - - disable - override_vaps: - description: - - Enable to override WTP profile Virtual Access Point (VAP) settings. - type: str - choices: - - enable - - disable - power_level: - description: - - Radio power level as a percentage of the maximum transmit power (0 - 100). - type: int - radio_id: - description: - - radio-id - type: int - spectrum_analysis: - description: - - Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. - type: str - choices: - - enable - - disable - vap_all: - description: - - Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) . - type: str - choices: - - enable - - disable - vaps: - description: - - Manually selected list of Virtual Access Points (VAPs). - type: list - suboptions: - name: - description: - - Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name wireless-controller.vap.name. - required: true - type: str - split_tunneling_acl: - description: - - Split tunneling ACL filter list. - type: list - suboptions: - dest_ip: - description: - - Destination IP and mask for the split-tunneling subnet. - type: str - id: - description: - - ID. - required: true - type: int - split_tunneling_acl_local_ap_subnet: - description: - - Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL . - type: str - choices: - - enable - - disable - split_tunneling_acl_path: - description: - - Split tunneling ACL path is local/tunnel. - type: str - choices: - - tunnel - - local - tun_mtu_downlink: - description: - - Downlink tunnel MTU in octets. Set the value to either 0 (by default), 576, or 1500. - type: int - tun_mtu_uplink: - description: - - Uplink tunnel maximum transmission unit (MTU) in octets (eight-bit bytes). Set the value to either 0 (by default), 576, or 1500. - type: int - wan_port_mode: - description: - - Enable/disable using the FortiAP WAN port as a LAN port. - type: str - choices: - - wan-lan - - wan-only - wtp_id: - description: - - WTP ID. - type: str - wtp_mode: - description: - - WTP, AP, or FortiAP operating mode; normal (by default) or remote. A tunnel mode SSID can be assigned to an AP in normal mode but not - remote mode, while a local-bridge mode SSID can be assigned to an AP in either normal mode or remote mode. - type: str - choices: - - normal - - remote - wtp_profile: - description: - - WTP profile name to apply to this WTP, AP or FortiAP. Source wireless-controller.wtp-profile.name. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure Wireless Termination Points (WTPs), that is, FortiAPs or APs to be managed by FortiGate. - fortios_wireless_controller_wtp: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - wireless_controller_wtp: - admin: "discovered" - allowaccess: "telnet" - bonjour_profile: " (source wireless-controller.bonjour-profile.name)" - coordinate_enable: "enable" - coordinate_latitude: "" - coordinate_longitude: "" - coordinate_x: "" - coordinate_y: "" - image_download: "enable" - index: "12" - ip_fragment_preventing: "tcp-mss-adjust" - lan: - port_mode: "offline" - port_ssid: " (source wireless-controller.vap.name)" - port1_mode: "offline" - port1_ssid: " (source wireless-controller.vap.name)" - port2_mode: "offline" - port2_ssid: " (source wireless-controller.vap.name)" - port3_mode: "offline" - port3_ssid: " (source wireless-controller.vap.name)" - port4_mode: "offline" - port4_ssid: " (source wireless-controller.vap.name)" - port5_mode: "offline" - port5_ssid: " (source wireless-controller.vap.name)" - port6_mode: "offline" - port6_ssid: " (source wireless-controller.vap.name)" - port7_mode: "offline" - port7_ssid: " (source wireless-controller.vap.name)" - port8_mode: "offline" - port8_ssid: " (source wireless-controller.vap.name)" - led_state: "enable" - location: "" - login_passwd: "" - login_passwd_change: "yes" - mesh_bridge_enable: "default" - name: "default_name_38" - override_allowaccess: "enable" - override_ip_fragment: "enable" - override_lan: "enable" - override_led_state: "enable" - override_login_passwd_change: "enable" - override_split_tunnel: "enable" - override_wan_port_mode: "enable" - radio_1: - auto_power_high: "47" - auto_power_level: "enable" - auto_power_low: "49" - band: "802.11a" - channel: - - - chan: "" - override_analysis: "enable" - override_band: "enable" - override_channel: "enable" - override_txpower: "enable" - override_vaps: "enable" - power_level: "58" - radio_id: "59" - spectrum_analysis: "enable" - vap_all: "enable" - vaps: - - - name: "default_name_63 (source wireless-controller.vap-group.name wireless-controller.vap.name)" - radio_2: - auto_power_high: "65" - auto_power_level: "enable" - auto_power_low: "67" - band: "802.11a" - channel: - - - chan: "" - override_analysis: "enable" - override_band: "enable" - override_channel: "enable" - override_txpower: "enable" - override_vaps: "enable" - power_level: "76" - radio_id: "77" - spectrum_analysis: "enable" - vap_all: "enable" - vaps: - - - name: "default_name_81 (source wireless-controller.vap-group.name wireless-controller.vap.name)" - split_tunneling_acl: - - - dest_ip: "" - id: "84" - split_tunneling_acl_local_ap_subnet: "enable" - split_tunneling_acl_path: "tunnel" - tun_mtu_downlink: "87" - tun_mtu_uplink: "88" - wan_port_mode: "wan-lan" - wtp_id: "" - wtp_mode: "normal" - wtp_profile: " (source wireless-controller.wtp-profile.name)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wireless_controller_wtp_data(json): - option_list = ['admin', 'allowaccess', 'bonjour_profile', - 'coordinate_enable', 'coordinate_latitude', 'coordinate_longitude', - 'coordinate_x', 'coordinate_y', 'image_download', - 'index', 'ip_fragment_preventing', 'lan', - 'led_state', 'location', 'login_passwd', - 'login_passwd_change', 'mesh_bridge_enable', 'name', - 'override_allowaccess', 'override_ip_fragment', 'override_lan', - 'override_led_state', 'override_login_passwd_change', 'override_split_tunnel', - 'override_wan_port_mode', 'radio_1', 'radio_2', - 'split_tunneling_acl', 'split_tunneling_acl_local_ap_subnet', 'split_tunneling_acl_path', - 'tun_mtu_downlink', 'tun_mtu_uplink', 'wan_port_mode', - 'wtp_id', 'wtp_mode', 'wtp_profile'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wireless_controller_wtp(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['wireless_controller_wtp'] and data['wireless_controller_wtp']: - state = data['wireless_controller_wtp']['state'] - else: - state = True - wireless_controller_wtp_data = data['wireless_controller_wtp'] - filtered_data = underscore_to_hyphen(filter_wireless_controller_wtp_data(wireless_controller_wtp_data)) - - if state == "present": - return fos.set('wireless-controller', - 'wtp', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('wireless-controller', - 'wtp', - mkey=filtered_data['wtp-id'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wireless_controller(data, fos): - - if data['wireless_controller_wtp']: - resp = wireless_controller_wtp(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "wireless_controller_wtp": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "admin": {"required": False, "type": "str", - "choices": ["discovered", "disable", "enable"]}, - "allowaccess": {"required": False, "type": "str", - "choices": ["telnet", "http", "https", - "ssh"]}, - "bonjour_profile": {"required": False, "type": "str"}, - "coordinate_enable": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "coordinate_latitude": {"required": False, "type": "str"}, - "coordinate_longitude": {"required": False, "type": "str"}, - "coordinate_x": {"required": False, "type": "str"}, - "coordinate_y": {"required": False, "type": "str"}, - "image_download": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "index": {"required": False, "type": "int"}, - "ip_fragment_preventing": {"required": False, "type": "str", - "choices": ["tcp-mss-adjust", "icmp-unreachable"]}, - "lan": {"required": False, "type": "dict", - "options": { - "port_mode": {"required": False, "type": "str", - "choices": ["offline", "nat-to-wan", "bridge-to-wan", - "bridge-to-ssid"]}, - "port_ssid": {"required": False, "type": "str"}, - "port1_mode": {"required": False, "type": "str", - "choices": ["offline", "nat-to-wan", "bridge-to-wan", - "bridge-to-ssid"]}, - "port1_ssid": {"required": False, "type": "str"}, - "port2_mode": {"required": False, "type": "str", - "choices": ["offline", "nat-to-wan", "bridge-to-wan", - "bridge-to-ssid"]}, - "port2_ssid": {"required": False, "type": "str"}, - "port3_mode": {"required": False, "type": "str", - "choices": ["offline", "nat-to-wan", "bridge-to-wan", - "bridge-to-ssid"]}, - "port3_ssid": {"required": False, "type": "str"}, - "port4_mode": {"required": False, "type": "str", - "choices": ["offline", "nat-to-wan", "bridge-to-wan", - "bridge-to-ssid"]}, - "port4_ssid": {"required": False, "type": "str"}, - "port5_mode": {"required": False, "type": "str", - "choices": ["offline", "nat-to-wan", "bridge-to-wan", - "bridge-to-ssid"]}, - "port5_ssid": {"required": False, "type": "str"}, - "port6_mode": {"required": False, "type": "str", - "choices": ["offline", "nat-to-wan", "bridge-to-wan", - "bridge-to-ssid"]}, - "port6_ssid": {"required": False, "type": "str"}, - "port7_mode": {"required": False, "type": "str", - "choices": ["offline", "nat-to-wan", "bridge-to-wan", - "bridge-to-ssid"]}, - "port7_ssid": {"required": False, "type": "str"}, - "port8_mode": {"required": False, "type": "str", - "choices": ["offline", "nat-to-wan", "bridge-to-wan", - "bridge-to-ssid"]}, - "port8_ssid": {"required": False, "type": "str"} - }}, - "led_state": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "location": {"required": False, "type": "str"}, - "login_passwd": {"required": False, "type": "str"}, - "login_passwd_change": {"required": False, "type": "str", - "choices": ["yes", "default", "no"]}, - "mesh_bridge_enable": {"required": False, "type": "str", - "choices": ["default", "enable", "disable"]}, - "name": {"required": False, "type": "str"}, - "override_allowaccess": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "override_ip_fragment": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "override_lan": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "override_led_state": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "override_login_passwd_change": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "override_split_tunnel": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "override_wan_port_mode": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "radio_1": {"required": False, "type": "dict", - "options": { - "auto_power_high": {"required": False, "type": "int"}, - "auto_power_level": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "auto_power_low": {"required": False, "type": "int"}, - "band": {"required": False, "type": "str", - "choices": ["802.11a", "802.11b", "802.11g", - "802.11n", "802.11n-5G", "802.11n,g-only", - "802.11g-only", "802.11n-only", "802.11n-5G-only", - "802.11ac", "802.11ac,n-only", "802.11ac-only"]}, - "channel": {"required": False, "type": "list", - "options": { - "chan": {"required": True, "type": "str"} - }}, - "override_analysis": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "override_band": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "override_channel": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "override_txpower": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "override_vaps": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "power_level": {"required": False, "type": "int"}, - "radio_id": {"required": False, "type": "int"}, - "spectrum_analysis": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "vap_all": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "vaps": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }} - }}, - "radio_2": {"required": False, "type": "dict", - "options": { - "auto_power_high": {"required": False, "type": "int"}, - "auto_power_level": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "auto_power_low": {"required": False, "type": "int"}, - "band": {"required": False, "type": "str", - "choices": ["802.11a", "802.11b", "802.11g", - "802.11n", "802.11n-5G", "802.11n,g-only", - "802.11g-only", "802.11n-only", "802.11n-5G-only", - "802.11ac", "802.11ac,n-only", "802.11ac-only"]}, - "channel": {"required": False, "type": "list", - "options": { - "chan": {"required": True, "type": "str"} - }}, - "override_analysis": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "override_band": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "override_channel": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "override_txpower": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "override_vaps": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "power_level": {"required": False, "type": "int"}, - "radio_id": {"required": False, "type": "int"}, - "spectrum_analysis": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "vap_all": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "vaps": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }} - }}, - "split_tunneling_acl": {"required": False, "type": "list", - "options": { - "dest_ip": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"} - }}, - "split_tunneling_acl_local_ap_subnet": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "split_tunneling_acl_path": {"required": False, "type": "str", - "choices": ["tunnel", "local"]}, - "tun_mtu_downlink": {"required": False, "type": "int"}, - "tun_mtu_uplink": {"required": False, "type": "int"}, - "wan_port_mode": {"required": False, "type": "str", - "choices": ["wan-lan", "wan-only"]}, - "wtp_id": {"required": False, "type": "str"}, - "wtp_mode": {"required": False, "type": "str", - "choices": ["normal", "remote"]}, - "wtp_profile": {"required": False, "type": "str"} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp_group.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp_group.py deleted file mode 100644 index 38482bb4840..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp_group.py +++ /dev/null @@ -1,402 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wireless_controller_wtp_group -short_description: Configure WTP groups in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wireless_controller feature and wtp_group category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.9" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - state: - description: - - Indicates whether to create or remove the object. - type: str - required: true - choices: - - present - - absent - wireless_controller_wtp_group: - description: - - Configure WTP groups. - default: null - type: dict - suboptions: - name: - description: - - WTP group name. - required: true - type: str - platform_type: - description: - - FortiAP models to define the WTP group platform type. - type: str - choices: - - AP-11N - - 220B - - 210B - - 222B - - 112B - - 320B - - 11C - - 14C - - 223B - - 28C - - 320C - - 221C - - 25D - - 222C - - 224D - - 214B - - 21D - - 24D - - 112D - - 223C - - 321C - - C220C - - C225C - - C23JD - - C24JE - - S321C - - S322C - - S323C - - S311C - - S313C - - S321CR - - S322CR - - S323CR - - S421E - - S422E - - S423E - - 421E - - 423E - - 221E - - 222E - - 223E - - 224E - - S221E - - S223E - - U421E - - U422EV - - U423E - - U221EV - - U223EV - - U24JEV - - U321EV - - U323EV - wtps: - description: - - WTP list. - type: list - suboptions: - wtp_id: - description: - - WTP ID. Source wireless-controller.wtp.wtp-id. - type: str -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure WTP groups. - fortios_wireless_controller_wtp_group: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - wireless_controller_wtp_group: - name: "default_name_3" - platform_type: "AP-11N" - wtps: - - - wtp_id: " (source wireless-controller.wtp.wtp-id)" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wireless_controller_wtp_group_data(json): - option_list = ['name', 'platform_type', 'wtps'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wireless_controller_wtp_group(data, fos): - vdom = data['vdom'] - state = data['state'] - wireless_controller_wtp_group_data = data['wireless_controller_wtp_group'] - filtered_data = underscore_to_hyphen(filter_wireless_controller_wtp_group_data(wireless_controller_wtp_group_data)) - - if state == "present": - return fos.set('wireless-controller', - 'wtp-group', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('wireless-controller', - 'wtp-group', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wireless_controller(data, fos): - - if data['wireless_controller_wtp_group']: - resp = wireless_controller_wtp_group(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": True, "type": "str", - "choices": ["present", "absent"]}, - "wireless_controller_wtp_group": { - "required": False, "type": "dict", "default": None, - "options": { - "name": {"required": True, "type": "str"}, - "platform_type": {"required": False, "type": "str", - "choices": ["AP-11N", "220B", "210B", - "222B", "112B", "320B", - "11C", "14C", "223B", - "28C", "320C", "221C", - "25D", "222C", "224D", - "214B", "21D", "24D", - "112D", "223C", "321C", - "C220C", "C225C", "C23JD", - "C24JE", "S321C", "S322C", - "S323C", "S311C", "S313C", - "S321CR", "S322CR", "S323CR", - "S421E", "S422E", "S423E", - "421E", "423E", "221E", - "222E", "223E", "224E", - "S221E", "S223E", "U421E", - "U422EV", "U423E", "U221EV", - "U223EV", "U24JEV", "U321EV", - "U323EV"]}, - "wtps": {"required": False, "type": "list", - "options": { - "wtp_id": {"required": False, "type": "str"} - }} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp_profile.py b/lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp_profile.py deleted file mode 100644 index 9fd45f5ec3b..00000000000 --- a/lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp_profile.py +++ /dev/null @@ -1,2036 +0,0 @@ -#!/usr/bin/python -from __future__ import (absolute_import, division, print_function) -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -__metaclass__ = type - -ANSIBLE_METADATA = {'status': ['preview'], - 'supported_by': 'community', - 'metadata_version': '1.1'} - -DOCUMENTATION = ''' ---- -module: fortios_wireless_controller_wtp_profile -short_description: Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms in Fortinet's FortiOS and FortiGate. -description: - - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the - user to set and modify wireless_controller feature and wtp_profile category. - Examples include all parameters and values need to be adjusted to datasources before usage. - Tested with FOS v6.0.5 -version_added: "2.8" -author: - - Miguel Angel Munoz (@mamunozgonzalez) - - Nicolas Thomas (@thomnico) -notes: - - Requires fortiosapi library developed by Fortinet - - Run as a local_action in your playbook -requirements: - - fortiosapi>=0.9.8 -options: - host: - description: - - FortiOS or FortiGate IP address. - type: str - required: false - username: - description: - - FortiOS or FortiGate username. - type: str - required: false - password: - description: - - FortiOS or FortiGate password. - type: str - default: "" - vdom: - description: - - Virtual domain, among those defined previously. A vdom is a - virtual instance of the FortiGate that can be configured and - used as a different unit. - type: str - default: root - https: - description: - - Indicates if the requests towards FortiGate must use HTTPS protocol. - type: bool - default: true - ssl_verify: - description: - - Ensures FortiGate certificate must be verified by a proper CA. - type: bool - default: true - version_added: 2.9 - state: - description: - - Indicates whether to create or remove the object. - This attribute was present already in previous version in a deeper level. - It has been moved out to this outer level. - type: str - required: false - choices: - - present - - absent - version_added: 2.9 - wireless_controller_wtp_profile: - description: - - Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms. - default: null - type: dict - suboptions: - state: - description: - - B(Deprecated) - - Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. - - HORIZONTALLINE - - Indicates whether to create or remove the object. - type: str - required: false - choices: - - present - - absent - allowaccess: - description: - - Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space. - type: str - choices: - - telnet - - http - - https - - ssh - ap_country: - description: - - Country in which this WTP, FortiAP or AP will operate . - type: str - choices: - - NA - - AL - - DZ - - AO - - AR - - AM - - AU - - AT - - AZ - - BH - - BD - - BB - - BY - - BE - - BZ - - BO - - BA - - BR - - BN - - BG - - KH - - CL - - CN - - CO - - CR - - HR - - CY - - CZ - - DK - - DO - - EC - - EG - - SV - - EE - - FI - - FR - - GE - - DE - - GR - - GL - - GD - - GU - - GT - - HT - - HN - - HK - - HU - - IS - - IN - - ID - - IR - - IE - - IL - - IT - - JM - - JO - - KZ - - KE - - KP - - KR - - KW - - LV - - LB - - LI - - LT - - LU - - MO - - MK - - MY - - MT - - MX - - MC - - MA - - MZ - - MM - - NP - - NL - - AN - - AW - - NZ - - NO - - OM - - PK - - PA - - PG - - PY - - PE - - PH - - PL - - PT - - PR - - QA - - RO - - RU - - RW - - SA - - RS - - ME - - SG - - SK - - SI - - ZA - - ES - - LK - - SE - - SD - - CH - - SY - - TW - - TZ - - TH - - TT - - TN - - TR - - AE - - UA - - GB - - US - - PS - - UY - - UZ - - VE - - VN - - YE - - ZB - - ZW - - JP - - CA - ble_profile: - description: - - Bluetooth Low Energy profile name. Source wireless-controller.ble-profile.name. - type: str - comment: - description: - - Comment. - type: str - control_message_offload: - description: - - Enable/disable CAPWAP control message data channel offload. - type: str - choices: - - ebp-frame - - aeroscout-tag - - ap-list - - sta-list - - sta-cap-list - - stats - - aeroscout-mu - deny_mac_list: - description: - - List of MAC addresses that are denied access to this WTP, FortiAP, or AP. - type: list - suboptions: - id: - description: - - ID. - required: true - type: int - mac: - description: - - A WiFi device with this MAC address is denied access to this WTP, FortiAP or AP. - type: str - dtls_in_kernel: - description: - - Enable/disable data channel DTLS in kernel. - type: str - choices: - - enable - - disable - dtls_policy: - description: - - WTP data channel DTLS policy . - type: str - choices: - - clear-text - - dtls-enabled - - ipsec-vpn - energy_efficient_ethernet: - description: - - Enable/disable use of energy efficient Ethernet on WTP. - type: str - choices: - - enable - - disable - ext_info_enable: - description: - - Enable/disable station/VAP/radio extension information. - type: str - choices: - - enable - - disable - handoff_roaming: - description: - - Enable/disable client load balancing during roaming to avoid roaming delay . - type: str - choices: - - enable - - disable - handoff_rssi: - description: - - Minimum received signal strength indicator (RSSI) value for handoff (20 - 30). - type: int - handoff_sta_thresh: - description: - - Threshold value for AP handoff. - type: int - ip_fragment_preventing: - description: - - Select how to prevent IP fragmentation for CAPWAP tunneled control and data packets . - type: str - choices: - - tcp-mss-adjust - - icmp-unreachable - lan: - description: - - WTP LAN port mapping. - type: dict - suboptions: - port_mode: - description: - - LAN port mode. - type: str - choices: - - offline - - nat-to-wan - - bridge-to-wan - - bridge-to-ssid - port_ssid: - description: - - Bridge LAN port to SSID. Source wireless-controller.vap.name. - type: str - port1_mode: - description: - - LAN port 1 mode. - type: str - choices: - - offline - - nat-to-wan - - bridge-to-wan - - bridge-to-ssid - port1_ssid: - description: - - Bridge LAN port 1 to SSID. Source wireless-controller.vap.name. - type: str - port2_mode: - description: - - LAN port 2 mode. - type: str - choices: - - offline - - nat-to-wan - - bridge-to-wan - - bridge-to-ssid - port2_ssid: - description: - - Bridge LAN port 2 to SSID. Source wireless-controller.vap.name. - type: str - port3_mode: - description: - - LAN port 3 mode. - type: str - choices: - - offline - - nat-to-wan - - bridge-to-wan - - bridge-to-ssid - port3_ssid: - description: - - Bridge LAN port 3 to SSID. Source wireless-controller.vap.name. - type: str - port4_mode: - description: - - LAN port 4 mode. - type: str - choices: - - offline - - nat-to-wan - - bridge-to-wan - - bridge-to-ssid - port4_ssid: - description: - - Bridge LAN port 4 to SSID. Source wireless-controller.vap.name. - type: str - port5_mode: - description: - - LAN port 5 mode. - type: str - choices: - - offline - - nat-to-wan - - bridge-to-wan - - bridge-to-ssid - port5_ssid: - description: - - Bridge LAN port 5 to SSID. Source wireless-controller.vap.name. - type: str - port6_mode: - description: - - LAN port 6 mode. - type: str - choices: - - offline - - nat-to-wan - - bridge-to-wan - - bridge-to-ssid - port6_ssid: - description: - - Bridge LAN port 6 to SSID. Source wireless-controller.vap.name. - type: str - port7_mode: - description: - - LAN port 7 mode. - type: str - choices: - - offline - - nat-to-wan - - bridge-to-wan - - bridge-to-ssid - port7_ssid: - description: - - Bridge LAN port 7 to SSID. Source wireless-controller.vap.name. - type: str - port8_mode: - description: - - LAN port 8 mode. - type: str - choices: - - offline - - nat-to-wan - - bridge-to-wan - - bridge-to-ssid - port8_ssid: - description: - - Bridge LAN port 8 to SSID. Source wireless-controller.vap.name. - type: str - lbs: - description: - - Set various location based service (LBS) options. - type: dict - suboptions: - aeroscout: - description: - - Enable/disable AeroScout Real Time Location Service (RTLS) support . - type: str - choices: - - enable - - disable - aeroscout_ap_mac: - description: - - Use BSSID or board MAC address as AP MAC address in AeroScout AP messages . - type: str - choices: - - bssid - - board-mac - aeroscout_mmu_report: - description: - - Enable/disable compounded AeroScout tag and MU report . - type: str - choices: - - enable - - disable - aeroscout_mu: - description: - - Enable/disable AeroScout Mobile Unit (MU) support . - type: str - choices: - - enable - - disable - aeroscout_mu_factor: - description: - - AeroScout MU mode dilution factor . - type: int - aeroscout_mu_timeout: - description: - - AeroScout MU mode timeout (0 - 65535 sec). - type: int - aeroscout_server_ip: - description: - - IP address of AeroScout server. - type: str - aeroscout_server_port: - description: - - AeroScout server UDP listening port. - type: int - ekahau_blink_mode: - description: - - Enable/disable Ekahau blink mode (now known as AiRISTA Flow) to track and locate WiFi tags . - type: str - choices: - - enable - - disable - ekahau_tag: - description: - - WiFi frame MAC address or WiFi Tag. - type: str - erc_server_ip: - description: - - IP address of Ekahau RTLS Controller (ERC). - type: str - erc_server_port: - description: - - Ekahau RTLS Controller (ERC) UDP listening port. - type: int - fortipresence: - description: - - Enable/disable FortiPresence to monitor the location and activity of WiFi clients even if they don't connect to this WiFi - network . - type: str - choices: - - foreign - - both - - disable - fortipresence_frequency: - description: - - FortiPresence report transmit frequency (5 - 65535 sec). - type: int - fortipresence_port: - description: - - FortiPresence server UDP listening port . - type: int - fortipresence_project: - description: - - FortiPresence project name (max. 16 characters). - type: str - fortipresence_rogue: - description: - - Enable/disable FortiPresence finding and reporting rogue APs. - type: str - choices: - - enable - - disable - fortipresence_secret: - description: - - FortiPresence secret password (max. 16 characters). - type: str - fortipresence_server: - description: - - FortiPresence server IP address. - type: str - fortipresence_unassoc: - description: - - Enable/disable FortiPresence finding and reporting unassociated stations. - type: str - choices: - - enable - - disable - station_locate: - description: - - Enable/disable client station locating services for all clients, whether associated or not . - type: str - choices: - - enable - - disable - led_schedules: - description: - - Recurring firewall schedules for illuminating LEDs on the FortiAP. If led-state is enabled, LEDs will be visible when at least one of - the schedules is valid. Separate multiple schedule names with a space. - type: list - suboptions: - name: - description: - - LED schedule name. Source firewall.schedule.group.name firewall.schedule.recurring.name. - required: true - type: str - led_state: - description: - - Enable/disable use of LEDs on WTP . - type: str - choices: - - enable - - disable - lldp: - description: - - Enable/disable Link Layer Discovery Protocol (LLDP) for the WTP, FortiAP, or AP . - type: str - choices: - - enable - - disable - login_passwd: - description: - - Set the managed WTP, FortiAP, or AP's administrator password. - type: str - login_passwd_change: - description: - - Change or reset the administrator password of a managed WTP, FortiAP or AP (yes, default, or no). - type: str - choices: - - yes - - default - - no - max_clients: - description: - - Maximum number of stations (STAs) supported by the WTP . - type: int - name: - description: - - WTP (or FortiAP or AP) profile name. - required: true - type: str - platform: - description: - - WTP, FortiAP, or AP platform. - type: dict - suboptions: - type: - description: - - WTP, FortiAP or AP platform type. There are built-in WTP profiles for all supported FortiAP models. You can select a built-in - profile and customize it or create a new profile. - type: str - choices: - - AP-11N - - 220B - - 210B - - 222B - - 112B - - 320B - - 11C - - 14C - - 223B - - 28C - - 320C - - 221C - - 25D - - 222C - - 224D - - 214B - - 21D - - 24D - - 112D - - 223C - - 321C - - C220C - - C225C - - C23JD - - C24JE - - S321C - - S322C - - S323C - - S311C - - S313C - - S321CR - - S322CR - - S323CR - - S421E - - S422E - - S423E - - 421E - - 423E - - 221E - - 222E - - 223E - - 224E - - S221E - - S223E - - U421E - - U422EV - - U423E - - U221EV - - U223EV - - U24JEV - - U321EV - - U323EV - poe_mode: - description: - - Set the WTP, FortiAP, or AP's PoE mode. - type: str - choices: - - auto - - 8023af - - 8023at - - power-adapter - radio_1: - description: - - Configuration options for radio 1. - type: dict - suboptions: - amsdu: - description: - - Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients . - type: str - choices: - - enable - - disable - ap_handoff: - description: - - Enable/disable AP handoff of clients to other APs . - type: str - choices: - - enable - - disable - ap_sniffer_addr: - description: - - MAC address to monitor. - type: str - ap_sniffer_bufsize: - description: - - Sniffer buffer size (1 - 32 MB). - type: int - ap_sniffer_chan: - description: - - Channel on which to operate the sniffer . - type: int - ap_sniffer_ctl: - description: - - Enable/disable sniffer on WiFi control frame . - type: str - choices: - - enable - - disable - ap_sniffer_data: - description: - - Enable/disable sniffer on WiFi data frame . - type: str - choices: - - enable - - disable - ap_sniffer_mgmt_beacon: - description: - - Enable/disable sniffer on WiFi management Beacon frames . - type: str - choices: - - enable - - disable - ap_sniffer_mgmt_other: - description: - - Enable/disable sniffer on WiFi management other frames . - type: str - choices: - - enable - - disable - ap_sniffer_mgmt_probe: - description: - - Enable/disable sniffer on WiFi management probe frames . - type: str - choices: - - enable - - disable - auto_power_high: - description: - - Automatic transmit power high limit in dBm (the actual range of transmit power depends on the AP platform type). - type: int - auto_power_level: - description: - - Enable/disable automatic power-level adjustment to prevent co-channel interference . - type: str - choices: - - enable - - disable - auto_power_low: - description: - - Automatic transmission power low limit in dBm (the actual range of transmit power depends on the AP platform type). - type: int - band: - description: - - WiFi band that Radio 1 operates on. - type: str - choices: - - 802.11a - - 802.11b - - 802.11g - - 802.11n - - 802.11n-5G - - 802.11ac - - 802.11n,g-only - - 802.11g-only - - 802.11n-only - - 802.11n-5G-only - - 802.11ac,n-only - - 802.11ac-only - bandwidth_admission_control: - description: - - Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless - network is only allowed if the access point has enough bandwidth to support it. - type: str - choices: - - enable - - disable - bandwidth_capacity: - description: - - Maximum bandwidth capacity allowed (1 - 600000 Kbps). - type: int - beacon_interval: - description: - - Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type). - type: int - call_admission_control: - description: - - Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are - only accepted if there is enough bandwidth available to support them. - type: str - choices: - - enable - - disable - call_capacity: - description: - - Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60). - type: int - channel: - description: - - Selected list of wireless radio channels. - type: list - suboptions: - chan: - description: - - Channel number. - required: true - type: str - channel_bonding: - description: - - "Channel bandwidth: 80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence." - type: str - choices: - - 80MHz - - 40MHz - - 20MHz - channel_utilization: - description: - - Enable/disable measuring channel utilization. - type: str - choices: - - enable - - disable - coexistence: - description: - - Enable/disable allowing both HT20 and HT40 on the same radio . - type: str - choices: - - enable - - disable - darrp: - description: - - Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal - channel . - type: str - choices: - - enable - - disable - dtim: - description: - - DTIM interval. The frequency to transmit Delivery Traffic Indication Message (or Map) (DTIM) messages (1 - 255). Set higher to - save client battery life. - type: int - frag_threshold: - description: - - Maximum packet size that can be sent without fragmentation (800 - 2346 bytes). - type: int - frequency_handoff: - description: - - Enable/disable frequency handoff of clients to other channels . - type: str - choices: - - enable - - disable - max_clients: - description: - - Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. - type: int - max_distance: - description: - - Maximum expected distance between the AP and clients (0 - 54000 m). - type: int - mode: - description: - - Mode of radio 1. Radio 1 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer. - type: str - choices: - - disabled - - ap - - monitor - - sniffer - power_level: - description: - - Radio power level as a percentage of the maximum transmit power (0 - 100). - type: int - powersave_optimize: - description: - - Enable client power-saving features such as TIM, AC VO, and OBSS etc. - type: str - choices: - - tim - - ac-vo - - no-obss-scan - - no-11b-rate - - client-rate-follow - protection_mode: - description: - - Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). - type: str - choices: - - rtscts - - ctsonly - - disable - radio_id: - description: - - radio-id - type: int - rts_threshold: - description: - - Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes). - type: int - short_guard_interval: - description: - - Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. - type: str - choices: - - enable - - disable - spectrum_analysis: - description: - - Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. - type: str - choices: - - enable - - disable - transmit_optimize: - description: - - Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by - default. - type: str - choices: - - disable - - power-save - - aggr-limit - - retry-limit - - send-bar - vap_all: - description: - - Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) . - type: str - choices: - - enable - - disable - vaps: - description: - - Manually selected list of Virtual Access Points (VAPs). - type: list - suboptions: - name: - description: - - Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name wireless-controller.vap.name. - required: true - type: str - wids_profile: - description: - - Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. Source wireless-controller.wids-profile.name. - type: str - radio_2: - description: - - Configuration options for radio 2. - type: dict - suboptions: - amsdu: - description: - - Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients . - type: str - choices: - - enable - - disable - ap_handoff: - description: - - Enable/disable AP handoff of clients to other APs . - type: str - choices: - - enable - - disable - ap_sniffer_addr: - description: - - MAC address to monitor. - type: str - ap_sniffer_bufsize: - description: - - Sniffer buffer size (1 - 32 MB). - type: int - ap_sniffer_chan: - description: - - Channel on which to operate the sniffer . - type: int - ap_sniffer_ctl: - description: - - Enable/disable sniffer on WiFi control frame . - type: str - choices: - - enable - - disable - ap_sniffer_data: - description: - - Enable/disable sniffer on WiFi data frame . - type: str - choices: - - enable - - disable - ap_sniffer_mgmt_beacon: - description: - - Enable/disable sniffer on WiFi management Beacon frames . - type: str - choices: - - enable - - disable - ap_sniffer_mgmt_other: - description: - - Enable/disable sniffer on WiFi management other frames . - type: str - choices: - - enable - - disable - ap_sniffer_mgmt_probe: - description: - - Enable/disable sniffer on WiFi management probe frames . - type: str - choices: - - enable - - disable - auto_power_high: - description: - - Automatic transmit power high limit in dBm (the actual range of transmit power depends on the AP platform type). - type: int - auto_power_level: - description: - - Enable/disable automatic power-level adjustment to prevent co-channel interference . - type: str - choices: - - enable - - disable - auto_power_low: - description: - - Automatic transmission power low limit in dBm (the actual range of transmit power depends on the AP platform type). - type: int - band: - description: - - WiFi band that Radio 2 operates on. - type: str - choices: - - 802.11a - - 802.11b - - 802.11g - - 802.11n - - 802.11n-5G - - 802.11ac - - 802.11n,g-only - - 802.11g-only - - 802.11n-only - - 802.11n-5G-only - - 802.11ac,n-only - - 802.11ac-only - bandwidth_admission_control: - description: - - Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless - network is only allowed if the access point has enough bandwidth to support it. - type: str - choices: - - enable - - disable - bandwidth_capacity: - description: - - Maximum bandwidth capacity allowed (1 - 600000 Kbps). - type: int - beacon_interval: - description: - - Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type). - type: int - call_admission_control: - description: - - Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are - only accepted if there is enough bandwidth available to support them. - type: str - choices: - - enable - - disable - call_capacity: - description: - - Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60). - type: int - channel: - description: - - Selected list of wireless radio channels. - type: list - suboptions: - chan: - description: - - Channel number. - required: true - type: str - channel_bonding: - description: - - "Channel bandwidth: 80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence." - type: str - choices: - - 80MHz - - 40MHz - - 20MHz - channel_utilization: - description: - - Enable/disable measuring channel utilization. - type: str - choices: - - enable - - disable - coexistence: - description: - - Enable/disable allowing both HT20 and HT40 on the same radio . - type: str - choices: - - enable - - disable - darrp: - description: - - Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal - channel . - type: str - choices: - - enable - - disable - dtim: - description: - - DTIM interval. The frequency to transmit Delivery Traffic Indication Message (or Map) (DTIM) messages (1 - 255). Set higher to - save client battery life. - type: int - frag_threshold: - description: - - Maximum packet size that can be sent without fragmentation (800 - 2346 bytes). - type: int - frequency_handoff: - description: - - Enable/disable frequency handoff of clients to other channels . - type: str - choices: - - enable - - disable - max_clients: - description: - - Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. - type: int - max_distance: - description: - - Maximum expected distance between the AP and clients (0 - 54000 m). - type: int - mode: - description: - - Mode of radio 2. Radio 2 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer. - type: str - choices: - - disabled - - ap - - monitor - - sniffer - power_level: - description: - - Radio power level as a percentage of the maximum transmit power (0 - 100). - type: int - powersave_optimize: - description: - - Enable client power-saving features such as TIM, AC VO, and OBSS etc. - type: str - choices: - - tim - - ac-vo - - no-obss-scan - - no-11b-rate - - client-rate-follow - protection_mode: - description: - - Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). - type: str - choices: - - rtscts - - ctsonly - - disable - radio_id: - description: - - radio-id - type: int - rts_threshold: - description: - - Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes). - type: int - short_guard_interval: - description: - - Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. - type: str - choices: - - enable - - disable - spectrum_analysis: - description: - - Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. - type: str - choices: - - enable - - disable - transmit_optimize: - description: - - Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by - default. - type: str - choices: - - disable - - power-save - - aggr-limit - - retry-limit - - send-bar - vap_all: - description: - - Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) . - type: str - choices: - - enable - - disable - vaps: - description: - - Manually selected list of Virtual Access Points (VAPs). - type: list - suboptions: - name: - description: - - Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name wireless-controller.vap.name. - required: true - type: str - wids_profile: - description: - - Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. Source wireless-controller.wids-profile.name. - type: str - split_tunneling_acl: - description: - - Split tunneling ACL filter list. - type: list - suboptions: - dest_ip: - description: - - Destination IP and mask for the split-tunneling subnet. - type: str - id: - description: - - ID. - required: true - type: int - split_tunneling_acl_local_ap_subnet: - description: - - Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL . - type: str - choices: - - enable - - disable - split_tunneling_acl_path: - description: - - Split tunneling ACL path is local/tunnel. - type: str - choices: - - tunnel - - local - tun_mtu_downlink: - description: - - Downlink CAPWAP tunnel MTU (0, 576, or 1500 bytes). - type: int - tun_mtu_uplink: - description: - - Uplink CAPWAP tunnel MTU (0, 576, or 1500 bytes). - type: int - wan_port_mode: - description: - - Enable/disable using a WAN port as a LAN port. - type: str - choices: - - wan-lan - - wan-only -''' - -EXAMPLES = ''' -- hosts: localhost - vars: - host: "192.168.122.40" - username: "admin" - password: "" - vdom: "root" - ssl_verify: "False" - tasks: - - name: Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms. - fortios_wireless_controller_wtp_profile: - host: "{{ host }}" - username: "{{ username }}" - password: "{{ password }}" - vdom: "{{ vdom }}" - https: "False" - state: "present" - wireless_controller_wtp_profile: - allowaccess: "telnet" - ap_country: "NA" - ble_profile: " (source wireless-controller.ble-profile.name)" - comment: "Comment." - control_message_offload: "ebp-frame" - deny_mac_list: - - - id: "9" - mac: "" - dtls_in_kernel: "enable" - dtls_policy: "clear-text" - energy_efficient_ethernet: "enable" - ext_info_enable: "enable" - handoff_roaming: "enable" - handoff_rssi: "16" - handoff_sta_thresh: "17" - ip_fragment_preventing: "tcp-mss-adjust" - lan: - port_mode: "offline" - port_ssid: " (source wireless-controller.vap.name)" - port1_mode: "offline" - port1_ssid: " (source wireless-controller.vap.name)" - port2_mode: "offline" - port2_ssid: " (source wireless-controller.vap.name)" - port3_mode: "offline" - port3_ssid: " (source wireless-controller.vap.name)" - port4_mode: "offline" - port4_ssid: " (source wireless-controller.vap.name)" - port5_mode: "offline" - port5_ssid: " (source wireless-controller.vap.name)" - port6_mode: "offline" - port6_ssid: " (source wireless-controller.vap.name)" - port7_mode: "offline" - port7_ssid: " (source wireless-controller.vap.name)" - port8_mode: "offline" - port8_ssid: " (source wireless-controller.vap.name)" - lbs: - aeroscout: "enable" - aeroscout_ap_mac: "bssid" - aeroscout_mmu_report: "enable" - aeroscout_mu: "enable" - aeroscout_mu_factor: "43" - aeroscout_mu_timeout: "44" - aeroscout_server_ip: "" - aeroscout_server_port: "46" - ekahau_blink_mode: "enable" - ekahau_tag: "" - erc_server_ip: "" - erc_server_port: "50" - fortipresence: "foreign" - fortipresence_frequency: "52" - fortipresence_port: "53" - fortipresence_project: "" - fortipresence_rogue: "enable" - fortipresence_secret: "" - fortipresence_server: "" - fortipresence_unassoc: "enable" - station_locate: "enable" - led_schedules: - - - name: "default_name_61 (source firewall.schedule.group.name firewall.schedule.recurring.name)" - led_state: "enable" - lldp: "enable" - login_passwd: "" - login_passwd_change: "yes" - max_clients: "66" - name: "default_name_67" - platform: - type: "AP-11N" - poe_mode: "auto" - radio_1: - amsdu: "enable" - ap_handoff: "enable" - ap_sniffer_addr: "" - ap_sniffer_bufsize: "75" - ap_sniffer_chan: "76" - ap_sniffer_ctl: "enable" - ap_sniffer_data: "enable" - ap_sniffer_mgmt_beacon: "enable" - ap_sniffer_mgmt_other: "enable" - ap_sniffer_mgmt_probe: "enable" - auto_power_high: "82" - auto_power_level: "enable" - auto_power_low: "84" - band: "802.11a" - bandwidth_admission_control: "enable" - bandwidth_capacity: "87" - beacon_interval: "88" - call_admission_control: "enable" - call_capacity: "90" - channel: - - - chan: "" - channel_bonding: "80MHz" - channel_utilization: "enable" - coexistence: "enable" - darrp: "enable" - dtim: "97" - frag_threshold: "98" - frequency_handoff: "enable" - max_clients: "100" - max_distance: "101" - mode: "disabled" - power_level: "103" - powersave_optimize: "tim" - protection_mode: "rtscts" - radio_id: "106" - rts_threshold: "107" - short_guard_interval: "enable" - spectrum_analysis: "enable" - transmit_optimize: "disable" - vap_all: "enable" - vaps: - - - name: "default_name_113 (source wireless-controller.vap-group.name wireless-controller.vap.name)" - wids_profile: " (source wireless-controller.wids-profile.name)" - radio_2: - amsdu: "enable" - ap_handoff: "enable" - ap_sniffer_addr: "" - ap_sniffer_bufsize: "119" - ap_sniffer_chan: "120" - ap_sniffer_ctl: "enable" - ap_sniffer_data: "enable" - ap_sniffer_mgmt_beacon: "enable" - ap_sniffer_mgmt_other: "enable" - ap_sniffer_mgmt_probe: "enable" - auto_power_high: "126" - auto_power_level: "enable" - auto_power_low: "128" - band: "802.11a" - bandwidth_admission_control: "enable" - bandwidth_capacity: "131" - beacon_interval: "132" - call_admission_control: "enable" - call_capacity: "134" - channel: - - - chan: "" - channel_bonding: "80MHz" - channel_utilization: "enable" - coexistence: "enable" - darrp: "enable" - dtim: "141" - frag_threshold: "142" - frequency_handoff: "enable" - max_clients: "144" - max_distance: "145" - mode: "disabled" - power_level: "147" - powersave_optimize: "tim" - protection_mode: "rtscts" - radio_id: "150" - rts_threshold: "151" - short_guard_interval: "enable" - spectrum_analysis: "enable" - transmit_optimize: "disable" - vap_all: "enable" - vaps: - - - name: "default_name_157 (source wireless-controller.vap-group.name wireless-controller.vap.name)" - wids_profile: " (source wireless-controller.wids-profile.name)" - split_tunneling_acl: - - - dest_ip: "" - id: "161" - split_tunneling_acl_local_ap_subnet: "enable" - split_tunneling_acl_path: "tunnel" - tun_mtu_downlink: "164" - tun_mtu_uplink: "165" - wan_port_mode: "wan-lan" -''' - -RETURN = ''' -build: - description: Build number of the fortigate image - returned: always - type: str - sample: '1547' -http_method: - description: Last method used to provision the content into FortiGate - returned: always - type: str - sample: 'PUT' -http_status: - description: Last result given by FortiGate on last operation applied - returned: always - type: str - sample: "200" -mkey: - description: Master key (id) used in the last call to FortiGate - returned: success - type: str - sample: "id" -name: - description: Name of the table used to fulfill the request - returned: always - type: str - sample: "urlfilter" -path: - description: Path of the table used to fulfill the request - returned: always - type: str - sample: "webfilter" -revision: - description: Internal revision number - returned: always - type: str - sample: "17.0.2.10658" -serial: - description: Serial number of the unit - returned: always - type: str - sample: "FGVMEVYYQT3AB5352" -status: - description: Indication of the operation's result - returned: always - type: str - sample: "success" -vdom: - description: Virtual domain used - returned: always - type: str - sample: "root" -version: - description: Version of the FortiGate - returned: always - type: str - sample: "v5.6.3" - -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.connection import Connection -from ansible.module_utils.network.fortios.fortios import FortiOSHandler -from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG - - -def login(data, fos): - host = data['host'] - username = data['username'] - password = data['password'] - ssl_verify = data['ssl_verify'] - - fos.debug('on') - if 'https' in data and not data['https']: - fos.https('off') - else: - fos.https('on') - - fos.login(host, username, password, verify=ssl_verify) - - -def filter_wireless_controller_wtp_profile_data(json): - option_list = ['allowaccess', 'ap_country', 'ble_profile', - 'comment', 'control_message_offload', 'deny_mac_list', - 'dtls_in_kernel', 'dtls_policy', 'energy_efficient_ethernet', - 'ext_info_enable', 'handoff_roaming', 'handoff_rssi', - 'handoff_sta_thresh', 'ip_fragment_preventing', 'lan', - 'lbs', 'led_schedules', 'led_state', - 'lldp', 'login_passwd', 'login_passwd_change', - 'max_clients', 'name', 'platform', - 'poe_mode', 'radio_1', 'radio_2', - 'split_tunneling_acl', 'split_tunneling_acl_local_ap_subnet', 'split_tunneling_acl_path', - 'tun_mtu_downlink', 'tun_mtu_uplink', 'wan_port_mode'] - dictionary = {} - - for attribute in option_list: - if attribute in json and json[attribute] is not None: - dictionary[attribute] = json[attribute] - - return dictionary - - -def underscore_to_hyphen(data): - if isinstance(data, list): - for i, elem in enumerate(data): - data[i] = underscore_to_hyphen(elem) - elif isinstance(data, dict): - new_data = {} - for k, v in data.items(): - new_data[k.replace('_', '-')] = underscore_to_hyphen(v) - data = new_data - - return data - - -def wireless_controller_wtp_profile(data, fos): - vdom = data['vdom'] - if 'state' in data and data['state']: - state = data['state'] - elif 'state' in data['wireless_controller_wtp_profile'] and data['wireless_controller_wtp_profile']: - state = data['wireless_controller_wtp_profile']['state'] - else: - state = True - wireless_controller_wtp_profile_data = data['wireless_controller_wtp_profile'] - filtered_data = underscore_to_hyphen(filter_wireless_controller_wtp_profile_data(wireless_controller_wtp_profile_data)) - - if state == "present": - return fos.set('wireless-controller', - 'wtp-profile', - data=filtered_data, - vdom=vdom) - - elif state == "absent": - return fos.delete('wireless-controller', - 'wtp-profile', - mkey=filtered_data['name'], - vdom=vdom) - - -def is_successful_status(status): - return status['status'] == "success" or \ - status['http_method'] == "DELETE" and status['http_status'] == 404 - - -def fortios_wireless_controller(data, fos): - - if data['wireless_controller_wtp_profile']: - resp = wireless_controller_wtp_profile(data, fos) - - return not is_successful_status(resp), \ - resp['status'] == "success", \ - resp - - -def main(): - fields = { - "host": {"required": False, "type": "str"}, - "username": {"required": False, "type": "str"}, - "password": {"required": False, "type": "str", "default": "", "no_log": True}, - "vdom": {"required": False, "type": "str", "default": "root"}, - "https": {"required": False, "type": "bool", "default": True}, - "ssl_verify": {"required": False, "type": "bool", "default": True}, - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "wireless_controller_wtp_profile": { - "required": False, "type": "dict", "default": None, - "options": { - "state": {"required": False, "type": "str", - "choices": ["present", "absent"]}, - "allowaccess": {"required": False, "type": "str", - "choices": ["telnet", "http", "https", - "ssh"]}, - "ap_country": {"required": False, "type": "str", - "choices": ["NA", "AL", "DZ", - "AO", "AR", "AM", - "AU", "AT", "AZ", - "BH", "BD", "BB", - "BY", "BE", "BZ", - "BO", "BA", "BR", - "BN", "BG", "KH", - "CL", "CN", "CO", - "CR", "HR", "CY", - "CZ", "DK", "DO", - "EC", "EG", "SV", - "EE", "FI", "FR", - "GE", "DE", "GR", - "GL", "GD", "GU", - "GT", "HT", "HN", - "HK", "HU", "IS", - "IN", "ID", "IR", - "IE", "IL", "IT", - "JM", "JO", "KZ", - "KE", "KP", "KR", - "KW", "LV", "LB", - "LI", "LT", "LU", - "MO", "MK", "MY", - "MT", "MX", "MC", - "MA", "MZ", "MM", - "NP", "NL", "AN", - "AW", "NZ", "NO", - "OM", "PK", "PA", - "PG", "PY", "PE", - "PH", "PL", "PT", - "PR", "QA", "RO", - "RU", "RW", "SA", - "RS", "ME", "SG", - "SK", "SI", "ZA", - "ES", "LK", "SE", - "SD", "CH", "SY", - "TW", "TZ", "TH", - "TT", "TN", "TR", - "AE", "UA", "GB", - "US", "PS", "UY", - "UZ", "VE", "VN", - "YE", "ZB", "ZW", - "JP", "CA"]}, - "ble_profile": {"required": False, "type": "str"}, - "comment": {"required": False, "type": "str"}, - "control_message_offload": {"required": False, "type": "str", - "choices": ["ebp-frame", "aeroscout-tag", "ap-list", - "sta-list", "sta-cap-list", "stats", - "aeroscout-mu"]}, - "deny_mac_list": {"required": False, "type": "list", - "options": { - "id": {"required": True, "type": "int"}, - "mac": {"required": False, "type": "str"} - }}, - "dtls_in_kernel": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dtls_policy": {"required": False, "type": "str", - "choices": ["clear-text", "dtls-enabled", "ipsec-vpn"]}, - "energy_efficient_ethernet": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ext_info_enable": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "handoff_roaming": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "handoff_rssi": {"required": False, "type": "int"}, - "handoff_sta_thresh": {"required": False, "type": "int"}, - "ip_fragment_preventing": {"required": False, "type": "str", - "choices": ["tcp-mss-adjust", "icmp-unreachable"]}, - "lan": {"required": False, "type": "dict", - "options": { - "port_mode": {"required": False, "type": "str", - "choices": ["offline", "nat-to-wan", "bridge-to-wan", - "bridge-to-ssid"]}, - "port_ssid": {"required": False, "type": "str"}, - "port1_mode": {"required": False, "type": "str", - "choices": ["offline", "nat-to-wan", "bridge-to-wan", - "bridge-to-ssid"]}, - "port1_ssid": {"required": False, "type": "str"}, - "port2_mode": {"required": False, "type": "str", - "choices": ["offline", "nat-to-wan", "bridge-to-wan", - "bridge-to-ssid"]}, - "port2_ssid": {"required": False, "type": "str"}, - "port3_mode": {"required": False, "type": "str", - "choices": ["offline", "nat-to-wan", "bridge-to-wan", - "bridge-to-ssid"]}, - "port3_ssid": {"required": False, "type": "str"}, - "port4_mode": {"required": False, "type": "str", - "choices": ["offline", "nat-to-wan", "bridge-to-wan", - "bridge-to-ssid"]}, - "port4_ssid": {"required": False, "type": "str"}, - "port5_mode": {"required": False, "type": "str", - "choices": ["offline", "nat-to-wan", "bridge-to-wan", - "bridge-to-ssid"]}, - "port5_ssid": {"required": False, "type": "str"}, - "port6_mode": {"required": False, "type": "str", - "choices": ["offline", "nat-to-wan", "bridge-to-wan", - "bridge-to-ssid"]}, - "port6_ssid": {"required": False, "type": "str"}, - "port7_mode": {"required": False, "type": "str", - "choices": ["offline", "nat-to-wan", "bridge-to-wan", - "bridge-to-ssid"]}, - "port7_ssid": {"required": False, "type": "str"}, - "port8_mode": {"required": False, "type": "str", - "choices": ["offline", "nat-to-wan", "bridge-to-wan", - "bridge-to-ssid"]}, - "port8_ssid": {"required": False, "type": "str"} - }}, - "lbs": {"required": False, "type": "dict", - "options": { - "aeroscout": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "aeroscout_ap_mac": {"required": False, "type": "str", - "choices": ["bssid", "board-mac"]}, - "aeroscout_mmu_report": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "aeroscout_mu": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "aeroscout_mu_factor": {"required": False, "type": "int"}, - "aeroscout_mu_timeout": {"required": False, "type": "int"}, - "aeroscout_server_ip": {"required": False, "type": "str"}, - "aeroscout_server_port": {"required": False, "type": "int"}, - "ekahau_blink_mode": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ekahau_tag": {"required": False, "type": "str"}, - "erc_server_ip": {"required": False, "type": "str"}, - "erc_server_port": {"required": False, "type": "int"}, - "fortipresence": {"required": False, "type": "str", - "choices": ["foreign", "both", "disable"]}, - "fortipresence_frequency": {"required": False, "type": "int"}, - "fortipresence_port": {"required": False, "type": "int"}, - "fortipresence_project": {"required": False, "type": "str"}, - "fortipresence_rogue": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "fortipresence_secret": {"required": False, "type": "str"}, - "fortipresence_server": {"required": False, "type": "str"}, - "fortipresence_unassoc": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "station_locate": {"required": False, "type": "str", - "choices": ["enable", "disable"]} - }}, - "led_schedules": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "led_state": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "lldp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "login_passwd": {"required": False, "type": "str"}, - "login_passwd_change": {"required": False, "type": "str", - "choices": ["yes", "default", "no"]}, - "max_clients": {"required": False, "type": "int"}, - "name": {"required": True, "type": "str"}, - "platform": {"required": False, "type": "dict", - "options": { - "type": {"required": False, "type": "str", - "choices": ["AP-11N", "220B", "210B", - "222B", "112B", "320B", - "11C", "14C", "223B", - "28C", "320C", "221C", - "25D", "222C", "224D", - "214B", "21D", "24D", - "112D", "223C", "321C", - "C220C", "C225C", "C23JD", - "C24JE", "S321C", "S322C", - "S323C", "S311C", "S313C", - "S321CR", "S322CR", "S323CR", - "S421E", "S422E", "S423E", - "421E", "423E", "221E", - "222E", "223E", "224E", - "S221E", "S223E", "U421E", - "U422EV", "U423E", "U221EV", - "U223EV", "U24JEV", "U321EV", - "U323EV"]} - }}, - "poe_mode": {"required": False, "type": "str", - "choices": ["auto", "8023af", "8023at", - "power-adapter"]}, - "radio_1": {"required": False, "type": "dict", - "options": { - "amsdu": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ap_handoff": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ap_sniffer_addr": {"required": False, "type": "str"}, - "ap_sniffer_bufsize": {"required": False, "type": "int"}, - "ap_sniffer_chan": {"required": False, "type": "int"}, - "ap_sniffer_ctl": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ap_sniffer_data": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ap_sniffer_mgmt_beacon": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ap_sniffer_mgmt_other": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ap_sniffer_mgmt_probe": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "auto_power_high": {"required": False, "type": "int"}, - "auto_power_level": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "auto_power_low": {"required": False, "type": "int"}, - "band": {"required": False, "type": "str", - "choices": ["802.11a", "802.11b", "802.11g", - "802.11n", "802.11n-5G", "802.11ac", - "802.11n,g-only", "802.11g-only", "802.11n-only", - "802.11n-5G-only", "802.11ac,n-only", "802.11ac-only"]}, - "bandwidth_admission_control": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "bandwidth_capacity": {"required": False, "type": "int"}, - "beacon_interval": {"required": False, "type": "int"}, - "call_admission_control": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "call_capacity": {"required": False, "type": "int"}, - "channel": {"required": False, "type": "list", - "options": { - "chan": {"required": True, "type": "str"} - }}, - "channel_bonding": {"required": False, "type": "str", - "choices": ["80MHz", "40MHz", "20MHz"]}, - "channel_utilization": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "coexistence": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "darrp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dtim": {"required": False, "type": "int"}, - "frag_threshold": {"required": False, "type": "int"}, - "frequency_handoff": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "max_clients": {"required": False, "type": "int"}, - "max_distance": {"required": False, "type": "int"}, - "mode": {"required": False, "type": "str", - "choices": ["disabled", "ap", "monitor", - "sniffer"]}, - "power_level": {"required": False, "type": "int"}, - "powersave_optimize": {"required": False, "type": "str", - "choices": ["tim", "ac-vo", "no-obss-scan", - "no-11b-rate", "client-rate-follow"]}, - "protection_mode": {"required": False, "type": "str", - "choices": ["rtscts", "ctsonly", "disable"]}, - "radio_id": {"required": False, "type": "int"}, - "rts_threshold": {"required": False, "type": "int"}, - "short_guard_interval": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "spectrum_analysis": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "transmit_optimize": {"required": False, "type": "str", - "choices": ["disable", "power-save", "aggr-limit", - "retry-limit", "send-bar"]}, - "vap_all": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "vaps": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "wids_profile": {"required": False, "type": "str"} - }}, - "radio_2": {"required": False, "type": "dict", - "options": { - "amsdu": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ap_handoff": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ap_sniffer_addr": {"required": False, "type": "str"}, - "ap_sniffer_bufsize": {"required": False, "type": "int"}, - "ap_sniffer_chan": {"required": False, "type": "int"}, - "ap_sniffer_ctl": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ap_sniffer_data": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ap_sniffer_mgmt_beacon": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ap_sniffer_mgmt_other": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "ap_sniffer_mgmt_probe": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "auto_power_high": {"required": False, "type": "int"}, - "auto_power_level": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "auto_power_low": {"required": False, "type": "int"}, - "band": {"required": False, "type": "str", - "choices": ["802.11a", "802.11b", "802.11g", - "802.11n", "802.11n-5G", "802.11ac", - "802.11n,g-only", "802.11g-only", "802.11n-only", - "802.11n-5G-only", "802.11ac,n-only", "802.11ac-only"]}, - "bandwidth_admission_control": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "bandwidth_capacity": {"required": False, "type": "int"}, - "beacon_interval": {"required": False, "type": "int"}, - "call_admission_control": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "call_capacity": {"required": False, "type": "int"}, - "channel": {"required": False, "type": "list", - "options": { - "chan": {"required": True, "type": "str"} - }}, - "channel_bonding": {"required": False, "type": "str", - "choices": ["80MHz", "40MHz", "20MHz"]}, - "channel_utilization": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "coexistence": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "darrp": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "dtim": {"required": False, "type": "int"}, - "frag_threshold": {"required": False, "type": "int"}, - "frequency_handoff": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "max_clients": {"required": False, "type": "int"}, - "max_distance": {"required": False, "type": "int"}, - "mode": {"required": False, "type": "str", - "choices": ["disabled", "ap", "monitor", - "sniffer"]}, - "power_level": {"required": False, "type": "int"}, - "powersave_optimize": {"required": False, "type": "str", - "choices": ["tim", "ac-vo", "no-obss-scan", - "no-11b-rate", "client-rate-follow"]}, - "protection_mode": {"required": False, "type": "str", - "choices": ["rtscts", "ctsonly", "disable"]}, - "radio_id": {"required": False, "type": "int"}, - "rts_threshold": {"required": False, "type": "int"}, - "short_guard_interval": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "spectrum_analysis": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "transmit_optimize": {"required": False, "type": "str", - "choices": ["disable", "power-save", "aggr-limit", - "retry-limit", "send-bar"]}, - "vap_all": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "vaps": {"required": False, "type": "list", - "options": { - "name": {"required": True, "type": "str"} - }}, - "wids_profile": {"required": False, "type": "str"} - }}, - "split_tunneling_acl": {"required": False, "type": "list", - "options": { - "dest_ip": {"required": False, "type": "str"}, - "id": {"required": True, "type": "int"} - }}, - "split_tunneling_acl_local_ap_subnet": {"required": False, "type": "str", - "choices": ["enable", "disable"]}, - "split_tunneling_acl_path": {"required": False, "type": "str", - "choices": ["tunnel", "local"]}, - "tun_mtu_downlink": {"required": False, "type": "int"}, - "tun_mtu_uplink": {"required": False, "type": "int"}, - "wan_port_mode": {"required": False, "type": "str", - "choices": ["wan-lan", "wan-only"]} - - } - } - } - - module = AnsibleModule(argument_spec=fields, - supports_check_mode=False) - - # legacy_mode refers to using fortiosapi instead of HTTPAPI - legacy_mode = 'host' in module.params and module.params['host'] is not None and \ - 'username' in module.params and module.params['username'] is not None and \ - 'password' in module.params and module.params['password'] is not None - - if not legacy_mode: - if module._socket_path: - connection = Connection(module._socket_path) - fos = FortiOSHandler(connection) - - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - else: - module.fail_json(**FAIL_SOCKET_MSG) - else: - try: - from fortiosapi import FortiOSAPI - except ImportError: - module.fail_json(msg="fortiosapi module is required") - - fos = FortiOSAPI() - - login(module.params, fos) - is_error, has_changed, result = fortios_wireless_controller(module.params, fos) - fos.logout() - - if not is_error: - module.exit_json(changed=has_changed, meta=result) - else: - module.fail_json(msg="Error in repo", meta=result) - - -if __name__ == '__main__': - main() diff --git a/lib/ansible/plugins/action/fortios_config.py b/lib/ansible/plugins/action/fortios_config.py deleted file mode 100644 index 03d6f2dd74a..00000000000 --- a/lib/ansible/plugins/action/fortios_config.py +++ /dev/null @@ -1,32 +0,0 @@ -# -# (c) 2017, Red Hat, Inc. -# -# This file is part of Ansible -# -# Ansible is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Ansible is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . -# -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - - -from ansible.plugins.action.network import ActionModule as ActionNetworkModule - - -class ActionModule(ActionNetworkModule): - - def run(self, tmp=None, task_vars=None): - del tmp # tmp no longer has any effect - - self._config_module = True - return super(ActionModule, self).run(task_vars=task_vars) diff --git a/lib/ansible/plugins/doc_fragments/fortios.py b/lib/ansible/plugins/doc_fragments/fortios.py deleted file mode 100644 index 01c71546f58..00000000000 --- a/lib/ansible/plugins/doc_fragments/fortios.py +++ /dev/null @@ -1,61 +0,0 @@ -# -*- coding: utf-8 -*- - -# Copyright: (c) 2017, Benjamin Jolivot -# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) - - -class ModuleDocFragment(object): - - # Standard files documentation fragment - DOCUMENTATION = r''' -options: - file_mode: - description: - - Don't connect to any device, only use I(config_file) as input and Output. - type: bool - default: no - version_added: "2.4" - config_file: - description: - - Path to configuration file. Required when I(file_mode) is True. - type: path - version_added: "2.4" - host: - description: - - Specifies the DNS hostname or IP address for connecting to the remote fortios device. Required when I(file_mode) is False. - type: str - username: - description: - - Configures the username used to authenticate to the remote device. Required when I(file_mode) is True. - type: str - password: - description: - - Specifies the password used to authenticate to the remote device. Required when I(file_mode) is True. - type: str - timeout: - description: - - Timeout in seconds for connecting to the remote device. - type: int - default: 60 - vdom: - description: - - Specifies on which vdom to apply configuration - type: str - backup: - description: - - This argument will cause the module to create a backup of - the current C(running-config) from the remote device before any - changes are made. The backup file is written to the i(backup) - folder. - type: bool - default: no - backup_path: - description: - - Specifies where to store backup files. Required if I(backup=yes). - type: path - backup_filename: - description: - - Specifies the backup filename. If omitted filename will be - formatted like HOST_config.YYYY-MM-DD@HH:MM:SS - type: str -''' diff --git a/lib/ansible/plugins/httpapi/fortios.py b/lib/ansible/plugins/httpapi/fortios.py deleted file mode 100644 index 3126fc2aad5..00000000000 --- a/lib/ansible/plugins/httpapi/fortios.py +++ /dev/null @@ -1,138 +0,0 @@ -# This code is part of Ansible, but is an independent component. -# This particular file snippet, and this file snippet only, is BSD licensed. -# Modules you write using this snippet, which is embedded dynamically by Ansible -# still belong to the author of the module, and may assign their own license -# to the complete work. -# -# (c) 2019 Fortinet, Inc -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without modification, -# are permitted provided that the following conditions are met: -# -# * Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright notice, -# this list of conditions and the following disclaimer in the documentation -# and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE -# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -DOCUMENTATION = """ ---- -author: - - Miguel Angel Munoz (@magonzalez) -httpapi : fortios -short_description: HttpApi Plugin for Fortinet FortiOS Appliance or VM -description: - - This HttpApi plugin provides methods to connect to Fortinet FortiOS Appliance or VM via REST API -version_added: "2.9" -""" - -from ansible.plugins.httpapi import HttpApiBase -from ansible.module_utils.basic import to_text -from ansible.module_utils.six.moves import urllib -import json -import re - - -class HttpApi(HttpApiBase): - def __init__(self, connection): - super(HttpApi, self).__init__(connection) - - self._ccsrftoken = '' - - def set_become(self, become_context): - """ - Elevation is not required on Fortinet devices - Skipped - :param become_context: Unused input. - :return: None - """ - return None - - def login(self, username, password): - """Call a defined login endpoint to receive an authentication token.""" - - data = "username=" + urllib.parse.quote(username) + "&secretkey=" + urllib.parse.quote(password) + "&ajax=1" - dummy, result_data = self.send_request(url='/logincheck', data=data, method='POST') - if result_data[0] != '1': - raise Exception('Wrong credentials. Please check') - - def logout(self): - """ Call to implement session logout.""" - - self.send_request(url='/logout', method="POST") - - def update_auth(self, response, response_text): - """ - Get cookies and obtain value for csrftoken that will be used on next requests - :param response: Response given by the server. - :param response_text Unused_input. - :return: Dictionary containing headers - """ - - headers = {} - resp_raw_headers = [] - if hasattr(response.headers, '_headers'): - resp_raw_headers = response.headers._headers - else: - resp_raw_headers = [(attr, response.headers[attr]) for attr in response.headers] - for attr, val in resp_raw_headers: - if attr.lower() == 'set-cookie' and 'APSCOOKIE_' in val: - headers['Cookie'] = val - # XXX: In urllib2 all the 'set-cookie' headers are coalesced into one - x_ccsrftoken_position = val.find('ccsrftoken=') - if x_ccsrftoken_position != -1: - token_string = val[x_ccsrftoken_position + len('ccsrftoken='):].split('\"')[1] - self._ccsrftoken = token_string - - elif attr.lower() == 'set-cookie' and 'ccsrftoken=' in val: - csrftoken_search = re.search('\"(.*)\"', val) - if csrftoken_search: - self._ccsrftoken = csrftoken_search.group(1) - - headers['x-csrftoken'] = self._ccsrftoken - - return headers - - def handle_httperror(self, exc): - """ - Not required on Fortinet devices - Skipped - :param exc: Unused input. - :return: exc - """ - return exc - - def send_request(self, **message_kwargs): - """ - Responsible for actual sending of data to the connection httpapi base plugin. - :param message_kwargs: A formatted dictionary containing request info: url, data, method - - :return: Status code and response data. - """ - url = message_kwargs.get('url', '/') - data = message_kwargs.get('data', '') - method = message_kwargs.get('method', 'GET') - - try: - response, response_data = self.connection.send(url, data, method=method) - response_status = None - if hasattr(response, 'status'): - response_status = response.status - else: - response_status = response.headers.status - return response_status, to_text(response_data.getvalue()) - except Exception as err: - raise Exception(err) diff --git a/test/integration/targets/fortios_address/aliases b/test/integration/targets/fortios_address/aliases deleted file mode 100644 index b159f9e7601..00000000000 --- a/test/integration/targets/fortios_address/aliases +++ /dev/null @@ -1,3 +0,0 @@ -shippable/posix/group1 -destructive -disabled diff --git a/test/integration/targets/fortios_address/files/default_config.conf b/test/integration/targets/fortios_address/files/default_config.conf deleted file mode 100644 index 2d2343ab2ff..00000000000 --- a/test/integration/targets/fortios_address/files/default_config.conf +++ /dev/null @@ -1,3134 +0,0 @@ - config system global - set timezone 04 - set admintimeout 480 - set admin-server-cert "Fortinet_Firmware" - set fgd-alert-subscription advisory latest-threat - set hostname "FortiGate-VM64-HV" - end - config system accprofile - edit prof_admin - set vpngrp read-write - set utmgrp read-write - set authgrp read-write - set wifi read-write - set sysgrp read-write - set loggrp read-write - set mntgrp read-write - set netgrp read-write - set admingrp read-write - set fwgrp read-write - set wanoptgrp read-write - set updategrp read-write - set routegrp read-write - set endpoint-control-grp read-write - next - end - config system interface - edit port1 - set ip 192.168.137.154 255.255.255.0 - set type physical - set vdom "root" - set allowaccess ping https ssh http fgfm - next - edit port2 - set type physical - set vdom "root" - next - edit port3 - set type physical - set vdom "root" - next - edit port4 - set type physical - set vdom "root" - next - edit port5 - set type physical - set vdom "root" - next - edit port6 - set type physical - set vdom "root" - next - edit port7 - set type physical - set vdom "root" - next - edit port8 - set type physical - set vdom "root" - next - edit ssl.root - set alias "SSL VPN interface" - set type tunnel - set vdom "root" - next - end - config system custom-language - edit en - set filename "en" - next - edit fr - set filename "fr" - next - edit sp - set filename "sp" - next - edit pg - set filename "pg" - next - edit x-sjis - set filename "x-sjis" - next - edit big5 - set filename "big5" - next - edit GB2312 - set filename "GB2312" - next - edit euc-kr - set filename "euc-kr" - next - end - config system admin - edit admin - set accprofile "super_admin" - set vdom "root" - config dashboard-tabs - edit 1 - set name "Status" - next - end - config dashboard - edit 1 - set column 1 - set tab-id 1 - next - edit 2 - set column 1 - set widget-type licinfo - set tab-id 1 - next - edit 3 - set column 1 - set widget-type jsconsole - set tab-id 1 - next - edit 4 - set column 2 - set widget-type sysres - set tab-id 1 - next - edit 5 - set column 2 - set widget-type gui-features - set tab-id 1 - next - edit 6 - set column 2 - set top-n 10 - set widget-type alert - set tab-id 1 - next - end - next - end - config system ha - set override disable - end - config system dns - set primary 208.91.112.53 - set secondary 208.91.112.52 - end - config system replacemsg-image - edit logo_fnet - set image-base64 '' - set image-type gif - next - edit logo_fguard_wf - set image-base64 '' - set image-type gif - next - edit logo_fw_auth - set image-base64 '' - set image-type png - next - edit logo_v2_fnet - set image-base64 '' - set image-type png - next - edit logo_v2_fguard_wf - set image-base64 '' - set image-type png - next - edit logo_v2_fguard_app - set image-base64 '' - set image-type png - next - end - config system replacemsg mail email-block - end - config system replacemsg mail email-dlp-subject - end - config system replacemsg mail email-dlp-ban - end - config system replacemsg mail email-filesize - end - config system replacemsg mail partial - end - config system replacemsg mail smtp-block - end - config system replacemsg mail smtp-filesize - end - config system replacemsg http bannedword - end - config system replacemsg http url-block - end - config system replacemsg http urlfilter-err - end - config system replacemsg http infcache-block - end - config system replacemsg http http-block - end - config system replacemsg http http-filesize - end - config system replacemsg http http-dlp-ban - end - config system replacemsg http http-archive-block - end - config system replacemsg http http-contenttypeblock - end - config system replacemsg http https-invalid-cert-block - end - config system replacemsg http http-client-block - end - config system replacemsg http http-client-filesize - end - config system replacemsg http http-client-bannedword - end - config system replacemsg http http-post-block - end - config system replacemsg http http-client-archive-block - end - config system replacemsg http switching-protocols-block - end - config system replacemsg webproxy deny - end - config system replacemsg webproxy user-limit - end - config system replacemsg webproxy auth-challenge - end - config system replacemsg webproxy auth-login-fail - end - config system replacemsg webproxy auth-authorization-fail - end - config system replacemsg webproxy http-err - end - config system replacemsg webproxy auth-ip-blackout - end - config system replacemsg ftp ftp-dl-blocked - end - config system replacemsg ftp ftp-dl-filesize - end - config system replacemsg ftp ftp-dl-dlp-ban - end - config system replacemsg ftp ftp-explicit-banner - end - config system replacemsg ftp ftp-dl-archive-block - end - config system replacemsg nntp nntp-dl-blocked - end - config system replacemsg nntp nntp-dl-filesize - end - config system replacemsg nntp nntp-dlp-subject - end - config system replacemsg nntp nntp-dlp-ban - end - config system replacemsg fortiguard-wf ftgd-block - end - config system replacemsg fortiguard-wf http-err - end - config system replacemsg fortiguard-wf ftgd-ovrd - end - config system replacemsg fortiguard-wf ftgd-quota - end - config system replacemsg fortiguard-wf ftgd-warning - end - config system replacemsg spam ipblocklist - end - config system replacemsg spam smtp-spam-dnsbl - end - config system replacemsg spam smtp-spam-feip - end - config system replacemsg spam smtp-spam-helo - end - config system replacemsg spam smtp-spam-emailblack - end - config system replacemsg spam smtp-spam-mimeheader - end - config system replacemsg spam reversedns - end - config system replacemsg spam smtp-spam-bannedword - end - config system replacemsg spam smtp-spam-ase - end - config system replacemsg spam submit - end - config system replacemsg im im-file-xfer-block - end - config system replacemsg im im-file-xfer-name - end - config system replacemsg im im-file-xfer-infected - end - config system replacemsg im im-file-xfer-size - end - config system replacemsg im im-dlp - end - config system replacemsg im im-dlp-ban - end - config system replacemsg im im-voice-chat-block - end - config system replacemsg im im-video-chat-block - end - config system replacemsg im im-photo-share-block - end - config system replacemsg im im-long-chat-block - end - config system replacemsg alertmail alertmail-virus - end - config system replacemsg alertmail alertmail-block - end - config system replacemsg alertmail alertmail-nids-event - end - config system replacemsg alertmail alertmail-crit-event - end - config system replacemsg alertmail alertmail-disk-full - end - config system replacemsg admin pre_admin-disclaimer-text - end - config system replacemsg admin post_admin-disclaimer-text - end - config system replacemsg auth auth-disclaimer-page-1 - end - config system replacemsg auth auth-disclaimer-page-2 - end - config system replacemsg auth auth-disclaimer-page-3 - end - config system replacemsg auth auth-reject-page - end - config system replacemsg auth auth-login-page - end - config system replacemsg auth auth-login-failed-page - end - config system replacemsg auth auth-token-login-page - end - config system replacemsg auth auth-token-login-failed-page - end - config system replacemsg auth auth-success-msg - end - config system replacemsg auth auth-challenge-page - end - config system replacemsg auth auth-keepalive-page - end - config system replacemsg auth auth-portal-page - end - config system replacemsg auth auth-password-page - end - config system replacemsg auth auth-fortitoken-page - end - config system replacemsg auth auth-next-fortitoken-page - end - config system replacemsg auth auth-email-token-page - end - config system replacemsg auth auth-sms-token-page - end - config system replacemsg auth auth-email-harvesting-page - end - config system replacemsg auth auth-email-failed-page - end - config system replacemsg auth auth-cert-passwd-page - end - config system replacemsg auth auth-guest-print-page - end - config system replacemsg auth auth-guest-email-page - end - config system replacemsg auth auth-success-page - end - config system replacemsg auth auth-block-notification-page - end - config system replacemsg sslvpn sslvpn-login - end - config system replacemsg sslvpn sslvpn-limit - end - config system replacemsg sslvpn hostcheck-error - end - config system replacemsg ec endpt-download-portal - end - config system replacemsg ec endpt-download-portal-mac - end - config system replacemsg ec endpt-download-portal-ios - end - config system replacemsg ec endpt-download-portal-aos - end - config system replacemsg ec endpt-download-portal-other - end - config system replacemsg device-detection-portal device-detection-failure - end - config system replacemsg nac-quar nac-quar-virus - end - config system replacemsg nac-quar nac-quar-dos - end - config system replacemsg nac-quar nac-quar-ips - end - config system replacemsg nac-quar nac-quar-dlp - end - config system replacemsg nac-quar nac-quar-admin - end - config system replacemsg traffic-quota per-ip-shaper-block - end - config system replacemsg utm virus-html - end - config system replacemsg utm virus-text - end - config system replacemsg utm dlp-html - end - config system replacemsg utm dlp-text - end - config system replacemsg utm appblk-html - end - config vpn certificate ca - end - config vpn certificate local - edit Fortinet_CA_SSLProxy - set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- - set password ENC eRZ5UNnzW1eAAJn+reDWnDdgQZ1yxFr7z+rp0lzCeKX64OiaEcBKwGIzocIf5y5p37siqf1bPHwEMWkvISqQSXKT8JijvaLtA/oNlqTw8GwglMlW390JTckMS7v60mVQ2Jj1Ng9q4xi2dXKpVGXqYnpc1nDSApGqHTwpL/lgc1+HLh0CQvn4zQpIs8//4hVscjqz0g== - set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." - set certificate "-----BEGIN CERTIFICATE----- - next - edit Fortinet_SSLProxy - set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- - set password ENC JGQ1Psth3oHimOP5bRUzt+zfBA5PlPBXZj6xLvqp7JILLBa6Der02qjotGI4UnaKAGSad7uEkPKLq2ePjzBy/Rc/E55FJO8OjffWzIOgpT1jYMmw8IOuAlB50weCRpzMowrLT+FKFF53SxG+oe5n4EaoiqR92WZsXzOTFpNdSFXyvggt/lmOz4Zm08AMD3sWFWg/ZA== - set certificate "-----BEGIN CERTIFICATE----- - next - end - config user device-category - edit ipad - next - edit iphone - next - edit gaming-console - next - edit blackberry-phone - next - edit blackberry-playbook - next - edit linux-pc - next - edit mac - next - edit windows-pc - next - edit android-phone - next - edit android-tablet - next - edit media-streaming - next - edit windows-phone - next - edit windows-tablet - next - edit fortinet-device - next - edit ip-phone - next - edit router-nat-device - next - edit printer - next - edit other-network-device - next - edit collected-emails - next - edit all - next - end - config system session-sync - end - config system fortiguard - set webfilter-sdns-server-ip "208.91.112.220" - end - config ips global - set default-app-cat-mask 18446744073474670591 - end - config ips dbinfo - set version 1 - end - config gui console - end - config system session-helper - edit 1 - set protocol 6 - set name pptp - set port 1723 - next - edit 2 - set protocol 6 - set name h323 - set port 1720 - next - edit 3 - set protocol 17 - set name ras - set port 1719 - next - edit 4 - set protocol 6 - set name tns - set port 1521 - next - edit 5 - set protocol 17 - set name tftp - set port 69 - next - edit 6 - set protocol 6 - set name rtsp - set port 554 - next - edit 7 - set protocol 6 - set name rtsp - set port 7070 - next - edit 8 - set protocol 6 - set name rtsp - set port 8554 - next - edit 9 - set protocol 6 - set name ftp - set port 21 - next - edit 10 - set protocol 6 - set name mms - set port 1863 - next - edit 11 - set protocol 6 - set name pmap - set port 111 - next - edit 12 - set protocol 17 - set name pmap - set port 111 - next - edit 13 - set protocol 17 - set name sip - set port 5060 - next - edit 14 - set protocol 17 - set name dns-udp - set port 53 - next - edit 15 - set protocol 6 - set name rsh - set port 514 - next - edit 16 - set protocol 6 - set name rsh - set port 512 - next - edit 17 - set protocol 6 - set name dcerpc - set port 135 - next - edit 18 - set protocol 17 - set name dcerpc - set port 135 - next - edit 19 - set protocol 17 - set name mgcp - set port 2427 - next - edit 20 - set protocol 17 - set name mgcp - set port 2727 - next - end - config system auto-install - set auto-install-config enable - set auto-install-image enable - end - config system ntp - set ntpsync enable - set syncinterval 60 - end - config system settings - end - config firewall address - edit SSLVPN_TUNNEL_ADDR1 - set type iprange - set end-ip 10.212.134.210 - set start-ip 10.212.134.200 - next - edit all - next - edit none - set subnet 0.0.0.0 255.255.255.255 - next - edit apple - set type fqdn - set fqdn "*.apple.com" - next - edit dropbox.com - set type fqdn - set fqdn "*.dropbox.com" - next - edit Gotomeeting - set type fqdn - set fqdn "*.gotomeeting.com" - next - edit icloud - set type fqdn - set fqdn "*.icloud.com" - next - edit itunes - set type fqdn - set fqdn "*itunes.apple.com" - next - edit android - set type fqdn - set fqdn "*.android.com" - next - edit skype - set type fqdn - set fqdn "*.messenger.live.com" - next - edit swscan.apple.com - set type fqdn - set fqdn "swscan.apple.com" - next - edit update.microsoft.com - set type fqdn - set fqdn "update.microsoft.com" - next - edit appstore - set type fqdn - set fqdn "*.appstore.com" - next - edit eease - set type fqdn - set fqdn "*.eease.com" - next - edit google-drive - set type fqdn - set fqdn "*drive.google.com" - next - edit google-play - set type fqdn - set fqdn "play.google.com" - next - edit google-play2 - set type fqdn - set fqdn "*.ggpht.com" - next - edit google-play3 - set type fqdn - set fqdn "*.books.google.com" - next - edit microsoft - set type fqdn - set fqdn "*.microsoft.com" - next - edit adobe - set type fqdn - set fqdn "*.adobe.com" - next - edit Adobe Login - set type fqdn - set fqdn "*.adobelogin.com" - next - edit fortinet - set type fqdn - set fqdn "*.fortinet.com" - next - edit googleapis.com - set type fqdn - set fqdn "*.googleapis.com" - next - edit citrix - set type fqdn - set fqdn "*.citrixonline.com" - next - edit verisign - set type fqdn - set fqdn "*.verisign.com" - next - edit Windows update 2 - set type fqdn - set fqdn "*.windowsupdate.com" - next - edit *.live.com - set type fqdn - set fqdn "*.live.com" - next - edit auth.gfx.ms - set type fqdn - set fqdn "auth.gfx.ms" - next - edit autoupdate.opera.com - set type fqdn - set fqdn "autoupdate.opera.com" - next - edit softwareupdate.vmware.com - set type fqdn - set fqdn "softwareupdate.vmware.com" - next - edit firefox update server - set type fqdn - set fqdn "aus*.mozilla.org" - next - end - config firewall multicast-address - edit all - set end-ip 239.255.255.255 - set start-ip 224.0.0.0 - next - edit all_hosts - set end-ip 224.0.0.1 - set start-ip 224.0.0.1 - next - edit all_routers - set end-ip 224.0.0.2 - set start-ip 224.0.0.2 - next - edit Bonjour - set end-ip 224.0.0.251 - set start-ip 224.0.0.251 - next - edit EIGRP - set end-ip 224.0.0.10 - set start-ip 224.0.0.10 - next - edit OSPF - set end-ip 224.0.0.6 - set start-ip 224.0.0.5 - next - end - config firewall address6 - edit SSLVPN_TUNNEL_IPv6_ADDR1 - set ip6 fdff:ffff::/120 - next - edit all - next - edit none - set ip6 ::/128 - next - end - config firewall service category - edit General - set comment "General services." - next - edit Web Access - set comment "Web access." - next - edit File Access - set comment "File access." - next - edit Email - set comment "Email services." - next - edit Network Services - set comment "Network services." - next - edit Authentication - set comment "Authentication service." - next - edit Remote Access - set comment "Remote access." - next - edit Tunneling - set comment "Tunneling service." - next - edit VoIP, Messaging & Other Applications - set comment "VoIP, messaging, and other applications." - next - edit Web Proxy - set comment "Explicit web proxy." - next - end - config firewall service custom - edit ALL - set category "General" - set protocol IP - next - edit ALL_TCP - set category "General" - set tcp-portrange 1-65535 - next - edit ALL_UDP - set category "General" - set udp-portrange 1-65535 - next - edit ALL_ICMP - set category "General" - set protocol ICMP - next - edit ALL_ICMP6 - set category "General" - set protocol ICMP6 - next - edit GRE - set category "Tunneling" - set protocol-number 47 - set protocol IP - next - edit AH - set category "Tunneling" - set protocol-number 51 - set protocol IP - next - edit ESP - set category "Tunneling" - set protocol-number 50 - set protocol IP - next - edit AOL - set visibility disable - set tcp-portrange 5190-5194 - next - edit BGP - set category "Network Services" - set tcp-portrange 179 - next - edit DHCP - set category "Network Services" - set udp-portrange 67-68 - next - edit DNS - set category "Network Services" - set udp-portrange 53 - set tcp-portrange 53 - next - edit FINGER - set visibility disable - set tcp-portrange 79 - next - edit FTP - set category "File Access" - set tcp-portrange 21 - next - edit FTP_GET - set category "File Access" - set tcp-portrange 21 - next - edit FTP_PUT - set category "File Access" - set tcp-portrange 21 - next - edit GOPHER - set visibility disable - set tcp-portrange 70 - next - edit H323 - set category "VoIP, Messaging & Other Applications" - set udp-portrange 1719 - set tcp-portrange 1720 1503 - next - edit HTTP - set category "Web Access" - set tcp-portrange 80 - next - edit HTTPS - set category "Web Access" - set tcp-portrange 443 - next - edit IKE - set category "Tunneling" - set udp-portrange 500 4500 - next - edit IMAP - set category "Email" - set tcp-portrange 143 - next - edit IMAPS - set category "Email" - set tcp-portrange 993 - next - edit Internet-Locator-Service - set visibility disable - set tcp-portrange 389 - next - edit IRC - set category "VoIP, Messaging & Other Applications" - set tcp-portrange 6660-6669 - next - edit L2TP - set category "Tunneling" - set udp-portrange 1701 - set tcp-portrange 1701 - next - edit LDAP - set category "Authentication" - set tcp-portrange 389 - next - edit NetMeeting - set visibility disable - set tcp-portrange 1720 - next - edit NFS - set category "File Access" - set udp-portrange 111 2049 - set tcp-portrange 111 2049 - next - edit NNTP - set visibility disable - set tcp-portrange 119 - next - edit NTP - set category "Network Services" - set udp-portrange 123 - set tcp-portrange 123 - next - edit OSPF - set category "Network Services" - set protocol-number 89 - set protocol IP - next - edit PC-Anywhere - set category "Remote Access" - set udp-portrange 5632 - set tcp-portrange 5631 - next - edit PING - set category "Network Services" - set protocol ICMP - set icmptype 8 - next - edit TIMESTAMP - set protocol ICMP - set visibility disable - set icmptype 13 - next - edit INFO_REQUEST - set protocol ICMP - set visibility disable - set icmptype 15 - next - edit INFO_ADDRESS - set protocol ICMP - set visibility disable - set icmptype 17 - next - edit ONC-RPC - set category "Remote Access" - set udp-portrange 111 - set tcp-portrange 111 - next - edit DCE-RPC - set category "Remote Access" - set udp-portrange 135 - set tcp-portrange 135 - next - edit POP3 - set category "Email" - set tcp-portrange 110 - next - edit POP3S - set category "Email" - set tcp-portrange 995 - next - edit PPTP - set category "Tunneling" - set tcp-portrange 1723 - next - edit QUAKE - set udp-portrange 26000 27000 27910 27960 - set visibility disable - next - edit RAUDIO - set udp-portrange 7070 - set visibility disable - next - edit REXEC - set visibility disable - set tcp-portrange 512 - next - edit RIP - set category "Network Services" - set udp-portrange 520 - next - edit RLOGIN - set visibility disable - set tcp-portrange 513:512-1023 - next - edit RSH - set visibility disable - set tcp-portrange 514:512-1023 - next - edit SCCP - set category "VoIP, Messaging & Other Applications" - set tcp-portrange 2000 - next - edit SIP - set category "VoIP, Messaging & Other Applications" - set udp-portrange 5060 - set tcp-portrange 5060 - next - edit SIP-MSNmessenger - set category "VoIP, Messaging & Other Applications" - set tcp-portrange 1863 - next - edit SAMBA - set category "File Access" - set tcp-portrange 139 - next - edit SMTP - set category "Email" - set tcp-portrange 25 - next - edit SMTPS - set category "Email" - set tcp-portrange 465 - next - edit SNMP - set category "Network Services" - set udp-portrange 161-162 - set tcp-portrange 161-162 - next - edit SSH - set category "Remote Access" - set tcp-portrange 22 - next - edit SYSLOG - set category "Network Services" - set udp-portrange 514 - next - edit TALK - set udp-portrange 517-518 - set visibility disable - next - edit TELNET - set category "Remote Access" - set tcp-portrange 23 - next - edit TFTP - set category "File Access" - set udp-portrange 69 - next - edit MGCP - set udp-portrange 2427 2727 - set visibility disable - next - edit UUCP - set visibility disable - set tcp-portrange 540 - next - edit VDOLIVE - set visibility disable - set tcp-portrange 7000-7010 - next - edit WAIS - set visibility disable - set tcp-portrange 210 - next - edit WINFRAME - set visibility disable - set tcp-portrange 1494 2598 - next - edit X-WINDOWS - set category "Remote Access" - set tcp-portrange 6000-6063 - next - edit PING6 - set protocol ICMP6 - set visibility disable - set icmptype 128 - next - edit MS-SQL - set category "VoIP, Messaging & Other Applications" - set tcp-portrange 1433 1434 - next - edit MYSQL - set category "VoIP, Messaging & Other Applications" - set tcp-portrange 3306 - next - edit RDP - set category "Remote Access" - set tcp-portrange 3389 - next - edit VNC - set category "Remote Access" - set tcp-portrange 5900 - next - edit DHCP6 - set category "Network Services" - set udp-portrange 546 547 - next - edit SQUID - set category "Tunneling" - set tcp-portrange 3128 - next - edit SOCKS - set category "Tunneling" - set udp-portrange 1080 - set tcp-portrange 1080 - next - edit WINS - set category "Remote Access" - set udp-portrange 1512 - set tcp-portrange 1512 - next - edit RADIUS - set category "Authentication" - set udp-portrange 1812 1813 - next - edit RADIUS-OLD - set udp-portrange 1645 1646 - set visibility disable - next - edit CVSPSERVER - set udp-portrange 2401 - set visibility disable - set tcp-portrange 2401 - next - edit AFS3 - set category "File Access" - set udp-portrange 7000-7009 - set tcp-portrange 7000-7009 - next - edit TRACEROUTE - set category "Network Services" - set udp-portrange 33434-33535 - next - edit RTSP - set category "VoIP, Messaging & Other Applications" - set udp-portrange 554 - set tcp-portrange 554 7070 8554 - next - edit MMS - set udp-portrange 1024-5000 - set visibility disable - set tcp-portrange 1755 - next - edit KERBEROS - set category "Authentication" - set udp-portrange 88 - set tcp-portrange 88 - next - edit LDAP_UDP - set category "Authentication" - set udp-portrange 389 - next - edit SMB - set category "File Access" - set tcp-portrange 445 - next - edit NONE - set visibility disable - set tcp-portrange 0 - next - edit webproxy - set category "Web Proxy" - set explicit-proxy enable - set protocol ALL - set tcp-portrange 0-65535:0-65535 - next - end - config firewall service group - edit Email Access - set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS" - next - edit Web Access - set member "DNS" "HTTP" "HTTPS" - next - edit Windows AD - set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB" - next - edit Exchange Server - set member "DCE-RPC" "DNS" "HTTPS" - next - end - config webfilter ftgd-local-cat - edit custom1 - set id 140 - next - edit custom2 - set id 141 - next - end - config ips sensor - edit default - set comment "Prevent critical attacks." - config entries - edit 1 - set severity medium high critical - next - end - next - edit all_default - set comment "All predefined signatures with default setting." - config entries - edit 1 - next - end - next - edit all_default_pass - set comment "All predefined signatures with PASS action." - config entries - edit 1 - set action pass - next - end - next - edit protect_http_server - set comment "Protect against HTTP server-side vulnerabilities." - config entries - edit 1 - set protocol HTTP - set location server - next - end - next - edit protect_email_server - set comment "Protect against email server-side vulnerabilities." - config entries - edit 1 - set protocol SMTP POP3 IMAP - set location server - next - end - next - edit protect_client - set comment "Protect against client-side vulnerabilities." - config entries - edit 1 - set location client - next - end - next - edit high_security - set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities" - config entries - edit 1 - set status enable - set action block - set severity medium high critical - next - edit 2 - set severity low - next - end - next - end - config firewall shaper traffic-shaper - edit high-priority - set per-policy enable - set maximum-bandwidth 1048576 - next - edit medium-priority - set priority medium - set per-policy enable - set maximum-bandwidth 1048576 - next - edit low-priority - set priority low - set per-policy enable - set maximum-bandwidth 1048576 - next - edit guarantee-100kbps - set guaranteed-bandwidth 100 - set maximum-bandwidth 1048576 - set per-policy enable - next - edit shared-1M-pipe - set maximum-bandwidth 1024 - next - end - config web-proxy global - set proxy-fqdn "default.fqdn" - end - config application list - edit default - set comment "Monitor all applications." - config entries - edit 1 - set action pass - next - end - next - edit block-p2p - config entries - edit 1 - set category 2 - next - end - next - edit monitor-p2p-and-media - config entries - edit 1 - set category 2 - set action pass - next - edit 2 - set category 5 - set action pass - next - end - next - end - config dlp filepattern - edit 1 - set name "builtin-patterns" - config entries - edit *.bat - next - edit *.com - next - edit *.dll - next - edit *.doc - next - edit *.exe - next - edit *.gz - next - edit *.hta - next - edit *.ppt - next - edit *.rar - next - edit *.scr - next - edit *.tar - next - edit *.tgz - next - edit *.vb? - next - edit *.wps - next - edit *.xl? - next - edit *.zip - next - edit *.pif - next - edit *.cpl - next - end - next - edit 2 - set name "all_executables" - config entries - edit bat - set file-type bat - set filter-type type - next - edit exe - set file-type exe - set filter-type type - next - edit elf - set file-type elf - set filter-type type - next - edit hta - set file-type hta - set filter-type type - next - end - next - end - config dlp fp-sensitivity - edit Private - next - edit Critical - next - edit Warning - next - end - config dlp sensor - edit default - set comment "Log a summary of email and web traffic." - set summary-proto smtp pop3 imap http-get http-post - next - end - config webfilter content - end - config webfilter urlfilter - end - config spamfilter bword - end - config spamfilter bwl - end - config spamfilter mheader - end - config spamfilter dnsbl - end - config spamfilter iptrust - end - config log threat-weight - config web - edit 1 - set category 26 - set level high - next - edit 2 - set category 61 - set level high - next - edit 3 - set category 86 - set level high - next - edit 4 - set category 1 - set level medium - next - edit 5 - set category 3 - set level medium - next - edit 6 - set category 4 - set level medium - next - edit 7 - set category 5 - set level medium - next - edit 8 - set category 6 - set level medium - next - edit 9 - set category 12 - set level medium - next - edit 10 - set category 59 - set level medium - next - edit 11 - set category 62 - set level medium - next - edit 12 - set category 83 - set level medium - next - edit 13 - set category 72 - next - edit 14 - set category 14 - next - end - config application - edit 1 - set category 2 - next - edit 2 - set category 6 - set level medium - next - edit 3 - set category 19 - set level critical - next - end - end - config icap profile - edit default - next - end - config user local - edit guest - set passwd ENC EntYbQ4nWAFLGsQz5QbIt8MIxko4Ms6Nm/9fMo/5+L7FJO42JRExvl705N++oKwIB0NvfdWaiqfZ/LGPDSOVqRZnqn4pUWOlNVE6yfGxbCZUIXTlcSL58A2ok3Yd428rHETuf7mNrOJMdVS1tfnrx5+92ofsXVzAn/kpKeJLrtBRWNfBQ1YplQ2FfEDCHHW27akz4g== - set type password - next - end - config user group - edit SSO_Guest_Users - next - edit Guest-group - set member "guest" - next - end - config user device-group - edit Mobile Devices - set member "android-phone" "android-tablet" "blackberry-phone" "blackberry-playbook" "ipad" "iphone" "windows-phone" "windows-tablet" - set comment "Phones, tablets, etc." - next - edit Network Devices - set member "fortinet-device" "other-network-device" "router-nat-device" - set comment "Routers, firewalls, gateways, etc." - next - edit Others - set member "gaming-console" "media-streaming" - set comment "Other devices." - next - end - config vpn ssl web host-check-software - edit FortiClient-AV - set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81" - next - edit FortiClient-FW - set guid "528CB157-D384-4593-AAAA-E42DFF111CED" - set type fw - next - edit FortiClient-AV-Vista-Win7 - set guid "385618A6-2256-708E-3FB9-7E98B93F91F9" - next - edit FortiClient-FW-Vista-Win7 - set guid "006D9983-6839-71D6-14E6-D7AD47ECD682" - set type fw - next - edit AVG-Internet-Security-AV - set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF" - next - edit AVG-Internet-Security-FW - set guid "8DECF618-9569-4340-B34A-D78D28969B66" - set type fw - next - edit AVG-Internet-Security-AV-Vista-Win7 - set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82" - next - edit AVG-Internet-Security-FW-Vista-Win7 - set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9" - set type fw - next - edit CA-Anti-Virus - set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93" - next - edit CA-Internet-Security-AV - set guid "6B98D35F-BB76-41C0-876B-A50645ED099A" - next - edit CA-Internet-Security-FW - set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3" - set type fw - next - edit CA-Internet-Security-AV-Vista-Win7 - set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F" - next - edit CA-Internet-Security-FW-Vista-Win7 - set guid "06D680B0-4024-4FAB-E710-E675E50F6324" - set type fw - next - edit CA-Personal-Firewall - set guid "14CB4B80-8E52-45EA-905E-67C1267B4160" - set type fw - next - edit F-Secure-Internet-Security-AV - set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15" - next - edit F-Secure-Internet-Security-FW - set guid "D4747503-0346-49EB-9262-997542F79BF4" - set type fw - next - edit F-Secure-Internet-Security-AV-Vista-Win7 - set guid "15414183-282E-D62C-CA37-EF24860A2F17" - next - edit F-Secure-Internet-Security-FW-Vista-Win7 - set guid "2D7AC0A6-6241-D774-E168-461178D9686C" - set type fw - next - edit Kaspersky-AV - set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" - next - edit Kaspersky-FW - set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" - set type fw - next - edit Kaspersky-AV-Vista-Win7 - set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE" - next - edit Kaspersky-FW-Vista-Win7 - set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5" - set type fw - next - edit McAfee-Internet-Security-Suite-AV - set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83" - next - edit McAfee-Internet-Security-Suite-FW - set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8" - set type fw - next - edit McAfee-Internet-Security-Suite-AV-Vista-Win7 - set guid "86355677-4064-3EA7-ABB3-1B136EB04637" - next - edit McAfee-Internet-Security-Suite-FW-Vista-Win7 - set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C" - set type fw - next - edit McAfee-Virus-Scan-Enterprise - set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0" - next - edit Norton-360-2.0-AV - set guid "A5F1BC7C-EA33-4247-961C-0217208396C4" - next - edit Norton-360-2.0-FW - set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3" - set type fw - next - edit Norton-360-3.0-AV - set guid "E10A9785-9598-4754-B552-92431C1C35F8" - next - edit Norton-360-3.0-FW - set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" - set type fw - next - edit Norton-Internet-Security-AV - set guid "E10A9785-9598-4754-B552-92431C1C35F8" - next - edit Norton-Internet-Security-FW - set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" - set type fw - next - edit Norton-Internet-Security-AV-Vista-Win7 - set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" - next - edit Norton-Internet-Security-FW-Vista-Win7 - set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" - set type fw - next - edit Symantec-Endpoint-Protection-AV - set guid "FB06448E-52B8-493A-90F3-E43226D3305C" - next - edit Symantec-Endpoint-Protection-FW - set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6" - set type fw - next - edit Symantec-Endpoint-Protection-AV-Vista-Win7 - set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" - next - edit Symantec-Endpoint-Protection-FW-Vista-Win7 - set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" - set type fw - next - edit Panda-Antivirus+Firewall-2008-AV - set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A" - next - edit Panda-Antivirus+Firewall-2008-FW - set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" - set type fw - next - edit Panda-Internet-Security-AV - set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" - next - edit Panda-Internet-Security-2006~2007-FW - set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" - set type fw - next - edit Panda-Internet-Security-2008~2009-FW - set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" - set type fw - next - edit Sophos-Anti-Virus - set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD" - next - edit Sophos-Enpoint-Secuirty-and-Control-FW - set guid "0786E95E-326A-4524-9691-41EF88FB52EA" - set type fw - next - edit Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7 - set guid "479CCF92-4960-B3E0-7373-BF453B467D2C" - next - edit Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7 - set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57" - set type fw - next - edit Trend-Micro-AV - set guid "7D2296BC-32CC-4519-917E-52E652474AF5" - next - edit Trend-Micro-FW - set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6" - set type fw - next - edit Trend-Micro-AV-Vista-Win7 - set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50" - next - edit Trend-Micro-FW-Vista-Win7 - set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B" - set type fw - next - edit ZoneAlarm-AV - set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF" - next - edit ZoneAlarm-FW - set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B" - set type fw - next - edit ZoneAlarm-AV-Vista-Win7 - set guid "D61596DF-D219-341C-49B3-AD30538CBC5B" - next - edit ZoneAlarm-FW-Vista-Win7 - set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20" - set type fw - next - edit ESET-Smart-Security-AV - set guid "19259FAE-8396-A113-46DB-15B0E7DFA289" - next - edit ESET-Smart-Security-FW - set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2" - set type fw - next - end - config vpn ssl web portal - edit full-access - set web-mode enable - set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" - set page-layout double-column - set ip-pools "SSLVPN_TUNNEL_ADDR1" - set ipv6-tunnel-mode enable - set tunnel-mode enable - next - edit web-access - set web-mode enable - next - edit tunnel-access - set ip-pools "SSLVPN_TUNNEL_ADDR1" - set ipv6-tunnel-mode enable - set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" - set tunnel-mode enable - next - end - config vpn ssl settings - set servercert "self-sign" - set port 443 - end - config voip profile - edit default - set comment "Default VoIP profile." - next - edit strict - config sip - set malformed-header-max-forwards discard - set malformed-header-rack discard - set malformed-header-allow discard - set malformed-header-call-id discard - set malformed-header-sdp-v discard - set malformed-header-record-route discard - set malformed-header-contact discard - set malformed-header-sdp-s discard - set malformed-header-content-length discard - set malformed-header-sdp-z discard - set malformed-header-from discard - set malformed-header-route discard - set malformed-header-sdp-b discard - set malformed-header-sdp-c discard - set malformed-header-sdp-a discard - set malformed-header-sdp-o discard - set malformed-header-sdp-m discard - set malformed-header-sdp-k discard - set malformed-header-sdp-i discard - set malformed-header-to discard - set malformed-header-via discard - set malformed-header-sdp-t discard - set malformed-request-line discard - set malformed-header-sdp-r discard - set malformed-header-content-type discard - set malformed-header-expires discard - set malformed-header-rseq discard - set malformed-header-p-asserted-identity discard - set malformed-header-cseq discard - end - next - end - config webfilter profile - edit default - set comment "Default web filtering." - set post-action comfort - config ftgd-wf - config filters - edit 1 - set category 2 - set action warning - next - edit 2 - set category 7 - set action warning - next - edit 3 - set category 8 - set action warning - next - edit 4 - set category 9 - set action warning - next - edit 5 - set category 11 - set action warning - next - edit 6 - set category 12 - set action warning - next - edit 7 - set category 13 - set action warning - next - edit 8 - set category 14 - set action warning - next - edit 9 - set category 15 - set action warning - next - edit 10 - set category 16 - set action warning - next - edit 11 - set action warning - next - edit 12 - set category 57 - set action warning - next - edit 13 - set category 63 - set action warning - next - edit 14 - set category 64 - set action warning - next - edit 15 - set category 65 - set action warning - next - edit 16 - set category 66 - set action warning - next - edit 17 - set category 67 - set action warning - next - edit 18 - set category 26 - set action block - next - end - end - next - edit web-filter-flow - set comment "Flow-based web filter profile." - set inspection-mode flow-based - set post-action comfort - config ftgd-wf - config filters - edit 1 - set category 2 - next - edit 2 - set category 7 - next - edit 3 - set category 8 - next - edit 4 - set category 9 - next - edit 5 - set category 11 - next - edit 6 - set category 12 - next - edit 7 - set category 13 - next - edit 8 - set category 14 - next - edit 9 - set category 15 - next - edit 10 - set category 16 - next - edit 11 - next - edit 12 - set category 57 - next - edit 13 - set category 63 - next - edit 14 - set category 64 - next - edit 15 - set category 65 - next - edit 16 - set category 66 - next - edit 17 - set category 67 - next - edit 18 - set category 26 - set action block - next - end - end - next - edit monitor-all - set comment "Monitor and log all visited URLs, proxy-based." - set web-content-log disable - set web-filter-applet-log disable - set web-ftgd-err-log disable - set web-filter-command-block-log disable - set web-filter-jscript-log disable - set web-filter-activex-log disable - set web-filter-referer-log disable - set web-filter-js-log disable - set web-invalid-domain-log disable - set web-ftgd-quota-usage disable - set web-filter-vbs-log disable - set web-filter-unknown-log disable - set web-filter-cookie-log disable - set log-all-url enable - set web-filter-cookie-removal-log disable - set web-url-log disable - config ftgd-wf - config filters - edit 1 - set category 1 - next - edit 2 - set category 3 - next - edit 3 - set category 4 - next - edit 4 - set category 5 - next - edit 5 - set category 6 - next - edit 6 - set category 12 - next - edit 7 - set category 59 - next - edit 8 - set category 62 - next - edit 9 - set category 83 - next - edit 10 - set category 2 - next - edit 11 - set category 7 - next - edit 12 - set category 8 - next - edit 13 - set category 9 - next - edit 14 - set category 11 - next - edit 15 - set category 13 - next - edit 16 - set category 14 - next - edit 17 - set category 15 - next - edit 18 - set category 16 - next - edit 19 - set category 57 - next - edit 20 - set category 63 - next - edit 21 - set category 64 - next - edit 22 - set category 65 - next - edit 23 - set category 66 - next - edit 24 - set category 67 - next - edit 25 - set category 19 - next - edit 26 - set category 24 - next - edit 27 - set category 25 - next - edit 28 - set category 72 - next - edit 29 - set category 75 - next - edit 30 - set category 76 - next - edit 31 - set category 26 - next - edit 32 - set category 61 - next - edit 33 - set category 86 - next - edit 34 - set category 17 - next - edit 35 - set category 18 - next - edit 36 - set category 20 - next - edit 37 - set category 23 - next - edit 38 - set category 28 - next - edit 39 - set category 29 - next - edit 40 - set category 30 - next - edit 41 - set category 33 - next - edit 42 - set category 34 - next - edit 43 - set category 35 - next - edit 44 - set category 36 - next - edit 45 - set category 37 - next - edit 46 - set category 38 - next - edit 47 - set category 39 - next - edit 48 - set category 40 - next - edit 49 - set category 42 - next - edit 50 - set category 44 - next - edit 51 - set category 46 - next - edit 52 - set category 47 - next - edit 53 - set category 48 - next - edit 54 - set category 54 - next - edit 55 - set category 55 - next - edit 56 - set category 58 - next - edit 57 - set category 68 - next - edit 58 - set category 69 - next - edit 59 - set category 70 - next - edit 60 - set category 71 - next - edit 61 - set category 77 - next - edit 62 - set category 78 - next - edit 63 - set category 79 - next - edit 64 - set category 80 - next - edit 65 - set category 82 - next - edit 66 - set category 85 - next - edit 67 - set category 87 - next - edit 68 - set category 31 - next - edit 69 - set category 41 - next - edit 70 - set category 43 - next - edit 71 - set category 49 - next - edit 72 - set category 50 - next - edit 73 - set category 51 - next - edit 74 - set category 52 - next - edit 75 - set category 53 - next - edit 76 - set category 56 - next - edit 77 - set category 81 - next - edit 78 - set category 84 - next - edit 79 - next - end - end - next - edit flow-monitor-all - set comment "Monitor and log all visited URLs, flow-based." - set web-content-log disable - set web-filter-applet-log disable - set web-ftgd-err-log disable - set web-filter-jscript-log disable - set web-filter-activex-log disable - set web-filter-referer-log disable - set web-filter-js-log disable - set web-invalid-domain-log disable - set inspection-mode flow-based - set web-ftgd-quota-usage disable - set web-filter-command-block-log disable - set web-filter-vbs-log disable - set web-filter-unknown-log disable - set web-filter-cookie-log disable - set log-all-url enable - set web-filter-cookie-removal-log disable - set web-url-log disable - config ftgd-wf - config filters - edit 1 - set category 1 - next - edit 2 - set category 3 - next - edit 3 - set category 4 - next - edit 4 - set category 5 - next - edit 5 - set category 6 - next - edit 6 - set category 12 - next - edit 7 - set category 59 - next - edit 8 - set category 62 - next - edit 9 - set category 83 - next - edit 10 - set category 2 - next - edit 11 - set category 7 - next - edit 12 - set category 8 - next - edit 13 - set category 9 - next - edit 14 - set category 11 - next - edit 15 - set category 13 - next - edit 16 - set category 14 - next - edit 17 - set category 15 - next - edit 18 - set category 16 - next - edit 19 - set category 57 - next - edit 20 - set category 63 - next - edit 21 - set category 64 - next - edit 22 - set category 65 - next - edit 23 - set category 66 - next - edit 24 - set category 67 - next - edit 25 - set category 19 - next - edit 26 - set category 24 - next - edit 27 - set category 25 - next - edit 28 - set category 72 - next - edit 29 - set category 75 - next - edit 30 - set category 76 - next - edit 31 - set category 26 - next - edit 32 - set category 61 - next - edit 33 - set category 86 - next - edit 34 - set category 17 - next - edit 35 - set category 18 - next - edit 36 - set category 20 - next - edit 37 - set category 23 - next - edit 38 - set category 28 - next - edit 39 - set category 29 - next - edit 40 - set category 30 - next - edit 41 - set category 33 - next - edit 42 - set category 34 - next - edit 43 - set category 35 - next - edit 44 - set category 36 - next - edit 45 - set category 37 - next - edit 46 - set category 38 - next - edit 47 - set category 39 - next - edit 48 - set category 40 - next - edit 49 - set category 42 - next - edit 50 - set category 44 - next - edit 51 - set category 46 - next - edit 52 - set category 47 - next - edit 53 - set category 48 - next - edit 54 - set category 54 - next - edit 55 - set category 55 - next - edit 56 - set category 58 - next - edit 57 - set category 68 - next - edit 58 - set category 69 - next - edit 59 - set category 70 - next - edit 60 - set category 71 - next - edit 61 - set category 77 - next - edit 62 - set category 78 - next - edit 63 - set category 79 - next - edit 64 - set category 80 - next - edit 65 - set category 82 - next - edit 66 - set category 85 - next - edit 67 - set category 87 - next - edit 68 - set category 31 - next - edit 69 - set category 41 - next - edit 70 - set category 43 - next - edit 71 - set category 49 - next - edit 72 - set category 50 - next - edit 73 - set category 51 - next - edit 74 - set category 52 - next - edit 75 - set category 53 - next - edit 76 - set category 56 - next - edit 77 - set category 81 - next - edit 78 - set category 84 - next - edit 79 - next - end - end - next - edit block-security-risks - set comment "Block security risks." - config ftgd-wf - set options rate-server-ip - config filters - edit 1 - set category 26 - set action block - next - edit 2 - set category 61 - set action block - next - edit 3 - set category 86 - set action block - next - edit 4 - set action warning - next - end - end - next - end - config webfilter override - end - config webfilter override-user - end - config webfilter ftgd-warning - end - config webfilter ftgd-local-rating - end - config webfilter search-engine - edit google - set url "^\\/((custom|search|images|videosearch|webhp)\\?)" - set query "q=" - set safesearch url - set hostname ".*\\.google\\..*" - set safesearch-str "&safe=active" - next - edit yahoo - set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)" - set query "p=" - set safesearch url - set hostname ".*\\.yahoo\\..*" - set safesearch-str "&vm=r" - next - edit bing - set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?" - set query "q=" - set safesearch url - set hostname "www\\.bing\\.com" - set safesearch-str "&adlt=strict" - next - edit yandex - set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?" - set query "text=" - set safesearch url - set hostname "yandex\\..*" - set safesearch-str "&family=yes" - next - edit youtube - set safesearch header - set hostname ".*\\.youtube\\..*" - next - edit baidu - set url "^\\/s?\\?" - set query "wd=" - set hostname ".*\\.baidu\\.com" - next - edit baidu2 - set url "^\\/(ns|q|m|i|v)\\?" - set query "word=" - set hostname ".*\\.baidu\\.com" - next - edit baidu3 - set url "^\\/f\\?" - set query "kw=" - set hostname "tieba\\.baidu\\.com" - next - end - config antivirus profile - edit default - set comment "Scan files and block viruses." - config http - set options scan - end - config ftp - set options scan - end - config imap - set options scan - end - config pop3 - set options scan - end - config smtp - set options scan - end - next - end - config spamfilter profile - edit default - set comment "Malware and phishing URL filtering." - next - end - config wanopt settings - set host-id "default-id" - end - config wanopt profile - edit default - set comments "Default WANopt profile." - next - end - config firewall schedule recurring - edit always - set day sunday monday tuesday wednesday thursday friday saturday - next - edit none - set day none - next - end - config firewall profile-protocol-options - edit default - set comment "All default services." - config http - set ports 80 - end - config ftp - set ports 21 - set options splice - end - config imap - set ports 143 - set options fragmail - end - config mapi - set ports 135 - set options fragmail - end - config pop3 - set ports 110 - set options fragmail - end - config smtp - set ports 25 - set options fragmail splice - end - config nntp - set ports 119 - set options splice - end - config dns - set ports 53 - end - next - end - config firewall ssl-ssh-profile - edit deep-inspection - set comment "Deep inspection." - config https - set ports 443 - end - config ftps - set ports 990 - end - config imaps - set ports 993 - end - config pop3s - set ports 995 - end - config smtps - set ports 465 - end - config ssh - set ports 22 - end - config ssl-exempt - edit 1 - set fortiguard-category 31 - next - edit 2 - set fortiguard-category 33 - next - edit 3 - set fortiguard-category 87 - next - edit 4 - set type address - set address "apple" - next - edit 5 - set type address - set address "appstore" - next - edit 6 - set type address - set address "dropbox.com" - next - edit 7 - set type address - set address "Gotomeeting" - next - edit 8 - set type address - set address "icloud" - next - edit 9 - set type address - set address "itunes" - next - edit 10 - set type address - set address "android" - next - edit 11 - set type address - set address "skype" - next - edit 12 - set type address - set address "swscan.apple.com" - next - edit 13 - set type address - set address "update.microsoft.com" - next - edit 14 - set type address - set address "eease" - next - edit 15 - set type address - set address "google-drive" - next - edit 16 - set type address - set address "google-play" - next - edit 17 - set type address - set address "google-play2" - next - edit 18 - set type address - set address "google-play3" - next - edit 19 - set type address - set address "microsoft" - next - edit 20 - set type address - set address "adobe" - next - edit 21 - set type address - set address "Adobe Login" - next - edit 22 - set type address - set address "fortinet" - next - edit 23 - set type address - set address "googleapis.com" - next - edit 24 - set type address - set address "citrix" - next - edit 25 - set type address - set address "verisign" - next - edit 26 - set type address - set address "Windows update 2" - next - edit 27 - set type address - set address "*.live.com" - next - edit 28 - set type address - set address "auth.gfx.ms" - next - edit 29 - set type address - set address "autoupdate.opera.com" - next - edit 30 - set type address - set address "softwareupdate.vmware.com" - next - edit 31 - set type address - set address "firefox update server" - next - end - next - edit certificate-inspection - set comment "SSL handshake inspection." - config https - set status certificate-inspection - set ports 443 - end - config ftps - set status disable - set ports 990 - end - config imaps - set status disable - set ports 993 - end - config pop3s - set status disable - set ports 995 - end - config smtps - set status disable - set ports 465 - end - config ssh - set status disable - set ports 22 - end - next - end - config firewall identity-based-route - end - config firewall policy - end - config firewall local-in-policy - end - config firewall policy6 - end - config firewall local-in-policy6 - end - config firewall ttl-policy - end - config firewall policy64 - end - config firewall policy46 - end - config firewall explicit-proxy-policy - end - config firewall interface-policy - end - config firewall interface-policy6 - end - config firewall DoS-policy - end - config firewall DoS-policy6 - end - config firewall sniffer - end - config endpoint-control profile - edit default - config forticlient-winmac-settings - set forticlient-wf-profile "default" - end - config forticlient-android-settings - end - config forticlient-ios-settings - end - next - end - config wireless-controller wids-profile - edit default - set comment "Default WIDS profile." - set deauth-broadcast enable - set assoc-frame-flood enable - set invalid-mac-oui enable - set ap-scan enable - set long-duration-attack enable - set eapol-logoff-flood enable - set eapol-succ-flood enable - set eapol-start-flood enable - set eapol-fail-flood enable - set wireless-bridge enable - set eapol-pre-succ-flood enable - set auth-frame-flood enable - set asleap-attack enable - set eapol-pre-fail-flood enable - set spoofed-deauth enable - set weak-wep-iv enable - set null-ssid-probe-resp enable - next - edit default-wids-apscan-enabled - set ap-scan enable - next - end - config wireless-controller wtp-profile - edit FAP112B-default - set ap-country US - config platform - set type 112B - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP220B-default - set ap-country US - config radio-1 - set band 802.11n-5G - end - config radio-2 - set band 802.11n - end - next - edit FAP223B-default - set ap-country US - config platform - set type 223B - end - config radio-1 - set band 802.11n-5G - end - config radio-2 - set band 802.11n - end - next - edit FAP210B-default - set ap-country US - config platform - set type 210B - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP222B-default - set ap-country US - config platform - set type 222B - end - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11n-5G - end - next - edit FAP320B-default - set ap-country US - config platform - set type 320B - end - config radio-1 - set band 802.11n-5G - end - config radio-2 - set band 802.11n - end - next - edit FAP11C-default - set ap-country US - config platform - set type 11C - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP14C-default - set ap-country US - config platform - set type 14C - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP28C-default - set ap-country US - config platform - set type 28C - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP320C-default - set ap-country US - config platform - set type 320C - end - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11ac - end - next - edit FAP221C-default - set ap-country US - config platform - set type 221C - end - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11ac - end - next - edit FAP25D-default - set ap-country US - config platform - set type 25D - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP222C-default - set ap-country US - config platform - set type 222C - end - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11ac - end - next - edit FAP224D-default - set ap-country US - config platform - set type 224D - end - config radio-1 - set band 802.11n-5G - end - config radio-2 - set band 802.11n - end - next - edit FK214B-default - set ap-country US - config platform - set type 214B - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP21D-default - set ap-country US - config platform - set type 21D - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP24D-default - set ap-country US - config platform - set type 24D - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP112D-default - set ap-country US - config platform - set type 112D - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP223C-default - set ap-country US - config platform - set type 223C - end - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11ac - end - next - edit FAP321C-default - set ap-country US - config platform - set type 321C - end - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11ac - end - next - end - config log memory setting - set status enable - end - config router rip - config redistribute connected - end - config redistribute static - end - config redistribute ospf - end - config redistribute bgp - end - config redistribute isis - end - end - config router ripng - config redistribute connected - end - config redistribute static - end - config redistribute ospf - end - config redistribute bgp - end - config redistribute isis - end - end - config router ospf - config redistribute connected - end - config redistribute static - end - config redistribute rip - end - config redistribute bgp - end - config redistribute isis - end - end - config router ospf6 - config redistribute connected - end - config redistribute static - end - config redistribute rip - end - config redistribute bgp - end - config redistribute isis - end - end - config router bgp - config redistribute connected - end - config redistribute rip - end - config redistribute ospf - end - config redistribute static - end - config redistribute isis - end - config redistribute6 connected - end - config redistribute6 rip - end - config redistribute6 ospf - end - config redistribute6 static - end - config redistribute6 isis - end - end - config router isis - config redistribute connected - end - config redistribute rip - end - config redistribute ospf - end - config redistribute bgp - end - config redistribute static - end - end - config router multicast - end diff --git a/test/integration/targets/fortios_address/files/default_config.conf.backup b/test/integration/targets/fortios_address/files/default_config.conf.backup deleted file mode 100644 index c2935d84772..00000000000 --- a/test/integration/targets/fortios_address/files/default_config.conf.backup +++ /dev/null @@ -1,3134 +0,0 @@ - config system global - set timezone 04 - set admintimeout 480 - set admin-server-cert "Fortinet_Firmware" - set fgd-alert-subscription advisory latest-threat - set hostname "FortiGate-VM64-HV" - end - config system accprofile - edit prof_admin - set vpngrp read-write - set updategrp read-write - set utmgrp read-write - set routegrp read-write - set wifi read-write - set sysgrp read-write - set loggrp read-write - set mntgrp read-write - set netgrp read-write - set admingrp read-write - set wanoptgrp read-write - set fwgrp read-write - set authgrp read-write - set endpoint-control-grp read-write - next - end - config system interface - edit port1 - set ip 192.168.137.154 255.255.255.0 - set type physical - set allowaccess ping https ssh http fgfm - set vdom "root" - next - edit port2 - set type physical - set vdom "root" - next - edit port3 - set type physical - set vdom "root" - next - edit port4 - set type physical - set vdom "root" - next - edit port5 - set type physical - set vdom "root" - next - edit port6 - set type physical - set vdom "root" - next - edit port7 - set type physical - set vdom "root" - next - edit port8 - set type physical - set vdom "root" - next - edit ssl.root - set alias "SSL VPN interface" - set type tunnel - set vdom "root" - next - end - config system custom-language - edit en - set filename "en" - next - edit fr - set filename "fr" - next - edit sp - set filename "sp" - next - edit pg - set filename "pg" - next - edit x-sjis - set filename "x-sjis" - next - edit big5 - set filename "big5" - next - edit GB2312 - set filename "GB2312" - next - edit euc-kr - set filename "euc-kr" - next - end - config system admin - edit admin - set accprofile "super_admin" - set vdom "root" - config dashboard-tabs - edit 1 - set name "Status" - next - end - config dashboard - edit 1 - set column 1 - set tab-id 1 - next - edit 2 - set column 1 - set widget-type licinfo - set tab-id 1 - next - edit 3 - set column 1 - set widget-type jsconsole - set tab-id 1 - next - edit 4 - set column 2 - set widget-type sysres - set tab-id 1 - next - edit 5 - set column 2 - set widget-type gui-features - set tab-id 1 - next - edit 6 - set column 2 - set top-n 10 - set widget-type alert - set tab-id 1 - next - end - next - end - config system ha - set override disable - end - config system dns - set primary 208.91.112.53 - set secondary 208.91.112.52 - end - config system replacemsg-image - edit logo_fnet - set image-base64 '' - set image-type gif - next - edit logo_fguard_wf - set image-base64 '' - set image-type gif - next - edit logo_fw_auth - set image-base64 '' - set image-type png - next - edit logo_v2_fnet - set image-base64 '' - set image-type png - next - edit logo_v2_fguard_wf - set image-base64 '' - set image-type png - next - edit logo_v2_fguard_app - set image-base64 '' - set image-type png - next - end - config system replacemsg mail email-block - end - config system replacemsg mail email-dlp-subject - end - config system replacemsg mail email-dlp-ban - end - config system replacemsg mail email-filesize - end - config system replacemsg mail partial - end - config system replacemsg mail smtp-block - end - config system replacemsg mail smtp-filesize - end - config system replacemsg http bannedword - end - config system replacemsg http url-block - end - config system replacemsg http urlfilter-err - end - config system replacemsg http infcache-block - end - config system replacemsg http http-block - end - config system replacemsg http http-filesize - end - config system replacemsg http http-dlp-ban - end - config system replacemsg http http-archive-block - end - config system replacemsg http http-contenttypeblock - end - config system replacemsg http https-invalid-cert-block - end - config system replacemsg http http-client-block - end - config system replacemsg http http-client-filesize - end - config system replacemsg http http-client-bannedword - end - config system replacemsg http http-post-block - end - config system replacemsg http http-client-archive-block - end - config system replacemsg http switching-protocols-block - end - config system replacemsg webproxy deny - end - config system replacemsg webproxy user-limit - end - config system replacemsg webproxy auth-challenge - end - config system replacemsg webproxy auth-login-fail - end - config system replacemsg webproxy auth-authorization-fail - end - config system replacemsg webproxy http-err - end - config system replacemsg webproxy auth-ip-blackout - end - config system replacemsg ftp ftp-dl-blocked - end - config system replacemsg ftp ftp-dl-filesize - end - config system replacemsg ftp ftp-dl-dlp-ban - end - config system replacemsg ftp ftp-explicit-banner - end - config system replacemsg ftp ftp-dl-archive-block - end - config system replacemsg nntp nntp-dl-blocked - end - config system replacemsg nntp nntp-dl-filesize - end - config system replacemsg nntp nntp-dlp-subject - end - config system replacemsg nntp nntp-dlp-ban - end - config system replacemsg fortiguard-wf ftgd-block - end - config system replacemsg fortiguard-wf http-err - end - config system replacemsg fortiguard-wf ftgd-ovrd - end - config system replacemsg fortiguard-wf ftgd-quota - end - config system replacemsg fortiguard-wf ftgd-warning - end - config system replacemsg spam ipblocklist - end - config system replacemsg spam smtp-spam-dnsbl - end - config system replacemsg spam smtp-spam-feip - end - config system replacemsg spam smtp-spam-helo - end - config system replacemsg spam smtp-spam-emailblack - end - config system replacemsg spam smtp-spam-mimeheader - end - config system replacemsg spam reversedns - end - config system replacemsg spam smtp-spam-bannedword - end - config system replacemsg spam smtp-spam-ase - end - config system replacemsg spam submit - end - config system replacemsg im im-file-xfer-block - end - config system replacemsg im im-file-xfer-name - end - config system replacemsg im im-file-xfer-infected - end - config system replacemsg im im-file-xfer-size - end - config system replacemsg im im-dlp - end - config system replacemsg im im-dlp-ban - end - config system replacemsg im im-voice-chat-block - end - config system replacemsg im im-video-chat-block - end - config system replacemsg im im-photo-share-block - end - config system replacemsg im im-long-chat-block - end - config system replacemsg alertmail alertmail-virus - end - config system replacemsg alertmail alertmail-block - end - config system replacemsg alertmail alertmail-nids-event - end - config system replacemsg alertmail alertmail-crit-event - end - config system replacemsg alertmail alertmail-disk-full - end - config system replacemsg admin pre_admin-disclaimer-text - end - config system replacemsg admin post_admin-disclaimer-text - end - config system replacemsg auth auth-disclaimer-page-1 - end - config system replacemsg auth auth-disclaimer-page-2 - end - config system replacemsg auth auth-disclaimer-page-3 - end - config system replacemsg auth auth-reject-page - end - config system replacemsg auth auth-login-page - end - config system replacemsg auth auth-login-failed-page - end - config system replacemsg auth auth-token-login-page - end - config system replacemsg auth auth-token-login-failed-page - end - config system replacemsg auth auth-success-msg - end - config system replacemsg auth auth-challenge-page - end - config system replacemsg auth auth-keepalive-page - end - config system replacemsg auth auth-portal-page - end - config system replacemsg auth auth-password-page - end - config system replacemsg auth auth-fortitoken-page - end - config system replacemsg auth auth-next-fortitoken-page - end - config system replacemsg auth auth-email-token-page - end - config system replacemsg auth auth-sms-token-page - end - config system replacemsg auth auth-email-harvesting-page - end - config system replacemsg auth auth-email-failed-page - end - config system replacemsg auth auth-cert-passwd-page - end - config system replacemsg auth auth-guest-print-page - end - config system replacemsg auth auth-guest-email-page - end - config system replacemsg auth auth-success-page - end - config system replacemsg auth auth-block-notification-page - end - config system replacemsg sslvpn sslvpn-login - end - config system replacemsg sslvpn sslvpn-limit - end - config system replacemsg sslvpn hostcheck-error - end - config system replacemsg ec endpt-download-portal - end - config system replacemsg ec endpt-download-portal-mac - end - config system replacemsg ec endpt-download-portal-ios - end - config system replacemsg ec endpt-download-portal-aos - end - config system replacemsg ec endpt-download-portal-other - end - config system replacemsg device-detection-portal device-detection-failure - end - config system replacemsg nac-quar nac-quar-virus - end - config system replacemsg nac-quar nac-quar-dos - end - config system replacemsg nac-quar nac-quar-ips - end - config system replacemsg nac-quar nac-quar-dlp - end - config system replacemsg nac-quar nac-quar-admin - end - config system replacemsg traffic-quota per-ip-shaper-block - end - config system replacemsg utm virus-html - end - config system replacemsg utm virus-text - end - config system replacemsg utm dlp-html - end - config system replacemsg utm dlp-text - end - config system replacemsg utm appblk-html - end - config vpn certificate ca - end - config vpn certificate local - edit Fortinet_CA_SSLProxy - set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- - set password ENC eRZ5UNnzW1eAAJn+reDWnDdgQZ1yxFr7z+rp0lzCeKX64OiaEcBKwGIzocIf5y5p37siqf1bPHwEMWkvISqQSXKT8JijvaLtA/oNlqTw8GwglMlW390JTckMS7v60mVQ2Jj1Ng9q4xi2dXKpVGXqYnpc1nDSApGqHTwpL/lgc1+HLh0CQvn4zQpIs8//4hVscjqz0g== - set certificate "-----BEGIN CERTIFICATE----- - set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." - next - edit Fortinet_SSLProxy - set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- - set password ENC JGQ1Psth3oHimOP5bRUzt+zfBA5PlPBXZj6xLvqp7JILLBa6Der02qjotGI4UnaKAGSad7uEkPKLq2ePjzBy/Rc/E55FJO8OjffWzIOgpT1jYMmw8IOuAlB50weCRpzMowrLT+FKFF53SxG+oe5n4EaoiqR92WZsXzOTFpNdSFXyvggt/lmOz4Zm08AMD3sWFWg/ZA== - set certificate "-----BEGIN CERTIFICATE----- - next - end - config user device-category - edit ipad - next - edit iphone - next - edit gaming-console - next - edit blackberry-phone - next - edit blackberry-playbook - next - edit linux-pc - next - edit mac - next - edit windows-pc - next - edit android-phone - next - edit android-tablet - next - edit media-streaming - next - edit windows-phone - next - edit windows-tablet - next - edit fortinet-device - next - edit ip-phone - next - edit router-nat-device - next - edit printer - next - edit other-network-device - next - edit collected-emails - next - edit all - next - end - config system session-sync - end - config system fortiguard - set webfilter-sdns-server-ip "208.91.112.220" - end - config ips global - set default-app-cat-mask 18446744073474670591 - end - config ips dbinfo - set version 1 - end - config gui console - end - config system session-helper - edit 1 - set protocol 6 - set name pptp - set port 1723 - next - edit 2 - set protocol 6 - set name h323 - set port 1720 - next - edit 3 - set protocol 17 - set name ras - set port 1719 - next - edit 4 - set protocol 6 - set name tns - set port 1521 - next - edit 5 - set protocol 17 - set name tftp - set port 69 - next - edit 6 - set protocol 6 - set name rtsp - set port 554 - next - edit 7 - set protocol 6 - set name rtsp - set port 7070 - next - edit 8 - set protocol 6 - set name rtsp - set port 8554 - next - edit 9 - set protocol 6 - set name ftp - set port 21 - next - edit 10 - set protocol 6 - set name mms - set port 1863 - next - edit 11 - set protocol 6 - set name pmap - set port 111 - next - edit 12 - set protocol 17 - set name pmap - set port 111 - next - edit 13 - set protocol 17 - set name sip - set port 5060 - next - edit 14 - set protocol 17 - set name dns-udp - set port 53 - next - edit 15 - set protocol 6 - set name rsh - set port 514 - next - edit 16 - set protocol 6 - set name rsh - set port 512 - next - edit 17 - set protocol 6 - set name dcerpc - set port 135 - next - edit 18 - set protocol 17 - set name dcerpc - set port 135 - next - edit 19 - set protocol 17 - set name mgcp - set port 2427 - next - edit 20 - set protocol 17 - set name mgcp - set port 2727 - next - end - config system auto-install - set auto-install-config enable - set auto-install-image enable - end - config system ntp - set ntpsync enable - set syncinterval 60 - end - config system settings - end - config firewall address - edit SSLVPN_TUNNEL_ADDR1 - set type iprange - set end-ip 10.212.134.210 - set start-ip 10.212.134.200 - next - edit all - next - edit none - set subnet 0.0.0.0 255.255.255.255 - next - edit apple - set type fqdn - set fqdn "*.apple.com" - next - edit dropbox.com - set type fqdn - set fqdn "*.dropbox.com" - next - edit Gotomeeting - set type fqdn - set fqdn "*.gotomeeting.com" - next - edit icloud - set type fqdn - set fqdn "*.icloud.com" - next - edit itunes - set type fqdn - set fqdn "*itunes.apple.com" - next - edit android - set type fqdn - set fqdn "*.android.com" - next - edit skype - set type fqdn - set fqdn "*.messenger.live.com" - next - edit swscan.apple.com - set type fqdn - set fqdn "swscan.apple.com" - next - edit update.microsoft.com - set type fqdn - set fqdn "update.microsoft.com" - next - edit appstore - set type fqdn - set fqdn "*.appstore.com" - next - edit eease - set type fqdn - set fqdn "*.eease.com" - next - edit google-drive - set type fqdn - set fqdn "*drive.google.com" - next - edit google-play - set type fqdn - set fqdn "play.google.com" - next - edit google-play2 - set type fqdn - set fqdn "*.ggpht.com" - next - edit google-play3 - set type fqdn - set fqdn "*.books.google.com" - next - edit microsoft - set type fqdn - set fqdn "*.microsoft.com" - next - edit adobe - set type fqdn - set fqdn "*.adobe.com" - next - edit Adobe Login - set type fqdn - set fqdn "*.adobelogin.com" - next - edit fortinet - set type fqdn - set fqdn "*.fortinet.com" - next - edit googleapis.com - set type fqdn - set fqdn "*.googleapis.com" - next - edit citrix - set type fqdn - set fqdn "*.citrixonline.com" - next - edit verisign - set type fqdn - set fqdn "*.verisign.com" - next - edit Windows update 2 - set type fqdn - set fqdn "*.windowsupdate.com" - next - edit *.live.com - set type fqdn - set fqdn "*.live.com" - next - edit auth.gfx.ms - set type fqdn - set fqdn "auth.gfx.ms" - next - edit autoupdate.opera.com - set type fqdn - set fqdn "autoupdate.opera.com" - next - edit softwareupdate.vmware.com - set type fqdn - set fqdn "softwareupdate.vmware.com" - next - edit firefox update server - set type fqdn - set fqdn "aus*.mozilla.org" - next - end - config firewall multicast-address - edit all - set end-ip 239.255.255.255 - set start-ip 224.0.0.0 - next - edit all_hosts - set end-ip 224.0.0.1 - set start-ip 224.0.0.1 - next - edit all_routers - set end-ip 224.0.0.2 - set start-ip 224.0.0.2 - next - edit Bonjour - set end-ip 224.0.0.251 - set start-ip 224.0.0.251 - next - edit EIGRP - set end-ip 224.0.0.10 - set start-ip 224.0.0.10 - next - edit OSPF - set end-ip 224.0.0.6 - set start-ip 224.0.0.5 - next - end - config firewall address6 - edit SSLVPN_TUNNEL_IPv6_ADDR1 - set ip6 fdff:ffff::/120 - next - edit all - next - edit none - set ip6 ::/128 - next - end - config firewall service category - edit General - set comment "General services." - next - edit Web Access - set comment "Web access." - next - edit File Access - set comment "File access." - next - edit Email - set comment "Email services." - next - edit Network Services - set comment "Network services." - next - edit Authentication - set comment "Authentication service." - next - edit Remote Access - set comment "Remote access." - next - edit Tunneling - set comment "Tunneling service." - next - edit VoIP, Messaging & Other Applications - set comment "VoIP, messaging, and other applications." - next - edit Web Proxy - set comment "Explicit web proxy." - next - end - config firewall service custom - edit ALL - set category "General" - set protocol IP - next - edit ALL_TCP - set category "General" - set tcp-portrange 1-65535 - next - edit ALL_UDP - set category "General" - set udp-portrange 1-65535 - next - edit ALL_ICMP - set category "General" - set protocol ICMP - next - edit ALL_ICMP6 - set category "General" - set protocol ICMP6 - next - edit GRE - set category "Tunneling" - set protocol-number 47 - set protocol IP - next - edit AH - set category "Tunneling" - set protocol-number 51 - set protocol IP - next - edit ESP - set category "Tunneling" - set protocol-number 50 - set protocol IP - next - edit AOL - set visibility disable - set tcp-portrange 5190-5194 - next - edit BGP - set category "Network Services" - set tcp-portrange 179 - next - edit DHCP - set category "Network Services" - set udp-portrange 67-68 - next - edit DNS - set category "Network Services" - set udp-portrange 53 - set tcp-portrange 53 - next - edit FINGER - set visibility disable - set tcp-portrange 79 - next - edit FTP - set category "File Access" - set tcp-portrange 21 - next - edit FTP_GET - set category "File Access" - set tcp-portrange 21 - next - edit FTP_PUT - set category "File Access" - set tcp-portrange 21 - next - edit GOPHER - set visibility disable - set tcp-portrange 70 - next - edit H323 - set category "VoIP, Messaging & Other Applications" - set udp-portrange 1719 - set tcp-portrange 1720 1503 - next - edit HTTP - set category "Web Access" - set tcp-portrange 80 - next - edit HTTPS - set category "Web Access" - set tcp-portrange 443 - next - edit IKE - set category "Tunneling" - set udp-portrange 500 4500 - next - edit IMAP - set category "Email" - set tcp-portrange 143 - next - edit IMAPS - set category "Email" - set tcp-portrange 993 - next - edit Internet-Locator-Service - set visibility disable - set tcp-portrange 389 - next - edit IRC - set category "VoIP, Messaging & Other Applications" - set tcp-portrange 6660-6669 - next - edit L2TP - set category "Tunneling" - set udp-portrange 1701 - set tcp-portrange 1701 - next - edit LDAP - set category "Authentication" - set tcp-portrange 389 - next - edit NetMeeting - set visibility disable - set tcp-portrange 1720 - next - edit NFS - set category "File Access" - set udp-portrange 111 2049 - set tcp-portrange 111 2049 - next - edit NNTP - set visibility disable - set tcp-portrange 119 - next - edit NTP - set category "Network Services" - set udp-portrange 123 - set tcp-portrange 123 - next - edit OSPF - set category "Network Services" - set protocol-number 89 - set protocol IP - next - edit PC-Anywhere - set category "Remote Access" - set udp-portrange 5632 - set tcp-portrange 5631 - next - edit PING - set category "Network Services" - set protocol ICMP - set icmptype 8 - next - edit TIMESTAMP - set protocol ICMP - set visibility disable - set icmptype 13 - next - edit INFO_REQUEST - set protocol ICMP - set visibility disable - set icmptype 15 - next - edit INFO_ADDRESS - set protocol ICMP - set visibility disable - set icmptype 17 - next - edit ONC-RPC - set category "Remote Access" - set udp-portrange 111 - set tcp-portrange 111 - next - edit DCE-RPC - set category "Remote Access" - set udp-portrange 135 - set tcp-portrange 135 - next - edit POP3 - set category "Email" - set tcp-portrange 110 - next - edit POP3S - set category "Email" - set tcp-portrange 995 - next - edit PPTP - set category "Tunneling" - set tcp-portrange 1723 - next - edit QUAKE - set udp-portrange 26000 27000 27910 27960 - set visibility disable - next - edit RAUDIO - set udp-portrange 7070 - set visibility disable - next - edit REXEC - set visibility disable - set tcp-portrange 512 - next - edit RIP - set category "Network Services" - set udp-portrange 520 - next - edit RLOGIN - set visibility disable - set tcp-portrange 513:512-1023 - next - edit RSH - set visibility disable - set tcp-portrange 514:512-1023 - next - edit SCCP - set category "VoIP, Messaging & Other Applications" - set tcp-portrange 2000 - next - edit SIP - set category "VoIP, Messaging & Other Applications" - set udp-portrange 5060 - set tcp-portrange 5060 - next - edit SIP-MSNmessenger - set category "VoIP, Messaging & Other Applications" - set tcp-portrange 1863 - next - edit SAMBA - set category "File Access" - set tcp-portrange 139 - next - edit SMTP - set category "Email" - set tcp-portrange 25 - next - edit SMTPS - set category "Email" - set tcp-portrange 465 - next - edit SNMP - set category "Network Services" - set udp-portrange 161-162 - set tcp-portrange 161-162 - next - edit SSH - set category "Remote Access" - set tcp-portrange 22 - next - edit SYSLOG - set category "Network Services" - set udp-portrange 514 - next - edit TALK - set udp-portrange 517-518 - set visibility disable - next - edit TELNET - set category "Remote Access" - set tcp-portrange 23 - next - edit TFTP - set category "File Access" - set udp-portrange 69 - next - edit MGCP - set udp-portrange 2427 2727 - set visibility disable - next - edit UUCP - set visibility disable - set tcp-portrange 540 - next - edit VDOLIVE - set visibility disable - set tcp-portrange 7000-7010 - next - edit WAIS - set visibility disable - set tcp-portrange 210 - next - edit WINFRAME - set visibility disable - set tcp-portrange 1494 2598 - next - edit X-WINDOWS - set category "Remote Access" - set tcp-portrange 6000-6063 - next - edit PING6 - set protocol ICMP6 - set visibility disable - set icmptype 128 - next - edit MS-SQL - set category "VoIP, Messaging & Other Applications" - set tcp-portrange 1433 1434 - next - edit MYSQL - set category "VoIP, Messaging & Other Applications" - set tcp-portrange 3306 - next - edit RDP - set category "Remote Access" - set tcp-portrange 3389 - next - edit VNC - set category "Remote Access" - set tcp-portrange 5900 - next - edit DHCP6 - set category "Network Services" - set udp-portrange 546 547 - next - edit SQUID - set category "Tunneling" - set tcp-portrange 3128 - next - edit SOCKS - set category "Tunneling" - set udp-portrange 1080 - set tcp-portrange 1080 - next - edit WINS - set category "Remote Access" - set udp-portrange 1512 - set tcp-portrange 1512 - next - edit RADIUS - set category "Authentication" - set udp-portrange 1812 1813 - next - edit RADIUS-OLD - set udp-portrange 1645 1646 - set visibility disable - next - edit CVSPSERVER - set udp-portrange 2401 - set visibility disable - set tcp-portrange 2401 - next - edit AFS3 - set category "File Access" - set udp-portrange 7000-7009 - set tcp-portrange 7000-7009 - next - edit TRACEROUTE - set category "Network Services" - set udp-portrange 33434-33535 - next - edit RTSP - set category "VoIP, Messaging & Other Applications" - set udp-portrange 554 - set tcp-portrange 554 7070 8554 - next - edit MMS - set udp-portrange 1024-5000 - set visibility disable - set tcp-portrange 1755 - next - edit KERBEROS - set category "Authentication" - set udp-portrange 88 - set tcp-portrange 88 - next - edit LDAP_UDP - set category "Authentication" - set udp-portrange 389 - next - edit SMB - set category "File Access" - set tcp-portrange 445 - next - edit NONE - set visibility disable - set tcp-portrange 0 - next - edit webproxy - set category "Web Proxy" - set explicit-proxy enable - set protocol ALL - set tcp-portrange 0-65535:0-65535 - next - end - config firewall service group - edit Email Access - set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS" - next - edit Web Access - set member "DNS" "HTTP" "HTTPS" - next - edit Windows AD - set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB" - next - edit Exchange Server - set member "DCE-RPC" "DNS" "HTTPS" - next - end - config webfilter ftgd-local-cat - edit custom1 - set id 140 - next - edit custom2 - set id 141 - next - end - config ips sensor - edit default - set comment "Prevent critical attacks." - config entries - edit 1 - set severity medium high critical - next - end - next - edit all_default - set comment "All predefined signatures with default setting." - config entries - edit 1 - next - end - next - edit all_default_pass - set comment "All predefined signatures with PASS action." - config entries - edit 1 - set action pass - next - end - next - edit protect_http_server - set comment "Protect against HTTP server-side vulnerabilities." - config entries - edit 1 - set protocol HTTP - set location server - next - end - next - edit protect_email_server - set comment "Protect against email server-side vulnerabilities." - config entries - edit 1 - set protocol SMTP POP3 IMAP - set location server - next - end - next - edit protect_client - set comment "Protect against client-side vulnerabilities." - config entries - edit 1 - set location client - next - end - next - edit high_security - set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities" - config entries - edit 1 - set status enable - set action block - set severity medium high critical - next - edit 2 - set severity low - next - end - next - end - config firewall shaper traffic-shaper - edit high-priority - set per-policy enable - set maximum-bandwidth 1048576 - next - edit medium-priority - set priority medium - set per-policy enable - set maximum-bandwidth 1048576 - next - edit low-priority - set priority low - set per-policy enable - set maximum-bandwidth 1048576 - next - edit guarantee-100kbps - set guaranteed-bandwidth 100 - set maximum-bandwidth 1048576 - set per-policy enable - next - edit shared-1M-pipe - set maximum-bandwidth 1024 - next - end - config web-proxy global - set proxy-fqdn "default.fqdn" - end - config application list - edit default - set comment "Monitor all applications." - config entries - edit 1 - set action pass - next - end - next - edit block-p2p - config entries - edit 1 - set category 2 - next - end - next - edit monitor-p2p-and-media - config entries - edit 1 - set category 2 - set action pass - next - edit 2 - set category 5 - set action pass - next - end - next - end - config dlp filepattern - edit 1 - set name "builtin-patterns" - config entries - edit *.bat - next - edit *.com - next - edit *.dll - next - edit *.doc - next - edit *.exe - next - edit *.gz - next - edit *.hta - next - edit *.ppt - next - edit *.rar - next - edit *.scr - next - edit *.tar - next - edit *.tgz - next - edit *.vb? - next - edit *.wps - next - edit *.xl? - next - edit *.zip - next - edit *.pif - next - edit *.cpl - next - end - next - edit 2 - set name "all_executables" - config entries - edit bat - set file-type bat - set filter-type type - next - edit exe - set file-type exe - set filter-type type - next - edit elf - set file-type elf - set filter-type type - next - edit hta - set file-type hta - set filter-type type - next - end - next - end - config dlp fp-sensitivity - edit Private - next - edit Critical - next - edit Warning - next - end - config dlp sensor - edit default - set comment "Log a summary of email and web traffic." - set summary-proto smtp pop3 imap http-get http-post - next - end - config webfilter content - end - config webfilter urlfilter - end - config spamfilter bword - end - config spamfilter bwl - end - config spamfilter mheader - end - config spamfilter dnsbl - end - config spamfilter iptrust - end - config log threat-weight - config web - edit 1 - set category 26 - set level high - next - edit 2 - set category 61 - set level high - next - edit 3 - set category 86 - set level high - next - edit 4 - set category 1 - set level medium - next - edit 5 - set category 3 - set level medium - next - edit 6 - set category 4 - set level medium - next - edit 7 - set category 5 - set level medium - next - edit 8 - set category 6 - set level medium - next - edit 9 - set category 12 - set level medium - next - edit 10 - set category 59 - set level medium - next - edit 11 - set category 62 - set level medium - next - edit 12 - set category 83 - set level medium - next - edit 13 - set category 72 - next - edit 14 - set category 14 - next - end - config application - edit 1 - set category 2 - next - edit 2 - set category 6 - set level medium - next - edit 3 - set category 19 - set level critical - next - end - end - config icap profile - edit default - next - end - config user local - edit guest - set passwd ENC EntYbQ4nWAFLGsQz5QbIt8MIxko4Ms6Nm/9fMo/5+L7FJO42JRExvl705N++oKwIB0NvfdWaiqfZ/LGPDSOVqRZnqn4pUWOlNVE6yfGxbCZUIXTlcSL58A2ok3Yd428rHETuf7mNrOJMdVS1tfnrx5+92ofsXVzAn/kpKeJLrtBRWNfBQ1YplQ2FfEDCHHW27akz4g== - set type password - next - end - config user group - edit SSO_Guest_Users - next - edit Guest-group - set member "guest" - next - end - config user device-group - edit Mobile Devices - set member "android-phone" "android-tablet" "blackberry-phone" "blackberry-playbook" "ipad" "iphone" "windows-phone" "windows-tablet" - set comment "Phones, tablets, etc." - next - edit Network Devices - set member "fortinet-device" "other-network-device" "router-nat-device" - set comment "Routers, firewalls, gateways, etc." - next - edit Others - set member "gaming-console" "media-streaming" - set comment "Other devices." - next - end - config vpn ssl web host-check-software - edit FortiClient-AV - set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81" - next - edit FortiClient-FW - set guid "528CB157-D384-4593-AAAA-E42DFF111CED" - set type fw - next - edit FortiClient-AV-Vista-Win7 - set guid "385618A6-2256-708E-3FB9-7E98B93F91F9" - next - edit FortiClient-FW-Vista-Win7 - set guid "006D9983-6839-71D6-14E6-D7AD47ECD682" - set type fw - next - edit AVG-Internet-Security-AV - set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF" - next - edit AVG-Internet-Security-FW - set guid "8DECF618-9569-4340-B34A-D78D28969B66" - set type fw - next - edit AVG-Internet-Security-AV-Vista-Win7 - set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82" - next - edit AVG-Internet-Security-FW-Vista-Win7 - set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9" - set type fw - next - edit CA-Anti-Virus - set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93" - next - edit CA-Internet-Security-AV - set guid "6B98D35F-BB76-41C0-876B-A50645ED099A" - next - edit CA-Internet-Security-FW - set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3" - set type fw - next - edit CA-Internet-Security-AV-Vista-Win7 - set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F" - next - edit CA-Internet-Security-FW-Vista-Win7 - set guid "06D680B0-4024-4FAB-E710-E675E50F6324" - set type fw - next - edit CA-Personal-Firewall - set guid "14CB4B80-8E52-45EA-905E-67C1267B4160" - set type fw - next - edit F-Secure-Internet-Security-AV - set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15" - next - edit F-Secure-Internet-Security-FW - set guid "D4747503-0346-49EB-9262-997542F79BF4" - set type fw - next - edit F-Secure-Internet-Security-AV-Vista-Win7 - set guid "15414183-282E-D62C-CA37-EF24860A2F17" - next - edit F-Secure-Internet-Security-FW-Vista-Win7 - set guid "2D7AC0A6-6241-D774-E168-461178D9686C" - set type fw - next - edit Kaspersky-AV - set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" - next - edit Kaspersky-FW - set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" - set type fw - next - edit Kaspersky-AV-Vista-Win7 - set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE" - next - edit Kaspersky-FW-Vista-Win7 - set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5" - set type fw - next - edit McAfee-Internet-Security-Suite-AV - set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83" - next - edit McAfee-Internet-Security-Suite-FW - set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8" - set type fw - next - edit McAfee-Internet-Security-Suite-AV-Vista-Win7 - set guid "86355677-4064-3EA7-ABB3-1B136EB04637" - next - edit McAfee-Internet-Security-Suite-FW-Vista-Win7 - set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C" - set type fw - next - edit McAfee-Virus-Scan-Enterprise - set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0" - next - edit Norton-360-2.0-AV - set guid "A5F1BC7C-EA33-4247-961C-0217208396C4" - next - edit Norton-360-2.0-FW - set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3" - set type fw - next - edit Norton-360-3.0-AV - set guid "E10A9785-9598-4754-B552-92431C1C35F8" - next - edit Norton-360-3.0-FW - set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" - set type fw - next - edit Norton-Internet-Security-AV - set guid "E10A9785-9598-4754-B552-92431C1C35F8" - next - edit Norton-Internet-Security-FW - set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" - set type fw - next - edit Norton-Internet-Security-AV-Vista-Win7 - set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" - next - edit Norton-Internet-Security-FW-Vista-Win7 - set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" - set type fw - next - edit Symantec-Endpoint-Protection-AV - set guid "FB06448E-52B8-493A-90F3-E43226D3305C" - next - edit Symantec-Endpoint-Protection-FW - set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6" - set type fw - next - edit Symantec-Endpoint-Protection-AV-Vista-Win7 - set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" - next - edit Symantec-Endpoint-Protection-FW-Vista-Win7 - set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" - set type fw - next - edit Panda-Antivirus+Firewall-2008-AV - set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A" - next - edit Panda-Antivirus+Firewall-2008-FW - set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" - set type fw - next - edit Panda-Internet-Security-AV - set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" - next - edit Panda-Internet-Security-2006~2007-FW - set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" - set type fw - next - edit Panda-Internet-Security-2008~2009-FW - set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" - set type fw - next - edit Sophos-Anti-Virus - set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD" - next - edit Sophos-Enpoint-Secuirty-and-Control-FW - set guid "0786E95E-326A-4524-9691-41EF88FB52EA" - set type fw - next - edit Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7 - set guid "479CCF92-4960-B3E0-7373-BF453B467D2C" - next - edit Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7 - set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57" - set type fw - next - edit Trend-Micro-AV - set guid "7D2296BC-32CC-4519-917E-52E652474AF5" - next - edit Trend-Micro-FW - set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6" - set type fw - next - edit Trend-Micro-AV-Vista-Win7 - set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50" - next - edit Trend-Micro-FW-Vista-Win7 - set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B" - set type fw - next - edit ZoneAlarm-AV - set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF" - next - edit ZoneAlarm-FW - set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B" - set type fw - next - edit ZoneAlarm-AV-Vista-Win7 - set guid "D61596DF-D219-341C-49B3-AD30538CBC5B" - next - edit ZoneAlarm-FW-Vista-Win7 - set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20" - set type fw - next - edit ESET-Smart-Security-AV - set guid "19259FAE-8396-A113-46DB-15B0E7DFA289" - next - edit ESET-Smart-Security-FW - set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2" - set type fw - next - end - config vpn ssl web portal - edit full-access - set web-mode enable - set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" - set page-layout double-column - set ip-pools "SSLVPN_TUNNEL_ADDR1" - set ipv6-tunnel-mode enable - set tunnel-mode enable - next - edit web-access - set web-mode enable - next - edit tunnel-access - set ip-pools "SSLVPN_TUNNEL_ADDR1" - set ipv6-tunnel-mode enable - set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" - set tunnel-mode enable - next - end - config vpn ssl settings - set servercert "self-sign" - set port 443 - end - config voip profile - edit default - set comment "Default VoIP profile." - next - edit strict - config sip - set malformed-header-max-forwards discard - set malformed-header-rack discard - set malformed-header-allow discard - set malformed-header-call-id discard - set malformed-header-sdp-v discard - set malformed-header-record-route discard - set malformed-header-contact discard - set malformed-header-sdp-s discard - set malformed-header-content-length discard - set malformed-header-sdp-z discard - set malformed-header-from discard - set malformed-header-route discard - set malformed-header-sdp-b discard - set malformed-header-sdp-c discard - set malformed-header-sdp-a discard - set malformed-header-sdp-o discard - set malformed-header-sdp-m discard - set malformed-header-sdp-k discard - set malformed-header-sdp-i discard - set malformed-header-to discard - set malformed-header-via discard - set malformed-header-sdp-t discard - set malformed-request-line discard - set malformed-header-sdp-r discard - set malformed-header-content-type discard - set malformed-header-expires discard - set malformed-header-rseq discard - set malformed-header-p-asserted-identity discard - set malformed-header-cseq discard - end - next - end - config webfilter profile - edit default - set comment "Default web filtering." - set post-action comfort - config ftgd-wf - config filters - edit 1 - set category 2 - set action warning - next - edit 2 - set category 7 - set action warning - next - edit 3 - set category 8 - set action warning - next - edit 4 - set category 9 - set action warning - next - edit 5 - set category 11 - set action warning - next - edit 6 - set category 12 - set action warning - next - edit 7 - set category 13 - set action warning - next - edit 8 - set category 14 - set action warning - next - edit 9 - set category 15 - set action warning - next - edit 10 - set category 16 - set action warning - next - edit 11 - set action warning - next - edit 12 - set category 57 - set action warning - next - edit 13 - set category 63 - set action warning - next - edit 14 - set category 64 - set action warning - next - edit 15 - set category 65 - set action warning - next - edit 16 - set category 66 - set action warning - next - edit 17 - set category 67 - set action warning - next - edit 18 - set category 26 - set action block - next - end - end - next - edit web-filter-flow - set comment "Flow-based web filter profile." - set inspection-mode flow-based - set post-action comfort - config ftgd-wf - config filters - edit 1 - set category 2 - next - edit 2 - set category 7 - next - edit 3 - set category 8 - next - edit 4 - set category 9 - next - edit 5 - set category 11 - next - edit 6 - set category 12 - next - edit 7 - set category 13 - next - edit 8 - set category 14 - next - edit 9 - set category 15 - next - edit 10 - set category 16 - next - edit 11 - next - edit 12 - set category 57 - next - edit 13 - set category 63 - next - edit 14 - set category 64 - next - edit 15 - set category 65 - next - edit 16 - set category 66 - next - edit 17 - set category 67 - next - edit 18 - set category 26 - set action block - next - end - end - next - edit monitor-all - set comment "Monitor and log all visited URLs, proxy-based." - set web-content-log disable - set web-filter-applet-log disable - set web-ftgd-err-log disable - set web-filter-jscript-log disable - set web-filter-activex-log disable - set web-filter-referer-log disable - set web-filter-js-log disable - set web-invalid-domain-log disable - set web-ftgd-quota-usage disable - set web-filter-command-block-log disable - set web-filter-vbs-log disable - set web-filter-unknown-log disable - set web-filter-cookie-log disable - set log-all-url enable - set web-filter-cookie-removal-log disable - set web-url-log disable - config ftgd-wf - config filters - edit 1 - set category 1 - next - edit 2 - set category 3 - next - edit 3 - set category 4 - next - edit 4 - set category 5 - next - edit 5 - set category 6 - next - edit 6 - set category 12 - next - edit 7 - set category 59 - next - edit 8 - set category 62 - next - edit 9 - set category 83 - next - edit 10 - set category 2 - next - edit 11 - set category 7 - next - edit 12 - set category 8 - next - edit 13 - set category 9 - next - edit 14 - set category 11 - next - edit 15 - set category 13 - next - edit 16 - set category 14 - next - edit 17 - set category 15 - next - edit 18 - set category 16 - next - edit 19 - set category 57 - next - edit 20 - set category 63 - next - edit 21 - set category 64 - next - edit 22 - set category 65 - next - edit 23 - set category 66 - next - edit 24 - set category 67 - next - edit 25 - set category 19 - next - edit 26 - set category 24 - next - edit 27 - set category 25 - next - edit 28 - set category 72 - next - edit 29 - set category 75 - next - edit 30 - set category 76 - next - edit 31 - set category 26 - next - edit 32 - set category 61 - next - edit 33 - set category 86 - next - edit 34 - set category 17 - next - edit 35 - set category 18 - next - edit 36 - set category 20 - next - edit 37 - set category 23 - next - edit 38 - set category 28 - next - edit 39 - set category 29 - next - edit 40 - set category 30 - next - edit 41 - set category 33 - next - edit 42 - set category 34 - next - edit 43 - set category 35 - next - edit 44 - set category 36 - next - edit 45 - set category 37 - next - edit 46 - set category 38 - next - edit 47 - set category 39 - next - edit 48 - set category 40 - next - edit 49 - set category 42 - next - edit 50 - set category 44 - next - edit 51 - set category 46 - next - edit 52 - set category 47 - next - edit 53 - set category 48 - next - edit 54 - set category 54 - next - edit 55 - set category 55 - next - edit 56 - set category 58 - next - edit 57 - set category 68 - next - edit 58 - set category 69 - next - edit 59 - set category 70 - next - edit 60 - set category 71 - next - edit 61 - set category 77 - next - edit 62 - set category 78 - next - edit 63 - set category 79 - next - edit 64 - set category 80 - next - edit 65 - set category 82 - next - edit 66 - set category 85 - next - edit 67 - set category 87 - next - edit 68 - set category 31 - next - edit 69 - set category 41 - next - edit 70 - set category 43 - next - edit 71 - set category 49 - next - edit 72 - set category 50 - next - edit 73 - set category 51 - next - edit 74 - set category 52 - next - edit 75 - set category 53 - next - edit 76 - set category 56 - next - edit 77 - set category 81 - next - edit 78 - set category 84 - next - edit 79 - next - end - end - next - edit flow-monitor-all - set comment "Monitor and log all visited URLs, flow-based." - set web-content-log disable - set web-filter-applet-log disable - set web-ftgd-err-log disable - set web-filter-command-block-log disable - set web-filter-jscript-log disable - set web-filter-activex-log disable - set web-filter-referer-log disable - set web-filter-js-log disable - set web-invalid-domain-log disable - set web-ftgd-quota-usage disable - set inspection-mode flow-based - set web-filter-vbs-log disable - set web-filter-unknown-log disable - set web-filter-cookie-log disable - set log-all-url enable - set web-filter-cookie-removal-log disable - set web-url-log disable - config ftgd-wf - config filters - edit 1 - set category 1 - next - edit 2 - set category 3 - next - edit 3 - set category 4 - next - edit 4 - set category 5 - next - edit 5 - set category 6 - next - edit 6 - set category 12 - next - edit 7 - set category 59 - next - edit 8 - set category 62 - next - edit 9 - set category 83 - next - edit 10 - set category 2 - next - edit 11 - set category 7 - next - edit 12 - set category 8 - next - edit 13 - set category 9 - next - edit 14 - set category 11 - next - edit 15 - set category 13 - next - edit 16 - set category 14 - next - edit 17 - set category 15 - next - edit 18 - set category 16 - next - edit 19 - set category 57 - next - edit 20 - set category 63 - next - edit 21 - set category 64 - next - edit 22 - set category 65 - next - edit 23 - set category 66 - next - edit 24 - set category 67 - next - edit 25 - set category 19 - next - edit 26 - set category 24 - next - edit 27 - set category 25 - next - edit 28 - set category 72 - next - edit 29 - set category 75 - next - edit 30 - set category 76 - next - edit 31 - set category 26 - next - edit 32 - set category 61 - next - edit 33 - set category 86 - next - edit 34 - set category 17 - next - edit 35 - set category 18 - next - edit 36 - set category 20 - next - edit 37 - set category 23 - next - edit 38 - set category 28 - next - edit 39 - set category 29 - next - edit 40 - set category 30 - next - edit 41 - set category 33 - next - edit 42 - set category 34 - next - edit 43 - set category 35 - next - edit 44 - set category 36 - next - edit 45 - set category 37 - next - edit 46 - set category 38 - next - edit 47 - set category 39 - next - edit 48 - set category 40 - next - edit 49 - set category 42 - next - edit 50 - set category 44 - next - edit 51 - set category 46 - next - edit 52 - set category 47 - next - edit 53 - set category 48 - next - edit 54 - set category 54 - next - edit 55 - set category 55 - next - edit 56 - set category 58 - next - edit 57 - set category 68 - next - edit 58 - set category 69 - next - edit 59 - set category 70 - next - edit 60 - set category 71 - next - edit 61 - set category 77 - next - edit 62 - set category 78 - next - edit 63 - set category 79 - next - edit 64 - set category 80 - next - edit 65 - set category 82 - next - edit 66 - set category 85 - next - edit 67 - set category 87 - next - edit 68 - set category 31 - next - edit 69 - set category 41 - next - edit 70 - set category 43 - next - edit 71 - set category 49 - next - edit 72 - set category 50 - next - edit 73 - set category 51 - next - edit 74 - set category 52 - next - edit 75 - set category 53 - next - edit 76 - set category 56 - next - edit 77 - set category 81 - next - edit 78 - set category 84 - next - edit 79 - next - end - end - next - edit block-security-risks - set comment "Block security risks." - config ftgd-wf - set options rate-server-ip - config filters - edit 1 - set category 26 - set action block - next - edit 2 - set category 61 - set action block - next - edit 3 - set category 86 - set action block - next - edit 4 - set action warning - next - end - end - next - end - config webfilter override - end - config webfilter override-user - end - config webfilter ftgd-warning - end - config webfilter ftgd-local-rating - end - config webfilter search-engine - edit google - set url "^\\/((custom|search|images|videosearch|webhp)\\?)" - set query "q=" - set safesearch-str "&safe=active" - set hostname ".*\\.google\\..*" - set safesearch url - next - edit yahoo - set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)" - set query "p=" - set safesearch-str "&vm=r" - set hostname ".*\\.yahoo\\..*" - set safesearch url - next - edit bing - set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?" - set query "q=" - set safesearch-str "&adlt=strict" - set hostname "www\\.bing\\.com" - set safesearch url - next - edit yandex - set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?" - set query "text=" - set safesearch-str "&family=yes" - set hostname "yandex\\..*" - set safesearch url - next - edit youtube - set safesearch header - set hostname ".*\\.youtube\\..*" - next - edit baidu - set url "^\\/s?\\?" - set query "wd=" - set hostname ".*\\.baidu\\.com" - next - edit baidu2 - set url "^\\/(ns|q|m|i|v)\\?" - set query "word=" - set hostname ".*\\.baidu\\.com" - next - edit baidu3 - set url "^\\/f\\?" - set query "kw=" - set hostname "tieba\\.baidu\\.com" - next - end - config antivirus profile - edit default - set comment "Scan files and block viruses." - config http - set options scan - end - config ftp - set options scan - end - config imap - set options scan - end - config pop3 - set options scan - end - config smtp - set options scan - end - next - end - config spamfilter profile - edit default - set comment "Malware and phishing URL filtering." - next - end - config wanopt settings - set host-id "default-id" - end - config wanopt profile - edit default - set comments "Default WANopt profile." - next - end - config firewall schedule recurring - edit always - set day sunday monday tuesday wednesday thursday friday saturday - next - edit none - set day none - next - end - config firewall profile-protocol-options - edit default - set comment "All default services." - config http - set ports 80 - end - config ftp - set ports 21 - set options splice - end - config imap - set ports 143 - set options fragmail - end - config mapi - set ports 135 - set options fragmail - end - config pop3 - set ports 110 - set options fragmail - end - config smtp - set ports 25 - set options fragmail splice - end - config nntp - set ports 119 - set options splice - end - config dns - set ports 53 - end - next - end - config firewall ssl-ssh-profile - edit deep-inspection - set comment "Deep inspection." - config https - set ports 443 - end - config ftps - set ports 990 - end - config imaps - set ports 993 - end - config pop3s - set ports 995 - end - config smtps - set ports 465 - end - config ssh - set ports 22 - end - config ssl-exempt - edit 1 - set fortiguard-category 31 - next - edit 2 - set fortiguard-category 33 - next - edit 3 - set fortiguard-category 87 - next - edit 4 - set type address - set address "apple" - next - edit 5 - set type address - set address "appstore" - next - edit 6 - set type address - set address "dropbox.com" - next - edit 7 - set type address - set address "Gotomeeting" - next - edit 8 - set type address - set address "icloud" - next - edit 9 - set type address - set address "itunes" - next - edit 10 - set type address - set address "android" - next - edit 11 - set type address - set address "skype" - next - edit 12 - set type address - set address "swscan.apple.com" - next - edit 13 - set type address - set address "update.microsoft.com" - next - edit 14 - set type address - set address "eease" - next - edit 15 - set type address - set address "google-drive" - next - edit 16 - set type address - set address "google-play" - next - edit 17 - set type address - set address "google-play2" - next - edit 18 - set type address - set address "google-play3" - next - edit 19 - set type address - set address "microsoft" - next - edit 20 - set type address - set address "adobe" - next - edit 21 - set type address - set address "Adobe Login" - next - edit 22 - set type address - set address "fortinet" - next - edit 23 - set type address - set address "googleapis.com" - next - edit 24 - set type address - set address "citrix" - next - edit 25 - set type address - set address "verisign" - next - edit 26 - set type address - set address "Windows update 2" - next - edit 27 - set type address - set address "*.live.com" - next - edit 28 - set type address - set address "auth.gfx.ms" - next - edit 29 - set type address - set address "autoupdate.opera.com" - next - edit 30 - set type address - set address "softwareupdate.vmware.com" - next - edit 31 - set type address - set address "firefox update server" - next - end - next - edit certificate-inspection - set comment "SSL handshake inspection." - config https - set status certificate-inspection - set ports 443 - end - config ftps - set status disable - set ports 990 - end - config imaps - set status disable - set ports 993 - end - config pop3s - set status disable - set ports 995 - end - config smtps - set status disable - set ports 465 - end - config ssh - set status disable - set ports 22 - end - next - end - config firewall identity-based-route - end - config firewall policy - end - config firewall local-in-policy - end - config firewall policy6 - end - config firewall local-in-policy6 - end - config firewall ttl-policy - end - config firewall policy64 - end - config firewall policy46 - end - config firewall explicit-proxy-policy - end - config firewall interface-policy - end - config firewall interface-policy6 - end - config firewall DoS-policy - end - config firewall DoS-policy6 - end - config firewall sniffer - end - config endpoint-control profile - edit default - config forticlient-winmac-settings - set forticlient-wf-profile "default" - end - config forticlient-android-settings - end - config forticlient-ios-settings - end - next - end - config wireless-controller wids-profile - edit default - set comment "Default WIDS profile." - set deauth-broadcast enable - set assoc-frame-flood enable - set invalid-mac-oui enable - set ap-scan enable - set eapol-logoff-flood enable - set long-duration-attack enable - set eapol-pre-fail-flood enable - set eapol-succ-flood enable - set eapol-start-flood enable - set wireless-bridge enable - set eapol-pre-succ-flood enable - set auth-frame-flood enable - set asleap-attack enable - set eapol-fail-flood enable - set spoofed-deauth enable - set weak-wep-iv enable - set null-ssid-probe-resp enable - next - edit default-wids-apscan-enabled - set ap-scan enable - next - end - config wireless-controller wtp-profile - edit FAP112B-default - set ap-country US - config platform - set type 112B - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP220B-default - set ap-country US - config radio-1 - set band 802.11n-5G - end - config radio-2 - set band 802.11n - end - next - edit FAP223B-default - set ap-country US - config platform - set type 223B - end - config radio-1 - set band 802.11n-5G - end - config radio-2 - set band 802.11n - end - next - edit FAP210B-default - set ap-country US - config platform - set type 210B - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP222B-default - set ap-country US - config platform - set type 222B - end - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11n-5G - end - next - edit FAP320B-default - set ap-country US - config platform - set type 320B - end - config radio-1 - set band 802.11n-5G - end - config radio-2 - set band 802.11n - end - next - edit FAP11C-default - set ap-country US - config platform - set type 11C - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP14C-default - set ap-country US - config platform - set type 14C - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP28C-default - set ap-country US - config platform - set type 28C - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP320C-default - set ap-country US - config platform - set type 320C - end - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11ac - end - next - edit FAP221C-default - set ap-country US - config platform - set type 221C - end - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11ac - end - next - edit FAP25D-default - set ap-country US - config platform - set type 25D - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP222C-default - set ap-country US - config platform - set type 222C - end - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11ac - end - next - edit FAP224D-default - set ap-country US - config platform - set type 224D - end - config radio-1 - set band 802.11n-5G - end - config radio-2 - set band 802.11n - end - next - edit FK214B-default - set ap-country US - config platform - set type 214B - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP21D-default - set ap-country US - config platform - set type 21D - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP24D-default - set ap-country US - config platform - set type 24D - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP112D-default - set ap-country US - config platform - set type 112D - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP223C-default - set ap-country US - config platform - set type 223C - end - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11ac - end - next - edit FAP321C-default - set ap-country US - config platform - set type 321C - end - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11ac - end - next - end - config log memory setting - set status enable - end - config router rip - config redistribute connected - end - config redistribute static - end - config redistribute ospf - end - config redistribute bgp - end - config redistribute isis - end - end - config router ripng - config redistribute connected - end - config redistribute static - end - config redistribute ospf - end - config redistribute bgp - end - config redistribute isis - end - end - config router ospf - config redistribute connected - end - config redistribute static - end - config redistribute rip - end - config redistribute bgp - end - config redistribute isis - end - end - config router ospf6 - config redistribute connected - end - config redistribute static - end - config redistribute rip - end - config redistribute bgp - end - config redistribute isis - end - end - config router bgp - config redistribute connected - end - config redistribute rip - end - config redistribute ospf - end - config redistribute static - end - config redistribute isis - end - config redistribute6 connected - end - config redistribute6 rip - end - config redistribute6 ospf - end - config redistribute6 static - end - config redistribute6 isis - end - end - config router isis - config redistribute connected - end - config redistribute rip - end - config redistribute ospf - end - config redistribute bgp - end - config redistribute static - end - end - config router multicast - end diff --git a/test/integration/targets/fortios_address/files/requirements.txt b/test/integration/targets/fortios_address/files/requirements.txt deleted file mode 100644 index 1511d26b94a..00000000000 --- a/test/integration/targets/fortios_address/files/requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -pyfg>=0.50 -netaddr \ No newline at end of file diff --git a/test/integration/targets/fortios_address/tasks/main.yml b/test/integration/targets/fortios_address/tasks/main.yml deleted file mode 100644 index 9073da1bc6f..00000000000 --- a/test/integration/targets/fortios_address/tasks/main.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: install required libraries - pip: - requirements: "{{ role_path }}/files/requirements.txt" - become: True - -- name: copy backup config file to config file - copy: - src: "{{ role_path }}/files/default_config.conf.backup" - dest: "{{ role_path }}/files/default_config.conf" - -- { include: test_indempotency.yml } -- { include: test_params_state_absent.yml } -- { include: test_params_state_present.yml } diff --git a/test/integration/targets/fortios_address/tasks/test_indempotency.yml b/test/integration/targets/fortios_address/tasks/test_indempotency.yml deleted file mode 100644 index 1c3666cb7f6..00000000000 --- a/test/integration/targets/fortios_address/tasks/test_indempotency.yml +++ /dev/null @@ -1,82 +0,0 @@ ---- - - name: Add address - fortios_address: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - name: github - value: 192.30.253.113 - state: present - register: add_addr - - - name: Assert - assert: - that: - - "add_addr.changed == true" - - - name: Add the same address - fortios_address: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - name: github - value: 192.30.253.113 - state: present - register: add_addr - - - name: Assert - assert: - that: - - "add_addr.changed == false" - - - name: change value - fortios_address: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - name: github - value: 192.1.2.3 - state: present - register: change_addr - - - name: Assert - assert: - that: - - "change_addr.changed == true" - - - name: change value second time - fortios_address: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - name: github - value: 192.1.2.3 - state: present - register: change_addr - - - name: Assert - assert: - that: - - "change_addr.changed == false" - - - name: Delete existing address - fortios_address: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - name: github - state: absent - register: del_addr - - - name: Assert - assert: - that: - - "del_addr.changed == true" - - - name: Delete same existing address - fortios_address: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - name: github - state: absent - register: del_addr - - - name: Assert - assert: - that: - - "del_addr.changed == false" diff --git a/test/integration/targets/fortios_address/tasks/test_params_state_absent.yml b/test/integration/targets/fortios_address/tasks/test_params_state_absent.yml deleted file mode 100644 index 02e0c3dee1a..00000000000 --- a/test/integration/targets/fortios_address/tasks/test_params_state_absent.yml +++ /dev/null @@ -1,91 +0,0 @@ ---- -# Check made for absent state - - name: missing name - fortios_address: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - state: absent - register: missing_name - ignore_errors: True - - - name: not wanted type fqdn - fortios_address: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - name: some name - state: absent - type: fqdn - register: unwanted_fqdn - ignore_errors: True - - - name: not wanted type geography - fortios_address: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - name: some name - state: absent - type: geography - register: unwanted_geography - ignore_errors: True - - - name: not wanted param start_ip - fortios_address: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - name: some name - state: absent - start_ip: 10.1.1.1 - register: unwanted_start_ip - ignore_errors: True - - - name: not wanted param end_ip - fortios_address: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - name: some name - state: absent - end_ip: 10.1.1.1 - register: unwanted_end_ip - ignore_errors: True - - - name: not wanted param country - fortios_address: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - name: some name - state: absent - country: FR - register: unwanted_country - ignore_errors: True - - - name: not wanted param comment - fortios_address: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - name: some name - state: absent - comment: blabla - register: unwanted_comment - ignore_errors: True - - - name: not wanted param value - fortios_address: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - name: some name - state: absent - value: blabla - register: unwanted_value - ignore_errors: True - - - name: Verify that all previous test have failed - assert: - that: - - "missing_name.failed == True" - - "unwanted_fqdn.failed == True" - - "unwanted_geography.failed == True" - - "unwanted_start_ip.failed == True" - - "unwanted_end_ip.failed == True" - - "unwanted_country.failed == True" - - "unwanted_comment.failed == True" - - "unwanted_value.failed == True" diff --git a/test/integration/targets/fortios_address/tasks/test_params_state_present.yml b/test/integration/targets/fortios_address/tasks/test_params_state_present.yml deleted file mode 100644 index 67fd6fb838e..00000000000 --- a/test/integration/targets/fortios_address/tasks/test_params_state_present.yml +++ /dev/null @@ -1,86 +0,0 @@ ---- -# Check made for present state -# type ipmask - - name: missing name - fortios_address: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - state: present - value: blabla - register: missing_name - ignore_errors: True - - - name: missing value - fortios_address: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - state: present - name: blabla - register: missing_value - ignore_errors: True - - - name: bad ip mask value - fortios_address: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - state: present - name: blabla - value: pwet - register: bad_ipmask - ignore_errors: True - -# type geography - - name: missing country - fortios_address: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - state: present - name: blabla - type: geography - register: missing_country - ignore_errors: True - - - name: bad country - fortios_address: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - state: present - name: blabla - type: geography - country: FRA - register: bad_country - ignore_errors: True - -# type iprange - - name: missing start_ip - fortios_address: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - state: present - name: blabla - type: iprange - end_ip: 10.10.10.10 - register: missing_sart_ip - ignore_errors: True - - - name: missing end_ip - fortios_address: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - state: present - name: blabla - type: iprange - start_ip: 10.10.10.10 - register: missing_end_ip - ignore_errors: True - - - name: Verify that all previous test have failed - assert: - that: - - "missing_name.failed == True" - - "missing_value.failed == True" - - "bad_ipmask.failed == True" - - "missing_country.failed == True" - - "bad_country.failed == True" - - "missing_sart_ip.failed == True" - - "missing_end_ip.failed == True" diff --git a/test/integration/targets/fortios_ipv4_policy/aliases b/test/integration/targets/fortios_ipv4_policy/aliases deleted file mode 100644 index b159f9e7601..00000000000 --- a/test/integration/targets/fortios_ipv4_policy/aliases +++ /dev/null @@ -1,3 +0,0 @@ -shippable/posix/group1 -destructive -disabled diff --git a/test/integration/targets/fortios_ipv4_policy/files/default_config.conf b/test/integration/targets/fortios_ipv4_policy/files/default_config.conf deleted file mode 100644 index c2935d84772..00000000000 --- a/test/integration/targets/fortios_ipv4_policy/files/default_config.conf +++ /dev/null @@ -1,3134 +0,0 @@ - config system global - set timezone 04 - set admintimeout 480 - set admin-server-cert "Fortinet_Firmware" - set fgd-alert-subscription advisory latest-threat - set hostname "FortiGate-VM64-HV" - end - config system accprofile - edit prof_admin - set vpngrp read-write - set updategrp read-write - set utmgrp read-write - set routegrp read-write - set wifi read-write - set sysgrp read-write - set loggrp read-write - set mntgrp read-write - set netgrp read-write - set admingrp read-write - set wanoptgrp read-write - set fwgrp read-write - set authgrp read-write - set endpoint-control-grp read-write - next - end - config system interface - edit port1 - set ip 192.168.137.154 255.255.255.0 - set type physical - set allowaccess ping https ssh http fgfm - set vdom "root" - next - edit port2 - set type physical - set vdom "root" - next - edit port3 - set type physical - set vdom "root" - next - edit port4 - set type physical - set vdom "root" - next - edit port5 - set type physical - set vdom "root" - next - edit port6 - set type physical - set vdom "root" - next - edit port7 - set type physical - set vdom "root" - next - edit port8 - set type physical - set vdom "root" - next - edit ssl.root - set alias "SSL VPN interface" - set type tunnel - set vdom "root" - next - end - config system custom-language - edit en - set filename "en" - next - edit fr - set filename "fr" - next - edit sp - set filename "sp" - next - edit pg - set filename "pg" - next - edit x-sjis - set filename "x-sjis" - next - edit big5 - set filename "big5" - next - edit GB2312 - set filename "GB2312" - next - edit euc-kr - set filename "euc-kr" - next - end - config system admin - edit admin - set accprofile "super_admin" - set vdom "root" - config dashboard-tabs - edit 1 - set name "Status" - next - end - config dashboard - edit 1 - set column 1 - set tab-id 1 - next - edit 2 - set column 1 - set widget-type licinfo - set tab-id 1 - next - edit 3 - set column 1 - set widget-type jsconsole - set tab-id 1 - next - edit 4 - set column 2 - set widget-type sysres - set tab-id 1 - next - edit 5 - set column 2 - set widget-type gui-features - set tab-id 1 - next - edit 6 - set column 2 - set top-n 10 - set widget-type alert - set tab-id 1 - next - end - next - end - config system ha - set override disable - end - config system dns - set primary 208.91.112.53 - set secondary 208.91.112.52 - end - config system replacemsg-image - edit logo_fnet - set image-base64 '' - set image-type gif - next - edit logo_fguard_wf - set image-base64 '' - set image-type gif - next - edit logo_fw_auth - set image-base64 '' - set image-type png - next - edit logo_v2_fnet - set image-base64 '' - set image-type png - next - edit logo_v2_fguard_wf - set image-base64 '' - set image-type png - next - edit logo_v2_fguard_app - set image-base64 '' - set image-type png - next - end - config system replacemsg mail email-block - end - config system replacemsg mail email-dlp-subject - end - config system replacemsg mail email-dlp-ban - end - config system replacemsg mail email-filesize - end - config system replacemsg mail partial - end - config system replacemsg mail smtp-block - end - config system replacemsg mail smtp-filesize - end - config system replacemsg http bannedword - end - config system replacemsg http url-block - end - config system replacemsg http urlfilter-err - end - config system replacemsg http infcache-block - end - config system replacemsg http http-block - end - config system replacemsg http http-filesize - end - config system replacemsg http http-dlp-ban - end - config system replacemsg http http-archive-block - end - config system replacemsg http http-contenttypeblock - end - config system replacemsg http https-invalid-cert-block - end - config system replacemsg http http-client-block - end - config system replacemsg http http-client-filesize - end - config system replacemsg http http-client-bannedword - end - config system replacemsg http http-post-block - end - config system replacemsg http http-client-archive-block - end - config system replacemsg http switching-protocols-block - end - config system replacemsg webproxy deny - end - config system replacemsg webproxy user-limit - end - config system replacemsg webproxy auth-challenge - end - config system replacemsg webproxy auth-login-fail - end - config system replacemsg webproxy auth-authorization-fail - end - config system replacemsg webproxy http-err - end - config system replacemsg webproxy auth-ip-blackout - end - config system replacemsg ftp ftp-dl-blocked - end - config system replacemsg ftp ftp-dl-filesize - end - config system replacemsg ftp ftp-dl-dlp-ban - end - config system replacemsg ftp ftp-explicit-banner - end - config system replacemsg ftp ftp-dl-archive-block - end - config system replacemsg nntp nntp-dl-blocked - end - config system replacemsg nntp nntp-dl-filesize - end - config system replacemsg nntp nntp-dlp-subject - end - config system replacemsg nntp nntp-dlp-ban - end - config system replacemsg fortiguard-wf ftgd-block - end - config system replacemsg fortiguard-wf http-err - end - config system replacemsg fortiguard-wf ftgd-ovrd - end - config system replacemsg fortiguard-wf ftgd-quota - end - config system replacemsg fortiguard-wf ftgd-warning - end - config system replacemsg spam ipblocklist - end - config system replacemsg spam smtp-spam-dnsbl - end - config system replacemsg spam smtp-spam-feip - end - config system replacemsg spam smtp-spam-helo - end - config system replacemsg spam smtp-spam-emailblack - end - config system replacemsg spam smtp-spam-mimeheader - end - config system replacemsg spam reversedns - end - config system replacemsg spam smtp-spam-bannedword - end - config system replacemsg spam smtp-spam-ase - end - config system replacemsg spam submit - end - config system replacemsg im im-file-xfer-block - end - config system replacemsg im im-file-xfer-name - end - config system replacemsg im im-file-xfer-infected - end - config system replacemsg im im-file-xfer-size - end - config system replacemsg im im-dlp - end - config system replacemsg im im-dlp-ban - end - config system replacemsg im im-voice-chat-block - end - config system replacemsg im im-video-chat-block - end - config system replacemsg im im-photo-share-block - end - config system replacemsg im im-long-chat-block - end - config system replacemsg alertmail alertmail-virus - end - config system replacemsg alertmail alertmail-block - end - config system replacemsg alertmail alertmail-nids-event - end - config system replacemsg alertmail alertmail-crit-event - end - config system replacemsg alertmail alertmail-disk-full - end - config system replacemsg admin pre_admin-disclaimer-text - end - config system replacemsg admin post_admin-disclaimer-text - end - config system replacemsg auth auth-disclaimer-page-1 - end - config system replacemsg auth auth-disclaimer-page-2 - end - config system replacemsg auth auth-disclaimer-page-3 - end - config system replacemsg auth auth-reject-page - end - config system replacemsg auth auth-login-page - end - config system replacemsg auth auth-login-failed-page - end - config system replacemsg auth auth-token-login-page - end - config system replacemsg auth auth-token-login-failed-page - end - config system replacemsg auth auth-success-msg - end - config system replacemsg auth auth-challenge-page - end - config system replacemsg auth auth-keepalive-page - end - config system replacemsg auth auth-portal-page - end - config system replacemsg auth auth-password-page - end - config system replacemsg auth auth-fortitoken-page - end - config system replacemsg auth auth-next-fortitoken-page - end - config system replacemsg auth auth-email-token-page - end - config system replacemsg auth auth-sms-token-page - end - config system replacemsg auth auth-email-harvesting-page - end - config system replacemsg auth auth-email-failed-page - end - config system replacemsg auth auth-cert-passwd-page - end - config system replacemsg auth auth-guest-print-page - end - config system replacemsg auth auth-guest-email-page - end - config system replacemsg auth auth-success-page - end - config system replacemsg auth auth-block-notification-page - end - config system replacemsg sslvpn sslvpn-login - end - config system replacemsg sslvpn sslvpn-limit - end - config system replacemsg sslvpn hostcheck-error - end - config system replacemsg ec endpt-download-portal - end - config system replacemsg ec endpt-download-portal-mac - end - config system replacemsg ec endpt-download-portal-ios - end - config system replacemsg ec endpt-download-portal-aos - end - config system replacemsg ec endpt-download-portal-other - end - config system replacemsg device-detection-portal device-detection-failure - end - config system replacemsg nac-quar nac-quar-virus - end - config system replacemsg nac-quar nac-quar-dos - end - config system replacemsg nac-quar nac-quar-ips - end - config system replacemsg nac-quar nac-quar-dlp - end - config system replacemsg nac-quar nac-quar-admin - end - config system replacemsg traffic-quota per-ip-shaper-block - end - config system replacemsg utm virus-html - end - config system replacemsg utm virus-text - end - config system replacemsg utm dlp-html - end - config system replacemsg utm dlp-text - end - config system replacemsg utm appblk-html - end - config vpn certificate ca - end - config vpn certificate local - edit Fortinet_CA_SSLProxy - set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- - set password ENC eRZ5UNnzW1eAAJn+reDWnDdgQZ1yxFr7z+rp0lzCeKX64OiaEcBKwGIzocIf5y5p37siqf1bPHwEMWkvISqQSXKT8JijvaLtA/oNlqTw8GwglMlW390JTckMS7v60mVQ2Jj1Ng9q4xi2dXKpVGXqYnpc1nDSApGqHTwpL/lgc1+HLh0CQvn4zQpIs8//4hVscjqz0g== - set certificate "-----BEGIN CERTIFICATE----- - set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." - next - edit Fortinet_SSLProxy - set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- - set password ENC JGQ1Psth3oHimOP5bRUzt+zfBA5PlPBXZj6xLvqp7JILLBa6Der02qjotGI4UnaKAGSad7uEkPKLq2ePjzBy/Rc/E55FJO8OjffWzIOgpT1jYMmw8IOuAlB50weCRpzMowrLT+FKFF53SxG+oe5n4EaoiqR92WZsXzOTFpNdSFXyvggt/lmOz4Zm08AMD3sWFWg/ZA== - set certificate "-----BEGIN CERTIFICATE----- - next - end - config user device-category - edit ipad - next - edit iphone - next - edit gaming-console - next - edit blackberry-phone - next - edit blackberry-playbook - next - edit linux-pc - next - edit mac - next - edit windows-pc - next - edit android-phone - next - edit android-tablet - next - edit media-streaming - next - edit windows-phone - next - edit windows-tablet - next - edit fortinet-device - next - edit ip-phone - next - edit router-nat-device - next - edit printer - next - edit other-network-device - next - edit collected-emails - next - edit all - next - end - config system session-sync - end - config system fortiguard - set webfilter-sdns-server-ip "208.91.112.220" - end - config ips global - set default-app-cat-mask 18446744073474670591 - end - config ips dbinfo - set version 1 - end - config gui console - end - config system session-helper - edit 1 - set protocol 6 - set name pptp - set port 1723 - next - edit 2 - set protocol 6 - set name h323 - set port 1720 - next - edit 3 - set protocol 17 - set name ras - set port 1719 - next - edit 4 - set protocol 6 - set name tns - set port 1521 - next - edit 5 - set protocol 17 - set name tftp - set port 69 - next - edit 6 - set protocol 6 - set name rtsp - set port 554 - next - edit 7 - set protocol 6 - set name rtsp - set port 7070 - next - edit 8 - set protocol 6 - set name rtsp - set port 8554 - next - edit 9 - set protocol 6 - set name ftp - set port 21 - next - edit 10 - set protocol 6 - set name mms - set port 1863 - next - edit 11 - set protocol 6 - set name pmap - set port 111 - next - edit 12 - set protocol 17 - set name pmap - set port 111 - next - edit 13 - set protocol 17 - set name sip - set port 5060 - next - edit 14 - set protocol 17 - set name dns-udp - set port 53 - next - edit 15 - set protocol 6 - set name rsh - set port 514 - next - edit 16 - set protocol 6 - set name rsh - set port 512 - next - edit 17 - set protocol 6 - set name dcerpc - set port 135 - next - edit 18 - set protocol 17 - set name dcerpc - set port 135 - next - edit 19 - set protocol 17 - set name mgcp - set port 2427 - next - edit 20 - set protocol 17 - set name mgcp - set port 2727 - next - end - config system auto-install - set auto-install-config enable - set auto-install-image enable - end - config system ntp - set ntpsync enable - set syncinterval 60 - end - config system settings - end - config firewall address - edit SSLVPN_TUNNEL_ADDR1 - set type iprange - set end-ip 10.212.134.210 - set start-ip 10.212.134.200 - next - edit all - next - edit none - set subnet 0.0.0.0 255.255.255.255 - next - edit apple - set type fqdn - set fqdn "*.apple.com" - next - edit dropbox.com - set type fqdn - set fqdn "*.dropbox.com" - next - edit Gotomeeting - set type fqdn - set fqdn "*.gotomeeting.com" - next - edit icloud - set type fqdn - set fqdn "*.icloud.com" - next - edit itunes - set type fqdn - set fqdn "*itunes.apple.com" - next - edit android - set type fqdn - set fqdn "*.android.com" - next - edit skype - set type fqdn - set fqdn "*.messenger.live.com" - next - edit swscan.apple.com - set type fqdn - set fqdn "swscan.apple.com" - next - edit update.microsoft.com - set type fqdn - set fqdn "update.microsoft.com" - next - edit appstore - set type fqdn - set fqdn "*.appstore.com" - next - edit eease - set type fqdn - set fqdn "*.eease.com" - next - edit google-drive - set type fqdn - set fqdn "*drive.google.com" - next - edit google-play - set type fqdn - set fqdn "play.google.com" - next - edit google-play2 - set type fqdn - set fqdn "*.ggpht.com" - next - edit google-play3 - set type fqdn - set fqdn "*.books.google.com" - next - edit microsoft - set type fqdn - set fqdn "*.microsoft.com" - next - edit adobe - set type fqdn - set fqdn "*.adobe.com" - next - edit Adobe Login - set type fqdn - set fqdn "*.adobelogin.com" - next - edit fortinet - set type fqdn - set fqdn "*.fortinet.com" - next - edit googleapis.com - set type fqdn - set fqdn "*.googleapis.com" - next - edit citrix - set type fqdn - set fqdn "*.citrixonline.com" - next - edit verisign - set type fqdn - set fqdn "*.verisign.com" - next - edit Windows update 2 - set type fqdn - set fqdn "*.windowsupdate.com" - next - edit *.live.com - set type fqdn - set fqdn "*.live.com" - next - edit auth.gfx.ms - set type fqdn - set fqdn "auth.gfx.ms" - next - edit autoupdate.opera.com - set type fqdn - set fqdn "autoupdate.opera.com" - next - edit softwareupdate.vmware.com - set type fqdn - set fqdn "softwareupdate.vmware.com" - next - edit firefox update server - set type fqdn - set fqdn "aus*.mozilla.org" - next - end - config firewall multicast-address - edit all - set end-ip 239.255.255.255 - set start-ip 224.0.0.0 - next - edit all_hosts - set end-ip 224.0.0.1 - set start-ip 224.0.0.1 - next - edit all_routers - set end-ip 224.0.0.2 - set start-ip 224.0.0.2 - next - edit Bonjour - set end-ip 224.0.0.251 - set start-ip 224.0.0.251 - next - edit EIGRP - set end-ip 224.0.0.10 - set start-ip 224.0.0.10 - next - edit OSPF - set end-ip 224.0.0.6 - set start-ip 224.0.0.5 - next - end - config firewall address6 - edit SSLVPN_TUNNEL_IPv6_ADDR1 - set ip6 fdff:ffff::/120 - next - edit all - next - edit none - set ip6 ::/128 - next - end - config firewall service category - edit General - set comment "General services." - next - edit Web Access - set comment "Web access." - next - edit File Access - set comment "File access." - next - edit Email - set comment "Email services." - next - edit Network Services - set comment "Network services." - next - edit Authentication - set comment "Authentication service." - next - edit Remote Access - set comment "Remote access." - next - edit Tunneling - set comment "Tunneling service." - next - edit VoIP, Messaging & Other Applications - set comment "VoIP, messaging, and other applications." - next - edit Web Proxy - set comment "Explicit web proxy." - next - end - config firewall service custom - edit ALL - set category "General" - set protocol IP - next - edit ALL_TCP - set category "General" - set tcp-portrange 1-65535 - next - edit ALL_UDP - set category "General" - set udp-portrange 1-65535 - next - edit ALL_ICMP - set category "General" - set protocol ICMP - next - edit ALL_ICMP6 - set category "General" - set protocol ICMP6 - next - edit GRE - set category "Tunneling" - set protocol-number 47 - set protocol IP - next - edit AH - set category "Tunneling" - set protocol-number 51 - set protocol IP - next - edit ESP - set category "Tunneling" - set protocol-number 50 - set protocol IP - next - edit AOL - set visibility disable - set tcp-portrange 5190-5194 - next - edit BGP - set category "Network Services" - set tcp-portrange 179 - next - edit DHCP - set category "Network Services" - set udp-portrange 67-68 - next - edit DNS - set category "Network Services" - set udp-portrange 53 - set tcp-portrange 53 - next - edit FINGER - set visibility disable - set tcp-portrange 79 - next - edit FTP - set category "File Access" - set tcp-portrange 21 - next - edit FTP_GET - set category "File Access" - set tcp-portrange 21 - next - edit FTP_PUT - set category "File Access" - set tcp-portrange 21 - next - edit GOPHER - set visibility disable - set tcp-portrange 70 - next - edit H323 - set category "VoIP, Messaging & Other Applications" - set udp-portrange 1719 - set tcp-portrange 1720 1503 - next - edit HTTP - set category "Web Access" - set tcp-portrange 80 - next - edit HTTPS - set category "Web Access" - set tcp-portrange 443 - next - edit IKE - set category "Tunneling" - set udp-portrange 500 4500 - next - edit IMAP - set category "Email" - set tcp-portrange 143 - next - edit IMAPS - set category "Email" - set tcp-portrange 993 - next - edit Internet-Locator-Service - set visibility disable - set tcp-portrange 389 - next - edit IRC - set category "VoIP, Messaging & Other Applications" - set tcp-portrange 6660-6669 - next - edit L2TP - set category "Tunneling" - set udp-portrange 1701 - set tcp-portrange 1701 - next - edit LDAP - set category "Authentication" - set tcp-portrange 389 - next - edit NetMeeting - set visibility disable - set tcp-portrange 1720 - next - edit NFS - set category "File Access" - set udp-portrange 111 2049 - set tcp-portrange 111 2049 - next - edit NNTP - set visibility disable - set tcp-portrange 119 - next - edit NTP - set category "Network Services" - set udp-portrange 123 - set tcp-portrange 123 - next - edit OSPF - set category "Network Services" - set protocol-number 89 - set protocol IP - next - edit PC-Anywhere - set category "Remote Access" - set udp-portrange 5632 - set tcp-portrange 5631 - next - edit PING - set category "Network Services" - set protocol ICMP - set icmptype 8 - next - edit TIMESTAMP - set protocol ICMP - set visibility disable - set icmptype 13 - next - edit INFO_REQUEST - set protocol ICMP - set visibility disable - set icmptype 15 - next - edit INFO_ADDRESS - set protocol ICMP - set visibility disable - set icmptype 17 - next - edit ONC-RPC - set category "Remote Access" - set udp-portrange 111 - set tcp-portrange 111 - next - edit DCE-RPC - set category "Remote Access" - set udp-portrange 135 - set tcp-portrange 135 - next - edit POP3 - set category "Email" - set tcp-portrange 110 - next - edit POP3S - set category "Email" - set tcp-portrange 995 - next - edit PPTP - set category "Tunneling" - set tcp-portrange 1723 - next - edit QUAKE - set udp-portrange 26000 27000 27910 27960 - set visibility disable - next - edit RAUDIO - set udp-portrange 7070 - set visibility disable - next - edit REXEC - set visibility disable - set tcp-portrange 512 - next - edit RIP - set category "Network Services" - set udp-portrange 520 - next - edit RLOGIN - set visibility disable - set tcp-portrange 513:512-1023 - next - edit RSH - set visibility disable - set tcp-portrange 514:512-1023 - next - edit SCCP - set category "VoIP, Messaging & Other Applications" - set tcp-portrange 2000 - next - edit SIP - set category "VoIP, Messaging & Other Applications" - set udp-portrange 5060 - set tcp-portrange 5060 - next - edit SIP-MSNmessenger - set category "VoIP, Messaging & Other Applications" - set tcp-portrange 1863 - next - edit SAMBA - set category "File Access" - set tcp-portrange 139 - next - edit SMTP - set category "Email" - set tcp-portrange 25 - next - edit SMTPS - set category "Email" - set tcp-portrange 465 - next - edit SNMP - set category "Network Services" - set udp-portrange 161-162 - set tcp-portrange 161-162 - next - edit SSH - set category "Remote Access" - set tcp-portrange 22 - next - edit SYSLOG - set category "Network Services" - set udp-portrange 514 - next - edit TALK - set udp-portrange 517-518 - set visibility disable - next - edit TELNET - set category "Remote Access" - set tcp-portrange 23 - next - edit TFTP - set category "File Access" - set udp-portrange 69 - next - edit MGCP - set udp-portrange 2427 2727 - set visibility disable - next - edit UUCP - set visibility disable - set tcp-portrange 540 - next - edit VDOLIVE - set visibility disable - set tcp-portrange 7000-7010 - next - edit WAIS - set visibility disable - set tcp-portrange 210 - next - edit WINFRAME - set visibility disable - set tcp-portrange 1494 2598 - next - edit X-WINDOWS - set category "Remote Access" - set tcp-portrange 6000-6063 - next - edit PING6 - set protocol ICMP6 - set visibility disable - set icmptype 128 - next - edit MS-SQL - set category "VoIP, Messaging & Other Applications" - set tcp-portrange 1433 1434 - next - edit MYSQL - set category "VoIP, Messaging & Other Applications" - set tcp-portrange 3306 - next - edit RDP - set category "Remote Access" - set tcp-portrange 3389 - next - edit VNC - set category "Remote Access" - set tcp-portrange 5900 - next - edit DHCP6 - set category "Network Services" - set udp-portrange 546 547 - next - edit SQUID - set category "Tunneling" - set tcp-portrange 3128 - next - edit SOCKS - set category "Tunneling" - set udp-portrange 1080 - set tcp-portrange 1080 - next - edit WINS - set category "Remote Access" - set udp-portrange 1512 - set tcp-portrange 1512 - next - edit RADIUS - set category "Authentication" - set udp-portrange 1812 1813 - next - edit RADIUS-OLD - set udp-portrange 1645 1646 - set visibility disable - next - edit CVSPSERVER - set udp-portrange 2401 - set visibility disable - set tcp-portrange 2401 - next - edit AFS3 - set category "File Access" - set udp-portrange 7000-7009 - set tcp-portrange 7000-7009 - next - edit TRACEROUTE - set category "Network Services" - set udp-portrange 33434-33535 - next - edit RTSP - set category "VoIP, Messaging & Other Applications" - set udp-portrange 554 - set tcp-portrange 554 7070 8554 - next - edit MMS - set udp-portrange 1024-5000 - set visibility disable - set tcp-portrange 1755 - next - edit KERBEROS - set category "Authentication" - set udp-portrange 88 - set tcp-portrange 88 - next - edit LDAP_UDP - set category "Authentication" - set udp-portrange 389 - next - edit SMB - set category "File Access" - set tcp-portrange 445 - next - edit NONE - set visibility disable - set tcp-portrange 0 - next - edit webproxy - set category "Web Proxy" - set explicit-proxy enable - set protocol ALL - set tcp-portrange 0-65535:0-65535 - next - end - config firewall service group - edit Email Access - set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS" - next - edit Web Access - set member "DNS" "HTTP" "HTTPS" - next - edit Windows AD - set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB" - next - edit Exchange Server - set member "DCE-RPC" "DNS" "HTTPS" - next - end - config webfilter ftgd-local-cat - edit custom1 - set id 140 - next - edit custom2 - set id 141 - next - end - config ips sensor - edit default - set comment "Prevent critical attacks." - config entries - edit 1 - set severity medium high critical - next - end - next - edit all_default - set comment "All predefined signatures with default setting." - config entries - edit 1 - next - end - next - edit all_default_pass - set comment "All predefined signatures with PASS action." - config entries - edit 1 - set action pass - next - end - next - edit protect_http_server - set comment "Protect against HTTP server-side vulnerabilities." - config entries - edit 1 - set protocol HTTP - set location server - next - end - next - edit protect_email_server - set comment "Protect against email server-side vulnerabilities." - config entries - edit 1 - set protocol SMTP POP3 IMAP - set location server - next - end - next - edit protect_client - set comment "Protect against client-side vulnerabilities." - config entries - edit 1 - set location client - next - end - next - edit high_security - set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities" - config entries - edit 1 - set status enable - set action block - set severity medium high critical - next - edit 2 - set severity low - next - end - next - end - config firewall shaper traffic-shaper - edit high-priority - set per-policy enable - set maximum-bandwidth 1048576 - next - edit medium-priority - set priority medium - set per-policy enable - set maximum-bandwidth 1048576 - next - edit low-priority - set priority low - set per-policy enable - set maximum-bandwidth 1048576 - next - edit guarantee-100kbps - set guaranteed-bandwidth 100 - set maximum-bandwidth 1048576 - set per-policy enable - next - edit shared-1M-pipe - set maximum-bandwidth 1024 - next - end - config web-proxy global - set proxy-fqdn "default.fqdn" - end - config application list - edit default - set comment "Monitor all applications." - config entries - edit 1 - set action pass - next - end - next - edit block-p2p - config entries - edit 1 - set category 2 - next - end - next - edit monitor-p2p-and-media - config entries - edit 1 - set category 2 - set action pass - next - edit 2 - set category 5 - set action pass - next - end - next - end - config dlp filepattern - edit 1 - set name "builtin-patterns" - config entries - edit *.bat - next - edit *.com - next - edit *.dll - next - edit *.doc - next - edit *.exe - next - edit *.gz - next - edit *.hta - next - edit *.ppt - next - edit *.rar - next - edit *.scr - next - edit *.tar - next - edit *.tgz - next - edit *.vb? - next - edit *.wps - next - edit *.xl? - next - edit *.zip - next - edit *.pif - next - edit *.cpl - next - end - next - edit 2 - set name "all_executables" - config entries - edit bat - set file-type bat - set filter-type type - next - edit exe - set file-type exe - set filter-type type - next - edit elf - set file-type elf - set filter-type type - next - edit hta - set file-type hta - set filter-type type - next - end - next - end - config dlp fp-sensitivity - edit Private - next - edit Critical - next - edit Warning - next - end - config dlp sensor - edit default - set comment "Log a summary of email and web traffic." - set summary-proto smtp pop3 imap http-get http-post - next - end - config webfilter content - end - config webfilter urlfilter - end - config spamfilter bword - end - config spamfilter bwl - end - config spamfilter mheader - end - config spamfilter dnsbl - end - config spamfilter iptrust - end - config log threat-weight - config web - edit 1 - set category 26 - set level high - next - edit 2 - set category 61 - set level high - next - edit 3 - set category 86 - set level high - next - edit 4 - set category 1 - set level medium - next - edit 5 - set category 3 - set level medium - next - edit 6 - set category 4 - set level medium - next - edit 7 - set category 5 - set level medium - next - edit 8 - set category 6 - set level medium - next - edit 9 - set category 12 - set level medium - next - edit 10 - set category 59 - set level medium - next - edit 11 - set category 62 - set level medium - next - edit 12 - set category 83 - set level medium - next - edit 13 - set category 72 - next - edit 14 - set category 14 - next - end - config application - edit 1 - set category 2 - next - edit 2 - set category 6 - set level medium - next - edit 3 - set category 19 - set level critical - next - end - end - config icap profile - edit default - next - end - config user local - edit guest - set passwd ENC EntYbQ4nWAFLGsQz5QbIt8MIxko4Ms6Nm/9fMo/5+L7FJO42JRExvl705N++oKwIB0NvfdWaiqfZ/LGPDSOVqRZnqn4pUWOlNVE6yfGxbCZUIXTlcSL58A2ok3Yd428rHETuf7mNrOJMdVS1tfnrx5+92ofsXVzAn/kpKeJLrtBRWNfBQ1YplQ2FfEDCHHW27akz4g== - set type password - next - end - config user group - edit SSO_Guest_Users - next - edit Guest-group - set member "guest" - next - end - config user device-group - edit Mobile Devices - set member "android-phone" "android-tablet" "blackberry-phone" "blackberry-playbook" "ipad" "iphone" "windows-phone" "windows-tablet" - set comment "Phones, tablets, etc." - next - edit Network Devices - set member "fortinet-device" "other-network-device" "router-nat-device" - set comment "Routers, firewalls, gateways, etc." - next - edit Others - set member "gaming-console" "media-streaming" - set comment "Other devices." - next - end - config vpn ssl web host-check-software - edit FortiClient-AV - set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81" - next - edit FortiClient-FW - set guid "528CB157-D384-4593-AAAA-E42DFF111CED" - set type fw - next - edit FortiClient-AV-Vista-Win7 - set guid "385618A6-2256-708E-3FB9-7E98B93F91F9" - next - edit FortiClient-FW-Vista-Win7 - set guid "006D9983-6839-71D6-14E6-D7AD47ECD682" - set type fw - next - edit AVG-Internet-Security-AV - set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF" - next - edit AVG-Internet-Security-FW - set guid "8DECF618-9569-4340-B34A-D78D28969B66" - set type fw - next - edit AVG-Internet-Security-AV-Vista-Win7 - set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82" - next - edit AVG-Internet-Security-FW-Vista-Win7 - set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9" - set type fw - next - edit CA-Anti-Virus - set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93" - next - edit CA-Internet-Security-AV - set guid "6B98D35F-BB76-41C0-876B-A50645ED099A" - next - edit CA-Internet-Security-FW - set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3" - set type fw - next - edit CA-Internet-Security-AV-Vista-Win7 - set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F" - next - edit CA-Internet-Security-FW-Vista-Win7 - set guid "06D680B0-4024-4FAB-E710-E675E50F6324" - set type fw - next - edit CA-Personal-Firewall - set guid "14CB4B80-8E52-45EA-905E-67C1267B4160" - set type fw - next - edit F-Secure-Internet-Security-AV - set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15" - next - edit F-Secure-Internet-Security-FW - set guid "D4747503-0346-49EB-9262-997542F79BF4" - set type fw - next - edit F-Secure-Internet-Security-AV-Vista-Win7 - set guid "15414183-282E-D62C-CA37-EF24860A2F17" - next - edit F-Secure-Internet-Security-FW-Vista-Win7 - set guid "2D7AC0A6-6241-D774-E168-461178D9686C" - set type fw - next - edit Kaspersky-AV - set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" - next - edit Kaspersky-FW - set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" - set type fw - next - edit Kaspersky-AV-Vista-Win7 - set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE" - next - edit Kaspersky-FW-Vista-Win7 - set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5" - set type fw - next - edit McAfee-Internet-Security-Suite-AV - set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83" - next - edit McAfee-Internet-Security-Suite-FW - set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8" - set type fw - next - edit McAfee-Internet-Security-Suite-AV-Vista-Win7 - set guid "86355677-4064-3EA7-ABB3-1B136EB04637" - next - edit McAfee-Internet-Security-Suite-FW-Vista-Win7 - set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C" - set type fw - next - edit McAfee-Virus-Scan-Enterprise - set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0" - next - edit Norton-360-2.0-AV - set guid "A5F1BC7C-EA33-4247-961C-0217208396C4" - next - edit Norton-360-2.0-FW - set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3" - set type fw - next - edit Norton-360-3.0-AV - set guid "E10A9785-9598-4754-B552-92431C1C35F8" - next - edit Norton-360-3.0-FW - set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" - set type fw - next - edit Norton-Internet-Security-AV - set guid "E10A9785-9598-4754-B552-92431C1C35F8" - next - edit Norton-Internet-Security-FW - set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" - set type fw - next - edit Norton-Internet-Security-AV-Vista-Win7 - set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" - next - edit Norton-Internet-Security-FW-Vista-Win7 - set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" - set type fw - next - edit Symantec-Endpoint-Protection-AV - set guid "FB06448E-52B8-493A-90F3-E43226D3305C" - next - edit Symantec-Endpoint-Protection-FW - set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6" - set type fw - next - edit Symantec-Endpoint-Protection-AV-Vista-Win7 - set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" - next - edit Symantec-Endpoint-Protection-FW-Vista-Win7 - set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" - set type fw - next - edit Panda-Antivirus+Firewall-2008-AV - set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A" - next - edit Panda-Antivirus+Firewall-2008-FW - set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" - set type fw - next - edit Panda-Internet-Security-AV - set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" - next - edit Panda-Internet-Security-2006~2007-FW - set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" - set type fw - next - edit Panda-Internet-Security-2008~2009-FW - set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" - set type fw - next - edit Sophos-Anti-Virus - set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD" - next - edit Sophos-Enpoint-Secuirty-and-Control-FW - set guid "0786E95E-326A-4524-9691-41EF88FB52EA" - set type fw - next - edit Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7 - set guid "479CCF92-4960-B3E0-7373-BF453B467D2C" - next - edit Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7 - set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57" - set type fw - next - edit Trend-Micro-AV - set guid "7D2296BC-32CC-4519-917E-52E652474AF5" - next - edit Trend-Micro-FW - set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6" - set type fw - next - edit Trend-Micro-AV-Vista-Win7 - set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50" - next - edit Trend-Micro-FW-Vista-Win7 - set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B" - set type fw - next - edit ZoneAlarm-AV - set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF" - next - edit ZoneAlarm-FW - set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B" - set type fw - next - edit ZoneAlarm-AV-Vista-Win7 - set guid "D61596DF-D219-341C-49B3-AD30538CBC5B" - next - edit ZoneAlarm-FW-Vista-Win7 - set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20" - set type fw - next - edit ESET-Smart-Security-AV - set guid "19259FAE-8396-A113-46DB-15B0E7DFA289" - next - edit ESET-Smart-Security-FW - set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2" - set type fw - next - end - config vpn ssl web portal - edit full-access - set web-mode enable - set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" - set page-layout double-column - set ip-pools "SSLVPN_TUNNEL_ADDR1" - set ipv6-tunnel-mode enable - set tunnel-mode enable - next - edit web-access - set web-mode enable - next - edit tunnel-access - set ip-pools "SSLVPN_TUNNEL_ADDR1" - set ipv6-tunnel-mode enable - set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" - set tunnel-mode enable - next - end - config vpn ssl settings - set servercert "self-sign" - set port 443 - end - config voip profile - edit default - set comment "Default VoIP profile." - next - edit strict - config sip - set malformed-header-max-forwards discard - set malformed-header-rack discard - set malformed-header-allow discard - set malformed-header-call-id discard - set malformed-header-sdp-v discard - set malformed-header-record-route discard - set malformed-header-contact discard - set malformed-header-sdp-s discard - set malformed-header-content-length discard - set malformed-header-sdp-z discard - set malformed-header-from discard - set malformed-header-route discard - set malformed-header-sdp-b discard - set malformed-header-sdp-c discard - set malformed-header-sdp-a discard - set malformed-header-sdp-o discard - set malformed-header-sdp-m discard - set malformed-header-sdp-k discard - set malformed-header-sdp-i discard - set malformed-header-to discard - set malformed-header-via discard - set malformed-header-sdp-t discard - set malformed-request-line discard - set malformed-header-sdp-r discard - set malformed-header-content-type discard - set malformed-header-expires discard - set malformed-header-rseq discard - set malformed-header-p-asserted-identity discard - set malformed-header-cseq discard - end - next - end - config webfilter profile - edit default - set comment "Default web filtering." - set post-action comfort - config ftgd-wf - config filters - edit 1 - set category 2 - set action warning - next - edit 2 - set category 7 - set action warning - next - edit 3 - set category 8 - set action warning - next - edit 4 - set category 9 - set action warning - next - edit 5 - set category 11 - set action warning - next - edit 6 - set category 12 - set action warning - next - edit 7 - set category 13 - set action warning - next - edit 8 - set category 14 - set action warning - next - edit 9 - set category 15 - set action warning - next - edit 10 - set category 16 - set action warning - next - edit 11 - set action warning - next - edit 12 - set category 57 - set action warning - next - edit 13 - set category 63 - set action warning - next - edit 14 - set category 64 - set action warning - next - edit 15 - set category 65 - set action warning - next - edit 16 - set category 66 - set action warning - next - edit 17 - set category 67 - set action warning - next - edit 18 - set category 26 - set action block - next - end - end - next - edit web-filter-flow - set comment "Flow-based web filter profile." - set inspection-mode flow-based - set post-action comfort - config ftgd-wf - config filters - edit 1 - set category 2 - next - edit 2 - set category 7 - next - edit 3 - set category 8 - next - edit 4 - set category 9 - next - edit 5 - set category 11 - next - edit 6 - set category 12 - next - edit 7 - set category 13 - next - edit 8 - set category 14 - next - edit 9 - set category 15 - next - edit 10 - set category 16 - next - edit 11 - next - edit 12 - set category 57 - next - edit 13 - set category 63 - next - edit 14 - set category 64 - next - edit 15 - set category 65 - next - edit 16 - set category 66 - next - edit 17 - set category 67 - next - edit 18 - set category 26 - set action block - next - end - end - next - edit monitor-all - set comment "Monitor and log all visited URLs, proxy-based." - set web-content-log disable - set web-filter-applet-log disable - set web-ftgd-err-log disable - set web-filter-jscript-log disable - set web-filter-activex-log disable - set web-filter-referer-log disable - set web-filter-js-log disable - set web-invalid-domain-log disable - set web-ftgd-quota-usage disable - set web-filter-command-block-log disable - set web-filter-vbs-log disable - set web-filter-unknown-log disable - set web-filter-cookie-log disable - set log-all-url enable - set web-filter-cookie-removal-log disable - set web-url-log disable - config ftgd-wf - config filters - edit 1 - set category 1 - next - edit 2 - set category 3 - next - edit 3 - set category 4 - next - edit 4 - set category 5 - next - edit 5 - set category 6 - next - edit 6 - set category 12 - next - edit 7 - set category 59 - next - edit 8 - set category 62 - next - edit 9 - set category 83 - next - edit 10 - set category 2 - next - edit 11 - set category 7 - next - edit 12 - set category 8 - next - edit 13 - set category 9 - next - edit 14 - set category 11 - next - edit 15 - set category 13 - next - edit 16 - set category 14 - next - edit 17 - set category 15 - next - edit 18 - set category 16 - next - edit 19 - set category 57 - next - edit 20 - set category 63 - next - edit 21 - set category 64 - next - edit 22 - set category 65 - next - edit 23 - set category 66 - next - edit 24 - set category 67 - next - edit 25 - set category 19 - next - edit 26 - set category 24 - next - edit 27 - set category 25 - next - edit 28 - set category 72 - next - edit 29 - set category 75 - next - edit 30 - set category 76 - next - edit 31 - set category 26 - next - edit 32 - set category 61 - next - edit 33 - set category 86 - next - edit 34 - set category 17 - next - edit 35 - set category 18 - next - edit 36 - set category 20 - next - edit 37 - set category 23 - next - edit 38 - set category 28 - next - edit 39 - set category 29 - next - edit 40 - set category 30 - next - edit 41 - set category 33 - next - edit 42 - set category 34 - next - edit 43 - set category 35 - next - edit 44 - set category 36 - next - edit 45 - set category 37 - next - edit 46 - set category 38 - next - edit 47 - set category 39 - next - edit 48 - set category 40 - next - edit 49 - set category 42 - next - edit 50 - set category 44 - next - edit 51 - set category 46 - next - edit 52 - set category 47 - next - edit 53 - set category 48 - next - edit 54 - set category 54 - next - edit 55 - set category 55 - next - edit 56 - set category 58 - next - edit 57 - set category 68 - next - edit 58 - set category 69 - next - edit 59 - set category 70 - next - edit 60 - set category 71 - next - edit 61 - set category 77 - next - edit 62 - set category 78 - next - edit 63 - set category 79 - next - edit 64 - set category 80 - next - edit 65 - set category 82 - next - edit 66 - set category 85 - next - edit 67 - set category 87 - next - edit 68 - set category 31 - next - edit 69 - set category 41 - next - edit 70 - set category 43 - next - edit 71 - set category 49 - next - edit 72 - set category 50 - next - edit 73 - set category 51 - next - edit 74 - set category 52 - next - edit 75 - set category 53 - next - edit 76 - set category 56 - next - edit 77 - set category 81 - next - edit 78 - set category 84 - next - edit 79 - next - end - end - next - edit flow-monitor-all - set comment "Monitor and log all visited URLs, flow-based." - set web-content-log disable - set web-filter-applet-log disable - set web-ftgd-err-log disable - set web-filter-command-block-log disable - set web-filter-jscript-log disable - set web-filter-activex-log disable - set web-filter-referer-log disable - set web-filter-js-log disable - set web-invalid-domain-log disable - set web-ftgd-quota-usage disable - set inspection-mode flow-based - set web-filter-vbs-log disable - set web-filter-unknown-log disable - set web-filter-cookie-log disable - set log-all-url enable - set web-filter-cookie-removal-log disable - set web-url-log disable - config ftgd-wf - config filters - edit 1 - set category 1 - next - edit 2 - set category 3 - next - edit 3 - set category 4 - next - edit 4 - set category 5 - next - edit 5 - set category 6 - next - edit 6 - set category 12 - next - edit 7 - set category 59 - next - edit 8 - set category 62 - next - edit 9 - set category 83 - next - edit 10 - set category 2 - next - edit 11 - set category 7 - next - edit 12 - set category 8 - next - edit 13 - set category 9 - next - edit 14 - set category 11 - next - edit 15 - set category 13 - next - edit 16 - set category 14 - next - edit 17 - set category 15 - next - edit 18 - set category 16 - next - edit 19 - set category 57 - next - edit 20 - set category 63 - next - edit 21 - set category 64 - next - edit 22 - set category 65 - next - edit 23 - set category 66 - next - edit 24 - set category 67 - next - edit 25 - set category 19 - next - edit 26 - set category 24 - next - edit 27 - set category 25 - next - edit 28 - set category 72 - next - edit 29 - set category 75 - next - edit 30 - set category 76 - next - edit 31 - set category 26 - next - edit 32 - set category 61 - next - edit 33 - set category 86 - next - edit 34 - set category 17 - next - edit 35 - set category 18 - next - edit 36 - set category 20 - next - edit 37 - set category 23 - next - edit 38 - set category 28 - next - edit 39 - set category 29 - next - edit 40 - set category 30 - next - edit 41 - set category 33 - next - edit 42 - set category 34 - next - edit 43 - set category 35 - next - edit 44 - set category 36 - next - edit 45 - set category 37 - next - edit 46 - set category 38 - next - edit 47 - set category 39 - next - edit 48 - set category 40 - next - edit 49 - set category 42 - next - edit 50 - set category 44 - next - edit 51 - set category 46 - next - edit 52 - set category 47 - next - edit 53 - set category 48 - next - edit 54 - set category 54 - next - edit 55 - set category 55 - next - edit 56 - set category 58 - next - edit 57 - set category 68 - next - edit 58 - set category 69 - next - edit 59 - set category 70 - next - edit 60 - set category 71 - next - edit 61 - set category 77 - next - edit 62 - set category 78 - next - edit 63 - set category 79 - next - edit 64 - set category 80 - next - edit 65 - set category 82 - next - edit 66 - set category 85 - next - edit 67 - set category 87 - next - edit 68 - set category 31 - next - edit 69 - set category 41 - next - edit 70 - set category 43 - next - edit 71 - set category 49 - next - edit 72 - set category 50 - next - edit 73 - set category 51 - next - edit 74 - set category 52 - next - edit 75 - set category 53 - next - edit 76 - set category 56 - next - edit 77 - set category 81 - next - edit 78 - set category 84 - next - edit 79 - next - end - end - next - edit block-security-risks - set comment "Block security risks." - config ftgd-wf - set options rate-server-ip - config filters - edit 1 - set category 26 - set action block - next - edit 2 - set category 61 - set action block - next - edit 3 - set category 86 - set action block - next - edit 4 - set action warning - next - end - end - next - end - config webfilter override - end - config webfilter override-user - end - config webfilter ftgd-warning - end - config webfilter ftgd-local-rating - end - config webfilter search-engine - edit google - set url "^\\/((custom|search|images|videosearch|webhp)\\?)" - set query "q=" - set safesearch-str "&safe=active" - set hostname ".*\\.google\\..*" - set safesearch url - next - edit yahoo - set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)" - set query "p=" - set safesearch-str "&vm=r" - set hostname ".*\\.yahoo\\..*" - set safesearch url - next - edit bing - set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?" - set query "q=" - set safesearch-str "&adlt=strict" - set hostname "www\\.bing\\.com" - set safesearch url - next - edit yandex - set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?" - set query "text=" - set safesearch-str "&family=yes" - set hostname "yandex\\..*" - set safesearch url - next - edit youtube - set safesearch header - set hostname ".*\\.youtube\\..*" - next - edit baidu - set url "^\\/s?\\?" - set query "wd=" - set hostname ".*\\.baidu\\.com" - next - edit baidu2 - set url "^\\/(ns|q|m|i|v)\\?" - set query "word=" - set hostname ".*\\.baidu\\.com" - next - edit baidu3 - set url "^\\/f\\?" - set query "kw=" - set hostname "tieba\\.baidu\\.com" - next - end - config antivirus profile - edit default - set comment "Scan files and block viruses." - config http - set options scan - end - config ftp - set options scan - end - config imap - set options scan - end - config pop3 - set options scan - end - config smtp - set options scan - end - next - end - config spamfilter profile - edit default - set comment "Malware and phishing URL filtering." - next - end - config wanopt settings - set host-id "default-id" - end - config wanopt profile - edit default - set comments "Default WANopt profile." - next - end - config firewall schedule recurring - edit always - set day sunday monday tuesday wednesday thursday friday saturday - next - edit none - set day none - next - end - config firewall profile-protocol-options - edit default - set comment "All default services." - config http - set ports 80 - end - config ftp - set ports 21 - set options splice - end - config imap - set ports 143 - set options fragmail - end - config mapi - set ports 135 - set options fragmail - end - config pop3 - set ports 110 - set options fragmail - end - config smtp - set ports 25 - set options fragmail splice - end - config nntp - set ports 119 - set options splice - end - config dns - set ports 53 - end - next - end - config firewall ssl-ssh-profile - edit deep-inspection - set comment "Deep inspection." - config https - set ports 443 - end - config ftps - set ports 990 - end - config imaps - set ports 993 - end - config pop3s - set ports 995 - end - config smtps - set ports 465 - end - config ssh - set ports 22 - end - config ssl-exempt - edit 1 - set fortiguard-category 31 - next - edit 2 - set fortiguard-category 33 - next - edit 3 - set fortiguard-category 87 - next - edit 4 - set type address - set address "apple" - next - edit 5 - set type address - set address "appstore" - next - edit 6 - set type address - set address "dropbox.com" - next - edit 7 - set type address - set address "Gotomeeting" - next - edit 8 - set type address - set address "icloud" - next - edit 9 - set type address - set address "itunes" - next - edit 10 - set type address - set address "android" - next - edit 11 - set type address - set address "skype" - next - edit 12 - set type address - set address "swscan.apple.com" - next - edit 13 - set type address - set address "update.microsoft.com" - next - edit 14 - set type address - set address "eease" - next - edit 15 - set type address - set address "google-drive" - next - edit 16 - set type address - set address "google-play" - next - edit 17 - set type address - set address "google-play2" - next - edit 18 - set type address - set address "google-play3" - next - edit 19 - set type address - set address "microsoft" - next - edit 20 - set type address - set address "adobe" - next - edit 21 - set type address - set address "Adobe Login" - next - edit 22 - set type address - set address "fortinet" - next - edit 23 - set type address - set address "googleapis.com" - next - edit 24 - set type address - set address "citrix" - next - edit 25 - set type address - set address "verisign" - next - edit 26 - set type address - set address "Windows update 2" - next - edit 27 - set type address - set address "*.live.com" - next - edit 28 - set type address - set address "auth.gfx.ms" - next - edit 29 - set type address - set address "autoupdate.opera.com" - next - edit 30 - set type address - set address "softwareupdate.vmware.com" - next - edit 31 - set type address - set address "firefox update server" - next - end - next - edit certificate-inspection - set comment "SSL handshake inspection." - config https - set status certificate-inspection - set ports 443 - end - config ftps - set status disable - set ports 990 - end - config imaps - set status disable - set ports 993 - end - config pop3s - set status disable - set ports 995 - end - config smtps - set status disable - set ports 465 - end - config ssh - set status disable - set ports 22 - end - next - end - config firewall identity-based-route - end - config firewall policy - end - config firewall local-in-policy - end - config firewall policy6 - end - config firewall local-in-policy6 - end - config firewall ttl-policy - end - config firewall policy64 - end - config firewall policy46 - end - config firewall explicit-proxy-policy - end - config firewall interface-policy - end - config firewall interface-policy6 - end - config firewall DoS-policy - end - config firewall DoS-policy6 - end - config firewall sniffer - end - config endpoint-control profile - edit default - config forticlient-winmac-settings - set forticlient-wf-profile "default" - end - config forticlient-android-settings - end - config forticlient-ios-settings - end - next - end - config wireless-controller wids-profile - edit default - set comment "Default WIDS profile." - set deauth-broadcast enable - set assoc-frame-flood enable - set invalid-mac-oui enable - set ap-scan enable - set eapol-logoff-flood enable - set long-duration-attack enable - set eapol-pre-fail-flood enable - set eapol-succ-flood enable - set eapol-start-flood enable - set wireless-bridge enable - set eapol-pre-succ-flood enable - set auth-frame-flood enable - set asleap-attack enable - set eapol-fail-flood enable - set spoofed-deauth enable - set weak-wep-iv enable - set null-ssid-probe-resp enable - next - edit default-wids-apscan-enabled - set ap-scan enable - next - end - config wireless-controller wtp-profile - edit FAP112B-default - set ap-country US - config platform - set type 112B - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP220B-default - set ap-country US - config radio-1 - set band 802.11n-5G - end - config radio-2 - set band 802.11n - end - next - edit FAP223B-default - set ap-country US - config platform - set type 223B - end - config radio-1 - set band 802.11n-5G - end - config radio-2 - set band 802.11n - end - next - edit FAP210B-default - set ap-country US - config platform - set type 210B - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP222B-default - set ap-country US - config platform - set type 222B - end - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11n-5G - end - next - edit FAP320B-default - set ap-country US - config platform - set type 320B - end - config radio-1 - set band 802.11n-5G - end - config radio-2 - set band 802.11n - end - next - edit FAP11C-default - set ap-country US - config platform - set type 11C - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP14C-default - set ap-country US - config platform - set type 14C - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP28C-default - set ap-country US - config platform - set type 28C - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP320C-default - set ap-country US - config platform - set type 320C - end - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11ac - end - next - edit FAP221C-default - set ap-country US - config platform - set type 221C - end - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11ac - end - next - edit FAP25D-default - set ap-country US - config platform - set type 25D - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP222C-default - set ap-country US - config platform - set type 222C - end - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11ac - end - next - edit FAP224D-default - set ap-country US - config platform - set type 224D - end - config radio-1 - set band 802.11n-5G - end - config radio-2 - set band 802.11n - end - next - edit FK214B-default - set ap-country US - config platform - set type 214B - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP21D-default - set ap-country US - config platform - set type 21D - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP24D-default - set ap-country US - config platform - set type 24D - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP112D-default - set ap-country US - config platform - set type 112D - end - config radio-1 - set band 802.11n - end - config radio-2 - set mode disabled - end - next - edit FAP223C-default - set ap-country US - config platform - set type 223C - end - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11ac - end - next - edit FAP321C-default - set ap-country US - config platform - set type 321C - end - config radio-1 - set band 802.11n - end - config radio-2 - set band 802.11ac - end - next - end - config log memory setting - set status enable - end - config router rip - config redistribute connected - end - config redistribute static - end - config redistribute ospf - end - config redistribute bgp - end - config redistribute isis - end - end - config router ripng - config redistribute connected - end - config redistribute static - end - config redistribute ospf - end - config redistribute bgp - end - config redistribute isis - end - end - config router ospf - config redistribute connected - end - config redistribute static - end - config redistribute rip - end - config redistribute bgp - end - config redistribute isis - end - end - config router ospf6 - config redistribute connected - end - config redistribute static - end - config redistribute rip - end - config redistribute bgp - end - config redistribute isis - end - end - config router bgp - config redistribute connected - end - config redistribute rip - end - config redistribute ospf - end - config redistribute static - end - config redistribute isis - end - config redistribute6 connected - end - config redistribute6 rip - end - config redistribute6 ospf - end - config redistribute6 static - end - config redistribute6 isis - end - end - config router isis - config redistribute connected - end - config redistribute rip - end - config redistribute ospf - end - config redistribute bgp - end - config redistribute static - end - end - config router multicast - end diff --git a/test/integration/targets/fortios_ipv4_policy/files/requirements.txt b/test/integration/targets/fortios_ipv4_policy/files/requirements.txt deleted file mode 100644 index 7c67501df89..00000000000 --- a/test/integration/targets/fortios_ipv4_policy/files/requirements.txt +++ /dev/null @@ -1 +0,0 @@ -pyfg>=0.50 \ No newline at end of file diff --git a/test/integration/targets/fortios_ipv4_policy/tasks/main.yml b/test/integration/targets/fortios_ipv4_policy/tasks/main.yml deleted file mode 100644 index 64c8ac63ce2..00000000000 --- a/test/integration/targets/fortios_ipv4_policy/tasks/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: install required libraries - pip: - requirements: "{{ role_path }}/files/requirements.txt" - -- { include: test_indempotency.yml } -- { include: test_params.yml } diff --git a/test/integration/targets/fortios_ipv4_policy/tasks/test_indempotency.yml b/test/integration/targets/fortios_ipv4_policy/tasks/test_indempotency.yml deleted file mode 100644 index 6dc7a239ca1..00000000000 --- a/test/integration/targets/fortios_ipv4_policy/tasks/test_indempotency.yml +++ /dev/null @@ -1,68 +0,0 @@ ---- - - name: Add policy - fortios_ipv4_policy: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - id: 42 - src_addr: all - dst_addr: all - policy_action: accept - service: ALL - state: present - register: add_policy - - - name: Assert - assert: - that: - - "add_policy.changed == true" - - - name: Add existing policy - fortios_ipv4_policy: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - id: 42 - src_addr: all - dst_addr: all - policy_action: accept - service: ALL - state: present - register: add_policy - - - name: Assert - assert: - that: - - "add_policy.changed == false" - - - name: Delete existing policy - fortios_ipv4_policy: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - id: 42 - src_addr: all - dst_addr: all - policy_action: accept - service: ALL - state: absent - register: del_policy - - - name: Assert - assert: - that: - - "del_policy.changed == true" - - - name: Delete not-existing policy - fortios_ipv4_policy: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - id: 42 - src_addr: all - dst_addr: all - policy_action: accept - service: ALL - state: absent - register: del_policy - - - name: Assert - assert: - that: - - "del_policy.changed == false" diff --git a/test/integration/targets/fortios_ipv4_policy/tasks/test_params.yml b/test/integration/targets/fortios_ipv4_policy/tasks/test_params.yml deleted file mode 100644 index ba7f9be6841..00000000000 --- a/test/integration/targets/fortios_ipv4_policy/tasks/test_params.yml +++ /dev/null @@ -1,74 +0,0 @@ ---- - - name: Forget id - fortios_ipv4_policy: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - # id: 42 - src_addr: all - dst_addr: all - policy_action: accept - service: ALL - state: present - register: forget_id - ignore_errors: True - - - name: Forget src_addr - fortios_ipv4_policy: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - id: 42 - # src_addr: all - dst_addr: all - policy_action: accept - service: ALL - state: present - register: forget_src_addr - ignore_errors: True - - - name: Forget dst_addr - fortios_ipv4_policy: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - id: 42 - src_addr: all - # dst_addr: all - policy_action: accept - service: ALL - state: present - register: forget_dst_addr - ignore_errors: True - - - name: Forget policy_action - fortios_ipv4_policy: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - id: 42 - src_addr: all - dst_addr: all - # policy_action: accept - service: ALL - state: present - register: forget_policy_action - ignore_errors: True - - - name: Forget service - fortios_ipv4_policy: - file_mode: true - config_file: "{{role_path}}/files/default_config.conf" - id: 42 - src_addr: all - dst_addr: all - policy_action: accept - # service: ALL - state: present - register: forget_service - ignore_errors: True - - - name: Verify that all previous test have failed - assert: - that: - - "forget_id.failed == True" - - "forget_src_addr.failed == True" - - "forget_dst_addr.failed == True" - - "forget_policy_action.failed == True" - - "forget_service.failed == True" diff --git a/test/sanity/ignore.txt b/test/sanity/ignore.txt index 46d8e9b4a5f..2855db19440 100644 --- a/test/sanity/ignore.txt +++ b/test/sanity/ignore.txt @@ -114,12 +114,6 @@ lib/ansible/module_utils/network/eos/providers/module.py future-import-boilerpla lib/ansible/module_utils/network/eos/providers/module.py metaclass-boilerplate lib/ansible/module_utils/network/eos/providers/providers.py future-import-boilerplate lib/ansible/module_utils/network/eos/providers/providers.py metaclass-boilerplate -lib/ansible/module_utils/network/fortimanager/common.py future-import-boilerplate -lib/ansible/module_utils/network/fortimanager/common.py metaclass-boilerplate -lib/ansible/module_utils/network/fortimanager/fortimanager.py future-import-boilerplate -lib/ansible/module_utils/network/fortimanager/fortimanager.py metaclass-boilerplate -lib/ansible/module_utils/network/fortios/fortios.py future-import-boilerplate -lib/ansible/module_utils/network/fortios/fortios.py metaclass-boilerplate lib/ansible/module_utils/network/ios/ios.py future-import-boilerplate lib/ansible/module_utils/network/ios/ios.py metaclass-boilerplate lib/ansible/module_utils/network/ios/providers/cli/config/base.py future-import-boilerplate @@ -2166,223 +2160,6 @@ lib/ansible/modules/network/f5/bigiq_regkey_license_assignment.py validate-modul lib/ansible/modules/network/f5/bigiq_regkey_pool.py validate-modules:doc-required-mismatch lib/ansible/modules/network/f5/bigiq_utility_license.py validate-modules:doc-required-mismatch lib/ansible/modules/network/f5/bigiq_utility_license_assignment.py validate-modules:doc-required-mismatch -lib/ansible/modules/network/fortios/fortios_address.py validate-modules:doc-default-does-not-match-spec -lib/ansible/modules/network/fortios/fortios_address.py validate-modules:doc-missing-type -lib/ansible/modules/network/fortios/fortios_antivirus_quarantine.py validate-modules:doc-choices-do-not-match-spec -lib/ansible/modules/network/fortios/fortios_application_group.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_application_list.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_application_name.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_authentication_rule.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_authentication_scheme.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_config.py validate-modules:parameter-type-not-in-doc -lib/ansible/modules/network/fortios/fortios_dlp_filepattern.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_dlp_sensor.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_dnsfilter_domain_filter.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_dnsfilter_profile.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_endpoint_control_profile.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_DoS_policy.py validate-modules:parameter-invalid -lib/ansible/modules/network/fortios/fortios_firewall_DoS_policy.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_DoS_policy6.py validate-modules:parameter-invalid -lib/ansible/modules/network/fortios/fortios_firewall_DoS_policy6.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_address.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_address6.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_address6_template.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_addrgrp.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_addrgrp6.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_auth_portal.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_central_snat_map.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_identity_based_route.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_interface_policy.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_interface_policy6.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_internet_service.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_internet_service_custom.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_internet_service_group.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_local_in_policy.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_local_in_policy6.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_multicast_address.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_multicast_address6.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_multicast_policy.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_multicast_policy6.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_policy.py validate-modules:doc-choices-do-not-match-spec -lib/ansible/modules/network/fortios/fortios_firewall_policy.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_policy46.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_policy6.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_policy64.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_proxy_address.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_proxy_addrgrp.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_proxy_policy.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_schedule_group.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_service_custom.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_service_group.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_shaping_policy.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_shaping_profile.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_sniffer.py validate-modules:parameter-invalid -lib/ansible/modules/network/fortios/fortios_firewall_sniffer.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_ssl_ssh_profile.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_ttl_policy.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_vip.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_vip46.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_vip6.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_vip64.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_vipgrp.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_vipgrp46.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_vipgrp6.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_vipgrp64.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_firewall_wildcard_fqdn_group.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_ips_decoder.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_ips_rule.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_ips_sensor.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_ipv4_policy.py validate-modules:doc-missing-type -lib/ansible/modules/network/fortios/fortios_ipv4_policy.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_ipv4_policy.py validate-modules:parameter-type-not-in-doc -lib/ansible/modules/network/fortios/fortios_log_setting.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_log_syslogd2_setting.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_log_syslogd3_setting.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_log_syslogd4_setting.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_log_syslogd_override_setting.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_log_syslogd_setting.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_log_threat_weight.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_report_chart.py validate-modules:doc-choices-do-not-match-spec -lib/ansible/modules/network/fortios/fortios_report_chart.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_report_dataset.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_report_layout.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_router_access_list.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_router_access_list6.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_router_aspath_list.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_router_bfd.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_router_bfd6.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_router_bgp.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_router_community_list.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_router_isis.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_router_key_chain.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_router_multicast.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_router_multicast6.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_router_multicast_flow.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_router_ospf.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_router_ospf6.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_router_policy.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_router_prefix_list.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_router_prefix_list6.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_router_rip.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_router_ripng.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_router_route_map.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_spamfilter_bwl.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_spamfilter_bword.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_spamfilter_dnsbl.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_spamfilter_iptrust.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_spamfilter_mheader.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_spamfilter_profile.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_ssh_filter_profile.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_switch_controller_global.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_switch_controller_lldp_profile.py validate-modules:parameter-invalid -lib/ansible/modules/network/fortios/fortios_switch_controller_lldp_profile.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_switch_controller_managed_switch.py validate-modules:parameter-invalid -lib/ansible/modules/network/fortios/fortios_switch_controller_managed_switch.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_switch_controller_qos_ip_dscp_map.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_switch_controller_qos_queue_policy.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_switch_controller_quarantine.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_switch_controller_security_policy_802_1X.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_switch_controller_switch_group.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_switch_controller_vlan.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_admin.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_alarm.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_api_user.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_automation_action.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_automation_destination.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_automation_stitch.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_central_management.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_cluster_sync.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_csf.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_ddns.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_dhcp6_server.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_dhcp_server.py validate-modules:doc-choices-do-not-match-spec -lib/ansible/modules/network/fortios/fortios_system_dhcp_server.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_dns.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_dns_database.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_geoip_override.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_global.py validate-modules:doc-choices-do-not-match-spec -lib/ansible/modules/network/fortios/fortios_system_global.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_ha.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_interface.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_link_monitor.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_mobile_tunnel.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_nat64.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_nd_proxy.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_ntp.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_object_tagging.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_replacemsg_group.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_sdn_connector.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_session_ttl.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_settings.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_snmp_community.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_snmp_user.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_switch_interface.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_vdom_exception.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_virtual_wan_link.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_virtual_wire_pair.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_vxlan.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_system_zone.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_user_device.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_user_device_access_list.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_user_device_group.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_user_fsso_polling.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_user_group.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_user_peergrp.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_user_quarantine.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_user_radius.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_user_security_exempt_list.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_user_setting.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_voip_profile.py validate-modules:doc-choices-do-not-match-spec -lib/ansible/modules/network/fortios/fortios_vpn_ipsec_concentrator.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_vpn_ipsec_manualkey.py validate-modules:doc-choices-do-not-match-spec -lib/ansible/modules/network/fortios/fortios_vpn_ipsec_manualkey_interface.py validate-modules:doc-choices-do-not-match-spec -lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1_interface.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_vpn_ipsec_phase2_interface.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_vpn_ssl_settings.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_host_check_software.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_portal.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_user_bookmark.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_vpn_ssl_web_user_group_bookmark.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_waf_profile.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_wanopt_cache_service.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_wanopt_content_delivery_network_rule.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_web_proxy_explicit.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_web_proxy_forward_server_group.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_web_proxy_global.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_web_proxy_profile.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_webfilter.py validate-modules:doc-choices-do-not-match-spec -lib/ansible/modules/network/fortios/fortios_webfilter.py validate-modules:doc-choices-incompatible-type -lib/ansible/modules/network/fortios/fortios_webfilter.py validate-modules:doc-required-mismatch -lib/ansible/modules/network/fortios/fortios_webfilter.py validate-modules:invalid-ansiblemodule-schema -lib/ansible/modules/network/fortios/fortios_webfilter.py validate-modules:parameter-invalid -lib/ansible/modules/network/fortios/fortios_webfilter.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_webfilter.py validate-modules:parameter-type-not-in-doc -lib/ansible/modules/network/fortios/fortios_webfilter_content.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_webfilter_content_header.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_webfilter_profile.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_webfilter_urlfilter.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_wireless_controller_bonjour_profile.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_anqp_3gpp_cellular.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_anqp_nai_realm.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_anqp_roaming_consortium.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_anqp_venue_name.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_h2qp_operator_name.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_h2qp_osu_provider.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_hs_profile.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_icon.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_wireless_controller_hotspot20_qos_map.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_wireless_controller_inter_controller.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_wireless_controller_qos_profile.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_wireless_controller_setting.py validate-modules:doc-choices-do-not-match-spec -lib/ansible/modules/network/fortios/fortios_wireless_controller_timers.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_wireless_controller_vap.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_wireless_controller_vap_group.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp.py validate-modules:doc-choices-do-not-match-spec -lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp_group.py validate-modules:parameter-list-no-elements -lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp_profile.py validate-modules:doc-choices-do-not-match-spec -lib/ansible/modules/network/fortios/fortios_wireless_controller_wtp_profile.py validate-modules:parameter-list-no-elements lib/ansible/modules/network/ios/_ios_interface.py validate-modules:doc-choices-do-not-match-spec lib/ansible/modules/network/ios/_ios_interface.py validate-modules:doc-default-does-not-match-spec lib/ansible/modules/network/ios/_ios_interface.py validate-modules:doc-elements-mismatch @@ -3921,8 +3698,6 @@ lib/ansible/plugins/doc_fragments/f5.py future-import-boilerplate lib/ansible/plugins/doc_fragments/f5.py metaclass-boilerplate lib/ansible/plugins/doc_fragments/files.py future-import-boilerplate lib/ansible/plugins/doc_fragments/files.py metaclass-boilerplate -lib/ansible/plugins/doc_fragments/fortios.py future-import-boilerplate -lib/ansible/plugins/doc_fragments/fortios.py metaclass-boilerplate lib/ansible/plugins/doc_fragments/hcloud.py future-import-boilerplate lib/ansible/plugins/doc_fragments/hcloud.py metaclass-boilerplate lib/ansible/plugins/doc_fragments/intersight.py future-import-boilerplate diff --git a/test/units/modules/network/fortios/test_fortios_alertemail_setting.py b/test/units/modules/network/fortios/test_fortios_alertemail_setting.py deleted file mode 100644 index 1b9617f1810..00000000000 --- a/test/units/modules/network/fortios/test_fortios_alertemail_setting.py +++ /dev/null @@ -1,431 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_alertemail_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_alertemail_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_alertemail_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'alertemail_setting': { - 'admin_login_logs': 'enable', - 'alert_interval': '4', - 'amc_interface_bypass_mode': 'enable', - 'antivirus_logs': 'enable', - 'configuration_changes_logs': 'enable', - 'critical_interval': '8', - 'debug_interval': '9', - 'email_interval': '10', - 'emergency_interval': '11', - 'error_interval': '12', - 'FDS_license_expiring_days': '13', - 'FDS_license_expiring_warning': 'enable', - 'FDS_update_logs': 'enable', - 'filter_mode': 'category', - 'FIPS_CC_errors': 'enable', - 'firewall_authentication_failure_logs': 'enable', - 'fortiguard_log_quota_warning': 'enable', - 'FSSO_disconnect_logs': 'enable', - 'HA_logs': 'enable', - 'information_interval': '22', - 'IPS_logs': 'enable', - 'IPsec_errors_logs': 'enable', - 'local_disk_usage': '25', - 'log_disk_usage_warning': 'enable', - 'mailto1': 'test_value_27', - 'mailto2': 'test_value_28', - 'mailto3': 'test_value_29', - 'notification_interval': '30', - 'PPP_errors_logs': 'enable', - 'severity': 'emergency', - 'ssh_logs': 'enable', - 'sslvpn_authentication_errors_logs': 'enable', - 'username': 'test_value_35', - 'violation_traffic_logs': 'enable', - 'warning_interval': '37', - 'webfilter_logs': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_alertemail_setting.fortios_alertemail(input_data, fos_instance) - - expected_data = { - 'admin-login-logs': 'enable', - 'alert-interval': '4', - 'amc-interface-bypass-mode': 'enable', - 'antivirus-logs': 'enable', - 'configuration-changes-logs': 'enable', - 'critical-interval': '8', - 'debug-interval': '9', - 'email-interval': '10', - 'emergency-interval': '11', - 'error-interval': '12', - 'FDS-license-expiring-days': '13', - 'FDS-license-expiring-warning': 'enable', - 'FDS-update-logs': 'enable', - 'filter-mode': 'category', - 'FIPS-CC-errors': 'enable', - 'firewall-authentication-failure-logs': 'enable', - 'fortiguard-log-quota-warning': 'enable', - 'FSSO-disconnect-logs': 'enable', - 'HA-logs': 'enable', - 'information-interval': '22', - 'IPS-logs': 'enable', - 'IPsec-errors-logs': 'enable', - 'local-disk-usage': '25', - 'log-disk-usage-warning': 'enable', - 'mailto1': 'test_value_27', - 'mailto2': 'test_value_28', - 'mailto3': 'test_value_29', - 'notification-interval': '30', - 'PPP-errors-logs': 'enable', - 'severity': 'emergency', - 'ssh-logs': 'enable', - 'sslvpn-authentication-errors-logs': 'enable', - 'username': 'test_value_35', - 'violation-traffic-logs': 'enable', - 'warning-interval': '37', - 'webfilter-logs': 'enable' - } - - set_method_mock.assert_called_with('alertemail', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_alertemail_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'alertemail_setting': { - 'admin_login_logs': 'enable', - 'alert_interval': '4', - 'amc_interface_bypass_mode': 'enable', - 'antivirus_logs': 'enable', - 'configuration_changes_logs': 'enable', - 'critical_interval': '8', - 'debug_interval': '9', - 'email_interval': '10', - 'emergency_interval': '11', - 'error_interval': '12', - 'FDS_license_expiring_days': '13', - 'FDS_license_expiring_warning': 'enable', - 'FDS_update_logs': 'enable', - 'filter_mode': 'category', - 'FIPS_CC_errors': 'enable', - 'firewall_authentication_failure_logs': 'enable', - 'fortiguard_log_quota_warning': 'enable', - 'FSSO_disconnect_logs': 'enable', - 'HA_logs': 'enable', - 'information_interval': '22', - 'IPS_logs': 'enable', - 'IPsec_errors_logs': 'enable', - 'local_disk_usage': '25', - 'log_disk_usage_warning': 'enable', - 'mailto1': 'test_value_27', - 'mailto2': 'test_value_28', - 'mailto3': 'test_value_29', - 'notification_interval': '30', - 'PPP_errors_logs': 'enable', - 'severity': 'emergency', - 'ssh_logs': 'enable', - 'sslvpn_authentication_errors_logs': 'enable', - 'username': 'test_value_35', - 'violation_traffic_logs': 'enable', - 'warning_interval': '37', - 'webfilter_logs': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_alertemail_setting.fortios_alertemail(input_data, fos_instance) - - expected_data = { - 'admin-login-logs': 'enable', - 'alert-interval': '4', - 'amc-interface-bypass-mode': 'enable', - 'antivirus-logs': 'enable', - 'configuration-changes-logs': 'enable', - 'critical-interval': '8', - 'debug-interval': '9', - 'email-interval': '10', - 'emergency-interval': '11', - 'error-interval': '12', - 'FDS-license-expiring-days': '13', - 'FDS-license-expiring-warning': 'enable', - 'FDS-update-logs': 'enable', - 'filter-mode': 'category', - 'FIPS-CC-errors': 'enable', - 'firewall-authentication-failure-logs': 'enable', - 'fortiguard-log-quota-warning': 'enable', - 'FSSO-disconnect-logs': 'enable', - 'HA-logs': 'enable', - 'information-interval': '22', - 'IPS-logs': 'enable', - 'IPsec-errors-logs': 'enable', - 'local-disk-usage': '25', - 'log-disk-usage-warning': 'enable', - 'mailto1': 'test_value_27', - 'mailto2': 'test_value_28', - 'mailto3': 'test_value_29', - 'notification-interval': '30', - 'PPP-errors-logs': 'enable', - 'severity': 'emergency', - 'ssh-logs': 'enable', - 'sslvpn-authentication-errors-logs': 'enable', - 'username': 'test_value_35', - 'violation-traffic-logs': 'enable', - 'warning-interval': '37', - 'webfilter-logs': 'enable' - } - - set_method_mock.assert_called_with('alertemail', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_alertemail_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'alertemail_setting': { - 'admin_login_logs': 'enable', - 'alert_interval': '4', - 'amc_interface_bypass_mode': 'enable', - 'antivirus_logs': 'enable', - 'configuration_changes_logs': 'enable', - 'critical_interval': '8', - 'debug_interval': '9', - 'email_interval': '10', - 'emergency_interval': '11', - 'error_interval': '12', - 'FDS_license_expiring_days': '13', - 'FDS_license_expiring_warning': 'enable', - 'FDS_update_logs': 'enable', - 'filter_mode': 'category', - 'FIPS_CC_errors': 'enable', - 'firewall_authentication_failure_logs': 'enable', - 'fortiguard_log_quota_warning': 'enable', - 'FSSO_disconnect_logs': 'enable', - 'HA_logs': 'enable', - 'information_interval': '22', - 'IPS_logs': 'enable', - 'IPsec_errors_logs': 'enable', - 'local_disk_usage': '25', - 'log_disk_usage_warning': 'enable', - 'mailto1': 'test_value_27', - 'mailto2': 'test_value_28', - 'mailto3': 'test_value_29', - 'notification_interval': '30', - 'PPP_errors_logs': 'enable', - 'severity': 'emergency', - 'ssh_logs': 'enable', - 'sslvpn_authentication_errors_logs': 'enable', - 'username': 'test_value_35', - 'violation_traffic_logs': 'enable', - 'warning_interval': '37', - 'webfilter_logs': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_alertemail_setting.fortios_alertemail(input_data, fos_instance) - - expected_data = { - 'admin-login-logs': 'enable', - 'alert-interval': '4', - 'amc-interface-bypass-mode': 'enable', - 'antivirus-logs': 'enable', - 'configuration-changes-logs': 'enable', - 'critical-interval': '8', - 'debug-interval': '9', - 'email-interval': '10', - 'emergency-interval': '11', - 'error-interval': '12', - 'FDS-license-expiring-days': '13', - 'FDS-license-expiring-warning': 'enable', - 'FDS-update-logs': 'enable', - 'filter-mode': 'category', - 'FIPS-CC-errors': 'enable', - 'firewall-authentication-failure-logs': 'enable', - 'fortiguard-log-quota-warning': 'enable', - 'FSSO-disconnect-logs': 'enable', - 'HA-logs': 'enable', - 'information-interval': '22', - 'IPS-logs': 'enable', - 'IPsec-errors-logs': 'enable', - 'local-disk-usage': '25', - 'log-disk-usage-warning': 'enable', - 'mailto1': 'test_value_27', - 'mailto2': 'test_value_28', - 'mailto3': 'test_value_29', - 'notification-interval': '30', - 'PPP-errors-logs': 'enable', - 'severity': 'emergency', - 'ssh-logs': 'enable', - 'sslvpn-authentication-errors-logs': 'enable', - 'username': 'test_value_35', - 'violation-traffic-logs': 'enable', - 'warning-interval': '37', - 'webfilter-logs': 'enable' - } - - set_method_mock.assert_called_with('alertemail', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_alertemail_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'alertemail_setting': { - 'random_attribute_not_valid': 'tag', - 'admin_login_logs': 'enable', - 'alert_interval': '4', - 'amc_interface_bypass_mode': 'enable', - 'antivirus_logs': 'enable', - 'configuration_changes_logs': 'enable', - 'critical_interval': '8', - 'debug_interval': '9', - 'email_interval': '10', - 'emergency_interval': '11', - 'error_interval': '12', - 'FDS_license_expiring_days': '13', - 'FDS_license_expiring_warning': 'enable', - 'FDS_update_logs': 'enable', - 'filter_mode': 'category', - 'FIPS_CC_errors': 'enable', - 'firewall_authentication_failure_logs': 'enable', - 'fortiguard_log_quota_warning': 'enable', - 'FSSO_disconnect_logs': 'enable', - 'HA_logs': 'enable', - 'information_interval': '22', - 'IPS_logs': 'enable', - 'IPsec_errors_logs': 'enable', - 'local_disk_usage': '25', - 'log_disk_usage_warning': 'enable', - 'mailto1': 'test_value_27', - 'mailto2': 'test_value_28', - 'mailto3': 'test_value_29', - 'notification_interval': '30', - 'PPP_errors_logs': 'enable', - 'severity': 'emergency', - 'ssh_logs': 'enable', - 'sslvpn_authentication_errors_logs': 'enable', - 'username': 'test_value_35', - 'violation_traffic_logs': 'enable', - 'warning_interval': '37', - 'webfilter_logs': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_alertemail_setting.fortios_alertemail(input_data, fos_instance) - - expected_data = { - 'admin-login-logs': 'enable', - 'alert-interval': '4', - 'amc-interface-bypass-mode': 'enable', - 'antivirus-logs': 'enable', - 'configuration-changes-logs': 'enable', - 'critical-interval': '8', - 'debug-interval': '9', - 'email-interval': '10', - 'emergency-interval': '11', - 'error-interval': '12', - 'FDS-license-expiring-days': '13', - 'FDS-license-expiring-warning': 'enable', - 'FDS-update-logs': 'enable', - 'filter-mode': 'category', - 'FIPS-CC-errors': 'enable', - 'firewall-authentication-failure-logs': 'enable', - 'fortiguard-log-quota-warning': 'enable', - 'FSSO-disconnect-logs': 'enable', - 'HA-logs': 'enable', - 'information-interval': '22', - 'IPS-logs': 'enable', - 'IPsec-errors-logs': 'enable', - 'local-disk-usage': '25', - 'log-disk-usage-warning': 'enable', - 'mailto1': 'test_value_27', - 'mailto2': 'test_value_28', - 'mailto3': 'test_value_29', - 'notification-interval': '30', - 'PPP-errors-logs': 'enable', - 'severity': 'emergency', - 'ssh-logs': 'enable', - 'sslvpn-authentication-errors-logs': 'enable', - 'username': 'test_value_35', - 'violation-traffic-logs': 'enable', - 'warning-interval': '37', - 'webfilter-logs': 'enable' - } - - set_method_mock.assert_called_with('alertemail', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_antivirus_heuristic.py b/test/units/modules/network/fortios/test_fortios_antivirus_heuristic.py deleted file mode 100644 index 83073e48646..00000000000 --- a/test/units/modules/network/fortios/test_fortios_antivirus_heuristic.py +++ /dev/null @@ -1,151 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_antivirus_heuristic -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_antivirus_heuristic.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_antivirus_heuristic_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'antivirus_heuristic': { - 'mode': 'pass' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_antivirus_heuristic.fortios_antivirus(input_data, fos_instance) - - expected_data = { - 'mode': 'pass' - } - - set_method_mock.assert_called_with('antivirus', 'heuristic', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_antivirus_heuristic_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'antivirus_heuristic': { - 'mode': 'pass' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_antivirus_heuristic.fortios_antivirus(input_data, fos_instance) - - expected_data = { - 'mode': 'pass' - } - - set_method_mock.assert_called_with('antivirus', 'heuristic', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_antivirus_heuristic_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'antivirus_heuristic': { - 'mode': 'pass' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_antivirus_heuristic.fortios_antivirus(input_data, fos_instance) - - expected_data = { - 'mode': 'pass' - } - - set_method_mock.assert_called_with('antivirus', 'heuristic', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_antivirus_heuristic_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'antivirus_heuristic': { - 'random_attribute_not_valid': 'tag', - 'mode': 'pass' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_antivirus_heuristic.fortios_antivirus(input_data, fos_instance) - - expected_data = { - 'mode': 'pass' - } - - set_method_mock.assert_called_with('antivirus', 'heuristic', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_antivirus_profile.py b/test/units/modules/network/fortios/test_fortios_antivirus_profile.py deleted file mode 100644 index d0a804a4ab3..00000000000 --- a/test/units/modules/network/fortios/test_fortios_antivirus_profile.py +++ /dev/null @@ -1,339 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_antivirus_profile -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_antivirus_profile.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_antivirus_profile_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'antivirus_profile': { - 'analytics_bl_filetype': '3', - 'analytics_db': 'disable', - 'analytics_max_upload': '5', - 'analytics_wl_filetype': '6', - 'av_block_log': 'enable', - 'av_virus_log': 'enable', - 'comment': 'Comment.', - 'extended_log': 'enable', - 'ftgd_analytics': 'disable', - 'inspection_mode': 'proxy', - 'mobile_malware_db': 'disable', - 'name': 'default_name_14', - 'replacemsg_group': 'test_value_15', - 'scan_mode': 'quick', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_antivirus_profile.fortios_antivirus(input_data, fos_instance) - - expected_data = { - 'analytics-bl-filetype': '3', - 'analytics-db': 'disable', - 'analytics-max-upload': '5', - 'analytics-wl-filetype': '6', - 'av-block-log': 'enable', - 'av-virus-log': 'enable', - 'comment': 'Comment.', - 'extended-log': 'enable', - 'ftgd-analytics': 'disable', - 'inspection-mode': 'proxy', - 'mobile-malware-db': 'disable', - 'name': 'default_name_14', - 'replacemsg-group': 'test_value_15', - 'scan-mode': 'quick', - - } - - set_method_mock.assert_called_with('antivirus', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_antivirus_profile_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'antivirus_profile': { - 'analytics_bl_filetype': '3', - 'analytics_db': 'disable', - 'analytics_max_upload': '5', - 'analytics_wl_filetype': '6', - 'av_block_log': 'enable', - 'av_virus_log': 'enable', - 'comment': 'Comment.', - 'extended_log': 'enable', - 'ftgd_analytics': 'disable', - 'inspection_mode': 'proxy', - 'mobile_malware_db': 'disable', - 'name': 'default_name_14', - 'replacemsg_group': 'test_value_15', - 'scan_mode': 'quick', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_antivirus_profile.fortios_antivirus(input_data, fos_instance) - - expected_data = { - 'analytics-bl-filetype': '3', - 'analytics-db': 'disable', - 'analytics-max-upload': '5', - 'analytics-wl-filetype': '6', - 'av-block-log': 'enable', - 'av-virus-log': 'enable', - 'comment': 'Comment.', - 'extended-log': 'enable', - 'ftgd-analytics': 'disable', - 'inspection-mode': 'proxy', - 'mobile-malware-db': 'disable', - 'name': 'default_name_14', - 'replacemsg-group': 'test_value_15', - 'scan-mode': 'quick', - - } - - set_method_mock.assert_called_with('antivirus', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_antivirus_profile_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'antivirus_profile': { - 'analytics_bl_filetype': '3', - 'analytics_db': 'disable', - 'analytics_max_upload': '5', - 'analytics_wl_filetype': '6', - 'av_block_log': 'enable', - 'av_virus_log': 'enable', - 'comment': 'Comment.', - 'extended_log': 'enable', - 'ftgd_analytics': 'disable', - 'inspection_mode': 'proxy', - 'mobile_malware_db': 'disable', - 'name': 'default_name_14', - 'replacemsg_group': 'test_value_15', - 'scan_mode': 'quick', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_antivirus_profile.fortios_antivirus(input_data, fos_instance) - - delete_method_mock.assert_called_with('antivirus', 'profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_antivirus_profile_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'antivirus_profile': { - 'analytics_bl_filetype': '3', - 'analytics_db': 'disable', - 'analytics_max_upload': '5', - 'analytics_wl_filetype': '6', - 'av_block_log': 'enable', - 'av_virus_log': 'enable', - 'comment': 'Comment.', - 'extended_log': 'enable', - 'ftgd_analytics': 'disable', - 'inspection_mode': 'proxy', - 'mobile_malware_db': 'disable', - 'name': 'default_name_14', - 'replacemsg_group': 'test_value_15', - 'scan_mode': 'quick', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_antivirus_profile.fortios_antivirus(input_data, fos_instance) - - delete_method_mock.assert_called_with('antivirus', 'profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_antivirus_profile_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'antivirus_profile': { - 'analytics_bl_filetype': '3', - 'analytics_db': 'disable', - 'analytics_max_upload': '5', - 'analytics_wl_filetype': '6', - 'av_block_log': 'enable', - 'av_virus_log': 'enable', - 'comment': 'Comment.', - 'extended_log': 'enable', - 'ftgd_analytics': 'disable', - 'inspection_mode': 'proxy', - 'mobile_malware_db': 'disable', - 'name': 'default_name_14', - 'replacemsg_group': 'test_value_15', - 'scan_mode': 'quick', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_antivirus_profile.fortios_antivirus(input_data, fos_instance) - - expected_data = { - 'analytics-bl-filetype': '3', - 'analytics-db': 'disable', - 'analytics-max-upload': '5', - 'analytics-wl-filetype': '6', - 'av-block-log': 'enable', - 'av-virus-log': 'enable', - 'comment': 'Comment.', - 'extended-log': 'enable', - 'ftgd-analytics': 'disable', - 'inspection-mode': 'proxy', - 'mobile-malware-db': 'disable', - 'name': 'default_name_14', - 'replacemsg-group': 'test_value_15', - 'scan-mode': 'quick', - - } - - set_method_mock.assert_called_with('antivirus', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_antivirus_profile_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'antivirus_profile': { - 'random_attribute_not_valid': 'tag', - 'analytics_bl_filetype': '3', - 'analytics_db': 'disable', - 'analytics_max_upload': '5', - 'analytics_wl_filetype': '6', - 'av_block_log': 'enable', - 'av_virus_log': 'enable', - 'comment': 'Comment.', - 'extended_log': 'enable', - 'ftgd_analytics': 'disable', - 'inspection_mode': 'proxy', - 'mobile_malware_db': 'disable', - 'name': 'default_name_14', - 'replacemsg_group': 'test_value_15', - 'scan_mode': 'quick', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_antivirus_profile.fortios_antivirus(input_data, fos_instance) - - expected_data = { - 'analytics-bl-filetype': '3', - 'analytics-db': 'disable', - 'analytics-max-upload': '5', - 'analytics-wl-filetype': '6', - 'av-block-log': 'enable', - 'av-virus-log': 'enable', - 'comment': 'Comment.', - 'extended-log': 'enable', - 'ftgd-analytics': 'disable', - 'inspection-mode': 'proxy', - 'mobile-malware-db': 'disable', - 'name': 'default_name_14', - 'replacemsg-group': 'test_value_15', - 'scan-mode': 'quick', - - } - - set_method_mock.assert_called_with('antivirus', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_antivirus_quarantine.py b/test/units/modules/network/fortios/test_fortios_antivirus_quarantine.py deleted file mode 100644 index 8d2cf19e06b..00000000000 --- a/test/units/modules/network/fortios/test_fortios_antivirus_quarantine.py +++ /dev/null @@ -1,231 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_antivirus_quarantine -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_antivirus_quarantine.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_antivirus_quarantine_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'antivirus_quarantine': { - 'agelimit': '3', - 'destination': 'NULL', - 'drop_blocked': 'imap', - 'drop_heuristic': 'imap', - 'drop_infected': 'imap', - 'lowspace': 'drop-new', - 'maxfilesize': '9', - 'quarantine_quota': '10', - 'store_blocked': 'imap', - 'store_heuristic': 'imap', - 'store_infected': 'imap' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_antivirus_quarantine.fortios_antivirus(input_data, fos_instance) - - expected_data = { - 'agelimit': '3', - 'destination': 'NULL', - 'drop-blocked': 'imap', - 'drop-heuristic': 'imap', - 'drop-infected': 'imap', - 'lowspace': 'drop-new', - 'maxfilesize': '9', - 'quarantine-quota': '10', - 'store-blocked': 'imap', - 'store-heuristic': 'imap', - 'store-infected': 'imap' - } - - set_method_mock.assert_called_with('antivirus', 'quarantine', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_antivirus_quarantine_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'antivirus_quarantine': { - 'agelimit': '3', - 'destination': 'NULL', - 'drop_blocked': 'imap', - 'drop_heuristic': 'imap', - 'drop_infected': 'imap', - 'lowspace': 'drop-new', - 'maxfilesize': '9', - 'quarantine_quota': '10', - 'store_blocked': 'imap', - 'store_heuristic': 'imap', - 'store_infected': 'imap' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_antivirus_quarantine.fortios_antivirus(input_data, fos_instance) - - expected_data = { - 'agelimit': '3', - 'destination': 'NULL', - 'drop-blocked': 'imap', - 'drop-heuristic': 'imap', - 'drop-infected': 'imap', - 'lowspace': 'drop-new', - 'maxfilesize': '9', - 'quarantine-quota': '10', - 'store-blocked': 'imap', - 'store-heuristic': 'imap', - 'store-infected': 'imap' - } - - set_method_mock.assert_called_with('antivirus', 'quarantine', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_antivirus_quarantine_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'antivirus_quarantine': { - 'agelimit': '3', - 'destination': 'NULL', - 'drop_blocked': 'imap', - 'drop_heuristic': 'imap', - 'drop_infected': 'imap', - 'lowspace': 'drop-new', - 'maxfilesize': '9', - 'quarantine_quota': '10', - 'store_blocked': 'imap', - 'store_heuristic': 'imap', - 'store_infected': 'imap' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_antivirus_quarantine.fortios_antivirus(input_data, fos_instance) - - expected_data = { - 'agelimit': '3', - 'destination': 'NULL', - 'drop-blocked': 'imap', - 'drop-heuristic': 'imap', - 'drop-infected': 'imap', - 'lowspace': 'drop-new', - 'maxfilesize': '9', - 'quarantine-quota': '10', - 'store-blocked': 'imap', - 'store-heuristic': 'imap', - 'store-infected': 'imap' - } - - set_method_mock.assert_called_with('antivirus', 'quarantine', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_antivirus_quarantine_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'antivirus_quarantine': { - 'random_attribute_not_valid': 'tag', - 'agelimit': '3', - 'destination': 'NULL', - 'drop_blocked': 'imap', - 'drop_heuristic': 'imap', - 'drop_infected': 'imap', - 'lowspace': 'drop-new', - 'maxfilesize': '9', - 'quarantine_quota': '10', - 'store_blocked': 'imap', - 'store_heuristic': 'imap', - 'store_infected': 'imap' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_antivirus_quarantine.fortios_antivirus(input_data, fos_instance) - - expected_data = { - 'agelimit': '3', - 'destination': 'NULL', - 'drop-blocked': 'imap', - 'drop-heuristic': 'imap', - 'drop-infected': 'imap', - 'lowspace': 'drop-new', - 'maxfilesize': '9', - 'quarantine-quota': '10', - 'store-blocked': 'imap', - 'store-heuristic': 'imap', - 'store-infected': 'imap' - } - - set_method_mock.assert_called_with('antivirus', 'quarantine', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_antivirus_settings.py b/test/units/modules/network/fortios/test_fortios_antivirus_settings.py deleted file mode 100644 index 7651eb98e9a..00000000000 --- a/test/units/modules/network/fortios/test_fortios_antivirus_settings.py +++ /dev/null @@ -1,167 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_antivirus_settings -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_antivirus_settings.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_antivirus_settings_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'antivirus_settings': { - 'default_db': 'normal', - 'grayware': 'enable', - 'override_timeout': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_antivirus_settings.fortios_antivirus(input_data, fos_instance) - - expected_data = { - 'default-db': 'normal', - 'grayware': 'enable', - 'override-timeout': '5' - } - - set_method_mock.assert_called_with('antivirus', 'settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_antivirus_settings_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'antivirus_settings': { - 'default_db': 'normal', - 'grayware': 'enable', - 'override_timeout': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_antivirus_settings.fortios_antivirus(input_data, fos_instance) - - expected_data = { - 'default-db': 'normal', - 'grayware': 'enable', - 'override-timeout': '5' - } - - set_method_mock.assert_called_with('antivirus', 'settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_antivirus_settings_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'antivirus_settings': { - 'default_db': 'normal', - 'grayware': 'enable', - 'override_timeout': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_antivirus_settings.fortios_antivirus(input_data, fos_instance) - - expected_data = { - 'default-db': 'normal', - 'grayware': 'enable', - 'override-timeout': '5' - } - - set_method_mock.assert_called_with('antivirus', 'settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_antivirus_settings_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'antivirus_settings': { - 'random_attribute_not_valid': 'tag', - 'default_db': 'normal', - 'grayware': 'enable', - 'override_timeout': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_antivirus_settings.fortios_antivirus(input_data, fos_instance) - - expected_data = { - 'default-db': 'normal', - 'grayware': 'enable', - 'override-timeout': '5' - } - - set_method_mock.assert_called_with('antivirus', 'settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_application_custom.py b/test/units/modules/network/fortios/test_fortios_application_custom.py deleted file mode 100644 index d0d332d80a2..00000000000 --- a/test/units/modules/network/fortios/test_fortios_application_custom.py +++ /dev/null @@ -1,289 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_application_custom -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_application_custom.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_application_custom_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'application_custom': { - 'behavior': 'test_value_3', - 'category': '4', - 'comment': 'Comment.', - 'id': '6', - 'name': 'default_name_7', - 'protocol': 'test_value_8', - 'signature': 'test_value_9', - 'tag': 'test_value_10', - 'technology': 'test_value_11', - 'vendor': 'test_value_12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_custom.fortios_application(input_data, fos_instance) - - expected_data = { - 'behavior': 'test_value_3', - 'category': '4', - 'comment': 'Comment.', - 'id': '6', - 'name': 'default_name_7', - 'protocol': 'test_value_8', - 'signature': 'test_value_9', - 'tag': 'test_value_10', - 'technology': 'test_value_11', - 'vendor': 'test_value_12' - } - - set_method_mock.assert_called_with('application', 'custom', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_application_custom_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'application_custom': { - 'behavior': 'test_value_3', - 'category': '4', - 'comment': 'Comment.', - 'id': '6', - 'name': 'default_name_7', - 'protocol': 'test_value_8', - 'signature': 'test_value_9', - 'tag': 'test_value_10', - 'technology': 'test_value_11', - 'vendor': 'test_value_12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_custom.fortios_application(input_data, fos_instance) - - expected_data = { - 'behavior': 'test_value_3', - 'category': '4', - 'comment': 'Comment.', - 'id': '6', - 'name': 'default_name_7', - 'protocol': 'test_value_8', - 'signature': 'test_value_9', - 'tag': 'test_value_10', - 'technology': 'test_value_11', - 'vendor': 'test_value_12' - } - - set_method_mock.assert_called_with('application', 'custom', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_application_custom_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'application_custom': { - 'behavior': 'test_value_3', - 'category': '4', - 'comment': 'Comment.', - 'id': '6', - 'name': 'default_name_7', - 'protocol': 'test_value_8', - 'signature': 'test_value_9', - 'tag': 'test_value_10', - 'technology': 'test_value_11', - 'vendor': 'test_value_12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_custom.fortios_application(input_data, fos_instance) - - delete_method_mock.assert_called_with('application', 'custom', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_application_custom_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'application_custom': { - 'behavior': 'test_value_3', - 'category': '4', - 'comment': 'Comment.', - 'id': '6', - 'name': 'default_name_7', - 'protocol': 'test_value_8', - 'signature': 'test_value_9', - 'tag': 'test_value_10', - 'technology': 'test_value_11', - 'vendor': 'test_value_12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_custom.fortios_application(input_data, fos_instance) - - delete_method_mock.assert_called_with('application', 'custom', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_application_custom_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'application_custom': { - 'behavior': 'test_value_3', - 'category': '4', - 'comment': 'Comment.', - 'id': '6', - 'name': 'default_name_7', - 'protocol': 'test_value_8', - 'signature': 'test_value_9', - 'tag': 'test_value_10', - 'technology': 'test_value_11', - 'vendor': 'test_value_12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_custom.fortios_application(input_data, fos_instance) - - expected_data = { - 'behavior': 'test_value_3', - 'category': '4', - 'comment': 'Comment.', - 'id': '6', - 'name': 'default_name_7', - 'protocol': 'test_value_8', - 'signature': 'test_value_9', - 'tag': 'test_value_10', - 'technology': 'test_value_11', - 'vendor': 'test_value_12' - } - - set_method_mock.assert_called_with('application', 'custom', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_application_custom_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'application_custom': { - 'random_attribute_not_valid': 'tag', - 'behavior': 'test_value_3', - 'category': '4', - 'comment': 'Comment.', - 'id': '6', - 'name': 'default_name_7', - 'protocol': 'test_value_8', - 'signature': 'test_value_9', - 'tag': 'test_value_10', - 'technology': 'test_value_11', - 'vendor': 'test_value_12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_custom.fortios_application(input_data, fos_instance) - - expected_data = { - 'behavior': 'test_value_3', - 'category': '4', - 'comment': 'Comment.', - 'id': '6', - 'name': 'default_name_7', - 'protocol': 'test_value_8', - 'signature': 'test_value_9', - 'tag': 'test_value_10', - 'technology': 'test_value_11', - 'vendor': 'test_value_12' - } - - set_method_mock.assert_called_with('application', 'custom', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_application_group.py b/test/units/modules/network/fortios/test_fortios_application_group.py deleted file mode 100644 index 881735cc14b..00000000000 --- a/test/units/modules/network/fortios/test_fortios_application_group.py +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_application_group -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_application_group.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_application_group_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'application_group': {'comment': 'Comment', - 'name': 'default_name_4', - 'type': 'application' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_group.fortios_application(input_data, fos_instance) - - expected_data = {'comment': 'Comment', - 'name': 'default_name_4', - 'type': 'application' - } - - set_method_mock.assert_called_with('application', 'group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_application_group_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'application_group': {'comment': 'Comment', - 'name': 'default_name_4', - 'type': 'application' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_group.fortios_application(input_data, fos_instance) - - expected_data = {'comment': 'Comment', - 'name': 'default_name_4', - 'type': 'application' - } - - set_method_mock.assert_called_with('application', 'group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_application_group_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'application_group': {'comment': 'Comment', - 'name': 'default_name_4', - 'type': 'application' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_group.fortios_application(input_data, fos_instance) - - delete_method_mock.assert_called_with('application', 'group', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_application_group_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'application_group': {'comment': 'Comment', - 'name': 'default_name_4', - 'type': 'application' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_group.fortios_application(input_data, fos_instance) - - delete_method_mock.assert_called_with('application', 'group', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_application_group_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'application_group': {'comment': 'Comment', - 'name': 'default_name_4', - 'type': 'application' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_group.fortios_application(input_data, fos_instance) - - expected_data = {'comment': 'Comment', - 'name': 'default_name_4', - 'type': 'application' - } - - set_method_mock.assert_called_with('application', 'group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_application_group_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'application_group': { - 'random_attribute_not_valid': 'tag', 'comment': 'Comment', - 'name': 'default_name_4', - 'type': 'application' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_group.fortios_application(input_data, fos_instance) - - expected_data = {'comment': 'Comment', - 'name': 'default_name_4', - 'type': 'application' - } - - set_method_mock.assert_called_with('application', 'group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_application_list.py b/test/units/modules/network/fortios/test_fortios_application_list.py deleted file mode 100644 index 41810cbe210..00000000000 --- a/test/units/modules/network/fortios/test_fortios_application_list.py +++ /dev/null @@ -1,309 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_application_list -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_application_list.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_application_list_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'application_list': { - 'app_replacemsg': 'disable', - 'comment': 'comments', - 'deep_app_inspection': 'disable', - 'extended_log': 'enable', - 'name': 'default_name_7', - 'options': 'allow-dns', - 'other_application_action': 'pass', - 'other_application_log': 'disable', - 'p2p_black_list': 'skype', - 'replacemsg_group': 'test_value_12', - 'unknown_application_action': 'pass', - 'unknown_application_log': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_list.fortios_application(input_data, fos_instance) - - expected_data = { - 'app-replacemsg': 'disable', - 'comment': 'comments', - 'deep-app-inspection': 'disable', - 'extended-log': 'enable', - 'name': 'default_name_7', - 'options': 'allow-dns', - 'other-application-action': 'pass', - 'other-application-log': 'disable', - 'p2p-black-list': 'skype', - 'replacemsg-group': 'test_value_12', - 'unknown-application-action': 'pass', - 'unknown-application-log': 'disable' - } - - set_method_mock.assert_called_with('application', 'list', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_application_list_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'application_list': { - 'app_replacemsg': 'disable', - 'comment': 'comments', - 'deep_app_inspection': 'disable', - 'extended_log': 'enable', - 'name': 'default_name_7', - 'options': 'allow-dns', - 'other_application_action': 'pass', - 'other_application_log': 'disable', - 'p2p_black_list': 'skype', - 'replacemsg_group': 'test_value_12', - 'unknown_application_action': 'pass', - 'unknown_application_log': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_list.fortios_application(input_data, fos_instance) - - expected_data = { - 'app-replacemsg': 'disable', - 'comment': 'comments', - 'deep-app-inspection': 'disable', - 'extended-log': 'enable', - 'name': 'default_name_7', - 'options': 'allow-dns', - 'other-application-action': 'pass', - 'other-application-log': 'disable', - 'p2p-black-list': 'skype', - 'replacemsg-group': 'test_value_12', - 'unknown-application-action': 'pass', - 'unknown-application-log': 'disable' - } - - set_method_mock.assert_called_with('application', 'list', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_application_list_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'application_list': { - 'app_replacemsg': 'disable', - 'comment': 'comments', - 'deep_app_inspection': 'disable', - 'extended_log': 'enable', - 'name': 'default_name_7', - 'options': 'allow-dns', - 'other_application_action': 'pass', - 'other_application_log': 'disable', - 'p2p_black_list': 'skype', - 'replacemsg_group': 'test_value_12', - 'unknown_application_action': 'pass', - 'unknown_application_log': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_list.fortios_application(input_data, fos_instance) - - delete_method_mock.assert_called_with('application', 'list', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_application_list_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'application_list': { - 'app_replacemsg': 'disable', - 'comment': 'comments', - 'deep_app_inspection': 'disable', - 'extended_log': 'enable', - 'name': 'default_name_7', - 'options': 'allow-dns', - 'other_application_action': 'pass', - 'other_application_log': 'disable', - 'p2p_black_list': 'skype', - 'replacemsg_group': 'test_value_12', - 'unknown_application_action': 'pass', - 'unknown_application_log': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_list.fortios_application(input_data, fos_instance) - - delete_method_mock.assert_called_with('application', 'list', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_application_list_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'application_list': { - 'app_replacemsg': 'disable', - 'comment': 'comments', - 'deep_app_inspection': 'disable', - 'extended_log': 'enable', - 'name': 'default_name_7', - 'options': 'allow-dns', - 'other_application_action': 'pass', - 'other_application_log': 'disable', - 'p2p_black_list': 'skype', - 'replacemsg_group': 'test_value_12', - 'unknown_application_action': 'pass', - 'unknown_application_log': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_list.fortios_application(input_data, fos_instance) - - expected_data = { - 'app-replacemsg': 'disable', - 'comment': 'comments', - 'deep-app-inspection': 'disable', - 'extended-log': 'enable', - 'name': 'default_name_7', - 'options': 'allow-dns', - 'other-application-action': 'pass', - 'other-application-log': 'disable', - 'p2p-black-list': 'skype', - 'replacemsg-group': 'test_value_12', - 'unknown-application-action': 'pass', - 'unknown-application-log': 'disable' - } - - set_method_mock.assert_called_with('application', 'list', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_application_list_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'application_list': { - 'random_attribute_not_valid': 'tag', - 'app_replacemsg': 'disable', - 'comment': 'comments', - 'deep_app_inspection': 'disable', - 'extended_log': 'enable', - 'name': 'default_name_7', - 'options': 'allow-dns', - 'other_application_action': 'pass', - 'other_application_log': 'disable', - 'p2p_black_list': 'skype', - 'replacemsg_group': 'test_value_12', - 'unknown_application_action': 'pass', - 'unknown_application_log': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_list.fortios_application(input_data, fos_instance) - - expected_data = { - 'app-replacemsg': 'disable', - 'comment': 'comments', - 'deep-app-inspection': 'disable', - 'extended-log': 'enable', - 'name': 'default_name_7', - 'options': 'allow-dns', - 'other-application-action': 'pass', - 'other-application-log': 'disable', - 'p2p-black-list': 'skype', - 'replacemsg-group': 'test_value_12', - 'unknown-application-action': 'pass', - 'unknown-application-log': 'disable' - } - - set_method_mock.assert_called_with('application', 'list', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_application_name.py b/test/units/modules/network/fortios/test_fortios_application_name.py deleted file mode 100644 index 23f0e0f071f..00000000000 --- a/test/units/modules/network/fortios/test_fortios_application_name.py +++ /dev/null @@ -1,309 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_application_name -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_application_name.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_application_name_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'application_name': { - 'behavior': 'test_value_3', - 'category': '4', - 'id': '5', - 'name': 'default_name_6', - 'parameter': 'test_value_7', - 'popularity': '8', - 'protocol': 'test_value_9', - 'risk': '10', - 'sub_category': '11', - 'technology': 'test_value_12', - 'vendor': 'test_value_13', - 'weight': '14' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_name.fortios_application(input_data, fos_instance) - - expected_data = { - 'behavior': 'test_value_3', - 'category': '4', - 'id': '5', - 'name': 'default_name_6', - 'parameter': 'test_value_7', - 'popularity': '8', - 'protocol': 'test_value_9', - 'risk': '10', - 'sub-category': '11', - 'technology': 'test_value_12', - 'vendor': 'test_value_13', - 'weight': '14' - } - - set_method_mock.assert_called_with('application', 'name', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_application_name_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'application_name': { - 'behavior': 'test_value_3', - 'category': '4', - 'id': '5', - 'name': 'default_name_6', - 'parameter': 'test_value_7', - 'popularity': '8', - 'protocol': 'test_value_9', - 'risk': '10', - 'sub_category': '11', - 'technology': 'test_value_12', - 'vendor': 'test_value_13', - 'weight': '14' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_name.fortios_application(input_data, fos_instance) - - expected_data = { - 'behavior': 'test_value_3', - 'category': '4', - 'id': '5', - 'name': 'default_name_6', - 'parameter': 'test_value_7', - 'popularity': '8', - 'protocol': 'test_value_9', - 'risk': '10', - 'sub-category': '11', - 'technology': 'test_value_12', - 'vendor': 'test_value_13', - 'weight': '14' - } - - set_method_mock.assert_called_with('application', 'name', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_application_name_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'application_name': { - 'behavior': 'test_value_3', - 'category': '4', - 'id': '5', - 'name': 'default_name_6', - 'parameter': 'test_value_7', - 'popularity': '8', - 'protocol': 'test_value_9', - 'risk': '10', - 'sub_category': '11', - 'technology': 'test_value_12', - 'vendor': 'test_value_13', - 'weight': '14' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_name.fortios_application(input_data, fos_instance) - - delete_method_mock.assert_called_with('application', 'name', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_application_name_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'application_name': { - 'behavior': 'test_value_3', - 'category': '4', - 'id': '5', - 'name': 'default_name_6', - 'parameter': 'test_value_7', - 'popularity': '8', - 'protocol': 'test_value_9', - 'risk': '10', - 'sub_category': '11', - 'technology': 'test_value_12', - 'vendor': 'test_value_13', - 'weight': '14' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_name.fortios_application(input_data, fos_instance) - - delete_method_mock.assert_called_with('application', 'name', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_application_name_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'application_name': { - 'behavior': 'test_value_3', - 'category': '4', - 'id': '5', - 'name': 'default_name_6', - 'parameter': 'test_value_7', - 'popularity': '8', - 'protocol': 'test_value_9', - 'risk': '10', - 'sub_category': '11', - 'technology': 'test_value_12', - 'vendor': 'test_value_13', - 'weight': '14' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_name.fortios_application(input_data, fos_instance) - - expected_data = { - 'behavior': 'test_value_3', - 'category': '4', - 'id': '5', - 'name': 'default_name_6', - 'parameter': 'test_value_7', - 'popularity': '8', - 'protocol': 'test_value_9', - 'risk': '10', - 'sub-category': '11', - 'technology': 'test_value_12', - 'vendor': 'test_value_13', - 'weight': '14' - } - - set_method_mock.assert_called_with('application', 'name', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_application_name_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'application_name': { - 'random_attribute_not_valid': 'tag', - 'behavior': 'test_value_3', - 'category': '4', - 'id': '5', - 'name': 'default_name_6', - 'parameter': 'test_value_7', - 'popularity': '8', - 'protocol': 'test_value_9', - 'risk': '10', - 'sub_category': '11', - 'technology': 'test_value_12', - 'vendor': 'test_value_13', - 'weight': '14' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_name.fortios_application(input_data, fos_instance) - - expected_data = { - 'behavior': 'test_value_3', - 'category': '4', - 'id': '5', - 'name': 'default_name_6', - 'parameter': 'test_value_7', - 'popularity': '8', - 'protocol': 'test_value_9', - 'risk': '10', - 'sub-category': '11', - 'technology': 'test_value_12', - 'vendor': 'test_value_13', - 'weight': '14' - } - - set_method_mock.assert_called_with('application', 'name', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_application_rule_settings.py b/test/units/modules/network/fortios/test_fortios_application_rule_settings.py deleted file mode 100644 index e880e8126db..00000000000 --- a/test/units/modules/network/fortios/test_fortios_application_rule_settings.py +++ /dev/null @@ -1,199 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_application_rule_settings -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_application_rule_settings.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_application_rule_settings_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'application_rule_settings': { - 'id': '3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_rule_settings.fortios_application(input_data, fos_instance) - - expected_data = { - 'id': '3' - } - - set_method_mock.assert_called_with('application', 'rule-settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_application_rule_settings_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'application_rule_settings': { - 'id': '3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_rule_settings.fortios_application(input_data, fos_instance) - - expected_data = { - 'id': '3' - } - - set_method_mock.assert_called_with('application', 'rule-settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_application_rule_settings_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'application_rule_settings': { - 'id': '3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_rule_settings.fortios_application(input_data, fos_instance) - - delete_method_mock.assert_called_with('application', 'rule-settings', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_application_rule_settings_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'application_rule_settings': { - 'id': '3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_rule_settings.fortios_application(input_data, fos_instance) - - delete_method_mock.assert_called_with('application', 'rule-settings', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_application_rule_settings_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'application_rule_settings': { - 'id': '3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_rule_settings.fortios_application(input_data, fos_instance) - - expected_data = { - 'id': '3' - } - - set_method_mock.assert_called_with('application', 'rule-settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_application_rule_settings_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'application_rule_settings': { - 'random_attribute_not_valid': 'tag', - 'id': '3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_application_rule_settings.fortios_application(input_data, fos_instance) - - expected_data = { - 'id': '3' - } - - set_method_mock.assert_called_with('application', 'rule-settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_authentication_rule.py b/test/units/modules/network/fortios/test_fortios_authentication_rule.py deleted file mode 100644 index dbca5e9a882..00000000000 --- a/test/units/modules/network/fortios/test_fortios_authentication_rule.py +++ /dev/null @@ -1,279 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_authentication_rule -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_authentication_rule.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_authentication_rule_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'authentication_rule': { - 'active_auth_method': 'test_value_3', - 'comments': 'test_value_4', - 'ip_based': 'enable', - 'name': 'default_name_6', - 'protocol': 'http', - 'sso_auth_method': 'test_value_8', - 'status': 'enable', - 'transaction_based': 'enable', - 'web_auth_cookie': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_authentication_rule.fortios_authentication(input_data, fos_instance) - - expected_data = { - 'active-auth-method': 'test_value_3', - 'comments': 'test_value_4', - 'ip-based': 'enable', - 'name': 'default_name_6', - 'protocol': 'http', - 'sso-auth-method': 'test_value_8', - 'status': 'enable', - 'transaction-based': 'enable', - 'web-auth-cookie': 'enable' - } - - set_method_mock.assert_called_with('authentication', 'rule', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_authentication_rule_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'authentication_rule': { - 'active_auth_method': 'test_value_3', - 'comments': 'test_value_4', - 'ip_based': 'enable', - 'name': 'default_name_6', - 'protocol': 'http', - 'sso_auth_method': 'test_value_8', - 'status': 'enable', - 'transaction_based': 'enable', - 'web_auth_cookie': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_authentication_rule.fortios_authentication(input_data, fos_instance) - - expected_data = { - 'active-auth-method': 'test_value_3', - 'comments': 'test_value_4', - 'ip-based': 'enable', - 'name': 'default_name_6', - 'protocol': 'http', - 'sso-auth-method': 'test_value_8', - 'status': 'enable', - 'transaction-based': 'enable', - 'web-auth-cookie': 'enable' - } - - set_method_mock.assert_called_with('authentication', 'rule', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_authentication_rule_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'authentication_rule': { - 'active_auth_method': 'test_value_3', - 'comments': 'test_value_4', - 'ip_based': 'enable', - 'name': 'default_name_6', - 'protocol': 'http', - 'sso_auth_method': 'test_value_8', - 'status': 'enable', - 'transaction_based': 'enable', - 'web_auth_cookie': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_authentication_rule.fortios_authentication(input_data, fos_instance) - - delete_method_mock.assert_called_with('authentication', 'rule', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_authentication_rule_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'authentication_rule': { - 'active_auth_method': 'test_value_3', - 'comments': 'test_value_4', - 'ip_based': 'enable', - 'name': 'default_name_6', - 'protocol': 'http', - 'sso_auth_method': 'test_value_8', - 'status': 'enable', - 'transaction_based': 'enable', - 'web_auth_cookie': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_authentication_rule.fortios_authentication(input_data, fos_instance) - - delete_method_mock.assert_called_with('authentication', 'rule', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_authentication_rule_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'authentication_rule': { - 'active_auth_method': 'test_value_3', - 'comments': 'test_value_4', - 'ip_based': 'enable', - 'name': 'default_name_6', - 'protocol': 'http', - 'sso_auth_method': 'test_value_8', - 'status': 'enable', - 'transaction_based': 'enable', - 'web_auth_cookie': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_authentication_rule.fortios_authentication(input_data, fos_instance) - - expected_data = { - 'active-auth-method': 'test_value_3', - 'comments': 'test_value_4', - 'ip-based': 'enable', - 'name': 'default_name_6', - 'protocol': 'http', - 'sso-auth-method': 'test_value_8', - 'status': 'enable', - 'transaction-based': 'enable', - 'web-auth-cookie': 'enable' - } - - set_method_mock.assert_called_with('authentication', 'rule', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_authentication_rule_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'authentication_rule': { - 'random_attribute_not_valid': 'tag', - 'active_auth_method': 'test_value_3', - 'comments': 'test_value_4', - 'ip_based': 'enable', - 'name': 'default_name_6', - 'protocol': 'http', - 'sso_auth_method': 'test_value_8', - 'status': 'enable', - 'transaction_based': 'enable', - 'web_auth_cookie': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_authentication_rule.fortios_authentication(input_data, fos_instance) - - expected_data = { - 'active-auth-method': 'test_value_3', - 'comments': 'test_value_4', - 'ip-based': 'enable', - 'name': 'default_name_6', - 'protocol': 'http', - 'sso-auth-method': 'test_value_8', - 'status': 'enable', - 'transaction-based': 'enable', - 'web-auth-cookie': 'enable' - } - - set_method_mock.assert_called_with('authentication', 'rule', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_authentication_scheme.py b/test/units/modules/network/fortios/test_fortios_authentication_scheme.py deleted file mode 100644 index 82d2ac1546d..00000000000 --- a/test/units/modules/network/fortios/test_fortios_authentication_scheme.py +++ /dev/null @@ -1,289 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_authentication_scheme -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_authentication_scheme.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_authentication_scheme_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'authentication_scheme': { - 'domain_controller': 'test_value_3', - 'fsso_agent_for_ntlm': 'test_value_4', - 'fsso_guest': 'enable', - 'kerberos_keytab': 'test_value_6', - 'method': 'ntlm', - 'name': 'default_name_8', - 'negotiate_ntlm': 'enable', - 'require_tfa': 'enable', - 'ssh_ca': 'test_value_11', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_authentication_scheme.fortios_authentication(input_data, fos_instance) - - expected_data = { - 'domain-controller': 'test_value_3', - 'fsso-agent-for-ntlm': 'test_value_4', - 'fsso-guest': 'enable', - 'kerberos-keytab': 'test_value_6', - 'method': 'ntlm', - 'name': 'default_name_8', - 'negotiate-ntlm': 'enable', - 'require-tfa': 'enable', - 'ssh-ca': 'test_value_11', - - } - - set_method_mock.assert_called_with('authentication', 'scheme', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_authentication_scheme_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'authentication_scheme': { - 'domain_controller': 'test_value_3', - 'fsso_agent_for_ntlm': 'test_value_4', - 'fsso_guest': 'enable', - 'kerberos_keytab': 'test_value_6', - 'method': 'ntlm', - 'name': 'default_name_8', - 'negotiate_ntlm': 'enable', - 'require_tfa': 'enable', - 'ssh_ca': 'test_value_11', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_authentication_scheme.fortios_authentication(input_data, fos_instance) - - expected_data = { - 'domain-controller': 'test_value_3', - 'fsso-agent-for-ntlm': 'test_value_4', - 'fsso-guest': 'enable', - 'kerberos-keytab': 'test_value_6', - 'method': 'ntlm', - 'name': 'default_name_8', - 'negotiate-ntlm': 'enable', - 'require-tfa': 'enable', - 'ssh-ca': 'test_value_11', - - } - - set_method_mock.assert_called_with('authentication', 'scheme', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_authentication_scheme_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'authentication_scheme': { - 'domain_controller': 'test_value_3', - 'fsso_agent_for_ntlm': 'test_value_4', - 'fsso_guest': 'enable', - 'kerberos_keytab': 'test_value_6', - 'method': 'ntlm', - 'name': 'default_name_8', - 'negotiate_ntlm': 'enable', - 'require_tfa': 'enable', - 'ssh_ca': 'test_value_11', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_authentication_scheme.fortios_authentication(input_data, fos_instance) - - delete_method_mock.assert_called_with('authentication', 'scheme', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_authentication_scheme_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'authentication_scheme': { - 'domain_controller': 'test_value_3', - 'fsso_agent_for_ntlm': 'test_value_4', - 'fsso_guest': 'enable', - 'kerberos_keytab': 'test_value_6', - 'method': 'ntlm', - 'name': 'default_name_8', - 'negotiate_ntlm': 'enable', - 'require_tfa': 'enable', - 'ssh_ca': 'test_value_11', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_authentication_scheme.fortios_authentication(input_data, fos_instance) - - delete_method_mock.assert_called_with('authentication', 'scheme', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_authentication_scheme_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'authentication_scheme': { - 'domain_controller': 'test_value_3', - 'fsso_agent_for_ntlm': 'test_value_4', - 'fsso_guest': 'enable', - 'kerberos_keytab': 'test_value_6', - 'method': 'ntlm', - 'name': 'default_name_8', - 'negotiate_ntlm': 'enable', - 'require_tfa': 'enable', - 'ssh_ca': 'test_value_11', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_authentication_scheme.fortios_authentication(input_data, fos_instance) - - expected_data = { - 'domain-controller': 'test_value_3', - 'fsso-agent-for-ntlm': 'test_value_4', - 'fsso-guest': 'enable', - 'kerberos-keytab': 'test_value_6', - 'method': 'ntlm', - 'name': 'default_name_8', - 'negotiate-ntlm': 'enable', - 'require-tfa': 'enable', - 'ssh-ca': 'test_value_11', - - } - - set_method_mock.assert_called_with('authentication', 'scheme', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_authentication_scheme_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'authentication_scheme': { - 'random_attribute_not_valid': 'tag', - 'domain_controller': 'test_value_3', - 'fsso_agent_for_ntlm': 'test_value_4', - 'fsso_guest': 'enable', - 'kerberos_keytab': 'test_value_6', - 'method': 'ntlm', - 'name': 'default_name_8', - 'negotiate_ntlm': 'enable', - 'require_tfa': 'enable', - 'ssh_ca': 'test_value_11', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_authentication_scheme.fortios_authentication(input_data, fos_instance) - - expected_data = { - 'domain-controller': 'test_value_3', - 'fsso-agent-for-ntlm': 'test_value_4', - 'fsso-guest': 'enable', - 'kerberos-keytab': 'test_value_6', - 'method': 'ntlm', - 'name': 'default_name_8', - 'negotiate-ntlm': 'enable', - 'require-tfa': 'enable', - 'ssh-ca': 'test_value_11', - - } - - set_method_mock.assert_called_with('authentication', 'scheme', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_authentication_setting.py b/test/units/modules/network/fortios/test_fortios_authentication_setting.py deleted file mode 100644 index 36b6fd98eff..00000000000 --- a/test/units/modules/network/fortios/test_fortios_authentication_setting.py +++ /dev/null @@ -1,207 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_authentication_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_authentication_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_authentication_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'authentication_setting': { - 'active_auth_scheme': 'test_value_3', - 'captive_portal': 'test_value_4', - 'captive_portal_ip': 'test_value_5', - 'captive_portal_ip6': 'test_value_6', - 'captive_portal_port': '7', - 'captive_portal_type': 'fqdn', - 'captive_portal6': 'test_value_9', - 'sso_auth_scheme': 'test_value_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_authentication_setting.fortios_authentication(input_data, fos_instance) - - expected_data = { - 'active-auth-scheme': 'test_value_3', - 'captive-portal': 'test_value_4', - 'captive-portal-ip': 'test_value_5', - 'captive-portal-ip6': 'test_value_6', - 'captive-portal-port': '7', - 'captive-portal-type': 'fqdn', - 'captive-portal6': 'test_value_9', - 'sso-auth-scheme': 'test_value_10' - } - - set_method_mock.assert_called_with('authentication', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_authentication_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'authentication_setting': { - 'active_auth_scheme': 'test_value_3', - 'captive_portal': 'test_value_4', - 'captive_portal_ip': 'test_value_5', - 'captive_portal_ip6': 'test_value_6', - 'captive_portal_port': '7', - 'captive_portal_type': 'fqdn', - 'captive_portal6': 'test_value_9', - 'sso_auth_scheme': 'test_value_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_authentication_setting.fortios_authentication(input_data, fos_instance) - - expected_data = { - 'active-auth-scheme': 'test_value_3', - 'captive-portal': 'test_value_4', - 'captive-portal-ip': 'test_value_5', - 'captive-portal-ip6': 'test_value_6', - 'captive-portal-port': '7', - 'captive-portal-type': 'fqdn', - 'captive-portal6': 'test_value_9', - 'sso-auth-scheme': 'test_value_10' - } - - set_method_mock.assert_called_with('authentication', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_authentication_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'authentication_setting': { - 'active_auth_scheme': 'test_value_3', - 'captive_portal': 'test_value_4', - 'captive_portal_ip': 'test_value_5', - 'captive_portal_ip6': 'test_value_6', - 'captive_portal_port': '7', - 'captive_portal_type': 'fqdn', - 'captive_portal6': 'test_value_9', - 'sso_auth_scheme': 'test_value_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_authentication_setting.fortios_authentication(input_data, fos_instance) - - expected_data = { - 'active-auth-scheme': 'test_value_3', - 'captive-portal': 'test_value_4', - 'captive-portal-ip': 'test_value_5', - 'captive-portal-ip6': 'test_value_6', - 'captive-portal-port': '7', - 'captive-portal-type': 'fqdn', - 'captive-portal6': 'test_value_9', - 'sso-auth-scheme': 'test_value_10' - } - - set_method_mock.assert_called_with('authentication', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_authentication_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'authentication_setting': { - 'random_attribute_not_valid': 'tag', - 'active_auth_scheme': 'test_value_3', - 'captive_portal': 'test_value_4', - 'captive_portal_ip': 'test_value_5', - 'captive_portal_ip6': 'test_value_6', - 'captive_portal_port': '7', - 'captive_portal_type': 'fqdn', - 'captive_portal6': 'test_value_9', - 'sso_auth_scheme': 'test_value_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_authentication_setting.fortios_authentication(input_data, fos_instance) - - expected_data = { - 'active-auth-scheme': 'test_value_3', - 'captive-portal': 'test_value_4', - 'captive-portal-ip': 'test_value_5', - 'captive-portal-ip6': 'test_value_6', - 'captive-portal-port': '7', - 'captive-portal-type': 'fqdn', - 'captive-portal6': 'test_value_9', - 'sso-auth-scheme': 'test_value_10' - } - - set_method_mock.assert_called_with('authentication', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_dlp_filepattern.py b/test/units/modules/network/fortios/test_fortios_dlp_filepattern.py deleted file mode 100644 index 44f728eae4c..00000000000 --- a/test/units/modules/network/fortios/test_fortios_dlp_filepattern.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_dlp_filepattern -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_dlp_filepattern.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_dlp_filepattern_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'dlp_filepattern': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dlp_filepattern.fortios_dlp(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('dlp', 'filepattern', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_dlp_filepattern_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'dlp_filepattern': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dlp_filepattern.fortios_dlp(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('dlp', 'filepattern', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_dlp_filepattern_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'dlp_filepattern': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dlp_filepattern.fortios_dlp(input_data, fos_instance) - - delete_method_mock.assert_called_with('dlp', 'filepattern', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_dlp_filepattern_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'dlp_filepattern': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dlp_filepattern.fortios_dlp(input_data, fos_instance) - - delete_method_mock.assert_called_with('dlp', 'filepattern', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_dlp_filepattern_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'dlp_filepattern': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dlp_filepattern.fortios_dlp(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('dlp', 'filepattern', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_dlp_filepattern_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'dlp_filepattern': { - 'random_attribute_not_valid': 'tag', - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dlp_filepattern.fortios_dlp(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('dlp', 'filepattern', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_dlp_fp_doc_source.py b/test/units/modules/network/fortios/test_fortios_dlp_fp_doc_source.py deleted file mode 100644 index 07e79ac364e..00000000000 --- a/test/units/modules/network/fortios/test_fortios_dlp_fp_doc_source.py +++ /dev/null @@ -1,369 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_dlp_fp_doc_source -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_dlp_fp_doc_source.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_dlp_fp_doc_source_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'dlp_fp_doc_source': { - 'date': '3', - 'file_path': 'test_value_4', - 'file_pattern': 'test_value_5', - 'keep_modified': 'enable', - 'name': 'default_name_7', - 'password': 'test_value_8', - 'period': 'none', - 'remove_deleted': 'enable', - 'scan_on_creation': 'enable', - 'scan_subdirectories': 'enable', - 'sensitivity': 'test_value_13', - 'server': '192.168.100.14', - 'server_type': 'samba', - 'tod_hour': '16', - 'tod_min': '17', - 'username': 'test_value_18', - 'vdom': 'mgmt', - 'weekday': 'sunday' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dlp_fp_doc_source.fortios_dlp(input_data, fos_instance) - - expected_data = { - 'date': '3', - 'file-path': 'test_value_4', - 'file-pattern': 'test_value_5', - 'keep-modified': 'enable', - 'name': 'default_name_7', - 'password': 'test_value_8', - 'period': 'none', - 'remove-deleted': 'enable', - 'scan-on-creation': 'enable', - 'scan-subdirectories': 'enable', - 'sensitivity': 'test_value_13', - 'server': '192.168.100.14', - 'server-type': 'samba', - 'tod-hour': '16', - 'tod-min': '17', - 'username': 'test_value_18', - 'vdom': 'mgmt', - 'weekday': 'sunday' - } - - set_method_mock.assert_called_with('dlp', 'fp-doc-source', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_dlp_fp_doc_source_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'dlp_fp_doc_source': { - 'date': '3', - 'file_path': 'test_value_4', - 'file_pattern': 'test_value_5', - 'keep_modified': 'enable', - 'name': 'default_name_7', - 'password': 'test_value_8', - 'period': 'none', - 'remove_deleted': 'enable', - 'scan_on_creation': 'enable', - 'scan_subdirectories': 'enable', - 'sensitivity': 'test_value_13', - 'server': '192.168.100.14', - 'server_type': 'samba', - 'tod_hour': '16', - 'tod_min': '17', - 'username': 'test_value_18', - 'vdom': 'mgmt', - 'weekday': 'sunday' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dlp_fp_doc_source.fortios_dlp(input_data, fos_instance) - - expected_data = { - 'date': '3', - 'file-path': 'test_value_4', - 'file-pattern': 'test_value_5', - 'keep-modified': 'enable', - 'name': 'default_name_7', - 'password': 'test_value_8', - 'period': 'none', - 'remove-deleted': 'enable', - 'scan-on-creation': 'enable', - 'scan-subdirectories': 'enable', - 'sensitivity': 'test_value_13', - 'server': '192.168.100.14', - 'server-type': 'samba', - 'tod-hour': '16', - 'tod-min': '17', - 'username': 'test_value_18', - 'vdom': 'mgmt', - 'weekday': 'sunday' - } - - set_method_mock.assert_called_with('dlp', 'fp-doc-source', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_dlp_fp_doc_source_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'dlp_fp_doc_source': { - 'date': '3', - 'file_path': 'test_value_4', - 'file_pattern': 'test_value_5', - 'keep_modified': 'enable', - 'name': 'default_name_7', - 'password': 'test_value_8', - 'period': 'none', - 'remove_deleted': 'enable', - 'scan_on_creation': 'enable', - 'scan_subdirectories': 'enable', - 'sensitivity': 'test_value_13', - 'server': '192.168.100.14', - 'server_type': 'samba', - 'tod_hour': '16', - 'tod_min': '17', - 'username': 'test_value_18', - 'vdom': 'mgmt', - 'weekday': 'sunday' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dlp_fp_doc_source.fortios_dlp(input_data, fos_instance) - - delete_method_mock.assert_called_with('dlp', 'fp-doc-source', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_dlp_fp_doc_source_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'dlp_fp_doc_source': { - 'date': '3', - 'file_path': 'test_value_4', - 'file_pattern': 'test_value_5', - 'keep_modified': 'enable', - 'name': 'default_name_7', - 'password': 'test_value_8', - 'period': 'none', - 'remove_deleted': 'enable', - 'scan_on_creation': 'enable', - 'scan_subdirectories': 'enable', - 'sensitivity': 'test_value_13', - 'server': '192.168.100.14', - 'server_type': 'samba', - 'tod_hour': '16', - 'tod_min': '17', - 'username': 'test_value_18', - 'vdom': 'mgmt', - 'weekday': 'sunday' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dlp_fp_doc_source.fortios_dlp(input_data, fos_instance) - - delete_method_mock.assert_called_with('dlp', 'fp-doc-source', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_dlp_fp_doc_source_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'dlp_fp_doc_source': { - 'date': '3', - 'file_path': 'test_value_4', - 'file_pattern': 'test_value_5', - 'keep_modified': 'enable', - 'name': 'default_name_7', - 'password': 'test_value_8', - 'period': 'none', - 'remove_deleted': 'enable', - 'scan_on_creation': 'enable', - 'scan_subdirectories': 'enable', - 'sensitivity': 'test_value_13', - 'server': '192.168.100.14', - 'server_type': 'samba', - 'tod_hour': '16', - 'tod_min': '17', - 'username': 'test_value_18', - 'vdom': 'mgmt', - 'weekday': 'sunday' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dlp_fp_doc_source.fortios_dlp(input_data, fos_instance) - - expected_data = { - 'date': '3', - 'file-path': 'test_value_4', - 'file-pattern': 'test_value_5', - 'keep-modified': 'enable', - 'name': 'default_name_7', - 'password': 'test_value_8', - 'period': 'none', - 'remove-deleted': 'enable', - 'scan-on-creation': 'enable', - 'scan-subdirectories': 'enable', - 'sensitivity': 'test_value_13', - 'server': '192.168.100.14', - 'server-type': 'samba', - 'tod-hour': '16', - 'tod-min': '17', - 'username': 'test_value_18', - 'vdom': 'mgmt', - 'weekday': 'sunday' - } - - set_method_mock.assert_called_with('dlp', 'fp-doc-source', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_dlp_fp_doc_source_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'dlp_fp_doc_source': { - 'random_attribute_not_valid': 'tag', - 'date': '3', - 'file_path': 'test_value_4', - 'file_pattern': 'test_value_5', - 'keep_modified': 'enable', - 'name': 'default_name_7', - 'password': 'test_value_8', - 'period': 'none', - 'remove_deleted': 'enable', - 'scan_on_creation': 'enable', - 'scan_subdirectories': 'enable', - 'sensitivity': 'test_value_13', - 'server': '192.168.100.14', - 'server_type': 'samba', - 'tod_hour': '16', - 'tod_min': '17', - 'username': 'test_value_18', - 'vdom': 'mgmt', - 'weekday': 'sunday' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dlp_fp_doc_source.fortios_dlp(input_data, fos_instance) - - expected_data = { - 'date': '3', - 'file-path': 'test_value_4', - 'file-pattern': 'test_value_5', - 'keep-modified': 'enable', - 'name': 'default_name_7', - 'password': 'test_value_8', - 'period': 'none', - 'remove-deleted': 'enable', - 'scan-on-creation': 'enable', - 'scan-subdirectories': 'enable', - 'sensitivity': 'test_value_13', - 'server': '192.168.100.14', - 'server-type': 'samba', - 'tod-hour': '16', - 'tod-min': '17', - 'username': 'test_value_18', - 'vdom': 'mgmt', - 'weekday': 'sunday' - } - - set_method_mock.assert_called_with('dlp', 'fp-doc-source', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_dlp_fp_sensitivity.py b/test/units/modules/network/fortios/test_fortios_dlp_fp_sensitivity.py deleted file mode 100644 index 132f51281a9..00000000000 --- a/test/units/modules/network/fortios/test_fortios_dlp_fp_sensitivity.py +++ /dev/null @@ -1,199 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_dlp_fp_sensitivity -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_dlp_fp_sensitivity.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_dlp_fp_sensitivity_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'dlp_fp_sensitivity': { - 'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dlp_fp_sensitivity.fortios_dlp(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3' - } - - set_method_mock.assert_called_with('dlp', 'fp-sensitivity', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_dlp_fp_sensitivity_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'dlp_fp_sensitivity': { - 'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dlp_fp_sensitivity.fortios_dlp(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3' - } - - set_method_mock.assert_called_with('dlp', 'fp-sensitivity', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_dlp_fp_sensitivity_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'dlp_fp_sensitivity': { - 'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dlp_fp_sensitivity.fortios_dlp(input_data, fos_instance) - - delete_method_mock.assert_called_with('dlp', 'fp-sensitivity', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_dlp_fp_sensitivity_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'dlp_fp_sensitivity': { - 'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dlp_fp_sensitivity.fortios_dlp(input_data, fos_instance) - - delete_method_mock.assert_called_with('dlp', 'fp-sensitivity', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_dlp_fp_sensitivity_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'dlp_fp_sensitivity': { - 'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dlp_fp_sensitivity.fortios_dlp(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3' - } - - set_method_mock.assert_called_with('dlp', 'fp-sensitivity', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_dlp_fp_sensitivity_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'dlp_fp_sensitivity': { - 'random_attribute_not_valid': 'tag', - 'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dlp_fp_sensitivity.fortios_dlp(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3' - } - - set_method_mock.assert_called_with('dlp', 'fp-sensitivity', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_dlp_sensor.py b/test/units/modules/network/fortios/test_fortios_dlp_sensor.py deleted file mode 100644 index 91dc19373d3..00000000000 --- a/test/units/modules/network/fortios/test_fortios_dlp_sensor.py +++ /dev/null @@ -1,289 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_dlp_sensor -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_dlp_sensor.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_dlp_sensor_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'dlp_sensor': { - 'comment': 'Comment.', - 'dlp_log': 'enable', - 'extended_log': 'enable', - 'flow_based': 'enable', - 'full_archive_proto': 'smtp', - 'nac_quar_log': 'enable', - 'name': 'default_name_9', - 'options': 'test_value_10,', - 'replacemsg_group': 'test_value_11', - 'summary_proto': 'smtp' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dlp_sensor.fortios_dlp(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'dlp-log': 'enable', - 'extended-log': 'enable', - 'flow-based': 'enable', - 'full-archive-proto': 'smtp', - 'nac-quar-log': 'enable', - 'name': 'default_name_9', - 'options': 'test_value_10,', - 'replacemsg-group': 'test_value_11', - 'summary-proto': 'smtp' - } - - set_method_mock.assert_called_with('dlp', 'sensor', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_dlp_sensor_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'dlp_sensor': { - 'comment': 'Comment.', - 'dlp_log': 'enable', - 'extended_log': 'enable', - 'flow_based': 'enable', - 'full_archive_proto': 'smtp', - 'nac_quar_log': 'enable', - 'name': 'default_name_9', - 'options': 'test_value_10,', - 'replacemsg_group': 'test_value_11', - 'summary_proto': 'smtp' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dlp_sensor.fortios_dlp(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'dlp-log': 'enable', - 'extended-log': 'enable', - 'flow-based': 'enable', - 'full-archive-proto': 'smtp', - 'nac-quar-log': 'enable', - 'name': 'default_name_9', - 'options': 'test_value_10,', - 'replacemsg-group': 'test_value_11', - 'summary-proto': 'smtp' - } - - set_method_mock.assert_called_with('dlp', 'sensor', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_dlp_sensor_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'dlp_sensor': { - 'comment': 'Comment.', - 'dlp_log': 'enable', - 'extended_log': 'enable', - 'flow_based': 'enable', - 'full_archive_proto': 'smtp', - 'nac_quar_log': 'enable', - 'name': 'default_name_9', - 'options': 'test_value_10,', - 'replacemsg_group': 'test_value_11', - 'summary_proto': 'smtp' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dlp_sensor.fortios_dlp(input_data, fos_instance) - - delete_method_mock.assert_called_with('dlp', 'sensor', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_dlp_sensor_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'dlp_sensor': { - 'comment': 'Comment.', - 'dlp_log': 'enable', - 'extended_log': 'enable', - 'flow_based': 'enable', - 'full_archive_proto': 'smtp', - 'nac_quar_log': 'enable', - 'name': 'default_name_9', - 'options': 'test_value_10,', - 'replacemsg_group': 'test_value_11', - 'summary_proto': 'smtp' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dlp_sensor.fortios_dlp(input_data, fos_instance) - - delete_method_mock.assert_called_with('dlp', 'sensor', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_dlp_sensor_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'dlp_sensor': { - 'comment': 'Comment.', - 'dlp_log': 'enable', - 'extended_log': 'enable', - 'flow_based': 'enable', - 'full_archive_proto': 'smtp', - 'nac_quar_log': 'enable', - 'name': 'default_name_9', - 'options': 'test_value_10,', - 'replacemsg_group': 'test_value_11', - 'summary_proto': 'smtp' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dlp_sensor.fortios_dlp(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'dlp-log': 'enable', - 'extended-log': 'enable', - 'flow-based': 'enable', - 'full-archive-proto': 'smtp', - 'nac-quar-log': 'enable', - 'name': 'default_name_9', - 'options': 'test_value_10,', - 'replacemsg-group': 'test_value_11', - 'summary-proto': 'smtp' - } - - set_method_mock.assert_called_with('dlp', 'sensor', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_dlp_sensor_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'dlp_sensor': { - 'random_attribute_not_valid': 'tag', - 'comment': 'Comment.', - 'dlp_log': 'enable', - 'extended_log': 'enable', - 'flow_based': 'enable', - 'full_archive_proto': 'smtp', - 'nac_quar_log': 'enable', - 'name': 'default_name_9', - 'options': 'test_value_10,', - 'replacemsg_group': 'test_value_11', - 'summary_proto': 'smtp' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dlp_sensor.fortios_dlp(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'dlp-log': 'enable', - 'extended-log': 'enable', - 'flow-based': 'enable', - 'full-archive-proto': 'smtp', - 'nac-quar-log': 'enable', - 'name': 'default_name_9', - 'options': 'test_value_10,', - 'replacemsg-group': 'test_value_11', - 'summary-proto': 'smtp' - } - - set_method_mock.assert_called_with('dlp', 'sensor', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_dlp_settings.py b/test/units/modules/network/fortios/test_fortios_dlp_settings.py deleted file mode 100644 index 5e0f79e83bc..00000000000 --- a/test/units/modules/network/fortios/test_fortios_dlp_settings.py +++ /dev/null @@ -1,183 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_dlp_settings -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_dlp_settings.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_dlp_settings_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'dlp_settings': { - 'cache_mem_percent': '3', - 'chunk_size': '4', - 'db_mode': 'stop-adding', - 'size': '6', - 'storage_device': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dlp_settings.fortios_dlp(input_data, fos_instance) - - expected_data = { - 'cache-mem-percent': '3', - 'chunk-size': '4', - 'db-mode': 'stop-adding', - 'size': '6', - 'storage-device': 'test_value_7' - } - - set_method_mock.assert_called_with('dlp', 'settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_dlp_settings_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'dlp_settings': { - 'cache_mem_percent': '3', - 'chunk_size': '4', - 'db_mode': 'stop-adding', - 'size': '6', - 'storage_device': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dlp_settings.fortios_dlp(input_data, fos_instance) - - expected_data = { - 'cache-mem-percent': '3', - 'chunk-size': '4', - 'db-mode': 'stop-adding', - 'size': '6', - 'storage-device': 'test_value_7' - } - - set_method_mock.assert_called_with('dlp', 'settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_dlp_settings_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'dlp_settings': { - 'cache_mem_percent': '3', - 'chunk_size': '4', - 'db_mode': 'stop-adding', - 'size': '6', - 'storage_device': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dlp_settings.fortios_dlp(input_data, fos_instance) - - expected_data = { - 'cache-mem-percent': '3', - 'chunk-size': '4', - 'db-mode': 'stop-adding', - 'size': '6', - 'storage-device': 'test_value_7' - } - - set_method_mock.assert_called_with('dlp', 'settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_dlp_settings_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'dlp_settings': { - 'random_attribute_not_valid': 'tag', - 'cache_mem_percent': '3', - 'chunk_size': '4', - 'db_mode': 'stop-adding', - 'size': '6', - 'storage_device': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dlp_settings.fortios_dlp(input_data, fos_instance) - - expected_data = { - 'cache-mem-percent': '3', - 'chunk-size': '4', - 'db-mode': 'stop-adding', - 'size': '6', - 'storage-device': 'test_value_7' - } - - set_method_mock.assert_called_with('dlp', 'settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_dnsfilter_domain_filter.py b/test/units/modules/network/fortios/test_fortios_dnsfilter_domain_filter.py deleted file mode 100644 index 2424e3b84bc..00000000000 --- a/test/units/modules/network/fortios/test_fortios_dnsfilter_domain_filter.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_dnsfilter_domain_filter -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_dnsfilter_domain_filter.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_dnsfilter_domain_filter_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'dnsfilter_domain_filter': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dnsfilter_domain_filter.fortios_dnsfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('dnsfilter', 'domain-filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_dnsfilter_domain_filter_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'dnsfilter_domain_filter': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dnsfilter_domain_filter.fortios_dnsfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('dnsfilter', 'domain-filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_dnsfilter_domain_filter_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'dnsfilter_domain_filter': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dnsfilter_domain_filter.fortios_dnsfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('dnsfilter', 'domain-filter', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_dnsfilter_domain_filter_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'dnsfilter_domain_filter': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dnsfilter_domain_filter.fortios_dnsfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('dnsfilter', 'domain-filter', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_dnsfilter_domain_filter_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'dnsfilter_domain_filter': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dnsfilter_domain_filter.fortios_dnsfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('dnsfilter', 'domain-filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_dnsfilter_domain_filter_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'dnsfilter_domain_filter': { - 'random_attribute_not_valid': 'tag', - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dnsfilter_domain_filter.fortios_dnsfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('dnsfilter', 'domain-filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_dnsfilter_profile.py b/test/units/modules/network/fortios/test_fortios_dnsfilter_profile.py deleted file mode 100644 index ef536a674c6..00000000000 --- a/test/units/modules/network/fortios/test_fortios_dnsfilter_profile.py +++ /dev/null @@ -1,289 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_dnsfilter_profile -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_dnsfilter_profile.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_dnsfilter_profile_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'dnsfilter_profile': { - 'block_action': 'block', - 'block_botnet': 'disable', - 'comment': 'Comment.', - 'log_all_domain': 'enable', - 'name': 'default_name_7', - 'redirect_portal': 'test_value_8', - 'safe_search': 'disable', - 'sdns_domain_log': 'enable', - 'sdns_ftgd_err_log': 'enable', - 'youtube_restrict': 'strict' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dnsfilter_profile.fortios_dnsfilter(input_data, fos_instance) - - expected_data = { - 'block-action': 'block', - 'block-botnet': 'disable', - 'comment': 'Comment.', - 'log-all-domain': 'enable', - 'name': 'default_name_7', - 'redirect-portal': 'test_value_8', - 'safe-search': 'disable', - 'sdns-domain-log': 'enable', - 'sdns-ftgd-err-log': 'enable', - 'youtube-restrict': 'strict' - } - - set_method_mock.assert_called_with('dnsfilter', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_dnsfilter_profile_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'dnsfilter_profile': { - 'block_action': 'block', - 'block_botnet': 'disable', - 'comment': 'Comment.', - 'log_all_domain': 'enable', - 'name': 'default_name_7', - 'redirect_portal': 'test_value_8', - 'safe_search': 'disable', - 'sdns_domain_log': 'enable', - 'sdns_ftgd_err_log': 'enable', - 'youtube_restrict': 'strict' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dnsfilter_profile.fortios_dnsfilter(input_data, fos_instance) - - expected_data = { - 'block-action': 'block', - 'block-botnet': 'disable', - 'comment': 'Comment.', - 'log-all-domain': 'enable', - 'name': 'default_name_7', - 'redirect-portal': 'test_value_8', - 'safe-search': 'disable', - 'sdns-domain-log': 'enable', - 'sdns-ftgd-err-log': 'enable', - 'youtube-restrict': 'strict' - } - - set_method_mock.assert_called_with('dnsfilter', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_dnsfilter_profile_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'dnsfilter_profile': { - 'block_action': 'block', - 'block_botnet': 'disable', - 'comment': 'Comment.', - 'log_all_domain': 'enable', - 'name': 'default_name_7', - 'redirect_portal': 'test_value_8', - 'safe_search': 'disable', - 'sdns_domain_log': 'enable', - 'sdns_ftgd_err_log': 'enable', - 'youtube_restrict': 'strict' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dnsfilter_profile.fortios_dnsfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('dnsfilter', 'profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_dnsfilter_profile_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'dnsfilter_profile': { - 'block_action': 'block', - 'block_botnet': 'disable', - 'comment': 'Comment.', - 'log_all_domain': 'enable', - 'name': 'default_name_7', - 'redirect_portal': 'test_value_8', - 'safe_search': 'disable', - 'sdns_domain_log': 'enable', - 'sdns_ftgd_err_log': 'enable', - 'youtube_restrict': 'strict' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dnsfilter_profile.fortios_dnsfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('dnsfilter', 'profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_dnsfilter_profile_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'dnsfilter_profile': { - 'block_action': 'block', - 'block_botnet': 'disable', - 'comment': 'Comment.', - 'log_all_domain': 'enable', - 'name': 'default_name_7', - 'redirect_portal': 'test_value_8', - 'safe_search': 'disable', - 'sdns_domain_log': 'enable', - 'sdns_ftgd_err_log': 'enable', - 'youtube_restrict': 'strict' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dnsfilter_profile.fortios_dnsfilter(input_data, fos_instance) - - expected_data = { - 'block-action': 'block', - 'block-botnet': 'disable', - 'comment': 'Comment.', - 'log-all-domain': 'enable', - 'name': 'default_name_7', - 'redirect-portal': 'test_value_8', - 'safe-search': 'disable', - 'sdns-domain-log': 'enable', - 'sdns-ftgd-err-log': 'enable', - 'youtube-restrict': 'strict' - } - - set_method_mock.assert_called_with('dnsfilter', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_dnsfilter_profile_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'dnsfilter_profile': { - 'random_attribute_not_valid': 'tag', - 'block_action': 'block', - 'block_botnet': 'disable', - 'comment': 'Comment.', - 'log_all_domain': 'enable', - 'name': 'default_name_7', - 'redirect_portal': 'test_value_8', - 'safe_search': 'disable', - 'sdns_domain_log': 'enable', - 'sdns_ftgd_err_log': 'enable', - 'youtube_restrict': 'strict' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_dnsfilter_profile.fortios_dnsfilter(input_data, fos_instance) - - expected_data = { - 'block-action': 'block', - 'block-botnet': 'disable', - 'comment': 'Comment.', - 'log-all-domain': 'enable', - 'name': 'default_name_7', - 'redirect-portal': 'test_value_8', - 'safe-search': 'disable', - 'sdns-domain-log': 'enable', - 'sdns-ftgd-err-log': 'enable', - 'youtube-restrict': 'strict' - } - - set_method_mock.assert_called_with('dnsfilter', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_endpoint_control_client.py b/test/units/modules/network/fortios/test_fortios_endpoint_control_client.py deleted file mode 100644 index d67f85c0394..00000000000 --- a/test/units/modules/network/fortios/test_fortios_endpoint_control_client.py +++ /dev/null @@ -1,249 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_endpoint_control_client -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_endpoint_control_client.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_endpoint_control_client_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'endpoint_control_client': { - 'ad_groups': 'test_value_3', - 'ftcl_uid': 'test_value_4', - 'id': '5', - 'info': 'test_value_6', - 'src_ip': 'test_value_7', - 'src_mac': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_endpoint_control_client.fortios_endpoint_control(input_data, fos_instance) - - expected_data = { - 'ad-groups': 'test_value_3', - 'ftcl-uid': 'test_value_4', - 'id': '5', - 'info': 'test_value_6', - 'src-ip': 'test_value_7', - 'src-mac': 'test_value_8' - } - - set_method_mock.assert_called_with('endpoint-control', 'client', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_endpoint_control_client_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'endpoint_control_client': { - 'ad_groups': 'test_value_3', - 'ftcl_uid': 'test_value_4', - 'id': '5', - 'info': 'test_value_6', - 'src_ip': 'test_value_7', - 'src_mac': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_endpoint_control_client.fortios_endpoint_control(input_data, fos_instance) - - expected_data = { - 'ad-groups': 'test_value_3', - 'ftcl-uid': 'test_value_4', - 'id': '5', - 'info': 'test_value_6', - 'src-ip': 'test_value_7', - 'src-mac': 'test_value_8' - } - - set_method_mock.assert_called_with('endpoint-control', 'client', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_endpoint_control_client_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'endpoint_control_client': { - 'ad_groups': 'test_value_3', - 'ftcl_uid': 'test_value_4', - 'id': '5', - 'info': 'test_value_6', - 'src_ip': 'test_value_7', - 'src_mac': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_endpoint_control_client.fortios_endpoint_control(input_data, fos_instance) - - delete_method_mock.assert_called_with('endpoint-control', 'client', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_endpoint_control_client_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'endpoint_control_client': { - 'ad_groups': 'test_value_3', - 'ftcl_uid': 'test_value_4', - 'id': '5', - 'info': 'test_value_6', - 'src_ip': 'test_value_7', - 'src_mac': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_endpoint_control_client.fortios_endpoint_control(input_data, fos_instance) - - delete_method_mock.assert_called_with('endpoint-control', 'client', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_endpoint_control_client_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'endpoint_control_client': { - 'ad_groups': 'test_value_3', - 'ftcl_uid': 'test_value_4', - 'id': '5', - 'info': 'test_value_6', - 'src_ip': 'test_value_7', - 'src_mac': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_endpoint_control_client.fortios_endpoint_control(input_data, fos_instance) - - expected_data = { - 'ad-groups': 'test_value_3', - 'ftcl-uid': 'test_value_4', - 'id': '5', - 'info': 'test_value_6', - 'src-ip': 'test_value_7', - 'src-mac': 'test_value_8' - } - - set_method_mock.assert_called_with('endpoint-control', 'client', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_endpoint_control_client_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'endpoint_control_client': { - 'random_attribute_not_valid': 'tag', - 'ad_groups': 'test_value_3', - 'ftcl_uid': 'test_value_4', - 'id': '5', - 'info': 'test_value_6', - 'src_ip': 'test_value_7', - 'src_mac': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_endpoint_control_client.fortios_endpoint_control(input_data, fos_instance) - - expected_data = { - 'ad-groups': 'test_value_3', - 'ftcl-uid': 'test_value_4', - 'id': '5', - 'info': 'test_value_6', - 'src-ip': 'test_value_7', - 'src-mac': 'test_value_8' - } - - set_method_mock.assert_called_with('endpoint-control', 'client', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_endpoint_control_forticlient_ems.py b/test/units/modules/network/fortios/test_fortios_endpoint_control_forticlient_ems.py deleted file mode 100644 index 2328910decb..00000000000 --- a/test/units/modules/network/fortios/test_fortios_endpoint_control_forticlient_ems.py +++ /dev/null @@ -1,289 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_endpoint_control_forticlient_ems -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_endpoint_control_forticlient_ems.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_endpoint_control_forticlient_ems_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'endpoint_control_forticlient_ems': { - 'address': 'test_value_3', - 'admin_password': 'test_value_4', - 'admin_type': 'Windows', - 'admin_username': 'test_value_6', - 'https_port': '7', - 'listen_port': '8', - 'name': 'default_name_9', - 'rest_api_auth': 'disable', - 'serial_number': 'test_value_11', - 'upload_port': '12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_endpoint_control_forticlient_ems.fortios_endpoint_control(input_data, fos_instance) - - expected_data = { - 'address': 'test_value_3', - 'admin-password': 'test_value_4', - 'admin-type': 'Windows', - 'admin-username': 'test_value_6', - 'https-port': '7', - 'listen-port': '8', - 'name': 'default_name_9', - 'rest-api-auth': 'disable', - 'serial-number': 'test_value_11', - 'upload-port': '12' - } - - set_method_mock.assert_called_with('endpoint-control', 'forticlient-ems', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_endpoint_control_forticlient_ems_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'endpoint_control_forticlient_ems': { - 'address': 'test_value_3', - 'admin_password': 'test_value_4', - 'admin_type': 'Windows', - 'admin_username': 'test_value_6', - 'https_port': '7', - 'listen_port': '8', - 'name': 'default_name_9', - 'rest_api_auth': 'disable', - 'serial_number': 'test_value_11', - 'upload_port': '12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_endpoint_control_forticlient_ems.fortios_endpoint_control(input_data, fos_instance) - - expected_data = { - 'address': 'test_value_3', - 'admin-password': 'test_value_4', - 'admin-type': 'Windows', - 'admin-username': 'test_value_6', - 'https-port': '7', - 'listen-port': '8', - 'name': 'default_name_9', - 'rest-api-auth': 'disable', - 'serial-number': 'test_value_11', - 'upload-port': '12' - } - - set_method_mock.assert_called_with('endpoint-control', 'forticlient-ems', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_endpoint_control_forticlient_ems_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'endpoint_control_forticlient_ems': { - 'address': 'test_value_3', - 'admin_password': 'test_value_4', - 'admin_type': 'Windows', - 'admin_username': 'test_value_6', - 'https_port': '7', - 'listen_port': '8', - 'name': 'default_name_9', - 'rest_api_auth': 'disable', - 'serial_number': 'test_value_11', - 'upload_port': '12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_endpoint_control_forticlient_ems.fortios_endpoint_control(input_data, fos_instance) - - delete_method_mock.assert_called_with('endpoint-control', 'forticlient-ems', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_endpoint_control_forticlient_ems_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'endpoint_control_forticlient_ems': { - 'address': 'test_value_3', - 'admin_password': 'test_value_4', - 'admin_type': 'Windows', - 'admin_username': 'test_value_6', - 'https_port': '7', - 'listen_port': '8', - 'name': 'default_name_9', - 'rest_api_auth': 'disable', - 'serial_number': 'test_value_11', - 'upload_port': '12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_endpoint_control_forticlient_ems.fortios_endpoint_control(input_data, fos_instance) - - delete_method_mock.assert_called_with('endpoint-control', 'forticlient-ems', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_endpoint_control_forticlient_ems_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'endpoint_control_forticlient_ems': { - 'address': 'test_value_3', - 'admin_password': 'test_value_4', - 'admin_type': 'Windows', - 'admin_username': 'test_value_6', - 'https_port': '7', - 'listen_port': '8', - 'name': 'default_name_9', - 'rest_api_auth': 'disable', - 'serial_number': 'test_value_11', - 'upload_port': '12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_endpoint_control_forticlient_ems.fortios_endpoint_control(input_data, fos_instance) - - expected_data = { - 'address': 'test_value_3', - 'admin-password': 'test_value_4', - 'admin-type': 'Windows', - 'admin-username': 'test_value_6', - 'https-port': '7', - 'listen-port': '8', - 'name': 'default_name_9', - 'rest-api-auth': 'disable', - 'serial-number': 'test_value_11', - 'upload-port': '12' - } - - set_method_mock.assert_called_with('endpoint-control', 'forticlient-ems', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_endpoint_control_forticlient_ems_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'endpoint_control_forticlient_ems': { - 'random_attribute_not_valid': 'tag', - 'address': 'test_value_3', - 'admin_password': 'test_value_4', - 'admin_type': 'Windows', - 'admin_username': 'test_value_6', - 'https_port': '7', - 'listen_port': '8', - 'name': 'default_name_9', - 'rest_api_auth': 'disable', - 'serial_number': 'test_value_11', - 'upload_port': '12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_endpoint_control_forticlient_ems.fortios_endpoint_control(input_data, fos_instance) - - expected_data = { - 'address': 'test_value_3', - 'admin-password': 'test_value_4', - 'admin-type': 'Windows', - 'admin-username': 'test_value_6', - 'https-port': '7', - 'listen-port': '8', - 'name': 'default_name_9', - 'rest-api-auth': 'disable', - 'serial-number': 'test_value_11', - 'upload-port': '12' - } - - set_method_mock.assert_called_with('endpoint-control', 'forticlient-ems', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_endpoint_control_forticlient_registration_sync.py b/test/units/modules/network/fortios/test_fortios_endpoint_control_forticlient_registration_sync.py deleted file mode 100644 index 571f8454626..00000000000 --- a/test/units/modules/network/fortios/test_fortios_endpoint_control_forticlient_registration_sync.py +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_endpoint_control_forticlient_registration_sync -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_endpoint_control_forticlient_registration_sync.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_endpoint_control_forticlient_registration_sync_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'endpoint_control_forticlient_registration_sync': { - 'peer_ip': 'test_value_3', - 'peer_name': 'test_value_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_endpoint_control_forticlient_registration_sync.fortios_endpoint_control(input_data, fos_instance) - - expected_data = { - 'peer-ip': 'test_value_3', - 'peer-name': 'test_value_4' - } - - set_method_mock.assert_called_with('endpoint-control', 'forticlient-registration-sync', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_endpoint_control_forticlient_registration_sync_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'endpoint_control_forticlient_registration_sync': { - 'peer_ip': 'test_value_3', - 'peer_name': 'test_value_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_endpoint_control_forticlient_registration_sync.fortios_endpoint_control(input_data, fos_instance) - - expected_data = { - 'peer-ip': 'test_value_3', - 'peer-name': 'test_value_4' - } - - set_method_mock.assert_called_with('endpoint-control', 'forticlient-registration-sync', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_endpoint_control_forticlient_registration_sync_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'endpoint_control_forticlient_registration_sync': { - 'peer_ip': 'test_value_3', - 'peer_name': 'test_value_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_endpoint_control_forticlient_registration_sync.fortios_endpoint_control(input_data, fos_instance) - - delete_method_mock.assert_called_with('endpoint-control', 'forticlient-registration-sync', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_endpoint_control_forticlient_registration_sync_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'endpoint_control_forticlient_registration_sync': { - 'peer_ip': 'test_value_3', - 'peer_name': 'test_value_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_endpoint_control_forticlient_registration_sync.fortios_endpoint_control(input_data, fos_instance) - - delete_method_mock.assert_called_with('endpoint-control', 'forticlient-registration-sync', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_endpoint_control_forticlient_registration_sync_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'endpoint_control_forticlient_registration_sync': { - 'peer_ip': 'test_value_3', - 'peer_name': 'test_value_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_endpoint_control_forticlient_registration_sync.fortios_endpoint_control(input_data, fos_instance) - - expected_data = { - 'peer-ip': 'test_value_3', - 'peer-name': 'test_value_4' - } - - set_method_mock.assert_called_with('endpoint-control', 'forticlient-registration-sync', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_endpoint_control_forticlient_registration_sync_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'endpoint_control_forticlient_registration_sync': { - 'random_attribute_not_valid': 'tag', - 'peer_ip': 'test_value_3', - 'peer_name': 'test_value_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_endpoint_control_forticlient_registration_sync.fortios_endpoint_control(input_data, fos_instance) - - expected_data = { - 'peer-ip': 'test_value_3', - 'peer-name': 'test_value_4' - } - - set_method_mock.assert_called_with('endpoint-control', 'forticlient-registration-sync', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_endpoint_control_profile.py b/test/units/modules/network/fortios/test_fortios_endpoint_control_profile.py deleted file mode 100644 index 2f97cf1c6d6..00000000000 --- a/test/units/modules/network/fortios/test_fortios_endpoint_control_profile.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_endpoint_control_profile -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_endpoint_control_profile.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_endpoint_control_profile_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'endpoint_control_profile': { - 'description': 'test_value_3', - 'profile_name': 'test_value_4', - 'replacemsg_override_group': 'test_value_5', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_endpoint_control_profile.fortios_endpoint_control(input_data, fos_instance) - - expected_data = { - 'description': 'test_value_3', - 'profile-name': 'test_value_4', - 'replacemsg-override-group': 'test_value_5', - - } - - set_method_mock.assert_called_with('endpoint-control', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_endpoint_control_profile_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'endpoint_control_profile': { - 'description': 'test_value_3', - 'profile_name': 'test_value_4', - 'replacemsg_override_group': 'test_value_5', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_endpoint_control_profile.fortios_endpoint_control(input_data, fos_instance) - - expected_data = { - 'description': 'test_value_3', - 'profile-name': 'test_value_4', - 'replacemsg-override-group': 'test_value_5', - - } - - set_method_mock.assert_called_with('endpoint-control', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_endpoint_control_profile_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'endpoint_control_profile': { - 'description': 'test_value_3', - 'profile_name': 'test_value_4', - 'replacemsg_override_group': 'test_value_5', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_endpoint_control_profile.fortios_endpoint_control(input_data, fos_instance) - - delete_method_mock.assert_called_with('endpoint-control', 'profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_endpoint_control_profile_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'endpoint_control_profile': { - 'description': 'test_value_3', - 'profile_name': 'test_value_4', - 'replacemsg_override_group': 'test_value_5', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_endpoint_control_profile.fortios_endpoint_control(input_data, fos_instance) - - delete_method_mock.assert_called_with('endpoint-control', 'profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_endpoint_control_profile_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'endpoint_control_profile': { - 'description': 'test_value_3', - 'profile_name': 'test_value_4', - 'replacemsg_override_group': 'test_value_5', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_endpoint_control_profile.fortios_endpoint_control(input_data, fos_instance) - - expected_data = { - 'description': 'test_value_3', - 'profile-name': 'test_value_4', - 'replacemsg-override-group': 'test_value_5', - - } - - set_method_mock.assert_called_with('endpoint-control', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_endpoint_control_profile_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'endpoint_control_profile': { - 'random_attribute_not_valid': 'tag', - 'description': 'test_value_3', - 'profile_name': 'test_value_4', - 'replacemsg_override_group': 'test_value_5', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_endpoint_control_profile.fortios_endpoint_control(input_data, fos_instance) - - expected_data = { - 'description': 'test_value_3', - 'profile-name': 'test_value_4', - 'replacemsg-override-group': 'test_value_5', - - } - - set_method_mock.assert_called_with('endpoint-control', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_endpoint_control_settings.py b/test/units/modules/network/fortios/test_fortios_endpoint_control_settings.py deleted file mode 100644 index a8289860d84..00000000000 --- a/test/units/modules/network/fortios/test_fortios_endpoint_control_settings.py +++ /dev/null @@ -1,255 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_endpoint_control_settings -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_endpoint_control_settings.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_endpoint_control_settings_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'endpoint_control_settings': { - 'download_custom_link': 'test_value_3', - 'download_location': 'fortiguard', - 'forticlient_avdb_update_interval': '5', - 'forticlient_dereg_unsupported_client': 'enable', - 'forticlient_ems_rest_api_call_timeout': '7', - 'forticlient_keepalive_interval': '8', - 'forticlient_offline_grace': 'enable', - 'forticlient_offline_grace_interval': '10', - 'forticlient_reg_key': 'test_value_11', - 'forticlient_reg_key_enforce': 'enable', - 'forticlient_reg_timeout': '13', - 'forticlient_sys_update_interval': '14', - 'forticlient_user_avatar': 'enable', - 'forticlient_warning_interval': '16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_endpoint_control_settings.fortios_endpoint_control(input_data, fos_instance) - - expected_data = { - 'download-custom-link': 'test_value_3', - 'download-location': 'fortiguard', - 'forticlient-avdb-update-interval': '5', - 'forticlient-dereg-unsupported-client': 'enable', - 'forticlient-ems-rest-api-call-timeout': '7', - 'forticlient-keepalive-interval': '8', - 'forticlient-offline-grace': 'enable', - 'forticlient-offline-grace-interval': '10', - 'forticlient-reg-key': 'test_value_11', - 'forticlient-reg-key-enforce': 'enable', - 'forticlient-reg-timeout': '13', - 'forticlient-sys-update-interval': '14', - 'forticlient-user-avatar': 'enable', - 'forticlient-warning-interval': '16' - } - - set_method_mock.assert_called_with('endpoint-control', 'settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_endpoint_control_settings_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'endpoint_control_settings': { - 'download_custom_link': 'test_value_3', - 'download_location': 'fortiguard', - 'forticlient_avdb_update_interval': '5', - 'forticlient_dereg_unsupported_client': 'enable', - 'forticlient_ems_rest_api_call_timeout': '7', - 'forticlient_keepalive_interval': '8', - 'forticlient_offline_grace': 'enable', - 'forticlient_offline_grace_interval': '10', - 'forticlient_reg_key': 'test_value_11', - 'forticlient_reg_key_enforce': 'enable', - 'forticlient_reg_timeout': '13', - 'forticlient_sys_update_interval': '14', - 'forticlient_user_avatar': 'enable', - 'forticlient_warning_interval': '16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_endpoint_control_settings.fortios_endpoint_control(input_data, fos_instance) - - expected_data = { - 'download-custom-link': 'test_value_3', - 'download-location': 'fortiguard', - 'forticlient-avdb-update-interval': '5', - 'forticlient-dereg-unsupported-client': 'enable', - 'forticlient-ems-rest-api-call-timeout': '7', - 'forticlient-keepalive-interval': '8', - 'forticlient-offline-grace': 'enable', - 'forticlient-offline-grace-interval': '10', - 'forticlient-reg-key': 'test_value_11', - 'forticlient-reg-key-enforce': 'enable', - 'forticlient-reg-timeout': '13', - 'forticlient-sys-update-interval': '14', - 'forticlient-user-avatar': 'enable', - 'forticlient-warning-interval': '16' - } - - set_method_mock.assert_called_with('endpoint-control', 'settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_endpoint_control_settings_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'endpoint_control_settings': { - 'download_custom_link': 'test_value_3', - 'download_location': 'fortiguard', - 'forticlient_avdb_update_interval': '5', - 'forticlient_dereg_unsupported_client': 'enable', - 'forticlient_ems_rest_api_call_timeout': '7', - 'forticlient_keepalive_interval': '8', - 'forticlient_offline_grace': 'enable', - 'forticlient_offline_grace_interval': '10', - 'forticlient_reg_key': 'test_value_11', - 'forticlient_reg_key_enforce': 'enable', - 'forticlient_reg_timeout': '13', - 'forticlient_sys_update_interval': '14', - 'forticlient_user_avatar': 'enable', - 'forticlient_warning_interval': '16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_endpoint_control_settings.fortios_endpoint_control(input_data, fos_instance) - - expected_data = { - 'download-custom-link': 'test_value_3', - 'download-location': 'fortiguard', - 'forticlient-avdb-update-interval': '5', - 'forticlient-dereg-unsupported-client': 'enable', - 'forticlient-ems-rest-api-call-timeout': '7', - 'forticlient-keepalive-interval': '8', - 'forticlient-offline-grace': 'enable', - 'forticlient-offline-grace-interval': '10', - 'forticlient-reg-key': 'test_value_11', - 'forticlient-reg-key-enforce': 'enable', - 'forticlient-reg-timeout': '13', - 'forticlient-sys-update-interval': '14', - 'forticlient-user-avatar': 'enable', - 'forticlient-warning-interval': '16' - } - - set_method_mock.assert_called_with('endpoint-control', 'settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_endpoint_control_settings_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'endpoint_control_settings': { - 'random_attribute_not_valid': 'tag', - 'download_custom_link': 'test_value_3', - 'download_location': 'fortiguard', - 'forticlient_avdb_update_interval': '5', - 'forticlient_dereg_unsupported_client': 'enable', - 'forticlient_ems_rest_api_call_timeout': '7', - 'forticlient_keepalive_interval': '8', - 'forticlient_offline_grace': 'enable', - 'forticlient_offline_grace_interval': '10', - 'forticlient_reg_key': 'test_value_11', - 'forticlient_reg_key_enforce': 'enable', - 'forticlient_reg_timeout': '13', - 'forticlient_sys_update_interval': '14', - 'forticlient_user_avatar': 'enable', - 'forticlient_warning_interval': '16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_endpoint_control_settings.fortios_endpoint_control(input_data, fos_instance) - - expected_data = { - 'download-custom-link': 'test_value_3', - 'download-location': 'fortiguard', - 'forticlient-avdb-update-interval': '5', - 'forticlient-dereg-unsupported-client': 'enable', - 'forticlient-ems-rest-api-call-timeout': '7', - 'forticlient-keepalive-interval': '8', - 'forticlient-offline-grace': 'enable', - 'forticlient-offline-grace-interval': '10', - 'forticlient-reg-key': 'test_value_11', - 'forticlient-reg-key-enforce': 'enable', - 'forticlient-reg-timeout': '13', - 'forticlient-sys-update-interval': '14', - 'forticlient-user-avatar': 'enable', - 'forticlient-warning-interval': '16' - } - - set_method_mock.assert_called_with('endpoint-control', 'settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_extender_controller_extender.py b/test/units/modules/network/fortios/test_fortios_extender_controller_extender.py deleted file mode 100644 index 7d3bd9e108c..00000000000 --- a/test/units/modules/network/fortios/test_fortios_extender_controller_extender.py +++ /dev/null @@ -1,559 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_extender_controller_extender -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_extender_controller_extender.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_extender_controller_extender_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'extender_controller_extender': { - 'aaa_shared_secret': 'test_value_3', - 'access_point_name': 'test_value_4', - 'admin': 'disable', - 'at_dial_script': 'test_value_6', - 'billing_start_day': '7', - 'cdma_aaa_spi': 'test_value_8', - 'cdma_ha_spi': 'test_value_9', - 'cdma_nai': 'test_value_10', - 'conn_status': '11', - 'description': 'test_value_12', - 'dial_mode': 'dial-on-demand', - 'dial_status': '14', - 'ext_name': 'test_value_15', - 'ha_shared_secret': 'test_value_16', - 'id': '17', - 'ifname': 'test_value_18', - 'initiated_update': 'enable', - 'mode': 'standalone', - 'modem_passwd': 'test_value_21', - 'modem_type': 'cdma', - 'multi_mode': 'auto', - 'ppp_auth_protocol': 'auto', - 'ppp_echo_request': 'enable', - 'ppp_password': 'test_value_26', - 'ppp_username': 'test_value_27', - 'primary_ha': 'test_value_28', - 'quota_limit_mb': '29', - 'redial': 'none', - 'redundant_intf': 'test_value_31', - 'roaming': 'enable', - 'role': 'none', - 'secondary_ha': 'test_value_34', - 'sim_pin': 'test_value_35', - 'vdom': '36', - 'wimax_auth_protocol': 'tls', - 'wimax_carrier': 'test_value_38', - 'wimax_realm': 'test_value_39' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_extender_controller_extender.fortios_extender_controller(input_data, fos_instance) - - expected_data = { - 'aaa-shared-secret': 'test_value_3', - 'access-point-name': 'test_value_4', - 'admin': 'disable', - 'at-dial-script': 'test_value_6', - 'billing-start-day': '7', - 'cdma-aaa-spi': 'test_value_8', - 'cdma-ha-spi': 'test_value_9', - 'cdma-nai': 'test_value_10', - 'conn-status': '11', - 'description': 'test_value_12', - 'dial-mode': 'dial-on-demand', - 'dial-status': '14', - 'ext-name': 'test_value_15', - 'ha-shared-secret': 'test_value_16', - 'id': '17', - 'ifname': 'test_value_18', - 'initiated-update': 'enable', - 'mode': 'standalone', - 'modem-passwd': 'test_value_21', - 'modem-type': 'cdma', - 'multi-mode': 'auto', - 'ppp-auth-protocol': 'auto', - 'ppp-echo-request': 'enable', - 'ppp-password': 'test_value_26', - 'ppp-username': 'test_value_27', - 'primary-ha': 'test_value_28', - 'quota-limit-mb': '29', - 'redial': 'none', - 'redundant-intf': 'test_value_31', - 'roaming': 'enable', - 'role': 'none', - 'secondary-ha': 'test_value_34', - 'sim-pin': 'test_value_35', - 'vdom': '36', - 'wimax-auth-protocol': 'tls', - 'wimax-carrier': 'test_value_38', - 'wimax-realm': 'test_value_39' - } - - set_method_mock.assert_called_with('extender-controller', 'extender', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_extender_controller_extender_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'extender_controller_extender': { - 'aaa_shared_secret': 'test_value_3', - 'access_point_name': 'test_value_4', - 'admin': 'disable', - 'at_dial_script': 'test_value_6', - 'billing_start_day': '7', - 'cdma_aaa_spi': 'test_value_8', - 'cdma_ha_spi': 'test_value_9', - 'cdma_nai': 'test_value_10', - 'conn_status': '11', - 'description': 'test_value_12', - 'dial_mode': 'dial-on-demand', - 'dial_status': '14', - 'ext_name': 'test_value_15', - 'ha_shared_secret': 'test_value_16', - 'id': '17', - 'ifname': 'test_value_18', - 'initiated_update': 'enable', - 'mode': 'standalone', - 'modem_passwd': 'test_value_21', - 'modem_type': 'cdma', - 'multi_mode': 'auto', - 'ppp_auth_protocol': 'auto', - 'ppp_echo_request': 'enable', - 'ppp_password': 'test_value_26', - 'ppp_username': 'test_value_27', - 'primary_ha': 'test_value_28', - 'quota_limit_mb': '29', - 'redial': 'none', - 'redundant_intf': 'test_value_31', - 'roaming': 'enable', - 'role': 'none', - 'secondary_ha': 'test_value_34', - 'sim_pin': 'test_value_35', - 'vdom': '36', - 'wimax_auth_protocol': 'tls', - 'wimax_carrier': 'test_value_38', - 'wimax_realm': 'test_value_39' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_extender_controller_extender.fortios_extender_controller(input_data, fos_instance) - - expected_data = { - 'aaa-shared-secret': 'test_value_3', - 'access-point-name': 'test_value_4', - 'admin': 'disable', - 'at-dial-script': 'test_value_6', - 'billing-start-day': '7', - 'cdma-aaa-spi': 'test_value_8', - 'cdma-ha-spi': 'test_value_9', - 'cdma-nai': 'test_value_10', - 'conn-status': '11', - 'description': 'test_value_12', - 'dial-mode': 'dial-on-demand', - 'dial-status': '14', - 'ext-name': 'test_value_15', - 'ha-shared-secret': 'test_value_16', - 'id': '17', - 'ifname': 'test_value_18', - 'initiated-update': 'enable', - 'mode': 'standalone', - 'modem-passwd': 'test_value_21', - 'modem-type': 'cdma', - 'multi-mode': 'auto', - 'ppp-auth-protocol': 'auto', - 'ppp-echo-request': 'enable', - 'ppp-password': 'test_value_26', - 'ppp-username': 'test_value_27', - 'primary-ha': 'test_value_28', - 'quota-limit-mb': '29', - 'redial': 'none', - 'redundant-intf': 'test_value_31', - 'roaming': 'enable', - 'role': 'none', - 'secondary-ha': 'test_value_34', - 'sim-pin': 'test_value_35', - 'vdom': '36', - 'wimax-auth-protocol': 'tls', - 'wimax-carrier': 'test_value_38', - 'wimax-realm': 'test_value_39' - } - - set_method_mock.assert_called_with('extender-controller', 'extender', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_extender_controller_extender_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'extender_controller_extender': { - 'aaa_shared_secret': 'test_value_3', - 'access_point_name': 'test_value_4', - 'admin': 'disable', - 'at_dial_script': 'test_value_6', - 'billing_start_day': '7', - 'cdma_aaa_spi': 'test_value_8', - 'cdma_ha_spi': 'test_value_9', - 'cdma_nai': 'test_value_10', - 'conn_status': '11', - 'description': 'test_value_12', - 'dial_mode': 'dial-on-demand', - 'dial_status': '14', - 'ext_name': 'test_value_15', - 'ha_shared_secret': 'test_value_16', - 'id': '17', - 'ifname': 'test_value_18', - 'initiated_update': 'enable', - 'mode': 'standalone', - 'modem_passwd': 'test_value_21', - 'modem_type': 'cdma', - 'multi_mode': 'auto', - 'ppp_auth_protocol': 'auto', - 'ppp_echo_request': 'enable', - 'ppp_password': 'test_value_26', - 'ppp_username': 'test_value_27', - 'primary_ha': 'test_value_28', - 'quota_limit_mb': '29', - 'redial': 'none', - 'redundant_intf': 'test_value_31', - 'roaming': 'enable', - 'role': 'none', - 'secondary_ha': 'test_value_34', - 'sim_pin': 'test_value_35', - 'vdom': '36', - 'wimax_auth_protocol': 'tls', - 'wimax_carrier': 'test_value_38', - 'wimax_realm': 'test_value_39' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_extender_controller_extender.fortios_extender_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('extender-controller', 'extender', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_extender_controller_extender_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'extender_controller_extender': { - 'aaa_shared_secret': 'test_value_3', - 'access_point_name': 'test_value_4', - 'admin': 'disable', - 'at_dial_script': 'test_value_6', - 'billing_start_day': '7', - 'cdma_aaa_spi': 'test_value_8', - 'cdma_ha_spi': 'test_value_9', - 'cdma_nai': 'test_value_10', - 'conn_status': '11', - 'description': 'test_value_12', - 'dial_mode': 'dial-on-demand', - 'dial_status': '14', - 'ext_name': 'test_value_15', - 'ha_shared_secret': 'test_value_16', - 'id': '17', - 'ifname': 'test_value_18', - 'initiated_update': 'enable', - 'mode': 'standalone', - 'modem_passwd': 'test_value_21', - 'modem_type': 'cdma', - 'multi_mode': 'auto', - 'ppp_auth_protocol': 'auto', - 'ppp_echo_request': 'enable', - 'ppp_password': 'test_value_26', - 'ppp_username': 'test_value_27', - 'primary_ha': 'test_value_28', - 'quota_limit_mb': '29', - 'redial': 'none', - 'redundant_intf': 'test_value_31', - 'roaming': 'enable', - 'role': 'none', - 'secondary_ha': 'test_value_34', - 'sim_pin': 'test_value_35', - 'vdom': '36', - 'wimax_auth_protocol': 'tls', - 'wimax_carrier': 'test_value_38', - 'wimax_realm': 'test_value_39' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_extender_controller_extender.fortios_extender_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('extender-controller', 'extender', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_extender_controller_extender_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'extender_controller_extender': { - 'aaa_shared_secret': 'test_value_3', - 'access_point_name': 'test_value_4', - 'admin': 'disable', - 'at_dial_script': 'test_value_6', - 'billing_start_day': '7', - 'cdma_aaa_spi': 'test_value_8', - 'cdma_ha_spi': 'test_value_9', - 'cdma_nai': 'test_value_10', - 'conn_status': '11', - 'description': 'test_value_12', - 'dial_mode': 'dial-on-demand', - 'dial_status': '14', - 'ext_name': 'test_value_15', - 'ha_shared_secret': 'test_value_16', - 'id': '17', - 'ifname': 'test_value_18', - 'initiated_update': 'enable', - 'mode': 'standalone', - 'modem_passwd': 'test_value_21', - 'modem_type': 'cdma', - 'multi_mode': 'auto', - 'ppp_auth_protocol': 'auto', - 'ppp_echo_request': 'enable', - 'ppp_password': 'test_value_26', - 'ppp_username': 'test_value_27', - 'primary_ha': 'test_value_28', - 'quota_limit_mb': '29', - 'redial': 'none', - 'redundant_intf': 'test_value_31', - 'roaming': 'enable', - 'role': 'none', - 'secondary_ha': 'test_value_34', - 'sim_pin': 'test_value_35', - 'vdom': '36', - 'wimax_auth_protocol': 'tls', - 'wimax_carrier': 'test_value_38', - 'wimax_realm': 'test_value_39' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_extender_controller_extender.fortios_extender_controller(input_data, fos_instance) - - expected_data = { - 'aaa-shared-secret': 'test_value_3', - 'access-point-name': 'test_value_4', - 'admin': 'disable', - 'at-dial-script': 'test_value_6', - 'billing-start-day': '7', - 'cdma-aaa-spi': 'test_value_8', - 'cdma-ha-spi': 'test_value_9', - 'cdma-nai': 'test_value_10', - 'conn-status': '11', - 'description': 'test_value_12', - 'dial-mode': 'dial-on-demand', - 'dial-status': '14', - 'ext-name': 'test_value_15', - 'ha-shared-secret': 'test_value_16', - 'id': '17', - 'ifname': 'test_value_18', - 'initiated-update': 'enable', - 'mode': 'standalone', - 'modem-passwd': 'test_value_21', - 'modem-type': 'cdma', - 'multi-mode': 'auto', - 'ppp-auth-protocol': 'auto', - 'ppp-echo-request': 'enable', - 'ppp-password': 'test_value_26', - 'ppp-username': 'test_value_27', - 'primary-ha': 'test_value_28', - 'quota-limit-mb': '29', - 'redial': 'none', - 'redundant-intf': 'test_value_31', - 'roaming': 'enable', - 'role': 'none', - 'secondary-ha': 'test_value_34', - 'sim-pin': 'test_value_35', - 'vdom': '36', - 'wimax-auth-protocol': 'tls', - 'wimax-carrier': 'test_value_38', - 'wimax-realm': 'test_value_39' - } - - set_method_mock.assert_called_with('extender-controller', 'extender', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_extender_controller_extender_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'extender_controller_extender': { - 'random_attribute_not_valid': 'tag', - 'aaa_shared_secret': 'test_value_3', - 'access_point_name': 'test_value_4', - 'admin': 'disable', - 'at_dial_script': 'test_value_6', - 'billing_start_day': '7', - 'cdma_aaa_spi': 'test_value_8', - 'cdma_ha_spi': 'test_value_9', - 'cdma_nai': 'test_value_10', - 'conn_status': '11', - 'description': 'test_value_12', - 'dial_mode': 'dial-on-demand', - 'dial_status': '14', - 'ext_name': 'test_value_15', - 'ha_shared_secret': 'test_value_16', - 'id': '17', - 'ifname': 'test_value_18', - 'initiated_update': 'enable', - 'mode': 'standalone', - 'modem_passwd': 'test_value_21', - 'modem_type': 'cdma', - 'multi_mode': 'auto', - 'ppp_auth_protocol': 'auto', - 'ppp_echo_request': 'enable', - 'ppp_password': 'test_value_26', - 'ppp_username': 'test_value_27', - 'primary_ha': 'test_value_28', - 'quota_limit_mb': '29', - 'redial': 'none', - 'redundant_intf': 'test_value_31', - 'roaming': 'enable', - 'role': 'none', - 'secondary_ha': 'test_value_34', - 'sim_pin': 'test_value_35', - 'vdom': '36', - 'wimax_auth_protocol': 'tls', - 'wimax_carrier': 'test_value_38', - 'wimax_realm': 'test_value_39' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_extender_controller_extender.fortios_extender_controller(input_data, fos_instance) - - expected_data = { - 'aaa-shared-secret': 'test_value_3', - 'access-point-name': 'test_value_4', - 'admin': 'disable', - 'at-dial-script': 'test_value_6', - 'billing-start-day': '7', - 'cdma-aaa-spi': 'test_value_8', - 'cdma-ha-spi': 'test_value_9', - 'cdma-nai': 'test_value_10', - 'conn-status': '11', - 'description': 'test_value_12', - 'dial-mode': 'dial-on-demand', - 'dial-status': '14', - 'ext-name': 'test_value_15', - 'ha-shared-secret': 'test_value_16', - 'id': '17', - 'ifname': 'test_value_18', - 'initiated-update': 'enable', - 'mode': 'standalone', - 'modem-passwd': 'test_value_21', - 'modem-type': 'cdma', - 'multi-mode': 'auto', - 'ppp-auth-protocol': 'auto', - 'ppp-echo-request': 'enable', - 'ppp-password': 'test_value_26', - 'ppp-username': 'test_value_27', - 'primary-ha': 'test_value_28', - 'quota-limit-mb': '29', - 'redial': 'none', - 'redundant-intf': 'test_value_31', - 'roaming': 'enable', - 'role': 'none', - 'secondary-ha': 'test_value_34', - 'sim-pin': 'test_value_35', - 'vdom': '36', - 'wimax-auth-protocol': 'tls', - 'wimax-carrier': 'test_value_38', - 'wimax-realm': 'test_value_39' - } - - set_method_mock.assert_called_with('extender-controller', 'extender', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_facts.py b/test/units/modules/network/fortios/test_fortios_facts.py deleted file mode 100644 index 8b9a4145d72..00000000000 --- a/test/units/modules/network/fortios/test_fortios_facts.py +++ /dev/null @@ -1,103 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from units.modules.utils import exit_json, fail_json -from units.compat import unittest -from units.compat.mock import patch -from ansible.module_utils import basic -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.module_utils.network.fortios.facts.facts import Facts - from ansible.modules.network.fortios import fortios_facts -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_facts.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_facts_get(mocker): - monitor_method_result = {'status': 'success', 'http_method': 'GET', 'http_status': 200} - monitor_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.monitor', return_value=monitor_method_result) - mock_module = patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) - mock_module._connection = connection_mock - - # test case 01, args with single gather_subset - args = { - 'vdom': 'root', - 'gather_subset': [ - {'fact': 'system_status_select'}, - ] - } - mock_module.params = args - - response, ignore = Facts(mock_module, fos_instance).get_facts() - - monitor_method_mock.assert_called_with('system', 'status/select', vdom='root') - assert response['ansible_network_resources']['system_status_select']['status'] == 'success' - assert response['ansible_network_resources']['system_status_select']['http_status'] == 200 - - # test case 02, args with single gather_subset with filters - args = { - 'vdom': 'root', - 'gather_subset': [ - {'fact': 'system_interface_select', 'filters': [{'include_vlan': 'true'}, {'interface_name': 'port3'}]}, - ] - } - - mock_module.params = args - - response, ignore = Facts(mock_module, fos_instance).get_facts() - - monitor_method_mock.assert_called_with('system', 'interface/select?vdom=root&include_vlan=true&interface_name=port3', vdom=None) - assert response['ansible_network_resources']['system_interface_select']['status'] == 'success' - assert response['ansible_network_resources']['system_interface_select']['http_status'] == 200 - - # test case 03, args with multiple gather_subset - args = { - 'vdom': 'root', - 'gather_subset': [ - {'fact': 'system_current-admins_select'}, - {'fact': 'system_firmware_select'}, - {'fact': 'system_fortimanager_status'}, - {'fact': 'system_ha-checksums_select'}, - ] - } - - mock_module.params = args - - response, ignore = Facts(mock_module, fos_instance).get_facts() - - monitor_method_mock.assert_any_call('system', 'current-admins/select', vdom='root') - monitor_method_mock.assert_any_call('system', 'firmware/select', vdom='root') - monitor_method_mock.assert_any_call('system', 'fortimanager/status', vdom='root') - monitor_method_mock.assert_any_call('system', 'ha-checksums/select', vdom='root') - assert response['ansible_network_resources']['system_ha-checksums_select']['status'] == 'success' - assert response['ansible_network_resources']['system_ha-checksums_select']['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_DoS_policy.py b/test/units/modules/network/fortios/test_fortios_firewall_DoS_policy.py deleted file mode 100644 index 428843a453a..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_DoS_policy.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_DoS_policy -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_DoS_policy.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_DoS_policy_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_DoS_policy': {'comments': 'test_value_3', - 'interface': 'test_value_4', - 'policyid': '5', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_DoS_policy.fortios_firewall(input_data, fos_instance) - - expected_data = {'comments': 'test_value_3', - 'interface': 'test_value_4', - 'policyid': '5', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'DoS-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_DoS_policy_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_DoS_policy': {'comments': 'test_value_3', - 'interface': 'test_value_4', - 'policyid': '5', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_DoS_policy.fortios_firewall(input_data, fos_instance) - - expected_data = {'comments': 'test_value_3', - 'interface': 'test_value_4', - 'policyid': '5', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'DoS-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_DoS_policy_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_DoS_policy': {'comments': 'test_value_3', - 'interface': 'test_value_4', - 'policyid': '5', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_DoS_policy.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'DoS-policy', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_DoS_policy_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_DoS_policy': {'comments': 'test_value_3', - 'interface': 'test_value_4', - 'policyid': '5', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_DoS_policy.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'DoS-policy', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_DoS_policy_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_DoS_policy': {'comments': 'test_value_3', - 'interface': 'test_value_4', - 'policyid': '5', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_DoS_policy.fortios_firewall(input_data, fos_instance) - - expected_data = {'comments': 'test_value_3', - 'interface': 'test_value_4', - 'policyid': '5', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'DoS-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_DoS_policy_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_DoS_policy': { - 'random_attribute_not_valid': 'tag', 'comments': 'test_value_3', - 'interface': 'test_value_4', - 'policyid': '5', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_DoS_policy.fortios_firewall(input_data, fos_instance) - - expected_data = {'comments': 'test_value_3', - 'interface': 'test_value_4', - 'policyid': '5', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'DoS-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_DoS_policy6.py b/test/units/modules/network/fortios/test_fortios_firewall_DoS_policy6.py deleted file mode 100644 index 02c87150b15..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_DoS_policy6.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_DoS_policy6 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_DoS_policy6.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_DoS_policy6_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_DoS_policy6': {'comments': 'test_value_3', - 'interface': 'test_value_4', - 'policyid': '5', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_DoS_policy6.fortios_firewall(input_data, fos_instance) - - expected_data = {'comments': 'test_value_3', - 'interface': 'test_value_4', - 'policyid': '5', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'DoS-policy6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_DoS_policy6_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_DoS_policy6': {'comments': 'test_value_3', - 'interface': 'test_value_4', - 'policyid': '5', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_DoS_policy6.fortios_firewall(input_data, fos_instance) - - expected_data = {'comments': 'test_value_3', - 'interface': 'test_value_4', - 'policyid': '5', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'DoS-policy6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_DoS_policy6_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_DoS_policy6': {'comments': 'test_value_3', - 'interface': 'test_value_4', - 'policyid': '5', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_DoS_policy6.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'DoS-policy6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_DoS_policy6_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_DoS_policy6': {'comments': 'test_value_3', - 'interface': 'test_value_4', - 'policyid': '5', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_DoS_policy6.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'DoS-policy6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_DoS_policy6_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_DoS_policy6': {'comments': 'test_value_3', - 'interface': 'test_value_4', - 'policyid': '5', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_DoS_policy6.fortios_firewall(input_data, fos_instance) - - expected_data = {'comments': 'test_value_3', - 'interface': 'test_value_4', - 'policyid': '5', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'DoS-policy6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_DoS_policy6_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_DoS_policy6': { - 'random_attribute_not_valid': 'tag', 'comments': 'test_value_3', - 'interface': 'test_value_4', - 'policyid': '5', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_DoS_policy6.fortios_firewall(input_data, fos_instance) - - expected_data = {'comments': 'test_value_3', - 'interface': 'test_value_4', - 'policyid': '5', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'DoS-policy6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_address.py b/test/units/modules/network/fortios/test_fortios_firewall_address.py deleted file mode 100644 index ca164d8c119..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_address.py +++ /dev/null @@ -1,439 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_address -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_address.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_address_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_address': { - 'allow_routing': 'enable', - 'associated_interface': 'test_value_4', - 'cache_ttl': '5', - 'color': '6', - 'comment': 'Comment.', - 'country': 'test_value_8', - 'end_ip': 'test_value_9', - 'epg_name': 'test_value_10', - 'filter': 'test_value_11', - 'fqdn': 'test_value_12', - 'name': 'default_name_13', - 'obj_id': 'test_value_14', - 'organization': 'test_value_15', - 'policy_group': 'test_value_16', - 'sdn': 'aci', - 'sdn_tag': 'test_value_18', - 'start_ip': 'test_value_19', - 'subnet': 'test_value_20', - 'subnet_name': 'test_value_21', - 'tenant': 'test_value_22', - 'type': 'ipmask', - 'uuid': 'test_value_24', - 'visibility': 'enable', - 'wildcard': 'test_value_26', - 'wildcard_fqdn': 'test_value_27' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_address.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'allow-routing': 'enable', - 'associated-interface': 'test_value_4', - 'cache-ttl': '5', - 'color': '6', - 'comment': 'Comment.', - 'country': 'test_value_8', - 'end-ip': 'test_value_9', - 'epg-name': 'test_value_10', - 'filter': 'test_value_11', - 'fqdn': 'test_value_12', - 'name': 'default_name_13', - 'obj-id': 'test_value_14', - 'organization': 'test_value_15', - 'policy-group': 'test_value_16', - 'sdn': 'aci', - 'sdn-tag': 'test_value_18', - 'start-ip': 'test_value_19', - 'subnet': 'test_value_20', - 'subnet-name': 'test_value_21', - 'tenant': 'test_value_22', - 'type': 'ipmask', - 'uuid': 'test_value_24', - 'visibility': 'enable', - 'wildcard': 'test_value_26', - 'wildcard-fqdn': 'test_value_27' - } - - set_method_mock.assert_called_with('firewall', 'address', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_address_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_address': { - 'allow_routing': 'enable', - 'associated_interface': 'test_value_4', - 'cache_ttl': '5', - 'color': '6', - 'comment': 'Comment.', - 'country': 'test_value_8', - 'end_ip': 'test_value_9', - 'epg_name': 'test_value_10', - 'filter': 'test_value_11', - 'fqdn': 'test_value_12', - 'name': 'default_name_13', - 'obj_id': 'test_value_14', - 'organization': 'test_value_15', - 'policy_group': 'test_value_16', - 'sdn': 'aci', - 'sdn_tag': 'test_value_18', - 'start_ip': 'test_value_19', - 'subnet': 'test_value_20', - 'subnet_name': 'test_value_21', - 'tenant': 'test_value_22', - 'type': 'ipmask', - 'uuid': 'test_value_24', - 'visibility': 'enable', - 'wildcard': 'test_value_26', - 'wildcard_fqdn': 'test_value_27' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_address.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'allow-routing': 'enable', - 'associated-interface': 'test_value_4', - 'cache-ttl': '5', - 'color': '6', - 'comment': 'Comment.', - 'country': 'test_value_8', - 'end-ip': 'test_value_9', - 'epg-name': 'test_value_10', - 'filter': 'test_value_11', - 'fqdn': 'test_value_12', - 'name': 'default_name_13', - 'obj-id': 'test_value_14', - 'organization': 'test_value_15', - 'policy-group': 'test_value_16', - 'sdn': 'aci', - 'sdn-tag': 'test_value_18', - 'start-ip': 'test_value_19', - 'subnet': 'test_value_20', - 'subnet-name': 'test_value_21', - 'tenant': 'test_value_22', - 'type': 'ipmask', - 'uuid': 'test_value_24', - 'visibility': 'enable', - 'wildcard': 'test_value_26', - 'wildcard-fqdn': 'test_value_27' - } - - set_method_mock.assert_called_with('firewall', 'address', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_address_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_address': { - 'allow_routing': 'enable', - 'associated_interface': 'test_value_4', - 'cache_ttl': '5', - 'color': '6', - 'comment': 'Comment.', - 'country': 'test_value_8', - 'end_ip': 'test_value_9', - 'epg_name': 'test_value_10', - 'filter': 'test_value_11', - 'fqdn': 'test_value_12', - 'name': 'default_name_13', - 'obj_id': 'test_value_14', - 'organization': 'test_value_15', - 'policy_group': 'test_value_16', - 'sdn': 'aci', - 'sdn_tag': 'test_value_18', - 'start_ip': 'test_value_19', - 'subnet': 'test_value_20', - 'subnet_name': 'test_value_21', - 'tenant': 'test_value_22', - 'type': 'ipmask', - 'uuid': 'test_value_24', - 'visibility': 'enable', - 'wildcard': 'test_value_26', - 'wildcard_fqdn': 'test_value_27' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_address.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'address', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_address_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_address': { - 'allow_routing': 'enable', - 'associated_interface': 'test_value_4', - 'cache_ttl': '5', - 'color': '6', - 'comment': 'Comment.', - 'country': 'test_value_8', - 'end_ip': 'test_value_9', - 'epg_name': 'test_value_10', - 'filter': 'test_value_11', - 'fqdn': 'test_value_12', - 'name': 'default_name_13', - 'obj_id': 'test_value_14', - 'organization': 'test_value_15', - 'policy_group': 'test_value_16', - 'sdn': 'aci', - 'sdn_tag': 'test_value_18', - 'start_ip': 'test_value_19', - 'subnet': 'test_value_20', - 'subnet_name': 'test_value_21', - 'tenant': 'test_value_22', - 'type': 'ipmask', - 'uuid': 'test_value_24', - 'visibility': 'enable', - 'wildcard': 'test_value_26', - 'wildcard_fqdn': 'test_value_27' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_address.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'address', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_address_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_address': { - 'allow_routing': 'enable', - 'associated_interface': 'test_value_4', - 'cache_ttl': '5', - 'color': '6', - 'comment': 'Comment.', - 'country': 'test_value_8', - 'end_ip': 'test_value_9', - 'epg_name': 'test_value_10', - 'filter': 'test_value_11', - 'fqdn': 'test_value_12', - 'name': 'default_name_13', - 'obj_id': 'test_value_14', - 'organization': 'test_value_15', - 'policy_group': 'test_value_16', - 'sdn': 'aci', - 'sdn_tag': 'test_value_18', - 'start_ip': 'test_value_19', - 'subnet': 'test_value_20', - 'subnet_name': 'test_value_21', - 'tenant': 'test_value_22', - 'type': 'ipmask', - 'uuid': 'test_value_24', - 'visibility': 'enable', - 'wildcard': 'test_value_26', - 'wildcard_fqdn': 'test_value_27' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_address.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'allow-routing': 'enable', - 'associated-interface': 'test_value_4', - 'cache-ttl': '5', - 'color': '6', - 'comment': 'Comment.', - 'country': 'test_value_8', - 'end-ip': 'test_value_9', - 'epg-name': 'test_value_10', - 'filter': 'test_value_11', - 'fqdn': 'test_value_12', - 'name': 'default_name_13', - 'obj-id': 'test_value_14', - 'organization': 'test_value_15', - 'policy-group': 'test_value_16', - 'sdn': 'aci', - 'sdn-tag': 'test_value_18', - 'start-ip': 'test_value_19', - 'subnet': 'test_value_20', - 'subnet-name': 'test_value_21', - 'tenant': 'test_value_22', - 'type': 'ipmask', - 'uuid': 'test_value_24', - 'visibility': 'enable', - 'wildcard': 'test_value_26', - 'wildcard-fqdn': 'test_value_27' - } - - set_method_mock.assert_called_with('firewall', 'address', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_address_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_address': { - 'random_attribute_not_valid': 'tag', - 'allow_routing': 'enable', - 'associated_interface': 'test_value_4', - 'cache_ttl': '5', - 'color': '6', - 'comment': 'Comment.', - 'country': 'test_value_8', - 'end_ip': 'test_value_9', - 'epg_name': 'test_value_10', - 'filter': 'test_value_11', - 'fqdn': 'test_value_12', - 'name': 'default_name_13', - 'obj_id': 'test_value_14', - 'organization': 'test_value_15', - 'policy_group': 'test_value_16', - 'sdn': 'aci', - 'sdn_tag': 'test_value_18', - 'start_ip': 'test_value_19', - 'subnet': 'test_value_20', - 'subnet_name': 'test_value_21', - 'tenant': 'test_value_22', - 'type': 'ipmask', - 'uuid': 'test_value_24', - 'visibility': 'enable', - 'wildcard': 'test_value_26', - 'wildcard_fqdn': 'test_value_27' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_address.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'allow-routing': 'enable', - 'associated-interface': 'test_value_4', - 'cache-ttl': '5', - 'color': '6', - 'comment': 'Comment.', - 'country': 'test_value_8', - 'end-ip': 'test_value_9', - 'epg-name': 'test_value_10', - 'filter': 'test_value_11', - 'fqdn': 'test_value_12', - 'name': 'default_name_13', - 'obj-id': 'test_value_14', - 'organization': 'test_value_15', - 'policy-group': 'test_value_16', - 'sdn': 'aci', - 'sdn-tag': 'test_value_18', - 'start-ip': 'test_value_19', - 'subnet': 'test_value_20', - 'subnet-name': 'test_value_21', - 'tenant': 'test_value_22', - 'type': 'ipmask', - 'uuid': 'test_value_24', - 'visibility': 'enable', - 'wildcard': 'test_value_26', - 'wildcard-fqdn': 'test_value_27' - } - - set_method_mock.assert_called_with('firewall', 'address', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_address6.py b/test/units/modules/network/fortios/test_fortios_firewall_address6.py deleted file mode 100644 index 78d90b9c1ec..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_address6.py +++ /dev/null @@ -1,349 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_address6 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_address6.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_address6_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_address6': { - 'cache_ttl': '3', - 'color': '4', - 'comment': 'Comment.', - 'end_ip': 'test_value_6', - 'fqdn': 'test_value_7', - 'host': 'test_value_8', - 'host_type': 'any', - 'ip6': 'test_value_10', - 'name': 'default_name_11', - 'obj_id': 'test_value_12', - 'sdn': 'nsx', - 'start_ip': 'test_value_14', - 'template': 'test_value_15', - 'type': 'ipprefix', - 'uuid': 'test_value_17', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_address6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'cache-ttl': '3', - 'color': '4', - 'comment': 'Comment.', - 'end-ip': 'test_value_6', - 'fqdn': 'test_value_7', - 'host': 'test_value_8', - 'host-type': 'any', - 'ip6': 'test_value_10', - 'name': 'default_name_11', - 'obj-id': 'test_value_12', - 'sdn': 'nsx', - 'start-ip': 'test_value_14', - 'template': 'test_value_15', - 'type': 'ipprefix', - 'uuid': 'test_value_17', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'address6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_address6_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_address6': { - 'cache_ttl': '3', - 'color': '4', - 'comment': 'Comment.', - 'end_ip': 'test_value_6', - 'fqdn': 'test_value_7', - 'host': 'test_value_8', - 'host_type': 'any', - 'ip6': 'test_value_10', - 'name': 'default_name_11', - 'obj_id': 'test_value_12', - 'sdn': 'nsx', - 'start_ip': 'test_value_14', - 'template': 'test_value_15', - 'type': 'ipprefix', - 'uuid': 'test_value_17', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_address6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'cache-ttl': '3', - 'color': '4', - 'comment': 'Comment.', - 'end-ip': 'test_value_6', - 'fqdn': 'test_value_7', - 'host': 'test_value_8', - 'host-type': 'any', - 'ip6': 'test_value_10', - 'name': 'default_name_11', - 'obj-id': 'test_value_12', - 'sdn': 'nsx', - 'start-ip': 'test_value_14', - 'template': 'test_value_15', - 'type': 'ipprefix', - 'uuid': 'test_value_17', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'address6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_address6_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_address6': { - 'cache_ttl': '3', - 'color': '4', - 'comment': 'Comment.', - 'end_ip': 'test_value_6', - 'fqdn': 'test_value_7', - 'host': 'test_value_8', - 'host_type': 'any', - 'ip6': 'test_value_10', - 'name': 'default_name_11', - 'obj_id': 'test_value_12', - 'sdn': 'nsx', - 'start_ip': 'test_value_14', - 'template': 'test_value_15', - 'type': 'ipprefix', - 'uuid': 'test_value_17', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_address6.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'address6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_address6_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_address6': { - 'cache_ttl': '3', - 'color': '4', - 'comment': 'Comment.', - 'end_ip': 'test_value_6', - 'fqdn': 'test_value_7', - 'host': 'test_value_8', - 'host_type': 'any', - 'ip6': 'test_value_10', - 'name': 'default_name_11', - 'obj_id': 'test_value_12', - 'sdn': 'nsx', - 'start_ip': 'test_value_14', - 'template': 'test_value_15', - 'type': 'ipprefix', - 'uuid': 'test_value_17', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_address6.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'address6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_address6_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_address6': { - 'cache_ttl': '3', - 'color': '4', - 'comment': 'Comment.', - 'end_ip': 'test_value_6', - 'fqdn': 'test_value_7', - 'host': 'test_value_8', - 'host_type': 'any', - 'ip6': 'test_value_10', - 'name': 'default_name_11', - 'obj_id': 'test_value_12', - 'sdn': 'nsx', - 'start_ip': 'test_value_14', - 'template': 'test_value_15', - 'type': 'ipprefix', - 'uuid': 'test_value_17', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_address6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'cache-ttl': '3', - 'color': '4', - 'comment': 'Comment.', - 'end-ip': 'test_value_6', - 'fqdn': 'test_value_7', - 'host': 'test_value_8', - 'host-type': 'any', - 'ip6': 'test_value_10', - 'name': 'default_name_11', - 'obj-id': 'test_value_12', - 'sdn': 'nsx', - 'start-ip': 'test_value_14', - 'template': 'test_value_15', - 'type': 'ipprefix', - 'uuid': 'test_value_17', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'address6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_address6_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_address6': { - 'random_attribute_not_valid': 'tag', - 'cache_ttl': '3', - 'color': '4', - 'comment': 'Comment.', - 'end_ip': 'test_value_6', - 'fqdn': 'test_value_7', - 'host': 'test_value_8', - 'host_type': 'any', - 'ip6': 'test_value_10', - 'name': 'default_name_11', - 'obj_id': 'test_value_12', - 'sdn': 'nsx', - 'start_ip': 'test_value_14', - 'template': 'test_value_15', - 'type': 'ipprefix', - 'uuid': 'test_value_17', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_address6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'cache-ttl': '3', - 'color': '4', - 'comment': 'Comment.', - 'end-ip': 'test_value_6', - 'fqdn': 'test_value_7', - 'host': 'test_value_8', - 'host-type': 'any', - 'ip6': 'test_value_10', - 'name': 'default_name_11', - 'obj-id': 'test_value_12', - 'sdn': 'nsx', - 'start-ip': 'test_value_14', - 'template': 'test_value_15', - 'type': 'ipprefix', - 'uuid': 'test_value_17', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'address6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_address6_template.py b/test/units/modules/network/fortios/test_fortios_firewall_address6_template.py deleted file mode 100644 index afbb7518920..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_address6_template.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_address6_template -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_address6_template.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_address6_template_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_address6_template': { - 'ip6': 'test_value_3', - 'name': 'default_name_4', - 'subnet_segment_count': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_address6_template.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'ip6': 'test_value_3', - 'name': 'default_name_4', - 'subnet-segment-count': '5' - } - - set_method_mock.assert_called_with('firewall', 'address6-template', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_address6_template_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_address6_template': { - 'ip6': 'test_value_3', - 'name': 'default_name_4', - 'subnet_segment_count': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_address6_template.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'ip6': 'test_value_3', - 'name': 'default_name_4', - 'subnet-segment-count': '5' - } - - set_method_mock.assert_called_with('firewall', 'address6-template', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_address6_template_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_address6_template': { - 'ip6': 'test_value_3', - 'name': 'default_name_4', - 'subnet_segment_count': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_address6_template.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'address6-template', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_address6_template_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_address6_template': { - 'ip6': 'test_value_3', - 'name': 'default_name_4', - 'subnet_segment_count': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_address6_template.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'address6-template', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_address6_template_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_address6_template': { - 'ip6': 'test_value_3', - 'name': 'default_name_4', - 'subnet_segment_count': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_address6_template.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'ip6': 'test_value_3', - 'name': 'default_name_4', - 'subnet-segment-count': '5' - } - - set_method_mock.assert_called_with('firewall', 'address6-template', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_address6_template_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_address6_template': { - 'random_attribute_not_valid': 'tag', - 'ip6': 'test_value_3', - 'name': 'default_name_4', - 'subnet_segment_count': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_address6_template.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'ip6': 'test_value_3', - 'name': 'default_name_4', - 'subnet-segment-count': '5' - } - - set_method_mock.assert_called_with('firewall', 'address6-template', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_addrgrp.py b/test/units/modules/network/fortios/test_fortios_firewall_addrgrp.py deleted file mode 100644 index 51b3250106d..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_addrgrp.py +++ /dev/null @@ -1,249 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_addrgrp -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_addrgrp.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_addrgrp_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_addrgrp': { - 'allow_routing': 'enable', - 'color': '4', - 'comment': 'Comment.', - 'name': 'default_name_6', - 'uuid': 'test_value_7', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_addrgrp.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'allow-routing': 'enable', - 'color': '4', - 'comment': 'Comment.', - 'name': 'default_name_6', - 'uuid': 'test_value_7', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'addrgrp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_addrgrp_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_addrgrp': { - 'allow_routing': 'enable', - 'color': '4', - 'comment': 'Comment.', - 'name': 'default_name_6', - 'uuid': 'test_value_7', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_addrgrp.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'allow-routing': 'enable', - 'color': '4', - 'comment': 'Comment.', - 'name': 'default_name_6', - 'uuid': 'test_value_7', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'addrgrp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_addrgrp_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_addrgrp': { - 'allow_routing': 'enable', - 'color': '4', - 'comment': 'Comment.', - 'name': 'default_name_6', - 'uuid': 'test_value_7', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_addrgrp.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'addrgrp', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_addrgrp_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_addrgrp': { - 'allow_routing': 'enable', - 'color': '4', - 'comment': 'Comment.', - 'name': 'default_name_6', - 'uuid': 'test_value_7', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_addrgrp.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'addrgrp', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_addrgrp_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_addrgrp': { - 'allow_routing': 'enable', - 'color': '4', - 'comment': 'Comment.', - 'name': 'default_name_6', - 'uuid': 'test_value_7', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_addrgrp.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'allow-routing': 'enable', - 'color': '4', - 'comment': 'Comment.', - 'name': 'default_name_6', - 'uuid': 'test_value_7', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'addrgrp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_addrgrp_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_addrgrp': { - 'random_attribute_not_valid': 'tag', - 'allow_routing': 'enable', - 'color': '4', - 'comment': 'Comment.', - 'name': 'default_name_6', - 'uuid': 'test_value_7', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_addrgrp.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'allow-routing': 'enable', - 'color': '4', - 'comment': 'Comment.', - 'name': 'default_name_6', - 'uuid': 'test_value_7', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'addrgrp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_addrgrp6.py b/test/units/modules/network/fortios/test_fortios_firewall_addrgrp6.py deleted file mode 100644 index ce4eaa3a0e8..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_addrgrp6.py +++ /dev/null @@ -1,239 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_addrgrp6 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_addrgrp6.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_addrgrp6_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_addrgrp6': { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_addrgrp6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'addrgrp6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_addrgrp6_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_addrgrp6': { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_addrgrp6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'addrgrp6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_addrgrp6_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_addrgrp6': { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_addrgrp6.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'addrgrp6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_addrgrp6_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_addrgrp6': { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_addrgrp6.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'addrgrp6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_addrgrp6_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_addrgrp6': { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_addrgrp6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'addrgrp6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_addrgrp6_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_addrgrp6': { - 'random_attribute_not_valid': 'tag', - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_addrgrp6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'addrgrp6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_auth_portal.py b/test/units/modules/network/fortios/test_fortios_firewall_auth_portal.py deleted file mode 100644 index def708b3da9..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_auth_portal.py +++ /dev/null @@ -1,159 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_auth_portal -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_auth_portal.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_auth_portal_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_auth_portal': {'identity_based_route': 'test_value_3', - 'portal_addr': 'test_value_4', - 'portal_addr6': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_auth_portal.fortios_firewall(input_data, fos_instance) - - expected_data = {'identity-based-route': 'test_value_3', - 'portal-addr': 'test_value_4', - 'portal-addr6': 'test_value_5' - } - - set_method_mock.assert_called_with('firewall', 'auth-portal', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_auth_portal_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_auth_portal': {'identity_based_route': 'test_value_3', - 'portal_addr': 'test_value_4', - 'portal_addr6': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_auth_portal.fortios_firewall(input_data, fos_instance) - - expected_data = {'identity-based-route': 'test_value_3', - 'portal-addr': 'test_value_4', - 'portal-addr6': 'test_value_5' - } - - set_method_mock.assert_called_with('firewall', 'auth-portal', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_auth_portal_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_auth_portal': {'identity_based_route': 'test_value_3', - 'portal_addr': 'test_value_4', - 'portal_addr6': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_auth_portal.fortios_firewall(input_data, fos_instance) - - expected_data = {'identity-based-route': 'test_value_3', - 'portal-addr': 'test_value_4', - 'portal-addr6': 'test_value_5' - } - - set_method_mock.assert_called_with('firewall', 'auth-portal', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_auth_portal_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_auth_portal': { - 'random_attribute_not_valid': 'tag', 'identity_based_route': 'test_value_3', - 'portal_addr': 'test_value_4', - 'portal_addr6': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_auth_portal.fortios_firewall(input_data, fos_instance) - - expected_data = {'identity-based-route': 'test_value_3', - 'portal-addr': 'test_value_4', - 'portal-addr6': 'test_value_5' - } - - set_method_mock.assert_called_with('firewall', 'auth-portal', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_central_snat_map.py b/test/units/modules/network/fortios/test_fortios_firewall_central_snat_map.py deleted file mode 100644 index 4f808d45b89..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_central_snat_map.py +++ /dev/null @@ -1,259 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_central_snat_map -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_central_snat_map.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_central_snat_map_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_central_snat_map': { - 'comments': 'test_value_3', - 'nat': 'disable', - 'nat_port': 'test_value_5', - 'orig_port': 'test_value_6', - 'policyid': '7', - 'protocol': '8', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_central_snat_map.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'nat': 'disable', - 'nat-port': 'test_value_5', - 'orig-port': 'test_value_6', - 'policyid': '7', - 'protocol': '8', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'central-snat-map', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_central_snat_map_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_central_snat_map': { - 'comments': 'test_value_3', - 'nat': 'disable', - 'nat_port': 'test_value_5', - 'orig_port': 'test_value_6', - 'policyid': '7', - 'protocol': '8', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_central_snat_map.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'nat': 'disable', - 'nat-port': 'test_value_5', - 'orig-port': 'test_value_6', - 'policyid': '7', - 'protocol': '8', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'central-snat-map', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_central_snat_map_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_central_snat_map': { - 'comments': 'test_value_3', - 'nat': 'disable', - 'nat_port': 'test_value_5', - 'orig_port': 'test_value_6', - 'policyid': '7', - 'protocol': '8', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_central_snat_map.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'central-snat-map', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_central_snat_map_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_central_snat_map': { - 'comments': 'test_value_3', - 'nat': 'disable', - 'nat_port': 'test_value_5', - 'orig_port': 'test_value_6', - 'policyid': '7', - 'protocol': '8', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_central_snat_map.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'central-snat-map', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_central_snat_map_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_central_snat_map': { - 'comments': 'test_value_3', - 'nat': 'disable', - 'nat_port': 'test_value_5', - 'orig_port': 'test_value_6', - 'policyid': '7', - 'protocol': '8', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_central_snat_map.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'nat': 'disable', - 'nat-port': 'test_value_5', - 'orig-port': 'test_value_6', - 'policyid': '7', - 'protocol': '8', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'central-snat-map', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_central_snat_map_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_central_snat_map': { - 'random_attribute_not_valid': 'tag', - 'comments': 'test_value_3', - 'nat': 'disable', - 'nat_port': 'test_value_5', - 'orig_port': 'test_value_6', - 'policyid': '7', - 'protocol': '8', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_central_snat_map.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'nat': 'disable', - 'nat-port': 'test_value_5', - 'orig-port': 'test_value_6', - 'policyid': '7', - 'protocol': '8', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'central-snat-map', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_dnstranslation.py b/test/units/modules/network/fortios/test_fortios_firewall_dnstranslation.py deleted file mode 100644 index c0edb64c398..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_dnstranslation.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_dnstranslation -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_dnstranslation.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_dnstranslation_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_dnstranslation': { - 'dst': 'test_value_3', - 'id': '4', - 'netmask': 'test_value_5', - 'src': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_dnstranslation.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'dst': 'test_value_3', - 'id': '4', - 'netmask': 'test_value_5', - 'src': 'test_value_6' - } - - set_method_mock.assert_called_with('firewall', 'dnstranslation', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_dnstranslation_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_dnstranslation': { - 'dst': 'test_value_3', - 'id': '4', - 'netmask': 'test_value_5', - 'src': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_dnstranslation.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'dst': 'test_value_3', - 'id': '4', - 'netmask': 'test_value_5', - 'src': 'test_value_6' - } - - set_method_mock.assert_called_with('firewall', 'dnstranslation', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_dnstranslation_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_dnstranslation': { - 'dst': 'test_value_3', - 'id': '4', - 'netmask': 'test_value_5', - 'src': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_dnstranslation.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'dnstranslation', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_dnstranslation_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_dnstranslation': { - 'dst': 'test_value_3', - 'id': '4', - 'netmask': 'test_value_5', - 'src': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_dnstranslation.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'dnstranslation', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_dnstranslation_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_dnstranslation': { - 'dst': 'test_value_3', - 'id': '4', - 'netmask': 'test_value_5', - 'src': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_dnstranslation.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'dst': 'test_value_3', - 'id': '4', - 'netmask': 'test_value_5', - 'src': 'test_value_6' - } - - set_method_mock.assert_called_with('firewall', 'dnstranslation', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_dnstranslation_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_dnstranslation': { - 'random_attribute_not_valid': 'tag', - 'dst': 'test_value_3', - 'id': '4', - 'netmask': 'test_value_5', - 'src': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_dnstranslation.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'dst': 'test_value_3', - 'id': '4', - 'netmask': 'test_value_5', - 'src': 'test_value_6' - } - - set_method_mock.assert_called_with('firewall', 'dnstranslation', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_identity_based_route.py b/test/units/modules/network/fortios/test_fortios_firewall_identity_based_route.py deleted file mode 100644 index 08d12c3245c..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_identity_based_route.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_identity_based_route -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_identity_based_route.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_identity_based_route_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_identity_based_route': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_identity_based_route.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('firewall', 'identity-based-route', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_identity_based_route_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_identity_based_route': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_identity_based_route.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('firewall', 'identity-based-route', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_identity_based_route_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_identity_based_route': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_identity_based_route.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'identity-based-route', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_identity_based_route_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_identity_based_route': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_identity_based_route.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'identity-based-route', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_identity_based_route_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_identity_based_route': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_identity_based_route.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('firewall', 'identity-based-route', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_identity_based_route_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_identity_based_route': { - 'random_attribute_not_valid': 'tag', - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_identity_based_route.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('firewall', 'identity-based-route', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_interface_policy.py b/test/units/modules/network/fortios/test_fortios_firewall_interface_policy.py deleted file mode 100644 index 2ca1bd76ae1..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_interface_policy.py +++ /dev/null @@ -1,399 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_interface_policy -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_interface_policy.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_interface_policy_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_interface_policy': { - 'address_type': 'ipv4', - 'application_list': 'test_value_4', - 'application_list_status': 'enable', - 'av_profile': 'test_value_6', - 'av_profile_status': 'enable', - 'comments': 'test_value_8', - 'dlp_sensor': 'test_value_9', - 'dlp_sensor_status': 'enable', - 'dsri': 'enable', - 'interface': 'test_value_12', - 'ips_sensor': 'test_value_13', - 'ips_sensor_status': 'enable', - 'label': 'test_value_15', - 'logtraffic': 'all', - 'policyid': '17', - 'scan_botnet_connections': 'disable', - 'spamfilter_profile': 'test_value_19', - 'spamfilter_profile_status': 'enable', - 'status': 'enable', - 'webfilter_profile': 'test_value_22', - 'webfilter_profile_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_interface_policy.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'address-type': 'ipv4', - 'application-list': 'test_value_4', - 'application-list-status': 'enable', - 'av-profile': 'test_value_6', - 'av-profile-status': 'enable', - 'comments': 'test_value_8', - 'dlp-sensor': 'test_value_9', - 'dlp-sensor-status': 'enable', - 'dsri': 'enable', - 'interface': 'test_value_12', - 'ips-sensor': 'test_value_13', - 'ips-sensor-status': 'enable', - 'label': 'test_value_15', - 'logtraffic': 'all', - 'policyid': '17', - 'scan-botnet-connections': 'disable', - 'spamfilter-profile': 'test_value_19', - 'spamfilter-profile-status': 'enable', - 'status': 'enable', - 'webfilter-profile': 'test_value_22', - 'webfilter-profile-status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'interface-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_interface_policy_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_interface_policy': { - 'address_type': 'ipv4', - 'application_list': 'test_value_4', - 'application_list_status': 'enable', - 'av_profile': 'test_value_6', - 'av_profile_status': 'enable', - 'comments': 'test_value_8', - 'dlp_sensor': 'test_value_9', - 'dlp_sensor_status': 'enable', - 'dsri': 'enable', - 'interface': 'test_value_12', - 'ips_sensor': 'test_value_13', - 'ips_sensor_status': 'enable', - 'label': 'test_value_15', - 'logtraffic': 'all', - 'policyid': '17', - 'scan_botnet_connections': 'disable', - 'spamfilter_profile': 'test_value_19', - 'spamfilter_profile_status': 'enable', - 'status': 'enable', - 'webfilter_profile': 'test_value_22', - 'webfilter_profile_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_interface_policy.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'address-type': 'ipv4', - 'application-list': 'test_value_4', - 'application-list-status': 'enable', - 'av-profile': 'test_value_6', - 'av-profile-status': 'enable', - 'comments': 'test_value_8', - 'dlp-sensor': 'test_value_9', - 'dlp-sensor-status': 'enable', - 'dsri': 'enable', - 'interface': 'test_value_12', - 'ips-sensor': 'test_value_13', - 'ips-sensor-status': 'enable', - 'label': 'test_value_15', - 'logtraffic': 'all', - 'policyid': '17', - 'scan-botnet-connections': 'disable', - 'spamfilter-profile': 'test_value_19', - 'spamfilter-profile-status': 'enable', - 'status': 'enable', - 'webfilter-profile': 'test_value_22', - 'webfilter-profile-status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'interface-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_interface_policy_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_interface_policy': { - 'address_type': 'ipv4', - 'application_list': 'test_value_4', - 'application_list_status': 'enable', - 'av_profile': 'test_value_6', - 'av_profile_status': 'enable', - 'comments': 'test_value_8', - 'dlp_sensor': 'test_value_9', - 'dlp_sensor_status': 'enable', - 'dsri': 'enable', - 'interface': 'test_value_12', - 'ips_sensor': 'test_value_13', - 'ips_sensor_status': 'enable', - 'label': 'test_value_15', - 'logtraffic': 'all', - 'policyid': '17', - 'scan_botnet_connections': 'disable', - 'spamfilter_profile': 'test_value_19', - 'spamfilter_profile_status': 'enable', - 'status': 'enable', - 'webfilter_profile': 'test_value_22', - 'webfilter_profile_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_interface_policy.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'interface-policy', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_interface_policy_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_interface_policy': { - 'address_type': 'ipv4', - 'application_list': 'test_value_4', - 'application_list_status': 'enable', - 'av_profile': 'test_value_6', - 'av_profile_status': 'enable', - 'comments': 'test_value_8', - 'dlp_sensor': 'test_value_9', - 'dlp_sensor_status': 'enable', - 'dsri': 'enable', - 'interface': 'test_value_12', - 'ips_sensor': 'test_value_13', - 'ips_sensor_status': 'enable', - 'label': 'test_value_15', - 'logtraffic': 'all', - 'policyid': '17', - 'scan_botnet_connections': 'disable', - 'spamfilter_profile': 'test_value_19', - 'spamfilter_profile_status': 'enable', - 'status': 'enable', - 'webfilter_profile': 'test_value_22', - 'webfilter_profile_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_interface_policy.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'interface-policy', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_interface_policy_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_interface_policy': { - 'address_type': 'ipv4', - 'application_list': 'test_value_4', - 'application_list_status': 'enable', - 'av_profile': 'test_value_6', - 'av_profile_status': 'enable', - 'comments': 'test_value_8', - 'dlp_sensor': 'test_value_9', - 'dlp_sensor_status': 'enable', - 'dsri': 'enable', - 'interface': 'test_value_12', - 'ips_sensor': 'test_value_13', - 'ips_sensor_status': 'enable', - 'label': 'test_value_15', - 'logtraffic': 'all', - 'policyid': '17', - 'scan_botnet_connections': 'disable', - 'spamfilter_profile': 'test_value_19', - 'spamfilter_profile_status': 'enable', - 'status': 'enable', - 'webfilter_profile': 'test_value_22', - 'webfilter_profile_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_interface_policy.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'address-type': 'ipv4', - 'application-list': 'test_value_4', - 'application-list-status': 'enable', - 'av-profile': 'test_value_6', - 'av-profile-status': 'enable', - 'comments': 'test_value_8', - 'dlp-sensor': 'test_value_9', - 'dlp-sensor-status': 'enable', - 'dsri': 'enable', - 'interface': 'test_value_12', - 'ips-sensor': 'test_value_13', - 'ips-sensor-status': 'enable', - 'label': 'test_value_15', - 'logtraffic': 'all', - 'policyid': '17', - 'scan-botnet-connections': 'disable', - 'spamfilter-profile': 'test_value_19', - 'spamfilter-profile-status': 'enable', - 'status': 'enable', - 'webfilter-profile': 'test_value_22', - 'webfilter-profile-status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'interface-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_interface_policy_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_interface_policy': { - 'random_attribute_not_valid': 'tag', - 'address_type': 'ipv4', - 'application_list': 'test_value_4', - 'application_list_status': 'enable', - 'av_profile': 'test_value_6', - 'av_profile_status': 'enable', - 'comments': 'test_value_8', - 'dlp_sensor': 'test_value_9', - 'dlp_sensor_status': 'enable', - 'dsri': 'enable', - 'interface': 'test_value_12', - 'ips_sensor': 'test_value_13', - 'ips_sensor_status': 'enable', - 'label': 'test_value_15', - 'logtraffic': 'all', - 'policyid': '17', - 'scan_botnet_connections': 'disable', - 'spamfilter_profile': 'test_value_19', - 'spamfilter_profile_status': 'enable', - 'status': 'enable', - 'webfilter_profile': 'test_value_22', - 'webfilter_profile_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_interface_policy.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'address-type': 'ipv4', - 'application-list': 'test_value_4', - 'application-list-status': 'enable', - 'av-profile': 'test_value_6', - 'av-profile-status': 'enable', - 'comments': 'test_value_8', - 'dlp-sensor': 'test_value_9', - 'dlp-sensor-status': 'enable', - 'dsri': 'enable', - 'interface': 'test_value_12', - 'ips-sensor': 'test_value_13', - 'ips-sensor-status': 'enable', - 'label': 'test_value_15', - 'logtraffic': 'all', - 'policyid': '17', - 'scan-botnet-connections': 'disable', - 'spamfilter-profile': 'test_value_19', - 'spamfilter-profile-status': 'enable', - 'status': 'enable', - 'webfilter-profile': 'test_value_22', - 'webfilter-profile-status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'interface-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_interface_policy6.py b/test/units/modules/network/fortios/test_fortios_firewall_interface_policy6.py deleted file mode 100644 index ab4d81af05f..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_interface_policy6.py +++ /dev/null @@ -1,399 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_interface_policy6 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_interface_policy6.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_interface_policy6_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_interface_policy6': { - 'address_type': 'ipv4', - 'application_list': 'test_value_4', - 'application_list_status': 'enable', - 'av_profile': 'test_value_6', - 'av_profile_status': 'enable', - 'comments': 'test_value_8', - 'dlp_sensor': 'test_value_9', - 'dlp_sensor_status': 'enable', - 'dsri': 'enable', - 'interface': 'test_value_12', - 'ips_sensor': 'test_value_13', - 'ips_sensor_status': 'enable', - 'label': 'test_value_15', - 'logtraffic': 'all', - 'policyid': '17', - 'scan_botnet_connections': 'disable', - 'spamfilter_profile': 'test_value_19', - 'spamfilter_profile_status': 'enable', - 'status': 'enable', - 'webfilter_profile': 'test_value_22', - 'webfilter_profile_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_interface_policy6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'address-type': 'ipv4', - 'application-list': 'test_value_4', - 'application-list-status': 'enable', - 'av-profile': 'test_value_6', - 'av-profile-status': 'enable', - 'comments': 'test_value_8', - 'dlp-sensor': 'test_value_9', - 'dlp-sensor-status': 'enable', - 'dsri': 'enable', - 'interface': 'test_value_12', - 'ips-sensor': 'test_value_13', - 'ips-sensor-status': 'enable', - 'label': 'test_value_15', - 'logtraffic': 'all', - 'policyid': '17', - 'scan-botnet-connections': 'disable', - 'spamfilter-profile': 'test_value_19', - 'spamfilter-profile-status': 'enable', - 'status': 'enable', - 'webfilter-profile': 'test_value_22', - 'webfilter-profile-status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'interface-policy6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_interface_policy6_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_interface_policy6': { - 'address_type': 'ipv4', - 'application_list': 'test_value_4', - 'application_list_status': 'enable', - 'av_profile': 'test_value_6', - 'av_profile_status': 'enable', - 'comments': 'test_value_8', - 'dlp_sensor': 'test_value_9', - 'dlp_sensor_status': 'enable', - 'dsri': 'enable', - 'interface': 'test_value_12', - 'ips_sensor': 'test_value_13', - 'ips_sensor_status': 'enable', - 'label': 'test_value_15', - 'logtraffic': 'all', - 'policyid': '17', - 'scan_botnet_connections': 'disable', - 'spamfilter_profile': 'test_value_19', - 'spamfilter_profile_status': 'enable', - 'status': 'enable', - 'webfilter_profile': 'test_value_22', - 'webfilter_profile_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_interface_policy6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'address-type': 'ipv4', - 'application-list': 'test_value_4', - 'application-list-status': 'enable', - 'av-profile': 'test_value_6', - 'av-profile-status': 'enable', - 'comments': 'test_value_8', - 'dlp-sensor': 'test_value_9', - 'dlp-sensor-status': 'enable', - 'dsri': 'enable', - 'interface': 'test_value_12', - 'ips-sensor': 'test_value_13', - 'ips-sensor-status': 'enable', - 'label': 'test_value_15', - 'logtraffic': 'all', - 'policyid': '17', - 'scan-botnet-connections': 'disable', - 'spamfilter-profile': 'test_value_19', - 'spamfilter-profile-status': 'enable', - 'status': 'enable', - 'webfilter-profile': 'test_value_22', - 'webfilter-profile-status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'interface-policy6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_interface_policy6_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_interface_policy6': { - 'address_type': 'ipv4', - 'application_list': 'test_value_4', - 'application_list_status': 'enable', - 'av_profile': 'test_value_6', - 'av_profile_status': 'enable', - 'comments': 'test_value_8', - 'dlp_sensor': 'test_value_9', - 'dlp_sensor_status': 'enable', - 'dsri': 'enable', - 'interface': 'test_value_12', - 'ips_sensor': 'test_value_13', - 'ips_sensor_status': 'enable', - 'label': 'test_value_15', - 'logtraffic': 'all', - 'policyid': '17', - 'scan_botnet_connections': 'disable', - 'spamfilter_profile': 'test_value_19', - 'spamfilter_profile_status': 'enable', - 'status': 'enable', - 'webfilter_profile': 'test_value_22', - 'webfilter_profile_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_interface_policy6.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'interface-policy6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_interface_policy6_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_interface_policy6': { - 'address_type': 'ipv4', - 'application_list': 'test_value_4', - 'application_list_status': 'enable', - 'av_profile': 'test_value_6', - 'av_profile_status': 'enable', - 'comments': 'test_value_8', - 'dlp_sensor': 'test_value_9', - 'dlp_sensor_status': 'enable', - 'dsri': 'enable', - 'interface': 'test_value_12', - 'ips_sensor': 'test_value_13', - 'ips_sensor_status': 'enable', - 'label': 'test_value_15', - 'logtraffic': 'all', - 'policyid': '17', - 'scan_botnet_connections': 'disable', - 'spamfilter_profile': 'test_value_19', - 'spamfilter_profile_status': 'enable', - 'status': 'enable', - 'webfilter_profile': 'test_value_22', - 'webfilter_profile_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_interface_policy6.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'interface-policy6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_interface_policy6_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_interface_policy6': { - 'address_type': 'ipv4', - 'application_list': 'test_value_4', - 'application_list_status': 'enable', - 'av_profile': 'test_value_6', - 'av_profile_status': 'enable', - 'comments': 'test_value_8', - 'dlp_sensor': 'test_value_9', - 'dlp_sensor_status': 'enable', - 'dsri': 'enable', - 'interface': 'test_value_12', - 'ips_sensor': 'test_value_13', - 'ips_sensor_status': 'enable', - 'label': 'test_value_15', - 'logtraffic': 'all', - 'policyid': '17', - 'scan_botnet_connections': 'disable', - 'spamfilter_profile': 'test_value_19', - 'spamfilter_profile_status': 'enable', - 'status': 'enable', - 'webfilter_profile': 'test_value_22', - 'webfilter_profile_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_interface_policy6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'address-type': 'ipv4', - 'application-list': 'test_value_4', - 'application-list-status': 'enable', - 'av-profile': 'test_value_6', - 'av-profile-status': 'enable', - 'comments': 'test_value_8', - 'dlp-sensor': 'test_value_9', - 'dlp-sensor-status': 'enable', - 'dsri': 'enable', - 'interface': 'test_value_12', - 'ips-sensor': 'test_value_13', - 'ips-sensor-status': 'enable', - 'label': 'test_value_15', - 'logtraffic': 'all', - 'policyid': '17', - 'scan-botnet-connections': 'disable', - 'spamfilter-profile': 'test_value_19', - 'spamfilter-profile-status': 'enable', - 'status': 'enable', - 'webfilter-profile': 'test_value_22', - 'webfilter-profile-status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'interface-policy6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_interface_policy6_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_interface_policy6': { - 'random_attribute_not_valid': 'tag', - 'address_type': 'ipv4', - 'application_list': 'test_value_4', - 'application_list_status': 'enable', - 'av_profile': 'test_value_6', - 'av_profile_status': 'enable', - 'comments': 'test_value_8', - 'dlp_sensor': 'test_value_9', - 'dlp_sensor_status': 'enable', - 'dsri': 'enable', - 'interface': 'test_value_12', - 'ips_sensor': 'test_value_13', - 'ips_sensor_status': 'enable', - 'label': 'test_value_15', - 'logtraffic': 'all', - 'policyid': '17', - 'scan_botnet_connections': 'disable', - 'spamfilter_profile': 'test_value_19', - 'spamfilter_profile_status': 'enable', - 'status': 'enable', - 'webfilter_profile': 'test_value_22', - 'webfilter_profile_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_interface_policy6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'address-type': 'ipv4', - 'application-list': 'test_value_4', - 'application-list-status': 'enable', - 'av-profile': 'test_value_6', - 'av-profile-status': 'enable', - 'comments': 'test_value_8', - 'dlp-sensor': 'test_value_9', - 'dlp-sensor-status': 'enable', - 'dsri': 'enable', - 'interface': 'test_value_12', - 'ips-sensor': 'test_value_13', - 'ips-sensor-status': 'enable', - 'label': 'test_value_15', - 'logtraffic': 'all', - 'policyid': '17', - 'scan-botnet-connections': 'disable', - 'spamfilter-profile': 'test_value_19', - 'spamfilter-profile-status': 'enable', - 'status': 'enable', - 'webfilter-profile': 'test_value_22', - 'webfilter-profile-status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'interface-policy6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_internet_service.py b/test/units/modules/network/fortios/test_fortios_firewall_internet_service.py deleted file mode 100644 index 992ba5c7809..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_internet_service.py +++ /dev/null @@ -1,269 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_internet_service -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_internet_service.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_internet_service_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_internet_service': { - 'database': 'isdb', - 'direction': 'src', - 'icon_id': '5', - 'id': '6', - 'name': 'default_name_7', - 'offset': '8', - 'reputation': '9', - 'sld_id': '10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_internet_service.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'database': 'isdb', - 'direction': 'src', - 'icon-id': '5', - 'id': '6', - 'name': 'default_name_7', - 'offset': '8', - 'reputation': '9', - 'sld-id': '10' - } - - set_method_mock.assert_called_with('firewall', 'internet-service', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_internet_service_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_internet_service': { - 'database': 'isdb', - 'direction': 'src', - 'icon_id': '5', - 'id': '6', - 'name': 'default_name_7', - 'offset': '8', - 'reputation': '9', - 'sld_id': '10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_internet_service.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'database': 'isdb', - 'direction': 'src', - 'icon-id': '5', - 'id': '6', - 'name': 'default_name_7', - 'offset': '8', - 'reputation': '9', - 'sld-id': '10' - } - - set_method_mock.assert_called_with('firewall', 'internet-service', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_internet_service_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_internet_service': { - 'database': 'isdb', - 'direction': 'src', - 'icon_id': '5', - 'id': '6', - 'name': 'default_name_7', - 'offset': '8', - 'reputation': '9', - 'sld_id': '10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_internet_service.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'internet-service', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_internet_service_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_internet_service': { - 'database': 'isdb', - 'direction': 'src', - 'icon_id': '5', - 'id': '6', - 'name': 'default_name_7', - 'offset': '8', - 'reputation': '9', - 'sld_id': '10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_internet_service.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'internet-service', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_internet_service_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_internet_service': { - 'database': 'isdb', - 'direction': 'src', - 'icon_id': '5', - 'id': '6', - 'name': 'default_name_7', - 'offset': '8', - 'reputation': '9', - 'sld_id': '10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_internet_service.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'database': 'isdb', - 'direction': 'src', - 'icon-id': '5', - 'id': '6', - 'name': 'default_name_7', - 'offset': '8', - 'reputation': '9', - 'sld-id': '10' - } - - set_method_mock.assert_called_with('firewall', 'internet-service', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_internet_service_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_internet_service': { - 'random_attribute_not_valid': 'tag', - 'database': 'isdb', - 'direction': 'src', - 'icon_id': '5', - 'id': '6', - 'name': 'default_name_7', - 'offset': '8', - 'reputation': '9', - 'sld_id': '10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_internet_service.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'database': 'isdb', - 'direction': 'src', - 'icon-id': '5', - 'id': '6', - 'name': 'default_name_7', - 'offset': '8', - 'reputation': '9', - 'sld-id': '10' - } - - set_method_mock.assert_called_with('firewall', 'internet-service', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_internet_service_custom.py b/test/units/modules/network/fortios/test_fortios_firewall_internet_service_custom.py deleted file mode 100644 index ecb04b2bba9..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_internet_service_custom.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_internet_service_custom -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_internet_service_custom.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_internet_service_custom_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_internet_service_custom': { - 'comment': 'Comment.', - 'master_service_id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_internet_service_custom.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'master-service-id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('firewall', 'internet-service-custom', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_internet_service_custom_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_internet_service_custom': { - 'comment': 'Comment.', - 'master_service_id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_internet_service_custom.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'master-service-id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('firewall', 'internet-service-custom', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_internet_service_custom_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_internet_service_custom': { - 'comment': 'Comment.', - 'master_service_id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_internet_service_custom.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'internet-service-custom', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_internet_service_custom_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_internet_service_custom': { - 'comment': 'Comment.', - 'master_service_id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_internet_service_custom.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'internet-service-custom', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_internet_service_custom_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_internet_service_custom': { - 'comment': 'Comment.', - 'master_service_id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_internet_service_custom.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'master-service-id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('firewall', 'internet-service-custom', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_internet_service_custom_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_internet_service_custom': { - 'random_attribute_not_valid': 'tag', - 'comment': 'Comment.', - 'master_service_id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_internet_service_custom.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'master-service-id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('firewall', 'internet-service-custom', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_internet_service_group.py b/test/units/modules/network/fortios/test_fortios_firewall_internet_service_group.py deleted file mode 100644 index 897cf1d8912..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_internet_service_group.py +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_internet_service_group -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_internet_service_group.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_internet_service_group_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_internet_service_group': { - 'comment': 'Comment.', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_internet_service_group.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('firewall', 'internet-service-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_internet_service_group_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_internet_service_group': { - 'comment': 'Comment.', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_internet_service_group.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('firewall', 'internet-service-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_internet_service_group_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_internet_service_group': { - 'comment': 'Comment.', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_internet_service_group.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'internet-service-group', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_internet_service_group_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_internet_service_group': { - 'comment': 'Comment.', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_internet_service_group.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'internet-service-group', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_internet_service_group_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_internet_service_group': { - 'comment': 'Comment.', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_internet_service_group.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('firewall', 'internet-service-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_internet_service_group_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_internet_service_group': { - 'random_attribute_not_valid': 'tag', - 'comment': 'Comment.', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_internet_service_group.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('firewall', 'internet-service-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_ip_translation.py b/test/units/modules/network/fortios/test_fortios_firewall_ip_translation.py deleted file mode 100644 index 66feef87147..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_ip_translation.py +++ /dev/null @@ -1,239 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_ip_translation -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_ip_translation.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_ip_translation_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ip_translation': { - 'endip': 'test_value_3', - 'map_startip': 'test_value_4', - 'startip': 'test_value_5', - 'transid': '6', - 'type': 'SCTP' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ip_translation.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'endip': 'test_value_3', - 'map-startip': 'test_value_4', - 'startip': 'test_value_5', - 'transid': '6', - 'type': 'SCTP' - } - - set_method_mock.assert_called_with('firewall', 'ip-translation', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_ip_translation_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ip_translation': { - 'endip': 'test_value_3', - 'map_startip': 'test_value_4', - 'startip': 'test_value_5', - 'transid': '6', - 'type': 'SCTP' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ip_translation.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'endip': 'test_value_3', - 'map-startip': 'test_value_4', - 'startip': 'test_value_5', - 'transid': '6', - 'type': 'SCTP' - } - - set_method_mock.assert_called_with('firewall', 'ip-translation', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_ip_translation_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_ip_translation': { - 'endip': 'test_value_3', - 'map_startip': 'test_value_4', - 'startip': 'test_value_5', - 'transid': '6', - 'type': 'SCTP' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ip_translation.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'ip-translation', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_ip_translation_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_ip_translation': { - 'endip': 'test_value_3', - 'map_startip': 'test_value_4', - 'startip': 'test_value_5', - 'transid': '6', - 'type': 'SCTP' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ip_translation.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'ip-translation', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_ip_translation_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ip_translation': { - 'endip': 'test_value_3', - 'map_startip': 'test_value_4', - 'startip': 'test_value_5', - 'transid': '6', - 'type': 'SCTP' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ip_translation.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'endip': 'test_value_3', - 'map-startip': 'test_value_4', - 'startip': 'test_value_5', - 'transid': '6', - 'type': 'SCTP' - } - - set_method_mock.assert_called_with('firewall', 'ip-translation', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_ip_translation_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ip_translation': { - 'random_attribute_not_valid': 'tag', - 'endip': 'test_value_3', - 'map_startip': 'test_value_4', - 'startip': 'test_value_5', - 'transid': '6', - 'type': 'SCTP' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ip_translation.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'endip': 'test_value_3', - 'map-startip': 'test_value_4', - 'startip': 'test_value_5', - 'transid': '6', - 'type': 'SCTP' - } - - set_method_mock.assert_called_with('firewall', 'ip-translation', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_ipmacbinding_setting.py b/test/units/modules/network/fortios/test_fortios_firewall_ipmacbinding_setting.py deleted file mode 100644 index c5b759a1d74..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_ipmacbinding_setting.py +++ /dev/null @@ -1,167 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_ipmacbinding_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_ipmacbinding_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_ipmacbinding_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ipmacbinding_setting': { - 'bindthroughfw': 'enable', - 'bindtofw': 'enable', - 'undefinedhost': 'allow' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ipmacbinding_setting.fortios_firewall_ipmacbinding(input_data, fos_instance) - - expected_data = { - 'bindthroughfw': 'enable', - 'bindtofw': 'enable', - 'undefinedhost': 'allow' - } - - set_method_mock.assert_called_with('firewall.ipmacbinding', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_ipmacbinding_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ipmacbinding_setting': { - 'bindthroughfw': 'enable', - 'bindtofw': 'enable', - 'undefinedhost': 'allow' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ipmacbinding_setting.fortios_firewall_ipmacbinding(input_data, fos_instance) - - expected_data = { - 'bindthroughfw': 'enable', - 'bindtofw': 'enable', - 'undefinedhost': 'allow' - } - - set_method_mock.assert_called_with('firewall.ipmacbinding', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_ipmacbinding_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ipmacbinding_setting': { - 'bindthroughfw': 'enable', - 'bindtofw': 'enable', - 'undefinedhost': 'allow' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ipmacbinding_setting.fortios_firewall_ipmacbinding(input_data, fos_instance) - - expected_data = { - 'bindthroughfw': 'enable', - 'bindtofw': 'enable', - 'undefinedhost': 'allow' - } - - set_method_mock.assert_called_with('firewall.ipmacbinding', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_ipmacbinding_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ipmacbinding_setting': { - 'random_attribute_not_valid': 'tag', - 'bindthroughfw': 'enable', - 'bindtofw': 'enable', - 'undefinedhost': 'allow' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ipmacbinding_setting.fortios_firewall_ipmacbinding(input_data, fos_instance) - - expected_data = { - 'bindthroughfw': 'enable', - 'bindtofw': 'enable', - 'undefinedhost': 'allow' - } - - set_method_mock.assert_called_with('firewall.ipmacbinding', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_ipmacbinding_table.py b/test/units/modules/network/fortios/test_fortios_firewall_ipmacbinding_table.py deleted file mode 100644 index 42ccc7ea223..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_ipmacbinding_table.py +++ /dev/null @@ -1,239 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_ipmacbinding_table -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_ipmacbinding_table.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_ipmacbinding_table_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ipmacbinding_table': { - 'ip': 'test_value_3', - 'mac': 'test_value_4', - 'name': 'default_name_5', - 'seq_num': '6', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ipmacbinding_table.fortios_firewall_ipmacbinding(input_data, fos_instance) - - expected_data = { - 'ip': 'test_value_3', - 'mac': 'test_value_4', - 'name': 'default_name_5', - 'seq-num': '6', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall.ipmacbinding', 'table', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_ipmacbinding_table_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ipmacbinding_table': { - 'ip': 'test_value_3', - 'mac': 'test_value_4', - 'name': 'default_name_5', - 'seq_num': '6', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ipmacbinding_table.fortios_firewall_ipmacbinding(input_data, fos_instance) - - expected_data = { - 'ip': 'test_value_3', - 'mac': 'test_value_4', - 'name': 'default_name_5', - 'seq-num': '6', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall.ipmacbinding', 'table', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_ipmacbinding_table_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_ipmacbinding_table': { - 'ip': 'test_value_3', - 'mac': 'test_value_4', - 'name': 'default_name_5', - 'seq_num': '6', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ipmacbinding_table.fortios_firewall_ipmacbinding(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall.ipmacbinding', 'table', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_ipmacbinding_table_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_ipmacbinding_table': { - 'ip': 'test_value_3', - 'mac': 'test_value_4', - 'name': 'default_name_5', - 'seq_num': '6', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ipmacbinding_table.fortios_firewall_ipmacbinding(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall.ipmacbinding', 'table', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_ipmacbinding_table_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ipmacbinding_table': { - 'ip': 'test_value_3', - 'mac': 'test_value_4', - 'name': 'default_name_5', - 'seq_num': '6', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ipmacbinding_table.fortios_firewall_ipmacbinding(input_data, fos_instance) - - expected_data = { - 'ip': 'test_value_3', - 'mac': 'test_value_4', - 'name': 'default_name_5', - 'seq-num': '6', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall.ipmacbinding', 'table', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_ipmacbinding_table_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ipmacbinding_table': { - 'random_attribute_not_valid': 'tag', - 'ip': 'test_value_3', - 'mac': 'test_value_4', - 'name': 'default_name_5', - 'seq_num': '6', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ipmacbinding_table.fortios_firewall_ipmacbinding(input_data, fos_instance) - - expected_data = { - 'ip': 'test_value_3', - 'mac': 'test_value_4', - 'name': 'default_name_5', - 'seq-num': '6', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall.ipmacbinding', 'table', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_ippool.py b/test/units/modules/network/fortios/test_fortios_firewall_ippool.py deleted file mode 100644 index 607ba972226..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_ippool.py +++ /dev/null @@ -1,329 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_ippool -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_ippool.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_ippool_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ippool': { - 'arp_intf': 'test_value_3', - 'arp_reply': 'disable', - 'associated_interface': 'test_value_5', - 'block_size': '6', - 'comments': 'test_value_7', - 'endip': 'test_value_8', - 'name': 'default_name_9', - 'num_blocks_per_user': '10', - 'pba_timeout': '11', - 'permit_any_host': 'disable', - 'source_endip': 'test_value_13', - 'source_startip': 'test_value_14', - 'startip': 'test_value_15', - 'type': 'overload' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ippool.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'arp-intf': 'test_value_3', - 'arp-reply': 'disable', - 'associated-interface': 'test_value_5', - 'block-size': '6', - 'comments': 'test_value_7', - 'endip': 'test_value_8', - 'name': 'default_name_9', - 'num-blocks-per-user': '10', - 'pba-timeout': '11', - 'permit-any-host': 'disable', - 'source-endip': 'test_value_13', - 'source-startip': 'test_value_14', - 'startip': 'test_value_15', - 'type': 'overload' - } - - set_method_mock.assert_called_with('firewall', 'ippool', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_ippool_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ippool': { - 'arp_intf': 'test_value_3', - 'arp_reply': 'disable', - 'associated_interface': 'test_value_5', - 'block_size': '6', - 'comments': 'test_value_7', - 'endip': 'test_value_8', - 'name': 'default_name_9', - 'num_blocks_per_user': '10', - 'pba_timeout': '11', - 'permit_any_host': 'disable', - 'source_endip': 'test_value_13', - 'source_startip': 'test_value_14', - 'startip': 'test_value_15', - 'type': 'overload' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ippool.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'arp-intf': 'test_value_3', - 'arp-reply': 'disable', - 'associated-interface': 'test_value_5', - 'block-size': '6', - 'comments': 'test_value_7', - 'endip': 'test_value_8', - 'name': 'default_name_9', - 'num-blocks-per-user': '10', - 'pba-timeout': '11', - 'permit-any-host': 'disable', - 'source-endip': 'test_value_13', - 'source-startip': 'test_value_14', - 'startip': 'test_value_15', - 'type': 'overload' - } - - set_method_mock.assert_called_with('firewall', 'ippool', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_ippool_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_ippool': { - 'arp_intf': 'test_value_3', - 'arp_reply': 'disable', - 'associated_interface': 'test_value_5', - 'block_size': '6', - 'comments': 'test_value_7', - 'endip': 'test_value_8', - 'name': 'default_name_9', - 'num_blocks_per_user': '10', - 'pba_timeout': '11', - 'permit_any_host': 'disable', - 'source_endip': 'test_value_13', - 'source_startip': 'test_value_14', - 'startip': 'test_value_15', - 'type': 'overload' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ippool.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'ippool', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_ippool_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_ippool': { - 'arp_intf': 'test_value_3', - 'arp_reply': 'disable', - 'associated_interface': 'test_value_5', - 'block_size': '6', - 'comments': 'test_value_7', - 'endip': 'test_value_8', - 'name': 'default_name_9', - 'num_blocks_per_user': '10', - 'pba_timeout': '11', - 'permit_any_host': 'disable', - 'source_endip': 'test_value_13', - 'source_startip': 'test_value_14', - 'startip': 'test_value_15', - 'type': 'overload' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ippool.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'ippool', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_ippool_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ippool': { - 'arp_intf': 'test_value_3', - 'arp_reply': 'disable', - 'associated_interface': 'test_value_5', - 'block_size': '6', - 'comments': 'test_value_7', - 'endip': 'test_value_8', - 'name': 'default_name_9', - 'num_blocks_per_user': '10', - 'pba_timeout': '11', - 'permit_any_host': 'disable', - 'source_endip': 'test_value_13', - 'source_startip': 'test_value_14', - 'startip': 'test_value_15', - 'type': 'overload' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ippool.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'arp-intf': 'test_value_3', - 'arp-reply': 'disable', - 'associated-interface': 'test_value_5', - 'block-size': '6', - 'comments': 'test_value_7', - 'endip': 'test_value_8', - 'name': 'default_name_9', - 'num-blocks-per-user': '10', - 'pba-timeout': '11', - 'permit-any-host': 'disable', - 'source-endip': 'test_value_13', - 'source-startip': 'test_value_14', - 'startip': 'test_value_15', - 'type': 'overload' - } - - set_method_mock.assert_called_with('firewall', 'ippool', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_ippool_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ippool': { - 'random_attribute_not_valid': 'tag', - 'arp_intf': 'test_value_3', - 'arp_reply': 'disable', - 'associated_interface': 'test_value_5', - 'block_size': '6', - 'comments': 'test_value_7', - 'endip': 'test_value_8', - 'name': 'default_name_9', - 'num_blocks_per_user': '10', - 'pba_timeout': '11', - 'permit_any_host': 'disable', - 'source_endip': 'test_value_13', - 'source_startip': 'test_value_14', - 'startip': 'test_value_15', - 'type': 'overload' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ippool.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'arp-intf': 'test_value_3', - 'arp-reply': 'disable', - 'associated-interface': 'test_value_5', - 'block-size': '6', - 'comments': 'test_value_7', - 'endip': 'test_value_8', - 'name': 'default_name_9', - 'num-blocks-per-user': '10', - 'pba-timeout': '11', - 'permit-any-host': 'disable', - 'source-endip': 'test_value_13', - 'source-startip': 'test_value_14', - 'startip': 'test_value_15', - 'type': 'overload' - } - - set_method_mock.assert_called_with('firewall', 'ippool', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_ippool6.py b/test/units/modules/network/fortios/test_fortios_firewall_ippool6.py deleted file mode 100644 index 69158059f73..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_ippool6.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_ippool6 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_ippool6.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_ippool6_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ippool6': { - 'comments': 'test_value_3', - 'endip': 'test_value_4', - 'name': 'default_name_5', - 'startip': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ippool6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'endip': 'test_value_4', - 'name': 'default_name_5', - 'startip': 'test_value_6' - } - - set_method_mock.assert_called_with('firewall', 'ippool6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_ippool6_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ippool6': { - 'comments': 'test_value_3', - 'endip': 'test_value_4', - 'name': 'default_name_5', - 'startip': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ippool6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'endip': 'test_value_4', - 'name': 'default_name_5', - 'startip': 'test_value_6' - } - - set_method_mock.assert_called_with('firewall', 'ippool6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_ippool6_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_ippool6': { - 'comments': 'test_value_3', - 'endip': 'test_value_4', - 'name': 'default_name_5', - 'startip': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ippool6.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'ippool6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_ippool6_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_ippool6': { - 'comments': 'test_value_3', - 'endip': 'test_value_4', - 'name': 'default_name_5', - 'startip': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ippool6.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'ippool6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_ippool6_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ippool6': { - 'comments': 'test_value_3', - 'endip': 'test_value_4', - 'name': 'default_name_5', - 'startip': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ippool6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'endip': 'test_value_4', - 'name': 'default_name_5', - 'startip': 'test_value_6' - } - - set_method_mock.assert_called_with('firewall', 'ippool6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_ippool6_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ippool6': { - 'random_attribute_not_valid': 'tag', - 'comments': 'test_value_3', - 'endip': 'test_value_4', - 'name': 'default_name_5', - 'startip': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ippool6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'endip': 'test_value_4', - 'name': 'default_name_5', - 'startip': 'test_value_6' - } - - set_method_mock.assert_called_with('firewall', 'ippool6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_ipv6_eh_filter.py b/test/units/modules/network/fortios/test_fortios_firewall_ipv6_eh_filter.py deleted file mode 100644 index f851a789ba0..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_ipv6_eh_filter.py +++ /dev/null @@ -1,207 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_ipv6_eh_filter -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_ipv6_eh_filter.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_ipv6_eh_filter_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ipv6_eh_filter': { - 'auth': 'enable', - 'dest_opt': 'enable', - 'fragment': 'enable', - 'hdopt_type': '6', - 'hop_opt': 'enable', - 'no_next': 'enable', - 'routing': 'enable', - 'routing_type': '10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ipv6_eh_filter.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'auth': 'enable', - 'dest-opt': 'enable', - 'fragment': 'enable', - 'hdopt-type': '6', - 'hop-opt': 'enable', - 'no-next': 'enable', - 'routing': 'enable', - 'routing-type': '10' - } - - set_method_mock.assert_called_with('firewall', 'ipv6-eh-filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_ipv6_eh_filter_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ipv6_eh_filter': { - 'auth': 'enable', - 'dest_opt': 'enable', - 'fragment': 'enable', - 'hdopt_type': '6', - 'hop_opt': 'enable', - 'no_next': 'enable', - 'routing': 'enable', - 'routing_type': '10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ipv6_eh_filter.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'auth': 'enable', - 'dest-opt': 'enable', - 'fragment': 'enable', - 'hdopt-type': '6', - 'hop-opt': 'enable', - 'no-next': 'enable', - 'routing': 'enable', - 'routing-type': '10' - } - - set_method_mock.assert_called_with('firewall', 'ipv6-eh-filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_ipv6_eh_filter_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ipv6_eh_filter': { - 'auth': 'enable', - 'dest_opt': 'enable', - 'fragment': 'enable', - 'hdopt_type': '6', - 'hop_opt': 'enable', - 'no_next': 'enable', - 'routing': 'enable', - 'routing_type': '10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ipv6_eh_filter.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'auth': 'enable', - 'dest-opt': 'enable', - 'fragment': 'enable', - 'hdopt-type': '6', - 'hop-opt': 'enable', - 'no-next': 'enable', - 'routing': 'enable', - 'routing-type': '10' - } - - set_method_mock.assert_called_with('firewall', 'ipv6-eh-filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_ipv6_eh_filter_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ipv6_eh_filter': { - 'random_attribute_not_valid': 'tag', - 'auth': 'enable', - 'dest_opt': 'enable', - 'fragment': 'enable', - 'hdopt_type': '6', - 'hop_opt': 'enable', - 'no_next': 'enable', - 'routing': 'enable', - 'routing_type': '10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ipv6_eh_filter.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'auth': 'enable', - 'dest-opt': 'enable', - 'fragment': 'enable', - 'hdopt-type': '6', - 'hop-opt': 'enable', - 'no-next': 'enable', - 'routing': 'enable', - 'routing-type': '10' - } - - set_method_mock.assert_called_with('firewall', 'ipv6-eh-filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_ldb_monitor.py b/test/units/modules/network/fortios/test_fortios_firewall_ldb_monitor.py deleted file mode 100644 index ecd1396ee30..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_ldb_monitor.py +++ /dev/null @@ -1,279 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_ldb_monitor -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_ldb_monitor.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_ldb_monitor_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ldb_monitor': { - 'http_get': 'test_value_3', - 'http_match': 'test_value_4', - 'http_max_redirects': '5', - 'interval': '6', - 'name': 'default_name_7', - 'port': '8', - 'retry': '9', - 'timeout': '10', - 'type': 'ping' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ldb_monitor.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'http-get': 'test_value_3', - 'http-match': 'test_value_4', - 'http-max-redirects': '5', - 'interval': '6', - 'name': 'default_name_7', - 'port': '8', - 'retry': '9', - 'timeout': '10', - 'type': 'ping' - } - - set_method_mock.assert_called_with('firewall', 'ldb-monitor', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_ldb_monitor_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ldb_monitor': { - 'http_get': 'test_value_3', - 'http_match': 'test_value_4', - 'http_max_redirects': '5', - 'interval': '6', - 'name': 'default_name_7', - 'port': '8', - 'retry': '9', - 'timeout': '10', - 'type': 'ping' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ldb_monitor.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'http-get': 'test_value_3', - 'http-match': 'test_value_4', - 'http-max-redirects': '5', - 'interval': '6', - 'name': 'default_name_7', - 'port': '8', - 'retry': '9', - 'timeout': '10', - 'type': 'ping' - } - - set_method_mock.assert_called_with('firewall', 'ldb-monitor', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_ldb_monitor_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_ldb_monitor': { - 'http_get': 'test_value_3', - 'http_match': 'test_value_4', - 'http_max_redirects': '5', - 'interval': '6', - 'name': 'default_name_7', - 'port': '8', - 'retry': '9', - 'timeout': '10', - 'type': 'ping' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ldb_monitor.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'ldb-monitor', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_ldb_monitor_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_ldb_monitor': { - 'http_get': 'test_value_3', - 'http_match': 'test_value_4', - 'http_max_redirects': '5', - 'interval': '6', - 'name': 'default_name_7', - 'port': '8', - 'retry': '9', - 'timeout': '10', - 'type': 'ping' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ldb_monitor.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'ldb-monitor', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_ldb_monitor_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ldb_monitor': { - 'http_get': 'test_value_3', - 'http_match': 'test_value_4', - 'http_max_redirects': '5', - 'interval': '6', - 'name': 'default_name_7', - 'port': '8', - 'retry': '9', - 'timeout': '10', - 'type': 'ping' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ldb_monitor.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'http-get': 'test_value_3', - 'http-match': 'test_value_4', - 'http-max-redirects': '5', - 'interval': '6', - 'name': 'default_name_7', - 'port': '8', - 'retry': '9', - 'timeout': '10', - 'type': 'ping' - } - - set_method_mock.assert_called_with('firewall', 'ldb-monitor', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_ldb_monitor_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ldb_monitor': { - 'random_attribute_not_valid': 'tag', - 'http_get': 'test_value_3', - 'http_match': 'test_value_4', - 'http_max_redirects': '5', - 'interval': '6', - 'name': 'default_name_7', - 'port': '8', - 'retry': '9', - 'timeout': '10', - 'type': 'ping' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ldb_monitor.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'http-get': 'test_value_3', - 'http-match': 'test_value_4', - 'http-max-redirects': '5', - 'interval': '6', - 'name': 'default_name_7', - 'port': '8', - 'retry': '9', - 'timeout': '10', - 'type': 'ping' - } - - set_method_mock.assert_called_with('firewall', 'ldb-monitor', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_local_in_policy.py b/test/units/modules/network/fortios/test_fortios_firewall_local_in_policy.py deleted file mode 100644 index 12f43ffe6e6..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_local_in_policy.py +++ /dev/null @@ -1,259 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_local_in_policy -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_local_in_policy.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_local_in_policy_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_local_in_policy': { - 'action': 'accept', - 'comments': 'test_value_4', - 'ha_mgmt_intf_only': 'enable', - 'intf': 'test_value_6', - 'policyid': '7', - 'schedule': 'test_value_8', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_local_in_policy.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'comments': 'test_value_4', - 'ha-mgmt-intf-only': 'enable', - 'intf': 'test_value_6', - 'policyid': '7', - 'schedule': 'test_value_8', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'local-in-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_local_in_policy_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_local_in_policy': { - 'action': 'accept', - 'comments': 'test_value_4', - 'ha_mgmt_intf_only': 'enable', - 'intf': 'test_value_6', - 'policyid': '7', - 'schedule': 'test_value_8', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_local_in_policy.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'comments': 'test_value_4', - 'ha-mgmt-intf-only': 'enable', - 'intf': 'test_value_6', - 'policyid': '7', - 'schedule': 'test_value_8', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'local-in-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_local_in_policy_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_local_in_policy': { - 'action': 'accept', - 'comments': 'test_value_4', - 'ha_mgmt_intf_only': 'enable', - 'intf': 'test_value_6', - 'policyid': '7', - 'schedule': 'test_value_8', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_local_in_policy.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'local-in-policy', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_local_in_policy_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_local_in_policy': { - 'action': 'accept', - 'comments': 'test_value_4', - 'ha_mgmt_intf_only': 'enable', - 'intf': 'test_value_6', - 'policyid': '7', - 'schedule': 'test_value_8', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_local_in_policy.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'local-in-policy', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_local_in_policy_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_local_in_policy': { - 'action': 'accept', - 'comments': 'test_value_4', - 'ha_mgmt_intf_only': 'enable', - 'intf': 'test_value_6', - 'policyid': '7', - 'schedule': 'test_value_8', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_local_in_policy.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'comments': 'test_value_4', - 'ha-mgmt-intf-only': 'enable', - 'intf': 'test_value_6', - 'policyid': '7', - 'schedule': 'test_value_8', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'local-in-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_local_in_policy_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_local_in_policy': { - 'random_attribute_not_valid': 'tag', - 'action': 'accept', - 'comments': 'test_value_4', - 'ha_mgmt_intf_only': 'enable', - 'intf': 'test_value_6', - 'policyid': '7', - 'schedule': 'test_value_8', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_local_in_policy.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'comments': 'test_value_4', - 'ha-mgmt-intf-only': 'enable', - 'intf': 'test_value_6', - 'policyid': '7', - 'schedule': 'test_value_8', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'local-in-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_local_in_policy6.py b/test/units/modules/network/fortios/test_fortios_firewall_local_in_policy6.py deleted file mode 100644 index 398ca1d4187..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_local_in_policy6.py +++ /dev/null @@ -1,249 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_local_in_policy6 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_local_in_policy6.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_local_in_policy6_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_local_in_policy6': { - 'action': 'accept', - 'comments': 'test_value_4', - 'intf': 'test_value_5', - 'policyid': '6', - 'schedule': 'test_value_7', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_local_in_policy6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'comments': 'test_value_4', - 'intf': 'test_value_5', - 'policyid': '6', - 'schedule': 'test_value_7', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'local-in-policy6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_local_in_policy6_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_local_in_policy6': { - 'action': 'accept', - 'comments': 'test_value_4', - 'intf': 'test_value_5', - 'policyid': '6', - 'schedule': 'test_value_7', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_local_in_policy6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'comments': 'test_value_4', - 'intf': 'test_value_5', - 'policyid': '6', - 'schedule': 'test_value_7', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'local-in-policy6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_local_in_policy6_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_local_in_policy6': { - 'action': 'accept', - 'comments': 'test_value_4', - 'intf': 'test_value_5', - 'policyid': '6', - 'schedule': 'test_value_7', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_local_in_policy6.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'local-in-policy6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_local_in_policy6_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_local_in_policy6': { - 'action': 'accept', - 'comments': 'test_value_4', - 'intf': 'test_value_5', - 'policyid': '6', - 'schedule': 'test_value_7', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_local_in_policy6.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'local-in-policy6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_local_in_policy6_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_local_in_policy6': { - 'action': 'accept', - 'comments': 'test_value_4', - 'intf': 'test_value_5', - 'policyid': '6', - 'schedule': 'test_value_7', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_local_in_policy6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'comments': 'test_value_4', - 'intf': 'test_value_5', - 'policyid': '6', - 'schedule': 'test_value_7', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'local-in-policy6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_local_in_policy6_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_local_in_policy6': { - 'random_attribute_not_valid': 'tag', - 'action': 'accept', - 'comments': 'test_value_4', - 'intf': 'test_value_5', - 'policyid': '6', - 'schedule': 'test_value_7', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_local_in_policy6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'comments': 'test_value_4', - 'intf': 'test_value_5', - 'policyid': '6', - 'schedule': 'test_value_7', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'local-in-policy6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_multicast_address.py b/test/units/modules/network/fortios/test_fortios_firewall_multicast_address.py deleted file mode 100644 index eefb547de96..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_multicast_address.py +++ /dev/null @@ -1,279 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_multicast_address -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_multicast_address.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_multicast_address_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_multicast_address': { - 'associated_interface': 'test_value_3', - 'color': '4', - 'comment': 'Comment.', - 'end_ip': 'test_value_6', - 'name': 'default_name_7', - 'start_ip': 'test_value_8', - 'subnet': 'test_value_9', - 'type': 'multicastrange', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_multicast_address.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'associated-interface': 'test_value_3', - 'color': '4', - 'comment': 'Comment.', - 'end-ip': 'test_value_6', - 'name': 'default_name_7', - 'start-ip': 'test_value_8', - 'subnet': 'test_value_9', - 'type': 'multicastrange', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'multicast-address', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_multicast_address_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_multicast_address': { - 'associated_interface': 'test_value_3', - 'color': '4', - 'comment': 'Comment.', - 'end_ip': 'test_value_6', - 'name': 'default_name_7', - 'start_ip': 'test_value_8', - 'subnet': 'test_value_9', - 'type': 'multicastrange', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_multicast_address.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'associated-interface': 'test_value_3', - 'color': '4', - 'comment': 'Comment.', - 'end-ip': 'test_value_6', - 'name': 'default_name_7', - 'start-ip': 'test_value_8', - 'subnet': 'test_value_9', - 'type': 'multicastrange', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'multicast-address', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_multicast_address_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_multicast_address': { - 'associated_interface': 'test_value_3', - 'color': '4', - 'comment': 'Comment.', - 'end_ip': 'test_value_6', - 'name': 'default_name_7', - 'start_ip': 'test_value_8', - 'subnet': 'test_value_9', - 'type': 'multicastrange', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_multicast_address.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'multicast-address', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_multicast_address_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_multicast_address': { - 'associated_interface': 'test_value_3', - 'color': '4', - 'comment': 'Comment.', - 'end_ip': 'test_value_6', - 'name': 'default_name_7', - 'start_ip': 'test_value_8', - 'subnet': 'test_value_9', - 'type': 'multicastrange', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_multicast_address.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'multicast-address', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_multicast_address_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_multicast_address': { - 'associated_interface': 'test_value_3', - 'color': '4', - 'comment': 'Comment.', - 'end_ip': 'test_value_6', - 'name': 'default_name_7', - 'start_ip': 'test_value_8', - 'subnet': 'test_value_9', - 'type': 'multicastrange', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_multicast_address.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'associated-interface': 'test_value_3', - 'color': '4', - 'comment': 'Comment.', - 'end-ip': 'test_value_6', - 'name': 'default_name_7', - 'start-ip': 'test_value_8', - 'subnet': 'test_value_9', - 'type': 'multicastrange', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'multicast-address', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_multicast_address_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_multicast_address': { - 'random_attribute_not_valid': 'tag', - 'associated_interface': 'test_value_3', - 'color': '4', - 'comment': 'Comment.', - 'end_ip': 'test_value_6', - 'name': 'default_name_7', - 'start_ip': 'test_value_8', - 'subnet': 'test_value_9', - 'type': 'multicastrange', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_multicast_address.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'associated-interface': 'test_value_3', - 'color': '4', - 'comment': 'Comment.', - 'end-ip': 'test_value_6', - 'name': 'default_name_7', - 'start-ip': 'test_value_8', - 'subnet': 'test_value_9', - 'type': 'multicastrange', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'multicast-address', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_multicast_address6.py b/test/units/modules/network/fortios/test_fortios_firewall_multicast_address6.py deleted file mode 100644 index 02f216671cb..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_multicast_address6.py +++ /dev/null @@ -1,239 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_multicast_address6 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_multicast_address6.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_multicast_address6_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_multicast_address6': { - 'color': '3', - 'comment': 'Comment.', - 'ip6': 'test_value_5', - 'name': 'default_name_6', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_multicast_address6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comment': 'Comment.', - 'ip6': 'test_value_5', - 'name': 'default_name_6', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'multicast-address6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_multicast_address6_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_multicast_address6': { - 'color': '3', - 'comment': 'Comment.', - 'ip6': 'test_value_5', - 'name': 'default_name_6', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_multicast_address6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comment': 'Comment.', - 'ip6': 'test_value_5', - 'name': 'default_name_6', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'multicast-address6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_multicast_address6_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_multicast_address6': { - 'color': '3', - 'comment': 'Comment.', - 'ip6': 'test_value_5', - 'name': 'default_name_6', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_multicast_address6.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'multicast-address6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_multicast_address6_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_multicast_address6': { - 'color': '3', - 'comment': 'Comment.', - 'ip6': 'test_value_5', - 'name': 'default_name_6', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_multicast_address6.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'multicast-address6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_multicast_address6_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_multicast_address6': { - 'color': '3', - 'comment': 'Comment.', - 'ip6': 'test_value_5', - 'name': 'default_name_6', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_multicast_address6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comment': 'Comment.', - 'ip6': 'test_value_5', - 'name': 'default_name_6', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'multicast-address6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_multicast_address6_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_multicast_address6': { - 'random_attribute_not_valid': 'tag', - 'color': '3', - 'comment': 'Comment.', - 'ip6': 'test_value_5', - 'name': 'default_name_6', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_multicast_address6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comment': 'Comment.', - 'ip6': 'test_value_5', - 'name': 'default_name_6', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'multicast-address6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_multicast_policy.py b/test/units/modules/network/fortios/test_fortios_firewall_multicast_policy.py deleted file mode 100644 index 32c97ba5817..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_multicast_policy.py +++ /dev/null @@ -1,309 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_multicast_policy -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_multicast_policy.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_multicast_policy_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_multicast_policy': { - 'action': 'accept', - 'dnat': 'test_value_4', - 'dstintf': 'test_value_5', - 'end_port': '6', - 'id': '7', - 'logtraffic': 'enable', - 'protocol': '9', - 'snat': 'enable', - 'snat_ip': 'test_value_11', - 'srcintf': 'test_value_12', - 'start_port': '13', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_multicast_policy.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'dnat': 'test_value_4', - 'dstintf': 'test_value_5', - 'end-port': '6', - 'id': '7', - 'logtraffic': 'enable', - 'protocol': '9', - 'snat': 'enable', - 'snat-ip': 'test_value_11', - 'srcintf': 'test_value_12', - 'start-port': '13', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'multicast-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_multicast_policy_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_multicast_policy': { - 'action': 'accept', - 'dnat': 'test_value_4', - 'dstintf': 'test_value_5', - 'end_port': '6', - 'id': '7', - 'logtraffic': 'enable', - 'protocol': '9', - 'snat': 'enable', - 'snat_ip': 'test_value_11', - 'srcintf': 'test_value_12', - 'start_port': '13', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_multicast_policy.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'dnat': 'test_value_4', - 'dstintf': 'test_value_5', - 'end-port': '6', - 'id': '7', - 'logtraffic': 'enable', - 'protocol': '9', - 'snat': 'enable', - 'snat-ip': 'test_value_11', - 'srcintf': 'test_value_12', - 'start-port': '13', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'multicast-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_multicast_policy_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_multicast_policy': { - 'action': 'accept', - 'dnat': 'test_value_4', - 'dstintf': 'test_value_5', - 'end_port': '6', - 'id': '7', - 'logtraffic': 'enable', - 'protocol': '9', - 'snat': 'enable', - 'snat_ip': 'test_value_11', - 'srcintf': 'test_value_12', - 'start_port': '13', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_multicast_policy.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'multicast-policy', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_multicast_policy_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_multicast_policy': { - 'action': 'accept', - 'dnat': 'test_value_4', - 'dstintf': 'test_value_5', - 'end_port': '6', - 'id': '7', - 'logtraffic': 'enable', - 'protocol': '9', - 'snat': 'enable', - 'snat_ip': 'test_value_11', - 'srcintf': 'test_value_12', - 'start_port': '13', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_multicast_policy.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'multicast-policy', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_multicast_policy_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_multicast_policy': { - 'action': 'accept', - 'dnat': 'test_value_4', - 'dstintf': 'test_value_5', - 'end_port': '6', - 'id': '7', - 'logtraffic': 'enable', - 'protocol': '9', - 'snat': 'enable', - 'snat_ip': 'test_value_11', - 'srcintf': 'test_value_12', - 'start_port': '13', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_multicast_policy.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'dnat': 'test_value_4', - 'dstintf': 'test_value_5', - 'end-port': '6', - 'id': '7', - 'logtraffic': 'enable', - 'protocol': '9', - 'snat': 'enable', - 'snat-ip': 'test_value_11', - 'srcintf': 'test_value_12', - 'start-port': '13', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'multicast-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_multicast_policy_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_multicast_policy': { - 'random_attribute_not_valid': 'tag', - 'action': 'accept', - 'dnat': 'test_value_4', - 'dstintf': 'test_value_5', - 'end_port': '6', - 'id': '7', - 'logtraffic': 'enable', - 'protocol': '9', - 'snat': 'enable', - 'snat_ip': 'test_value_11', - 'srcintf': 'test_value_12', - 'start_port': '13', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_multicast_policy.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'dnat': 'test_value_4', - 'dstintf': 'test_value_5', - 'end-port': '6', - 'id': '7', - 'logtraffic': 'enable', - 'protocol': '9', - 'snat': 'enable', - 'snat-ip': 'test_value_11', - 'srcintf': 'test_value_12', - 'start-port': '13', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'multicast-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_multicast_policy6.py b/test/units/modules/network/fortios/test_fortios_firewall_multicast_policy6.py deleted file mode 100644 index c9e58511a55..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_multicast_policy6.py +++ /dev/null @@ -1,279 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_multicast_policy6 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_multicast_policy6.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_multicast_policy6_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_multicast_policy6': { - 'action': 'accept', - 'dstintf': 'test_value_4', - 'end_port': '5', - 'id': '6', - 'logtraffic': 'enable', - 'protocol': '8', - 'srcintf': 'test_value_9', - 'start_port': '10', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_multicast_policy6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'dstintf': 'test_value_4', - 'end-port': '5', - 'id': '6', - 'logtraffic': 'enable', - 'protocol': '8', - 'srcintf': 'test_value_9', - 'start-port': '10', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'multicast-policy6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_multicast_policy6_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_multicast_policy6': { - 'action': 'accept', - 'dstintf': 'test_value_4', - 'end_port': '5', - 'id': '6', - 'logtraffic': 'enable', - 'protocol': '8', - 'srcintf': 'test_value_9', - 'start_port': '10', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_multicast_policy6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'dstintf': 'test_value_4', - 'end-port': '5', - 'id': '6', - 'logtraffic': 'enable', - 'protocol': '8', - 'srcintf': 'test_value_9', - 'start-port': '10', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'multicast-policy6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_multicast_policy6_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_multicast_policy6': { - 'action': 'accept', - 'dstintf': 'test_value_4', - 'end_port': '5', - 'id': '6', - 'logtraffic': 'enable', - 'protocol': '8', - 'srcintf': 'test_value_9', - 'start_port': '10', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_multicast_policy6.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'multicast-policy6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_multicast_policy6_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_multicast_policy6': { - 'action': 'accept', - 'dstintf': 'test_value_4', - 'end_port': '5', - 'id': '6', - 'logtraffic': 'enable', - 'protocol': '8', - 'srcintf': 'test_value_9', - 'start_port': '10', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_multicast_policy6.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'multicast-policy6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_multicast_policy6_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_multicast_policy6': { - 'action': 'accept', - 'dstintf': 'test_value_4', - 'end_port': '5', - 'id': '6', - 'logtraffic': 'enable', - 'protocol': '8', - 'srcintf': 'test_value_9', - 'start_port': '10', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_multicast_policy6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'dstintf': 'test_value_4', - 'end-port': '5', - 'id': '6', - 'logtraffic': 'enable', - 'protocol': '8', - 'srcintf': 'test_value_9', - 'start-port': '10', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'multicast-policy6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_multicast_policy6_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_multicast_policy6': { - 'random_attribute_not_valid': 'tag', - 'action': 'accept', - 'dstintf': 'test_value_4', - 'end_port': '5', - 'id': '6', - 'logtraffic': 'enable', - 'protocol': '8', - 'srcintf': 'test_value_9', - 'start_port': '10', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_multicast_policy6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'dstintf': 'test_value_4', - 'end-port': '5', - 'id': '6', - 'logtraffic': 'enable', - 'protocol': '8', - 'srcintf': 'test_value_9', - 'start-port': '10', - 'status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'multicast-policy6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_policy.py b/test/units/modules/network/fortios/test_fortios_firewall_policy.py deleted file mode 100644 index 53d7d6c59d4..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_policy.py +++ /dev/null @@ -1,1169 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_policy -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_policy.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_policy_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_policy': { - 'action': 'accept', - 'application_list': 'test_value_4', - 'auth_cert': 'test_value_5', - 'auth_path': 'enable', - 'auth_redirect_addr': 'test_value_7', - 'av_profile': 'test_value_8', - 'block_notification': 'enable', - 'captive_portal_exempt': 'enable', - 'capture_packet': 'enable', - 'comments': 'test_value_12', - 'delay_tcp_npu_session': 'enable', - 'diffserv_forward': 'enable', - 'diffserv_reverse': 'enable', - 'diffservcode_forward': 'test_value_16', - 'diffservcode_rev': 'test_value_17', - 'disclaimer': 'enable', - 'dlp_sensor': 'test_value_19', - 'dnsfilter_profile': 'test_value_20', - 'dscp_match': 'enable', - 'dscp_negate': 'enable', - 'dscp_value': 'test_value_23', - 'dsri': 'enable', - 'dstaddr_negate': 'enable', - 'firewall_session_dirty': 'check-all', - 'fixedport': 'enable', - 'fsso': 'enable', - 'fsso_agent_for_ntlm': 'test_value_29', - 'global_label': 'test_value_30', - 'icap_profile': 'test_value_31', - 'identity_based_route': 'test_value_32', - 'inbound': 'enable', - 'internet_service': 'enable', - 'internet_service_negate': 'enable', - 'internet_service_src': 'enable', - 'internet_service_src_negate': 'enable', - 'ippool': 'enable', - 'ips_sensor': 'test_value_39', - 'label': 'test_value_40', - 'learning_mode': 'enable', - 'logtraffic': 'all', - 'logtraffic_start': 'enable', - 'match_vip': 'enable', - 'name': 'default_name_45', - 'nat': 'enable', - 'natinbound': 'enable', - 'natip': 'test_value_48', - 'natoutbound': 'enable', - 'ntlm': 'enable', - 'ntlm_guest': 'enable', - 'outbound': 'enable', - 'per_ip_shaper': 'test_value_53', - 'permit_any_host': 'enable', - 'permit_stun_host': 'enable', - 'policyid': '56', - 'profile_group': 'test_value_57', - 'profile_protocol_options': 'test_value_58', - 'profile_type': 'single', - 'radius_mac_auth_bypass': 'enable', - 'redirect_url': 'test_value_61', - 'replacemsg_override_group': 'test_value_62', - 'rsso': 'enable', - 'rtp_nat': 'disable', - 'scan_botnet_connections': 'disable', - 'schedule': 'test_value_66', - 'schedule_timeout': 'enable', - 'send_deny_packet': 'disable', - 'service_negate': 'enable', - 'session_ttl': '70', - 'spamfilter_profile': 'test_value_71', - 'srcaddr_negate': 'enable', - 'ssh_filter_profile': 'test_value_73', - 'ssl_mirror': 'enable', - 'ssl_ssh_profile': 'test_value_75', - 'status': 'enable', - 'tcp_mss_receiver': '77', - 'tcp_mss_sender': '78', - 'tcp_session_without_syn': 'all', - 'timeout_send_rst': 'enable', - 'traffic_shaper': 'test_value_81', - 'traffic_shaper_reverse': 'test_value_82', - 'utm_status': 'enable', - 'uuid': 'test_value_84', - 'vlan_cos_fwd': '85', - 'vlan_cos_rev': '86', - 'vlan_filter': 'test_value_87', - 'voip_profile': 'test_value_88', - 'vpntunnel': 'test_value_89', - 'waf_profile': 'test_value_90', - 'wanopt': 'enable', - 'wanopt_detection': 'active', - 'wanopt_passive_opt': 'default', - 'wanopt_peer': 'test_value_94', - 'wanopt_profile': 'test_value_95', - 'wccp': 'enable', - 'webcache': 'enable', - 'webcache_https': 'disable', - 'webfilter_profile': 'test_value_99', - 'wsso': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_policy.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'application-list': 'test_value_4', - 'auth-cert': 'test_value_5', - 'auth-path': 'enable', - 'auth-redirect-addr': 'test_value_7', - 'av-profile': 'test_value_8', - 'block-notification': 'enable', - 'captive-portal-exempt': 'enable', - 'capture-packet': 'enable', - 'comments': 'test_value_12', - 'delay-tcp-npu-session': 'enable', - 'diffserv-forward': 'enable', - 'diffserv-reverse': 'enable', - 'diffservcode-forward': 'test_value_16', - 'diffservcode-rev': 'test_value_17', - 'disclaimer': 'enable', - 'dlp-sensor': 'test_value_19', - 'dnsfilter-profile': 'test_value_20', - 'dscp-match': 'enable', - 'dscp-negate': 'enable', - 'dscp-value': 'test_value_23', - 'dsri': 'enable', - 'dstaddr-negate': 'enable', - 'firewall-session-dirty': 'check-all', - 'fixedport': 'enable', - 'fsso': 'enable', - 'fsso-agent-for-ntlm': 'test_value_29', - 'global-label': 'test_value_30', - 'icap-profile': 'test_value_31', - 'identity-based-route': 'test_value_32', - 'inbound': 'enable', - 'internet-service': 'enable', - 'internet-service-negate': 'enable', - 'internet-service-src': 'enable', - 'internet-service-src-negate': 'enable', - 'ippool': 'enable', - 'ips-sensor': 'test_value_39', - 'label': 'test_value_40', - 'learning-mode': 'enable', - 'logtraffic': 'all', - 'logtraffic-start': 'enable', - 'match-vip': 'enable', - 'name': 'default_name_45', - 'nat': 'enable', - 'natinbound': 'enable', - 'natip': 'test_value_48', - 'natoutbound': 'enable', - 'ntlm': 'enable', - 'ntlm-guest': 'enable', - 'outbound': 'enable', - 'per-ip-shaper': 'test_value_53', - 'permit-any-host': 'enable', - 'permit-stun-host': 'enable', - 'policyid': '56', - 'profile-group': 'test_value_57', - 'profile-protocol-options': 'test_value_58', - 'profile-type': 'single', - 'radius-mac-auth-bypass': 'enable', - 'redirect-url': 'test_value_61', - 'replacemsg-override-group': 'test_value_62', - 'rsso': 'enable', - 'rtp-nat': 'disable', - 'scan-botnet-connections': 'disable', - 'schedule': 'test_value_66', - 'schedule-timeout': 'enable', - 'send-deny-packet': 'disable', - 'service-negate': 'enable', - 'session-ttl': '70', - 'spamfilter-profile': 'test_value_71', - 'srcaddr-negate': 'enable', - 'ssh-filter-profile': 'test_value_73', - 'ssl-mirror': 'enable', - 'ssl-ssh-profile': 'test_value_75', - 'status': 'enable', - 'tcp-mss-receiver': '77', - 'tcp-mss-sender': '78', - 'tcp-session-without-syn': 'all', - 'timeout-send-rst': 'enable', - 'traffic-shaper': 'test_value_81', - 'traffic-shaper-reverse': 'test_value_82', - 'utm-status': 'enable', - 'uuid': 'test_value_84', - 'vlan-cos-fwd': '85', - 'vlan-cos-rev': '86', - 'vlan-filter': 'test_value_87', - 'voip-profile': 'test_value_88', - 'vpntunnel': 'test_value_89', - 'waf-profile': 'test_value_90', - 'wanopt': 'enable', - 'wanopt-detection': 'active', - 'wanopt-passive-opt': 'default', - 'wanopt-peer': 'test_value_94', - 'wanopt-profile': 'test_value_95', - 'wccp': 'enable', - 'webcache': 'enable', - 'webcache-https': 'disable', - 'webfilter-profile': 'test_value_99', - 'wsso': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_policy_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_policy': { - 'action': 'accept', - 'application_list': 'test_value_4', - 'auth_cert': 'test_value_5', - 'auth_path': 'enable', - 'auth_redirect_addr': 'test_value_7', - 'av_profile': 'test_value_8', - 'block_notification': 'enable', - 'captive_portal_exempt': 'enable', - 'capture_packet': 'enable', - 'comments': 'test_value_12', - 'delay_tcp_npu_session': 'enable', - 'diffserv_forward': 'enable', - 'diffserv_reverse': 'enable', - 'diffservcode_forward': 'test_value_16', - 'diffservcode_rev': 'test_value_17', - 'disclaimer': 'enable', - 'dlp_sensor': 'test_value_19', - 'dnsfilter_profile': 'test_value_20', - 'dscp_match': 'enable', - 'dscp_negate': 'enable', - 'dscp_value': 'test_value_23', - 'dsri': 'enable', - 'dstaddr_negate': 'enable', - 'firewall_session_dirty': 'check-all', - 'fixedport': 'enable', - 'fsso': 'enable', - 'fsso_agent_for_ntlm': 'test_value_29', - 'global_label': 'test_value_30', - 'icap_profile': 'test_value_31', - 'identity_based_route': 'test_value_32', - 'inbound': 'enable', - 'internet_service': 'enable', - 'internet_service_negate': 'enable', - 'internet_service_src': 'enable', - 'internet_service_src_negate': 'enable', - 'ippool': 'enable', - 'ips_sensor': 'test_value_39', - 'label': 'test_value_40', - 'learning_mode': 'enable', - 'logtraffic': 'all', - 'logtraffic_start': 'enable', - 'match_vip': 'enable', - 'name': 'default_name_45', - 'nat': 'enable', - 'natinbound': 'enable', - 'natip': 'test_value_48', - 'natoutbound': 'enable', - 'ntlm': 'enable', - 'ntlm_guest': 'enable', - 'outbound': 'enable', - 'per_ip_shaper': 'test_value_53', - 'permit_any_host': 'enable', - 'permit_stun_host': 'enable', - 'policyid': '56', - 'profile_group': 'test_value_57', - 'profile_protocol_options': 'test_value_58', - 'profile_type': 'single', - 'radius_mac_auth_bypass': 'enable', - 'redirect_url': 'test_value_61', - 'replacemsg_override_group': 'test_value_62', - 'rsso': 'enable', - 'rtp_nat': 'disable', - 'scan_botnet_connections': 'disable', - 'schedule': 'test_value_66', - 'schedule_timeout': 'enable', - 'send_deny_packet': 'disable', - 'service_negate': 'enable', - 'session_ttl': '70', - 'spamfilter_profile': 'test_value_71', - 'srcaddr_negate': 'enable', - 'ssh_filter_profile': 'test_value_73', - 'ssl_mirror': 'enable', - 'ssl_ssh_profile': 'test_value_75', - 'status': 'enable', - 'tcp_mss_receiver': '77', - 'tcp_mss_sender': '78', - 'tcp_session_without_syn': 'all', - 'timeout_send_rst': 'enable', - 'traffic_shaper': 'test_value_81', - 'traffic_shaper_reverse': 'test_value_82', - 'utm_status': 'enable', - 'uuid': 'test_value_84', - 'vlan_cos_fwd': '85', - 'vlan_cos_rev': '86', - 'vlan_filter': 'test_value_87', - 'voip_profile': 'test_value_88', - 'vpntunnel': 'test_value_89', - 'waf_profile': 'test_value_90', - 'wanopt': 'enable', - 'wanopt_detection': 'active', - 'wanopt_passive_opt': 'default', - 'wanopt_peer': 'test_value_94', - 'wanopt_profile': 'test_value_95', - 'wccp': 'enable', - 'webcache': 'enable', - 'webcache_https': 'disable', - 'webfilter_profile': 'test_value_99', - 'wsso': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_policy.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'application-list': 'test_value_4', - 'auth-cert': 'test_value_5', - 'auth-path': 'enable', - 'auth-redirect-addr': 'test_value_7', - 'av-profile': 'test_value_8', - 'block-notification': 'enable', - 'captive-portal-exempt': 'enable', - 'capture-packet': 'enable', - 'comments': 'test_value_12', - 'delay-tcp-npu-session': 'enable', - 'diffserv-forward': 'enable', - 'diffserv-reverse': 'enable', - 'diffservcode-forward': 'test_value_16', - 'diffservcode-rev': 'test_value_17', - 'disclaimer': 'enable', - 'dlp-sensor': 'test_value_19', - 'dnsfilter-profile': 'test_value_20', - 'dscp-match': 'enable', - 'dscp-negate': 'enable', - 'dscp-value': 'test_value_23', - 'dsri': 'enable', - 'dstaddr-negate': 'enable', - 'firewall-session-dirty': 'check-all', - 'fixedport': 'enable', - 'fsso': 'enable', - 'fsso-agent-for-ntlm': 'test_value_29', - 'global-label': 'test_value_30', - 'icap-profile': 'test_value_31', - 'identity-based-route': 'test_value_32', - 'inbound': 'enable', - 'internet-service': 'enable', - 'internet-service-negate': 'enable', - 'internet-service-src': 'enable', - 'internet-service-src-negate': 'enable', - 'ippool': 'enable', - 'ips-sensor': 'test_value_39', - 'label': 'test_value_40', - 'learning-mode': 'enable', - 'logtraffic': 'all', - 'logtraffic-start': 'enable', - 'match-vip': 'enable', - 'name': 'default_name_45', - 'nat': 'enable', - 'natinbound': 'enable', - 'natip': 'test_value_48', - 'natoutbound': 'enable', - 'ntlm': 'enable', - 'ntlm-guest': 'enable', - 'outbound': 'enable', - 'per-ip-shaper': 'test_value_53', - 'permit-any-host': 'enable', - 'permit-stun-host': 'enable', - 'policyid': '56', - 'profile-group': 'test_value_57', - 'profile-protocol-options': 'test_value_58', - 'profile-type': 'single', - 'radius-mac-auth-bypass': 'enable', - 'redirect-url': 'test_value_61', - 'replacemsg-override-group': 'test_value_62', - 'rsso': 'enable', - 'rtp-nat': 'disable', - 'scan-botnet-connections': 'disable', - 'schedule': 'test_value_66', - 'schedule-timeout': 'enable', - 'send-deny-packet': 'disable', - 'service-negate': 'enable', - 'session-ttl': '70', - 'spamfilter-profile': 'test_value_71', - 'srcaddr-negate': 'enable', - 'ssh-filter-profile': 'test_value_73', - 'ssl-mirror': 'enable', - 'ssl-ssh-profile': 'test_value_75', - 'status': 'enable', - 'tcp-mss-receiver': '77', - 'tcp-mss-sender': '78', - 'tcp-session-without-syn': 'all', - 'timeout-send-rst': 'enable', - 'traffic-shaper': 'test_value_81', - 'traffic-shaper-reverse': 'test_value_82', - 'utm-status': 'enable', - 'uuid': 'test_value_84', - 'vlan-cos-fwd': '85', - 'vlan-cos-rev': '86', - 'vlan-filter': 'test_value_87', - 'voip-profile': 'test_value_88', - 'vpntunnel': 'test_value_89', - 'waf-profile': 'test_value_90', - 'wanopt': 'enable', - 'wanopt-detection': 'active', - 'wanopt-passive-opt': 'default', - 'wanopt-peer': 'test_value_94', - 'wanopt-profile': 'test_value_95', - 'wccp': 'enable', - 'webcache': 'enable', - 'webcache-https': 'disable', - 'webfilter-profile': 'test_value_99', - 'wsso': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_policy_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_policy': { - 'action': 'accept', - 'application_list': 'test_value_4', - 'auth_cert': 'test_value_5', - 'auth_path': 'enable', - 'auth_redirect_addr': 'test_value_7', - 'av_profile': 'test_value_8', - 'block_notification': 'enable', - 'captive_portal_exempt': 'enable', - 'capture_packet': 'enable', - 'comments': 'test_value_12', - 'delay_tcp_npu_session': 'enable', - 'diffserv_forward': 'enable', - 'diffserv_reverse': 'enable', - 'diffservcode_forward': 'test_value_16', - 'diffservcode_rev': 'test_value_17', - 'disclaimer': 'enable', - 'dlp_sensor': 'test_value_19', - 'dnsfilter_profile': 'test_value_20', - 'dscp_match': 'enable', - 'dscp_negate': 'enable', - 'dscp_value': 'test_value_23', - 'dsri': 'enable', - 'dstaddr_negate': 'enable', - 'firewall_session_dirty': 'check-all', - 'fixedport': 'enable', - 'fsso': 'enable', - 'fsso_agent_for_ntlm': 'test_value_29', - 'global_label': 'test_value_30', - 'icap_profile': 'test_value_31', - 'identity_based_route': 'test_value_32', - 'inbound': 'enable', - 'internet_service': 'enable', - 'internet_service_negate': 'enable', - 'internet_service_src': 'enable', - 'internet_service_src_negate': 'enable', - 'ippool': 'enable', - 'ips_sensor': 'test_value_39', - 'label': 'test_value_40', - 'learning_mode': 'enable', - 'logtraffic': 'all', - 'logtraffic_start': 'enable', - 'match_vip': 'enable', - 'name': 'default_name_45', - 'nat': 'enable', - 'natinbound': 'enable', - 'natip': 'test_value_48', - 'natoutbound': 'enable', - 'ntlm': 'enable', - 'ntlm_guest': 'enable', - 'outbound': 'enable', - 'per_ip_shaper': 'test_value_53', - 'permit_any_host': 'enable', - 'permit_stun_host': 'enable', - 'policyid': '56', - 'profile_group': 'test_value_57', - 'profile_protocol_options': 'test_value_58', - 'profile_type': 'single', - 'radius_mac_auth_bypass': 'enable', - 'redirect_url': 'test_value_61', - 'replacemsg_override_group': 'test_value_62', - 'rsso': 'enable', - 'rtp_nat': 'disable', - 'scan_botnet_connections': 'disable', - 'schedule': 'test_value_66', - 'schedule_timeout': 'enable', - 'send_deny_packet': 'disable', - 'service_negate': 'enable', - 'session_ttl': '70', - 'spamfilter_profile': 'test_value_71', - 'srcaddr_negate': 'enable', - 'ssh_filter_profile': 'test_value_73', - 'ssl_mirror': 'enable', - 'ssl_ssh_profile': 'test_value_75', - 'status': 'enable', - 'tcp_mss_receiver': '77', - 'tcp_mss_sender': '78', - 'tcp_session_without_syn': 'all', - 'timeout_send_rst': 'enable', - 'traffic_shaper': 'test_value_81', - 'traffic_shaper_reverse': 'test_value_82', - 'utm_status': 'enable', - 'uuid': 'test_value_84', - 'vlan_cos_fwd': '85', - 'vlan_cos_rev': '86', - 'vlan_filter': 'test_value_87', - 'voip_profile': 'test_value_88', - 'vpntunnel': 'test_value_89', - 'waf_profile': 'test_value_90', - 'wanopt': 'enable', - 'wanopt_detection': 'active', - 'wanopt_passive_opt': 'default', - 'wanopt_peer': 'test_value_94', - 'wanopt_profile': 'test_value_95', - 'wccp': 'enable', - 'webcache': 'enable', - 'webcache_https': 'disable', - 'webfilter_profile': 'test_value_99', - 'wsso': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_policy.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'policy', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_policy_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_policy': { - 'action': 'accept', - 'application_list': 'test_value_4', - 'auth_cert': 'test_value_5', - 'auth_path': 'enable', - 'auth_redirect_addr': 'test_value_7', - 'av_profile': 'test_value_8', - 'block_notification': 'enable', - 'captive_portal_exempt': 'enable', - 'capture_packet': 'enable', - 'comments': 'test_value_12', - 'delay_tcp_npu_session': 'enable', - 'diffserv_forward': 'enable', - 'diffserv_reverse': 'enable', - 'diffservcode_forward': 'test_value_16', - 'diffservcode_rev': 'test_value_17', - 'disclaimer': 'enable', - 'dlp_sensor': 'test_value_19', - 'dnsfilter_profile': 'test_value_20', - 'dscp_match': 'enable', - 'dscp_negate': 'enable', - 'dscp_value': 'test_value_23', - 'dsri': 'enable', - 'dstaddr_negate': 'enable', - 'firewall_session_dirty': 'check-all', - 'fixedport': 'enable', - 'fsso': 'enable', - 'fsso_agent_for_ntlm': 'test_value_29', - 'global_label': 'test_value_30', - 'icap_profile': 'test_value_31', - 'identity_based_route': 'test_value_32', - 'inbound': 'enable', - 'internet_service': 'enable', - 'internet_service_negate': 'enable', - 'internet_service_src': 'enable', - 'internet_service_src_negate': 'enable', - 'ippool': 'enable', - 'ips_sensor': 'test_value_39', - 'label': 'test_value_40', - 'learning_mode': 'enable', - 'logtraffic': 'all', - 'logtraffic_start': 'enable', - 'match_vip': 'enable', - 'name': 'default_name_45', - 'nat': 'enable', - 'natinbound': 'enable', - 'natip': 'test_value_48', - 'natoutbound': 'enable', - 'ntlm': 'enable', - 'ntlm_guest': 'enable', - 'outbound': 'enable', - 'per_ip_shaper': 'test_value_53', - 'permit_any_host': 'enable', - 'permit_stun_host': 'enable', - 'policyid': '56', - 'profile_group': 'test_value_57', - 'profile_protocol_options': 'test_value_58', - 'profile_type': 'single', - 'radius_mac_auth_bypass': 'enable', - 'redirect_url': 'test_value_61', - 'replacemsg_override_group': 'test_value_62', - 'rsso': 'enable', - 'rtp_nat': 'disable', - 'scan_botnet_connections': 'disable', - 'schedule': 'test_value_66', - 'schedule_timeout': 'enable', - 'send_deny_packet': 'disable', - 'service_negate': 'enable', - 'session_ttl': '70', - 'spamfilter_profile': 'test_value_71', - 'srcaddr_negate': 'enable', - 'ssh_filter_profile': 'test_value_73', - 'ssl_mirror': 'enable', - 'ssl_ssh_profile': 'test_value_75', - 'status': 'enable', - 'tcp_mss_receiver': '77', - 'tcp_mss_sender': '78', - 'tcp_session_without_syn': 'all', - 'timeout_send_rst': 'enable', - 'traffic_shaper': 'test_value_81', - 'traffic_shaper_reverse': 'test_value_82', - 'utm_status': 'enable', - 'uuid': 'test_value_84', - 'vlan_cos_fwd': '85', - 'vlan_cos_rev': '86', - 'vlan_filter': 'test_value_87', - 'voip_profile': 'test_value_88', - 'vpntunnel': 'test_value_89', - 'waf_profile': 'test_value_90', - 'wanopt': 'enable', - 'wanopt_detection': 'active', - 'wanopt_passive_opt': 'default', - 'wanopt_peer': 'test_value_94', - 'wanopt_profile': 'test_value_95', - 'wccp': 'enable', - 'webcache': 'enable', - 'webcache_https': 'disable', - 'webfilter_profile': 'test_value_99', - 'wsso': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_policy.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'policy', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_policy_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_policy': { - 'action': 'accept', - 'application_list': 'test_value_4', - 'auth_cert': 'test_value_5', - 'auth_path': 'enable', - 'auth_redirect_addr': 'test_value_7', - 'av_profile': 'test_value_8', - 'block_notification': 'enable', - 'captive_portal_exempt': 'enable', - 'capture_packet': 'enable', - 'comments': 'test_value_12', - 'delay_tcp_npu_session': 'enable', - 'diffserv_forward': 'enable', - 'diffserv_reverse': 'enable', - 'diffservcode_forward': 'test_value_16', - 'diffservcode_rev': 'test_value_17', - 'disclaimer': 'enable', - 'dlp_sensor': 'test_value_19', - 'dnsfilter_profile': 'test_value_20', - 'dscp_match': 'enable', - 'dscp_negate': 'enable', - 'dscp_value': 'test_value_23', - 'dsri': 'enable', - 'dstaddr_negate': 'enable', - 'firewall_session_dirty': 'check-all', - 'fixedport': 'enable', - 'fsso': 'enable', - 'fsso_agent_for_ntlm': 'test_value_29', - 'global_label': 'test_value_30', - 'icap_profile': 'test_value_31', - 'identity_based_route': 'test_value_32', - 'inbound': 'enable', - 'internet_service': 'enable', - 'internet_service_negate': 'enable', - 'internet_service_src': 'enable', - 'internet_service_src_negate': 'enable', - 'ippool': 'enable', - 'ips_sensor': 'test_value_39', - 'label': 'test_value_40', - 'learning_mode': 'enable', - 'logtraffic': 'all', - 'logtraffic_start': 'enable', - 'match_vip': 'enable', - 'name': 'default_name_45', - 'nat': 'enable', - 'natinbound': 'enable', - 'natip': 'test_value_48', - 'natoutbound': 'enable', - 'ntlm': 'enable', - 'ntlm_guest': 'enable', - 'outbound': 'enable', - 'per_ip_shaper': 'test_value_53', - 'permit_any_host': 'enable', - 'permit_stun_host': 'enable', - 'policyid': '56', - 'profile_group': 'test_value_57', - 'profile_protocol_options': 'test_value_58', - 'profile_type': 'single', - 'radius_mac_auth_bypass': 'enable', - 'redirect_url': 'test_value_61', - 'replacemsg_override_group': 'test_value_62', - 'rsso': 'enable', - 'rtp_nat': 'disable', - 'scan_botnet_connections': 'disable', - 'schedule': 'test_value_66', - 'schedule_timeout': 'enable', - 'send_deny_packet': 'disable', - 'service_negate': 'enable', - 'session_ttl': '70', - 'spamfilter_profile': 'test_value_71', - 'srcaddr_negate': 'enable', - 'ssh_filter_profile': 'test_value_73', - 'ssl_mirror': 'enable', - 'ssl_ssh_profile': 'test_value_75', - 'status': 'enable', - 'tcp_mss_receiver': '77', - 'tcp_mss_sender': '78', - 'tcp_session_without_syn': 'all', - 'timeout_send_rst': 'enable', - 'traffic_shaper': 'test_value_81', - 'traffic_shaper_reverse': 'test_value_82', - 'utm_status': 'enable', - 'uuid': 'test_value_84', - 'vlan_cos_fwd': '85', - 'vlan_cos_rev': '86', - 'vlan_filter': 'test_value_87', - 'voip_profile': 'test_value_88', - 'vpntunnel': 'test_value_89', - 'waf_profile': 'test_value_90', - 'wanopt': 'enable', - 'wanopt_detection': 'active', - 'wanopt_passive_opt': 'default', - 'wanopt_peer': 'test_value_94', - 'wanopt_profile': 'test_value_95', - 'wccp': 'enable', - 'webcache': 'enable', - 'webcache_https': 'disable', - 'webfilter_profile': 'test_value_99', - 'wsso': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_policy.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'application-list': 'test_value_4', - 'auth-cert': 'test_value_5', - 'auth-path': 'enable', - 'auth-redirect-addr': 'test_value_7', - 'av-profile': 'test_value_8', - 'block-notification': 'enable', - 'captive-portal-exempt': 'enable', - 'capture-packet': 'enable', - 'comments': 'test_value_12', - 'delay-tcp-npu-session': 'enable', - 'diffserv-forward': 'enable', - 'diffserv-reverse': 'enable', - 'diffservcode-forward': 'test_value_16', - 'diffservcode-rev': 'test_value_17', - 'disclaimer': 'enable', - 'dlp-sensor': 'test_value_19', - 'dnsfilter-profile': 'test_value_20', - 'dscp-match': 'enable', - 'dscp-negate': 'enable', - 'dscp-value': 'test_value_23', - 'dsri': 'enable', - 'dstaddr-negate': 'enable', - 'firewall-session-dirty': 'check-all', - 'fixedport': 'enable', - 'fsso': 'enable', - 'fsso-agent-for-ntlm': 'test_value_29', - 'global-label': 'test_value_30', - 'icap-profile': 'test_value_31', - 'identity-based-route': 'test_value_32', - 'inbound': 'enable', - 'internet-service': 'enable', - 'internet-service-negate': 'enable', - 'internet-service-src': 'enable', - 'internet-service-src-negate': 'enable', - 'ippool': 'enable', - 'ips-sensor': 'test_value_39', - 'label': 'test_value_40', - 'learning-mode': 'enable', - 'logtraffic': 'all', - 'logtraffic-start': 'enable', - 'match-vip': 'enable', - 'name': 'default_name_45', - 'nat': 'enable', - 'natinbound': 'enable', - 'natip': 'test_value_48', - 'natoutbound': 'enable', - 'ntlm': 'enable', - 'ntlm-guest': 'enable', - 'outbound': 'enable', - 'per-ip-shaper': 'test_value_53', - 'permit-any-host': 'enable', - 'permit-stun-host': 'enable', - 'policyid': '56', - 'profile-group': 'test_value_57', - 'profile-protocol-options': 'test_value_58', - 'profile-type': 'single', - 'radius-mac-auth-bypass': 'enable', - 'redirect-url': 'test_value_61', - 'replacemsg-override-group': 'test_value_62', - 'rsso': 'enable', - 'rtp-nat': 'disable', - 'scan-botnet-connections': 'disable', - 'schedule': 'test_value_66', - 'schedule-timeout': 'enable', - 'send-deny-packet': 'disable', - 'service-negate': 'enable', - 'session-ttl': '70', - 'spamfilter-profile': 'test_value_71', - 'srcaddr-negate': 'enable', - 'ssh-filter-profile': 'test_value_73', - 'ssl-mirror': 'enable', - 'ssl-ssh-profile': 'test_value_75', - 'status': 'enable', - 'tcp-mss-receiver': '77', - 'tcp-mss-sender': '78', - 'tcp-session-without-syn': 'all', - 'timeout-send-rst': 'enable', - 'traffic-shaper': 'test_value_81', - 'traffic-shaper-reverse': 'test_value_82', - 'utm-status': 'enable', - 'uuid': 'test_value_84', - 'vlan-cos-fwd': '85', - 'vlan-cos-rev': '86', - 'vlan-filter': 'test_value_87', - 'voip-profile': 'test_value_88', - 'vpntunnel': 'test_value_89', - 'waf-profile': 'test_value_90', - 'wanopt': 'enable', - 'wanopt-detection': 'active', - 'wanopt-passive-opt': 'default', - 'wanopt-peer': 'test_value_94', - 'wanopt-profile': 'test_value_95', - 'wccp': 'enable', - 'webcache': 'enable', - 'webcache-https': 'disable', - 'webfilter-profile': 'test_value_99', - 'wsso': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_policy_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_policy': { - 'random_attribute_not_valid': 'tag', - 'action': 'accept', - 'application_list': 'test_value_4', - 'auth_cert': 'test_value_5', - 'auth_path': 'enable', - 'auth_redirect_addr': 'test_value_7', - 'av_profile': 'test_value_8', - 'block_notification': 'enable', - 'captive_portal_exempt': 'enable', - 'capture_packet': 'enable', - 'comments': 'test_value_12', - 'delay_tcp_npu_session': 'enable', - 'diffserv_forward': 'enable', - 'diffserv_reverse': 'enable', - 'diffservcode_forward': 'test_value_16', - 'diffservcode_rev': 'test_value_17', - 'disclaimer': 'enable', - 'dlp_sensor': 'test_value_19', - 'dnsfilter_profile': 'test_value_20', - 'dscp_match': 'enable', - 'dscp_negate': 'enable', - 'dscp_value': 'test_value_23', - 'dsri': 'enable', - 'dstaddr_negate': 'enable', - 'firewall_session_dirty': 'check-all', - 'fixedport': 'enable', - 'fsso': 'enable', - 'fsso_agent_for_ntlm': 'test_value_29', - 'global_label': 'test_value_30', - 'icap_profile': 'test_value_31', - 'identity_based_route': 'test_value_32', - 'inbound': 'enable', - 'internet_service': 'enable', - 'internet_service_negate': 'enable', - 'internet_service_src': 'enable', - 'internet_service_src_negate': 'enable', - 'ippool': 'enable', - 'ips_sensor': 'test_value_39', - 'label': 'test_value_40', - 'learning_mode': 'enable', - 'logtraffic': 'all', - 'logtraffic_start': 'enable', - 'match_vip': 'enable', - 'name': 'default_name_45', - 'nat': 'enable', - 'natinbound': 'enable', - 'natip': 'test_value_48', - 'natoutbound': 'enable', - 'ntlm': 'enable', - 'ntlm_guest': 'enable', - 'outbound': 'enable', - 'per_ip_shaper': 'test_value_53', - 'permit_any_host': 'enable', - 'permit_stun_host': 'enable', - 'policyid': '56', - 'profile_group': 'test_value_57', - 'profile_protocol_options': 'test_value_58', - 'profile_type': 'single', - 'radius_mac_auth_bypass': 'enable', - 'redirect_url': 'test_value_61', - 'replacemsg_override_group': 'test_value_62', - 'rsso': 'enable', - 'rtp_nat': 'disable', - 'scan_botnet_connections': 'disable', - 'schedule': 'test_value_66', - 'schedule_timeout': 'enable', - 'send_deny_packet': 'disable', - 'service_negate': 'enable', - 'session_ttl': '70', - 'spamfilter_profile': 'test_value_71', - 'srcaddr_negate': 'enable', - 'ssh_filter_profile': 'test_value_73', - 'ssl_mirror': 'enable', - 'ssl_ssh_profile': 'test_value_75', - 'status': 'enable', - 'tcp_mss_receiver': '77', - 'tcp_mss_sender': '78', - 'tcp_session_without_syn': 'all', - 'timeout_send_rst': 'enable', - 'traffic_shaper': 'test_value_81', - 'traffic_shaper_reverse': 'test_value_82', - 'utm_status': 'enable', - 'uuid': 'test_value_84', - 'vlan_cos_fwd': '85', - 'vlan_cos_rev': '86', - 'vlan_filter': 'test_value_87', - 'voip_profile': 'test_value_88', - 'vpntunnel': 'test_value_89', - 'waf_profile': 'test_value_90', - 'wanopt': 'enable', - 'wanopt_detection': 'active', - 'wanopt_passive_opt': 'default', - 'wanopt_peer': 'test_value_94', - 'wanopt_profile': 'test_value_95', - 'wccp': 'enable', - 'webcache': 'enable', - 'webcache_https': 'disable', - 'webfilter_profile': 'test_value_99', - 'wsso': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_policy.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'application-list': 'test_value_4', - 'auth-cert': 'test_value_5', - 'auth-path': 'enable', - 'auth-redirect-addr': 'test_value_7', - 'av-profile': 'test_value_8', - 'block-notification': 'enable', - 'captive-portal-exempt': 'enable', - 'capture-packet': 'enable', - 'comments': 'test_value_12', - 'delay-tcp-npu-session': 'enable', - 'diffserv-forward': 'enable', - 'diffserv-reverse': 'enable', - 'diffservcode-forward': 'test_value_16', - 'diffservcode-rev': 'test_value_17', - 'disclaimer': 'enable', - 'dlp-sensor': 'test_value_19', - 'dnsfilter-profile': 'test_value_20', - 'dscp-match': 'enable', - 'dscp-negate': 'enable', - 'dscp-value': 'test_value_23', - 'dsri': 'enable', - 'dstaddr-negate': 'enable', - 'firewall-session-dirty': 'check-all', - 'fixedport': 'enable', - 'fsso': 'enable', - 'fsso-agent-for-ntlm': 'test_value_29', - 'global-label': 'test_value_30', - 'icap-profile': 'test_value_31', - 'identity-based-route': 'test_value_32', - 'inbound': 'enable', - 'internet-service': 'enable', - 'internet-service-negate': 'enable', - 'internet-service-src': 'enable', - 'internet-service-src-negate': 'enable', - 'ippool': 'enable', - 'ips-sensor': 'test_value_39', - 'label': 'test_value_40', - 'learning-mode': 'enable', - 'logtraffic': 'all', - 'logtraffic-start': 'enable', - 'match-vip': 'enable', - 'name': 'default_name_45', - 'nat': 'enable', - 'natinbound': 'enable', - 'natip': 'test_value_48', - 'natoutbound': 'enable', - 'ntlm': 'enable', - 'ntlm-guest': 'enable', - 'outbound': 'enable', - 'per-ip-shaper': 'test_value_53', - 'permit-any-host': 'enable', - 'permit-stun-host': 'enable', - 'policyid': '56', - 'profile-group': 'test_value_57', - 'profile-protocol-options': 'test_value_58', - 'profile-type': 'single', - 'radius-mac-auth-bypass': 'enable', - 'redirect-url': 'test_value_61', - 'replacemsg-override-group': 'test_value_62', - 'rsso': 'enable', - 'rtp-nat': 'disable', - 'scan-botnet-connections': 'disable', - 'schedule': 'test_value_66', - 'schedule-timeout': 'enable', - 'send-deny-packet': 'disable', - 'service-negate': 'enable', - 'session-ttl': '70', - 'spamfilter-profile': 'test_value_71', - 'srcaddr-negate': 'enable', - 'ssh-filter-profile': 'test_value_73', - 'ssl-mirror': 'enable', - 'ssl-ssh-profile': 'test_value_75', - 'status': 'enable', - 'tcp-mss-receiver': '77', - 'tcp-mss-sender': '78', - 'tcp-session-without-syn': 'all', - 'timeout-send-rst': 'enable', - 'traffic-shaper': 'test_value_81', - 'traffic-shaper-reverse': 'test_value_82', - 'utm-status': 'enable', - 'uuid': 'test_value_84', - 'vlan-cos-fwd': '85', - 'vlan-cos-rev': '86', - 'vlan-filter': 'test_value_87', - 'voip-profile': 'test_value_88', - 'vpntunnel': 'test_value_89', - 'waf-profile': 'test_value_90', - 'wanopt': 'enable', - 'wanopt-detection': 'active', - 'wanopt-passive-opt': 'default', - 'wanopt-peer': 'test_value_94', - 'wanopt-profile': 'test_value_95', - 'wccp': 'enable', - 'webcache': 'enable', - 'webcache-https': 'disable', - 'webfilter-profile': 'test_value_99', - 'wsso': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_policy46.py b/test/units/modules/network/fortios/test_fortios_firewall_policy46.py deleted file mode 100644 index 41604f0f7a3..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_policy46.py +++ /dev/null @@ -1,359 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_policy46 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_policy46.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_policy46_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_policy46': { - 'action': 'accept', - 'comments': 'test_value_4', - 'dstintf': 'test_value_5', - 'fixedport': 'enable', - 'ippool': 'enable', - 'logtraffic': 'enable', - 'per_ip_shaper': 'test_value_9', - 'permit_any_host': 'enable', - 'policyid': '11', - 'schedule': 'test_value_12', - 'srcintf': 'test_value_13', - 'status': 'enable', - 'tcp_mss_receiver': '15', - 'tcp_mss_sender': '16', - 'traffic_shaper': 'test_value_17', - 'traffic_shaper_reverse': 'test_value_18', - 'uuid': 'test_value_19' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_policy46.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'comments': 'test_value_4', - 'dstintf': 'test_value_5', - 'fixedport': 'enable', - 'ippool': 'enable', - 'logtraffic': 'enable', - 'per-ip-shaper': 'test_value_9', - 'permit-any-host': 'enable', - 'policyid': '11', - 'schedule': 'test_value_12', - 'srcintf': 'test_value_13', - 'status': 'enable', - 'tcp-mss-receiver': '15', - 'tcp-mss-sender': '16', - 'traffic-shaper': 'test_value_17', - 'traffic-shaper-reverse': 'test_value_18', - 'uuid': 'test_value_19' - } - - set_method_mock.assert_called_with('firewall', 'policy46', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_policy46_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_policy46': { - 'action': 'accept', - 'comments': 'test_value_4', - 'dstintf': 'test_value_5', - 'fixedport': 'enable', - 'ippool': 'enable', - 'logtraffic': 'enable', - 'per_ip_shaper': 'test_value_9', - 'permit_any_host': 'enable', - 'policyid': '11', - 'schedule': 'test_value_12', - 'srcintf': 'test_value_13', - 'status': 'enable', - 'tcp_mss_receiver': '15', - 'tcp_mss_sender': '16', - 'traffic_shaper': 'test_value_17', - 'traffic_shaper_reverse': 'test_value_18', - 'uuid': 'test_value_19' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_policy46.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'comments': 'test_value_4', - 'dstintf': 'test_value_5', - 'fixedport': 'enable', - 'ippool': 'enable', - 'logtraffic': 'enable', - 'per-ip-shaper': 'test_value_9', - 'permit-any-host': 'enable', - 'policyid': '11', - 'schedule': 'test_value_12', - 'srcintf': 'test_value_13', - 'status': 'enable', - 'tcp-mss-receiver': '15', - 'tcp-mss-sender': '16', - 'traffic-shaper': 'test_value_17', - 'traffic-shaper-reverse': 'test_value_18', - 'uuid': 'test_value_19' - } - - set_method_mock.assert_called_with('firewall', 'policy46', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_policy46_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_policy46': { - 'action': 'accept', - 'comments': 'test_value_4', - 'dstintf': 'test_value_5', - 'fixedport': 'enable', - 'ippool': 'enable', - 'logtraffic': 'enable', - 'per_ip_shaper': 'test_value_9', - 'permit_any_host': 'enable', - 'policyid': '11', - 'schedule': 'test_value_12', - 'srcintf': 'test_value_13', - 'status': 'enable', - 'tcp_mss_receiver': '15', - 'tcp_mss_sender': '16', - 'traffic_shaper': 'test_value_17', - 'traffic_shaper_reverse': 'test_value_18', - 'uuid': 'test_value_19' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_policy46.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'policy46', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_policy46_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_policy46': { - 'action': 'accept', - 'comments': 'test_value_4', - 'dstintf': 'test_value_5', - 'fixedport': 'enable', - 'ippool': 'enable', - 'logtraffic': 'enable', - 'per_ip_shaper': 'test_value_9', - 'permit_any_host': 'enable', - 'policyid': '11', - 'schedule': 'test_value_12', - 'srcintf': 'test_value_13', - 'status': 'enable', - 'tcp_mss_receiver': '15', - 'tcp_mss_sender': '16', - 'traffic_shaper': 'test_value_17', - 'traffic_shaper_reverse': 'test_value_18', - 'uuid': 'test_value_19' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_policy46.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'policy46', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_policy46_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_policy46': { - 'action': 'accept', - 'comments': 'test_value_4', - 'dstintf': 'test_value_5', - 'fixedport': 'enable', - 'ippool': 'enable', - 'logtraffic': 'enable', - 'per_ip_shaper': 'test_value_9', - 'permit_any_host': 'enable', - 'policyid': '11', - 'schedule': 'test_value_12', - 'srcintf': 'test_value_13', - 'status': 'enable', - 'tcp_mss_receiver': '15', - 'tcp_mss_sender': '16', - 'traffic_shaper': 'test_value_17', - 'traffic_shaper_reverse': 'test_value_18', - 'uuid': 'test_value_19' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_policy46.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'comments': 'test_value_4', - 'dstintf': 'test_value_5', - 'fixedport': 'enable', - 'ippool': 'enable', - 'logtraffic': 'enable', - 'per-ip-shaper': 'test_value_9', - 'permit-any-host': 'enable', - 'policyid': '11', - 'schedule': 'test_value_12', - 'srcintf': 'test_value_13', - 'status': 'enable', - 'tcp-mss-receiver': '15', - 'tcp-mss-sender': '16', - 'traffic-shaper': 'test_value_17', - 'traffic-shaper-reverse': 'test_value_18', - 'uuid': 'test_value_19' - } - - set_method_mock.assert_called_with('firewall', 'policy46', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_policy46_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_policy46': { - 'random_attribute_not_valid': 'tag', - 'action': 'accept', - 'comments': 'test_value_4', - 'dstintf': 'test_value_5', - 'fixedport': 'enable', - 'ippool': 'enable', - 'logtraffic': 'enable', - 'per_ip_shaper': 'test_value_9', - 'permit_any_host': 'enable', - 'policyid': '11', - 'schedule': 'test_value_12', - 'srcintf': 'test_value_13', - 'status': 'enable', - 'tcp_mss_receiver': '15', - 'tcp_mss_sender': '16', - 'traffic_shaper': 'test_value_17', - 'traffic_shaper_reverse': 'test_value_18', - 'uuid': 'test_value_19' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_policy46.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'comments': 'test_value_4', - 'dstintf': 'test_value_5', - 'fixedport': 'enable', - 'ippool': 'enable', - 'logtraffic': 'enable', - 'per-ip-shaper': 'test_value_9', - 'permit-any-host': 'enable', - 'policyid': '11', - 'schedule': 'test_value_12', - 'srcintf': 'test_value_13', - 'status': 'enable', - 'tcp-mss-receiver': '15', - 'tcp-mss-sender': '16', - 'traffic-shaper': 'test_value_17', - 'traffic-shaper-reverse': 'test_value_18', - 'uuid': 'test_value_19' - } - - set_method_mock.assert_called_with('firewall', 'policy46', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_policy6.py b/test/units/modules/network/fortios/test_fortios_firewall_policy6.py deleted file mode 100644 index 5016f007421..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_policy6.py +++ /dev/null @@ -1,789 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_policy6 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_policy6.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_policy6_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_policy6': { - 'action': 'accept', - 'application_list': 'test_value_4', - 'av_profile': 'test_value_5', - 'comments': 'test_value_6', - 'diffserv_forward': 'enable', - 'diffserv_reverse': 'enable', - 'diffservcode_forward': 'test_value_9', - 'diffservcode_rev': 'test_value_10', - 'dlp_sensor': 'test_value_11', - 'dscp_match': 'enable', - 'dscp_negate': 'enable', - 'dscp_value': 'test_value_14', - 'dsri': 'enable', - 'dstaddr_negate': 'enable', - 'firewall_session_dirty': 'check-all', - 'fixedport': 'enable', - 'global_label': 'test_value_19', - 'icap_profile': 'test_value_20', - 'inbound': 'enable', - 'ippool': 'enable', - 'ips_sensor': 'test_value_23', - 'label': 'test_value_24', - 'logtraffic': 'all', - 'logtraffic_start': 'enable', - 'name': 'default_name_27', - 'nat': 'enable', - 'natinbound': 'enable', - 'natoutbound': 'enable', - 'outbound': 'enable', - 'per_ip_shaper': 'test_value_32', - 'policyid': '33', - 'profile_group': 'test_value_34', - 'profile_protocol_options': 'test_value_35', - 'profile_type': 'single', - 'replacemsg_override_group': 'test_value_37', - 'rsso': 'enable', - 'schedule': 'test_value_39', - 'send_deny_packet': 'enable', - 'service_negate': 'enable', - 'session_ttl': '42', - 'spamfilter_profile': 'test_value_43', - 'srcaddr_negate': 'enable', - 'ssh_filter_profile': 'test_value_45', - 'ssl_mirror': 'enable', - 'ssl_ssh_profile': 'test_value_47', - 'status': 'enable', - 'tcp_mss_receiver': '49', - 'tcp_mss_sender': '50', - 'tcp_session_without_syn': 'all', - 'timeout_send_rst': 'enable', - 'traffic_shaper': 'test_value_53', - 'traffic_shaper_reverse': 'test_value_54', - 'utm_status': 'enable', - 'uuid': 'test_value_56', - 'vlan_cos_fwd': '57', - 'vlan_cos_rev': '58', - 'vlan_filter': 'test_value_59', - 'voip_profile': 'test_value_60', - 'vpntunnel': 'test_value_61', - 'webfilter_profile': 'test_value_62' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_policy6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'application-list': 'test_value_4', - 'av-profile': 'test_value_5', - 'comments': 'test_value_6', - 'diffserv-forward': 'enable', - 'diffserv-reverse': 'enable', - 'diffservcode-forward': 'test_value_9', - 'diffservcode-rev': 'test_value_10', - 'dlp-sensor': 'test_value_11', - 'dscp-match': 'enable', - 'dscp-negate': 'enable', - 'dscp-value': 'test_value_14', - 'dsri': 'enable', - 'dstaddr-negate': 'enable', - 'firewall-session-dirty': 'check-all', - 'fixedport': 'enable', - 'global-label': 'test_value_19', - 'icap-profile': 'test_value_20', - 'inbound': 'enable', - 'ippool': 'enable', - 'ips-sensor': 'test_value_23', - 'label': 'test_value_24', - 'logtraffic': 'all', - 'logtraffic-start': 'enable', - 'name': 'default_name_27', - 'nat': 'enable', - 'natinbound': 'enable', - 'natoutbound': 'enable', - 'outbound': 'enable', - 'per-ip-shaper': 'test_value_32', - 'policyid': '33', - 'profile-group': 'test_value_34', - 'profile-protocol-options': 'test_value_35', - 'profile-type': 'single', - 'replacemsg-override-group': 'test_value_37', - 'rsso': 'enable', - 'schedule': 'test_value_39', - 'send-deny-packet': 'enable', - 'service-negate': 'enable', - 'session-ttl': '42', - 'spamfilter-profile': 'test_value_43', - 'srcaddr-negate': 'enable', - 'ssh-filter-profile': 'test_value_45', - 'ssl-mirror': 'enable', - 'ssl-ssh-profile': 'test_value_47', - 'status': 'enable', - 'tcp-mss-receiver': '49', - 'tcp-mss-sender': '50', - 'tcp-session-without-syn': 'all', - 'timeout-send-rst': 'enable', - 'traffic-shaper': 'test_value_53', - 'traffic-shaper-reverse': 'test_value_54', - 'utm-status': 'enable', - 'uuid': 'test_value_56', - 'vlan-cos-fwd': '57', - 'vlan-cos-rev': '58', - 'vlan-filter': 'test_value_59', - 'voip-profile': 'test_value_60', - 'vpntunnel': 'test_value_61', - 'webfilter-profile': 'test_value_62' - } - - set_method_mock.assert_called_with('firewall', 'policy6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_policy6_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_policy6': { - 'action': 'accept', - 'application_list': 'test_value_4', - 'av_profile': 'test_value_5', - 'comments': 'test_value_6', - 'diffserv_forward': 'enable', - 'diffserv_reverse': 'enable', - 'diffservcode_forward': 'test_value_9', - 'diffservcode_rev': 'test_value_10', - 'dlp_sensor': 'test_value_11', - 'dscp_match': 'enable', - 'dscp_negate': 'enable', - 'dscp_value': 'test_value_14', - 'dsri': 'enable', - 'dstaddr_negate': 'enable', - 'firewall_session_dirty': 'check-all', - 'fixedport': 'enable', - 'global_label': 'test_value_19', - 'icap_profile': 'test_value_20', - 'inbound': 'enable', - 'ippool': 'enable', - 'ips_sensor': 'test_value_23', - 'label': 'test_value_24', - 'logtraffic': 'all', - 'logtraffic_start': 'enable', - 'name': 'default_name_27', - 'nat': 'enable', - 'natinbound': 'enable', - 'natoutbound': 'enable', - 'outbound': 'enable', - 'per_ip_shaper': 'test_value_32', - 'policyid': '33', - 'profile_group': 'test_value_34', - 'profile_protocol_options': 'test_value_35', - 'profile_type': 'single', - 'replacemsg_override_group': 'test_value_37', - 'rsso': 'enable', - 'schedule': 'test_value_39', - 'send_deny_packet': 'enable', - 'service_negate': 'enable', - 'session_ttl': '42', - 'spamfilter_profile': 'test_value_43', - 'srcaddr_negate': 'enable', - 'ssh_filter_profile': 'test_value_45', - 'ssl_mirror': 'enable', - 'ssl_ssh_profile': 'test_value_47', - 'status': 'enable', - 'tcp_mss_receiver': '49', - 'tcp_mss_sender': '50', - 'tcp_session_without_syn': 'all', - 'timeout_send_rst': 'enable', - 'traffic_shaper': 'test_value_53', - 'traffic_shaper_reverse': 'test_value_54', - 'utm_status': 'enable', - 'uuid': 'test_value_56', - 'vlan_cos_fwd': '57', - 'vlan_cos_rev': '58', - 'vlan_filter': 'test_value_59', - 'voip_profile': 'test_value_60', - 'vpntunnel': 'test_value_61', - 'webfilter_profile': 'test_value_62' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_policy6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'application-list': 'test_value_4', - 'av-profile': 'test_value_5', - 'comments': 'test_value_6', - 'diffserv-forward': 'enable', - 'diffserv-reverse': 'enable', - 'diffservcode-forward': 'test_value_9', - 'diffservcode-rev': 'test_value_10', - 'dlp-sensor': 'test_value_11', - 'dscp-match': 'enable', - 'dscp-negate': 'enable', - 'dscp-value': 'test_value_14', - 'dsri': 'enable', - 'dstaddr-negate': 'enable', - 'firewall-session-dirty': 'check-all', - 'fixedport': 'enable', - 'global-label': 'test_value_19', - 'icap-profile': 'test_value_20', - 'inbound': 'enable', - 'ippool': 'enable', - 'ips-sensor': 'test_value_23', - 'label': 'test_value_24', - 'logtraffic': 'all', - 'logtraffic-start': 'enable', - 'name': 'default_name_27', - 'nat': 'enable', - 'natinbound': 'enable', - 'natoutbound': 'enable', - 'outbound': 'enable', - 'per-ip-shaper': 'test_value_32', - 'policyid': '33', - 'profile-group': 'test_value_34', - 'profile-protocol-options': 'test_value_35', - 'profile-type': 'single', - 'replacemsg-override-group': 'test_value_37', - 'rsso': 'enable', - 'schedule': 'test_value_39', - 'send-deny-packet': 'enable', - 'service-negate': 'enable', - 'session-ttl': '42', - 'spamfilter-profile': 'test_value_43', - 'srcaddr-negate': 'enable', - 'ssh-filter-profile': 'test_value_45', - 'ssl-mirror': 'enable', - 'ssl-ssh-profile': 'test_value_47', - 'status': 'enable', - 'tcp-mss-receiver': '49', - 'tcp-mss-sender': '50', - 'tcp-session-without-syn': 'all', - 'timeout-send-rst': 'enable', - 'traffic-shaper': 'test_value_53', - 'traffic-shaper-reverse': 'test_value_54', - 'utm-status': 'enable', - 'uuid': 'test_value_56', - 'vlan-cos-fwd': '57', - 'vlan-cos-rev': '58', - 'vlan-filter': 'test_value_59', - 'voip-profile': 'test_value_60', - 'vpntunnel': 'test_value_61', - 'webfilter-profile': 'test_value_62' - } - - set_method_mock.assert_called_with('firewall', 'policy6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_policy6_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_policy6': { - 'action': 'accept', - 'application_list': 'test_value_4', - 'av_profile': 'test_value_5', - 'comments': 'test_value_6', - 'diffserv_forward': 'enable', - 'diffserv_reverse': 'enable', - 'diffservcode_forward': 'test_value_9', - 'diffservcode_rev': 'test_value_10', - 'dlp_sensor': 'test_value_11', - 'dscp_match': 'enable', - 'dscp_negate': 'enable', - 'dscp_value': 'test_value_14', - 'dsri': 'enable', - 'dstaddr_negate': 'enable', - 'firewall_session_dirty': 'check-all', - 'fixedport': 'enable', - 'global_label': 'test_value_19', - 'icap_profile': 'test_value_20', - 'inbound': 'enable', - 'ippool': 'enable', - 'ips_sensor': 'test_value_23', - 'label': 'test_value_24', - 'logtraffic': 'all', - 'logtraffic_start': 'enable', - 'name': 'default_name_27', - 'nat': 'enable', - 'natinbound': 'enable', - 'natoutbound': 'enable', - 'outbound': 'enable', - 'per_ip_shaper': 'test_value_32', - 'policyid': '33', - 'profile_group': 'test_value_34', - 'profile_protocol_options': 'test_value_35', - 'profile_type': 'single', - 'replacemsg_override_group': 'test_value_37', - 'rsso': 'enable', - 'schedule': 'test_value_39', - 'send_deny_packet': 'enable', - 'service_negate': 'enable', - 'session_ttl': '42', - 'spamfilter_profile': 'test_value_43', - 'srcaddr_negate': 'enable', - 'ssh_filter_profile': 'test_value_45', - 'ssl_mirror': 'enable', - 'ssl_ssh_profile': 'test_value_47', - 'status': 'enable', - 'tcp_mss_receiver': '49', - 'tcp_mss_sender': '50', - 'tcp_session_without_syn': 'all', - 'timeout_send_rst': 'enable', - 'traffic_shaper': 'test_value_53', - 'traffic_shaper_reverse': 'test_value_54', - 'utm_status': 'enable', - 'uuid': 'test_value_56', - 'vlan_cos_fwd': '57', - 'vlan_cos_rev': '58', - 'vlan_filter': 'test_value_59', - 'voip_profile': 'test_value_60', - 'vpntunnel': 'test_value_61', - 'webfilter_profile': 'test_value_62' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_policy6.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'policy6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_policy6_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_policy6': { - 'action': 'accept', - 'application_list': 'test_value_4', - 'av_profile': 'test_value_5', - 'comments': 'test_value_6', - 'diffserv_forward': 'enable', - 'diffserv_reverse': 'enable', - 'diffservcode_forward': 'test_value_9', - 'diffservcode_rev': 'test_value_10', - 'dlp_sensor': 'test_value_11', - 'dscp_match': 'enable', - 'dscp_negate': 'enable', - 'dscp_value': 'test_value_14', - 'dsri': 'enable', - 'dstaddr_negate': 'enable', - 'firewall_session_dirty': 'check-all', - 'fixedport': 'enable', - 'global_label': 'test_value_19', - 'icap_profile': 'test_value_20', - 'inbound': 'enable', - 'ippool': 'enable', - 'ips_sensor': 'test_value_23', - 'label': 'test_value_24', - 'logtraffic': 'all', - 'logtraffic_start': 'enable', - 'name': 'default_name_27', - 'nat': 'enable', - 'natinbound': 'enable', - 'natoutbound': 'enable', - 'outbound': 'enable', - 'per_ip_shaper': 'test_value_32', - 'policyid': '33', - 'profile_group': 'test_value_34', - 'profile_protocol_options': 'test_value_35', - 'profile_type': 'single', - 'replacemsg_override_group': 'test_value_37', - 'rsso': 'enable', - 'schedule': 'test_value_39', - 'send_deny_packet': 'enable', - 'service_negate': 'enable', - 'session_ttl': '42', - 'spamfilter_profile': 'test_value_43', - 'srcaddr_negate': 'enable', - 'ssh_filter_profile': 'test_value_45', - 'ssl_mirror': 'enable', - 'ssl_ssh_profile': 'test_value_47', - 'status': 'enable', - 'tcp_mss_receiver': '49', - 'tcp_mss_sender': '50', - 'tcp_session_without_syn': 'all', - 'timeout_send_rst': 'enable', - 'traffic_shaper': 'test_value_53', - 'traffic_shaper_reverse': 'test_value_54', - 'utm_status': 'enable', - 'uuid': 'test_value_56', - 'vlan_cos_fwd': '57', - 'vlan_cos_rev': '58', - 'vlan_filter': 'test_value_59', - 'voip_profile': 'test_value_60', - 'vpntunnel': 'test_value_61', - 'webfilter_profile': 'test_value_62' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_policy6.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'policy6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_policy6_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_policy6': { - 'action': 'accept', - 'application_list': 'test_value_4', - 'av_profile': 'test_value_5', - 'comments': 'test_value_6', - 'diffserv_forward': 'enable', - 'diffserv_reverse': 'enable', - 'diffservcode_forward': 'test_value_9', - 'diffservcode_rev': 'test_value_10', - 'dlp_sensor': 'test_value_11', - 'dscp_match': 'enable', - 'dscp_negate': 'enable', - 'dscp_value': 'test_value_14', - 'dsri': 'enable', - 'dstaddr_negate': 'enable', - 'firewall_session_dirty': 'check-all', - 'fixedport': 'enable', - 'global_label': 'test_value_19', - 'icap_profile': 'test_value_20', - 'inbound': 'enable', - 'ippool': 'enable', - 'ips_sensor': 'test_value_23', - 'label': 'test_value_24', - 'logtraffic': 'all', - 'logtraffic_start': 'enable', - 'name': 'default_name_27', - 'nat': 'enable', - 'natinbound': 'enable', - 'natoutbound': 'enable', - 'outbound': 'enable', - 'per_ip_shaper': 'test_value_32', - 'policyid': '33', - 'profile_group': 'test_value_34', - 'profile_protocol_options': 'test_value_35', - 'profile_type': 'single', - 'replacemsg_override_group': 'test_value_37', - 'rsso': 'enable', - 'schedule': 'test_value_39', - 'send_deny_packet': 'enable', - 'service_negate': 'enable', - 'session_ttl': '42', - 'spamfilter_profile': 'test_value_43', - 'srcaddr_negate': 'enable', - 'ssh_filter_profile': 'test_value_45', - 'ssl_mirror': 'enable', - 'ssl_ssh_profile': 'test_value_47', - 'status': 'enable', - 'tcp_mss_receiver': '49', - 'tcp_mss_sender': '50', - 'tcp_session_without_syn': 'all', - 'timeout_send_rst': 'enable', - 'traffic_shaper': 'test_value_53', - 'traffic_shaper_reverse': 'test_value_54', - 'utm_status': 'enable', - 'uuid': 'test_value_56', - 'vlan_cos_fwd': '57', - 'vlan_cos_rev': '58', - 'vlan_filter': 'test_value_59', - 'voip_profile': 'test_value_60', - 'vpntunnel': 'test_value_61', - 'webfilter_profile': 'test_value_62' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_policy6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'application-list': 'test_value_4', - 'av-profile': 'test_value_5', - 'comments': 'test_value_6', - 'diffserv-forward': 'enable', - 'diffserv-reverse': 'enable', - 'diffservcode-forward': 'test_value_9', - 'diffservcode-rev': 'test_value_10', - 'dlp-sensor': 'test_value_11', - 'dscp-match': 'enable', - 'dscp-negate': 'enable', - 'dscp-value': 'test_value_14', - 'dsri': 'enable', - 'dstaddr-negate': 'enable', - 'firewall-session-dirty': 'check-all', - 'fixedport': 'enable', - 'global-label': 'test_value_19', - 'icap-profile': 'test_value_20', - 'inbound': 'enable', - 'ippool': 'enable', - 'ips-sensor': 'test_value_23', - 'label': 'test_value_24', - 'logtraffic': 'all', - 'logtraffic-start': 'enable', - 'name': 'default_name_27', - 'nat': 'enable', - 'natinbound': 'enable', - 'natoutbound': 'enable', - 'outbound': 'enable', - 'per-ip-shaper': 'test_value_32', - 'policyid': '33', - 'profile-group': 'test_value_34', - 'profile-protocol-options': 'test_value_35', - 'profile-type': 'single', - 'replacemsg-override-group': 'test_value_37', - 'rsso': 'enable', - 'schedule': 'test_value_39', - 'send-deny-packet': 'enable', - 'service-negate': 'enable', - 'session-ttl': '42', - 'spamfilter-profile': 'test_value_43', - 'srcaddr-negate': 'enable', - 'ssh-filter-profile': 'test_value_45', - 'ssl-mirror': 'enable', - 'ssl-ssh-profile': 'test_value_47', - 'status': 'enable', - 'tcp-mss-receiver': '49', - 'tcp-mss-sender': '50', - 'tcp-session-without-syn': 'all', - 'timeout-send-rst': 'enable', - 'traffic-shaper': 'test_value_53', - 'traffic-shaper-reverse': 'test_value_54', - 'utm-status': 'enable', - 'uuid': 'test_value_56', - 'vlan-cos-fwd': '57', - 'vlan-cos-rev': '58', - 'vlan-filter': 'test_value_59', - 'voip-profile': 'test_value_60', - 'vpntunnel': 'test_value_61', - 'webfilter-profile': 'test_value_62' - } - - set_method_mock.assert_called_with('firewall', 'policy6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_policy6_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_policy6': { - 'random_attribute_not_valid': 'tag', - 'action': 'accept', - 'application_list': 'test_value_4', - 'av_profile': 'test_value_5', - 'comments': 'test_value_6', - 'diffserv_forward': 'enable', - 'diffserv_reverse': 'enable', - 'diffservcode_forward': 'test_value_9', - 'diffservcode_rev': 'test_value_10', - 'dlp_sensor': 'test_value_11', - 'dscp_match': 'enable', - 'dscp_negate': 'enable', - 'dscp_value': 'test_value_14', - 'dsri': 'enable', - 'dstaddr_negate': 'enable', - 'firewall_session_dirty': 'check-all', - 'fixedport': 'enable', - 'global_label': 'test_value_19', - 'icap_profile': 'test_value_20', - 'inbound': 'enable', - 'ippool': 'enable', - 'ips_sensor': 'test_value_23', - 'label': 'test_value_24', - 'logtraffic': 'all', - 'logtraffic_start': 'enable', - 'name': 'default_name_27', - 'nat': 'enable', - 'natinbound': 'enable', - 'natoutbound': 'enable', - 'outbound': 'enable', - 'per_ip_shaper': 'test_value_32', - 'policyid': '33', - 'profile_group': 'test_value_34', - 'profile_protocol_options': 'test_value_35', - 'profile_type': 'single', - 'replacemsg_override_group': 'test_value_37', - 'rsso': 'enable', - 'schedule': 'test_value_39', - 'send_deny_packet': 'enable', - 'service_negate': 'enable', - 'session_ttl': '42', - 'spamfilter_profile': 'test_value_43', - 'srcaddr_negate': 'enable', - 'ssh_filter_profile': 'test_value_45', - 'ssl_mirror': 'enable', - 'ssl_ssh_profile': 'test_value_47', - 'status': 'enable', - 'tcp_mss_receiver': '49', - 'tcp_mss_sender': '50', - 'tcp_session_without_syn': 'all', - 'timeout_send_rst': 'enable', - 'traffic_shaper': 'test_value_53', - 'traffic_shaper_reverse': 'test_value_54', - 'utm_status': 'enable', - 'uuid': 'test_value_56', - 'vlan_cos_fwd': '57', - 'vlan_cos_rev': '58', - 'vlan_filter': 'test_value_59', - 'voip_profile': 'test_value_60', - 'vpntunnel': 'test_value_61', - 'webfilter_profile': 'test_value_62' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_policy6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'application-list': 'test_value_4', - 'av-profile': 'test_value_5', - 'comments': 'test_value_6', - 'diffserv-forward': 'enable', - 'diffserv-reverse': 'enable', - 'diffservcode-forward': 'test_value_9', - 'diffservcode-rev': 'test_value_10', - 'dlp-sensor': 'test_value_11', - 'dscp-match': 'enable', - 'dscp-negate': 'enable', - 'dscp-value': 'test_value_14', - 'dsri': 'enable', - 'dstaddr-negate': 'enable', - 'firewall-session-dirty': 'check-all', - 'fixedport': 'enable', - 'global-label': 'test_value_19', - 'icap-profile': 'test_value_20', - 'inbound': 'enable', - 'ippool': 'enable', - 'ips-sensor': 'test_value_23', - 'label': 'test_value_24', - 'logtraffic': 'all', - 'logtraffic-start': 'enable', - 'name': 'default_name_27', - 'nat': 'enable', - 'natinbound': 'enable', - 'natoutbound': 'enable', - 'outbound': 'enable', - 'per-ip-shaper': 'test_value_32', - 'policyid': '33', - 'profile-group': 'test_value_34', - 'profile-protocol-options': 'test_value_35', - 'profile-type': 'single', - 'replacemsg-override-group': 'test_value_37', - 'rsso': 'enable', - 'schedule': 'test_value_39', - 'send-deny-packet': 'enable', - 'service-negate': 'enable', - 'session-ttl': '42', - 'spamfilter-profile': 'test_value_43', - 'srcaddr-negate': 'enable', - 'ssh-filter-profile': 'test_value_45', - 'ssl-mirror': 'enable', - 'ssl-ssh-profile': 'test_value_47', - 'status': 'enable', - 'tcp-mss-receiver': '49', - 'tcp-mss-sender': '50', - 'tcp-session-without-syn': 'all', - 'timeout-send-rst': 'enable', - 'traffic-shaper': 'test_value_53', - 'traffic-shaper-reverse': 'test_value_54', - 'utm-status': 'enable', - 'uuid': 'test_value_56', - 'vlan-cos-fwd': '57', - 'vlan-cos-rev': '58', - 'vlan-filter': 'test_value_59', - 'voip-profile': 'test_value_60', - 'vpntunnel': 'test_value_61', - 'webfilter-profile': 'test_value_62' - } - - set_method_mock.assert_called_with('firewall', 'policy6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_policy64.py b/test/units/modules/network/fortios/test_fortios_firewall_policy64.py deleted file mode 100644 index a479b61b9e1..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_policy64.py +++ /dev/null @@ -1,359 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_policy64 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_policy64.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_policy64_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_policy64': { - 'action': 'accept', - 'comments': 'test_value_4', - 'dstintf': 'test_value_5', - 'fixedport': 'enable', - 'ippool': 'enable', - 'logtraffic': 'enable', - 'per_ip_shaper': 'test_value_9', - 'permit_any_host': 'enable', - 'policyid': '11', - 'schedule': 'test_value_12', - 'srcintf': 'test_value_13', - 'status': 'enable', - 'tcp_mss_receiver': '15', - 'tcp_mss_sender': '16', - 'traffic_shaper': 'test_value_17', - 'traffic_shaper_reverse': 'test_value_18', - 'uuid': 'test_value_19' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_policy64.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'comments': 'test_value_4', - 'dstintf': 'test_value_5', - 'fixedport': 'enable', - 'ippool': 'enable', - 'logtraffic': 'enable', - 'per-ip-shaper': 'test_value_9', - 'permit-any-host': 'enable', - 'policyid': '11', - 'schedule': 'test_value_12', - 'srcintf': 'test_value_13', - 'status': 'enable', - 'tcp-mss-receiver': '15', - 'tcp-mss-sender': '16', - 'traffic-shaper': 'test_value_17', - 'traffic-shaper-reverse': 'test_value_18', - 'uuid': 'test_value_19' - } - - set_method_mock.assert_called_with('firewall', 'policy64', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_policy64_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_policy64': { - 'action': 'accept', - 'comments': 'test_value_4', - 'dstintf': 'test_value_5', - 'fixedport': 'enable', - 'ippool': 'enable', - 'logtraffic': 'enable', - 'per_ip_shaper': 'test_value_9', - 'permit_any_host': 'enable', - 'policyid': '11', - 'schedule': 'test_value_12', - 'srcintf': 'test_value_13', - 'status': 'enable', - 'tcp_mss_receiver': '15', - 'tcp_mss_sender': '16', - 'traffic_shaper': 'test_value_17', - 'traffic_shaper_reverse': 'test_value_18', - 'uuid': 'test_value_19' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_policy64.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'comments': 'test_value_4', - 'dstintf': 'test_value_5', - 'fixedport': 'enable', - 'ippool': 'enable', - 'logtraffic': 'enable', - 'per-ip-shaper': 'test_value_9', - 'permit-any-host': 'enable', - 'policyid': '11', - 'schedule': 'test_value_12', - 'srcintf': 'test_value_13', - 'status': 'enable', - 'tcp-mss-receiver': '15', - 'tcp-mss-sender': '16', - 'traffic-shaper': 'test_value_17', - 'traffic-shaper-reverse': 'test_value_18', - 'uuid': 'test_value_19' - } - - set_method_mock.assert_called_with('firewall', 'policy64', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_policy64_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_policy64': { - 'action': 'accept', - 'comments': 'test_value_4', - 'dstintf': 'test_value_5', - 'fixedport': 'enable', - 'ippool': 'enable', - 'logtraffic': 'enable', - 'per_ip_shaper': 'test_value_9', - 'permit_any_host': 'enable', - 'policyid': '11', - 'schedule': 'test_value_12', - 'srcintf': 'test_value_13', - 'status': 'enable', - 'tcp_mss_receiver': '15', - 'tcp_mss_sender': '16', - 'traffic_shaper': 'test_value_17', - 'traffic_shaper_reverse': 'test_value_18', - 'uuid': 'test_value_19' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_policy64.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'policy64', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_policy64_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_policy64': { - 'action': 'accept', - 'comments': 'test_value_4', - 'dstintf': 'test_value_5', - 'fixedport': 'enable', - 'ippool': 'enable', - 'logtraffic': 'enable', - 'per_ip_shaper': 'test_value_9', - 'permit_any_host': 'enable', - 'policyid': '11', - 'schedule': 'test_value_12', - 'srcintf': 'test_value_13', - 'status': 'enable', - 'tcp_mss_receiver': '15', - 'tcp_mss_sender': '16', - 'traffic_shaper': 'test_value_17', - 'traffic_shaper_reverse': 'test_value_18', - 'uuid': 'test_value_19' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_policy64.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'policy64', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_policy64_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_policy64': { - 'action': 'accept', - 'comments': 'test_value_4', - 'dstintf': 'test_value_5', - 'fixedport': 'enable', - 'ippool': 'enable', - 'logtraffic': 'enable', - 'per_ip_shaper': 'test_value_9', - 'permit_any_host': 'enable', - 'policyid': '11', - 'schedule': 'test_value_12', - 'srcintf': 'test_value_13', - 'status': 'enable', - 'tcp_mss_receiver': '15', - 'tcp_mss_sender': '16', - 'traffic_shaper': 'test_value_17', - 'traffic_shaper_reverse': 'test_value_18', - 'uuid': 'test_value_19' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_policy64.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'comments': 'test_value_4', - 'dstintf': 'test_value_5', - 'fixedport': 'enable', - 'ippool': 'enable', - 'logtraffic': 'enable', - 'per-ip-shaper': 'test_value_9', - 'permit-any-host': 'enable', - 'policyid': '11', - 'schedule': 'test_value_12', - 'srcintf': 'test_value_13', - 'status': 'enable', - 'tcp-mss-receiver': '15', - 'tcp-mss-sender': '16', - 'traffic-shaper': 'test_value_17', - 'traffic-shaper-reverse': 'test_value_18', - 'uuid': 'test_value_19' - } - - set_method_mock.assert_called_with('firewall', 'policy64', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_policy64_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_policy64': { - 'random_attribute_not_valid': 'tag', - 'action': 'accept', - 'comments': 'test_value_4', - 'dstintf': 'test_value_5', - 'fixedport': 'enable', - 'ippool': 'enable', - 'logtraffic': 'enable', - 'per_ip_shaper': 'test_value_9', - 'permit_any_host': 'enable', - 'policyid': '11', - 'schedule': 'test_value_12', - 'srcintf': 'test_value_13', - 'status': 'enable', - 'tcp_mss_receiver': '15', - 'tcp_mss_sender': '16', - 'traffic_shaper': 'test_value_17', - 'traffic_shaper_reverse': 'test_value_18', - 'uuid': 'test_value_19' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_policy64.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'comments': 'test_value_4', - 'dstintf': 'test_value_5', - 'fixedport': 'enable', - 'ippool': 'enable', - 'logtraffic': 'enable', - 'per-ip-shaper': 'test_value_9', - 'permit-any-host': 'enable', - 'policyid': '11', - 'schedule': 'test_value_12', - 'srcintf': 'test_value_13', - 'status': 'enable', - 'tcp-mss-receiver': '15', - 'tcp-mss-sender': '16', - 'traffic-shaper': 'test_value_17', - 'traffic-shaper-reverse': 'test_value_18', - 'uuid': 'test_value_19' - } - - set_method_mock.assert_called_with('firewall', 'policy64', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_profile_group.py b/test/units/modules/network/fortios/test_fortios_firewall_profile_group.py deleted file mode 100644 index fc13e888b12..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_profile_group.py +++ /dev/null @@ -1,329 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_profile_group -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_profile_group.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_profile_group_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_profile_group': { - 'application_list': 'test_value_3', - 'av_profile': 'test_value_4', - 'dlp_sensor': 'test_value_5', - 'dnsfilter_profile': 'test_value_6', - 'icap_profile': 'test_value_7', - 'ips_sensor': 'test_value_8', - 'name': 'default_name_9', - 'profile_protocol_options': 'test_value_10', - 'spamfilter_profile': 'test_value_11', - 'ssh_filter_profile': 'test_value_12', - 'ssl_ssh_profile': 'test_value_13', - 'voip_profile': 'test_value_14', - 'waf_profile': 'test_value_15', - 'webfilter_profile': 'test_value_16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_profile_group.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'application-list': 'test_value_3', - 'av-profile': 'test_value_4', - 'dlp-sensor': 'test_value_5', - 'dnsfilter-profile': 'test_value_6', - 'icap-profile': 'test_value_7', - 'ips-sensor': 'test_value_8', - 'name': 'default_name_9', - 'profile-protocol-options': 'test_value_10', - 'spamfilter-profile': 'test_value_11', - 'ssh-filter-profile': 'test_value_12', - 'ssl-ssh-profile': 'test_value_13', - 'voip-profile': 'test_value_14', - 'waf-profile': 'test_value_15', - 'webfilter-profile': 'test_value_16' - } - - set_method_mock.assert_called_with('firewall', 'profile-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_profile_group_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_profile_group': { - 'application_list': 'test_value_3', - 'av_profile': 'test_value_4', - 'dlp_sensor': 'test_value_5', - 'dnsfilter_profile': 'test_value_6', - 'icap_profile': 'test_value_7', - 'ips_sensor': 'test_value_8', - 'name': 'default_name_9', - 'profile_protocol_options': 'test_value_10', - 'spamfilter_profile': 'test_value_11', - 'ssh_filter_profile': 'test_value_12', - 'ssl_ssh_profile': 'test_value_13', - 'voip_profile': 'test_value_14', - 'waf_profile': 'test_value_15', - 'webfilter_profile': 'test_value_16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_profile_group.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'application-list': 'test_value_3', - 'av-profile': 'test_value_4', - 'dlp-sensor': 'test_value_5', - 'dnsfilter-profile': 'test_value_6', - 'icap-profile': 'test_value_7', - 'ips-sensor': 'test_value_8', - 'name': 'default_name_9', - 'profile-protocol-options': 'test_value_10', - 'spamfilter-profile': 'test_value_11', - 'ssh-filter-profile': 'test_value_12', - 'ssl-ssh-profile': 'test_value_13', - 'voip-profile': 'test_value_14', - 'waf-profile': 'test_value_15', - 'webfilter-profile': 'test_value_16' - } - - set_method_mock.assert_called_with('firewall', 'profile-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_profile_group_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_profile_group': { - 'application_list': 'test_value_3', - 'av_profile': 'test_value_4', - 'dlp_sensor': 'test_value_5', - 'dnsfilter_profile': 'test_value_6', - 'icap_profile': 'test_value_7', - 'ips_sensor': 'test_value_8', - 'name': 'default_name_9', - 'profile_protocol_options': 'test_value_10', - 'spamfilter_profile': 'test_value_11', - 'ssh_filter_profile': 'test_value_12', - 'ssl_ssh_profile': 'test_value_13', - 'voip_profile': 'test_value_14', - 'waf_profile': 'test_value_15', - 'webfilter_profile': 'test_value_16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_profile_group.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'profile-group', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_profile_group_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_profile_group': { - 'application_list': 'test_value_3', - 'av_profile': 'test_value_4', - 'dlp_sensor': 'test_value_5', - 'dnsfilter_profile': 'test_value_6', - 'icap_profile': 'test_value_7', - 'ips_sensor': 'test_value_8', - 'name': 'default_name_9', - 'profile_protocol_options': 'test_value_10', - 'spamfilter_profile': 'test_value_11', - 'ssh_filter_profile': 'test_value_12', - 'ssl_ssh_profile': 'test_value_13', - 'voip_profile': 'test_value_14', - 'waf_profile': 'test_value_15', - 'webfilter_profile': 'test_value_16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_profile_group.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'profile-group', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_profile_group_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_profile_group': { - 'application_list': 'test_value_3', - 'av_profile': 'test_value_4', - 'dlp_sensor': 'test_value_5', - 'dnsfilter_profile': 'test_value_6', - 'icap_profile': 'test_value_7', - 'ips_sensor': 'test_value_8', - 'name': 'default_name_9', - 'profile_protocol_options': 'test_value_10', - 'spamfilter_profile': 'test_value_11', - 'ssh_filter_profile': 'test_value_12', - 'ssl_ssh_profile': 'test_value_13', - 'voip_profile': 'test_value_14', - 'waf_profile': 'test_value_15', - 'webfilter_profile': 'test_value_16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_profile_group.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'application-list': 'test_value_3', - 'av-profile': 'test_value_4', - 'dlp-sensor': 'test_value_5', - 'dnsfilter-profile': 'test_value_6', - 'icap-profile': 'test_value_7', - 'ips-sensor': 'test_value_8', - 'name': 'default_name_9', - 'profile-protocol-options': 'test_value_10', - 'spamfilter-profile': 'test_value_11', - 'ssh-filter-profile': 'test_value_12', - 'ssl-ssh-profile': 'test_value_13', - 'voip-profile': 'test_value_14', - 'waf-profile': 'test_value_15', - 'webfilter-profile': 'test_value_16' - } - - set_method_mock.assert_called_with('firewall', 'profile-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_profile_group_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_profile_group': { - 'random_attribute_not_valid': 'tag', - 'application_list': 'test_value_3', - 'av_profile': 'test_value_4', - 'dlp_sensor': 'test_value_5', - 'dnsfilter_profile': 'test_value_6', - 'icap_profile': 'test_value_7', - 'ips_sensor': 'test_value_8', - 'name': 'default_name_9', - 'profile_protocol_options': 'test_value_10', - 'spamfilter_profile': 'test_value_11', - 'ssh_filter_profile': 'test_value_12', - 'ssl_ssh_profile': 'test_value_13', - 'voip_profile': 'test_value_14', - 'waf_profile': 'test_value_15', - 'webfilter_profile': 'test_value_16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_profile_group.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'application-list': 'test_value_3', - 'av-profile': 'test_value_4', - 'dlp-sensor': 'test_value_5', - 'dnsfilter-profile': 'test_value_6', - 'icap-profile': 'test_value_7', - 'ips-sensor': 'test_value_8', - 'name': 'default_name_9', - 'profile-protocol-options': 'test_value_10', - 'spamfilter-profile': 'test_value_11', - 'ssh-filter-profile': 'test_value_12', - 'ssl-ssh-profile': 'test_value_13', - 'voip-profile': 'test_value_14', - 'waf-profile': 'test_value_15', - 'webfilter-profile': 'test_value_16' - } - - set_method_mock.assert_called_with('firewall', 'profile-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_profile_protocol_options.py b/test/units/modules/network/fortios/test_fortios_firewall_profile_protocol_options.py deleted file mode 100644 index a2749061dc5..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_profile_protocol_options.py +++ /dev/null @@ -1,249 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_profile_protocol_options -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_profile_protocol_options.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_profile_protocol_options_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_profile_protocol_options': { - 'comment': 'Optional comments.', - 'name': 'default_name_4', - 'oversize_log': 'disable', - 'replacemsg_group': 'test_value_6', - 'rpc_over_http': 'enable', - 'switching_protocols_log': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_profile_protocol_options.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'name': 'default_name_4', - 'oversize-log': 'disable', - 'replacemsg-group': 'test_value_6', - 'rpc-over-http': 'enable', - 'switching-protocols-log': 'disable' - } - - set_method_mock.assert_called_with('firewall', 'profile-protocol-options', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_profile_protocol_options_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_profile_protocol_options': { - 'comment': 'Optional comments.', - 'name': 'default_name_4', - 'oversize_log': 'disable', - 'replacemsg_group': 'test_value_6', - 'rpc_over_http': 'enable', - 'switching_protocols_log': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_profile_protocol_options.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'name': 'default_name_4', - 'oversize-log': 'disable', - 'replacemsg-group': 'test_value_6', - 'rpc-over-http': 'enable', - 'switching-protocols-log': 'disable' - } - - set_method_mock.assert_called_with('firewall', 'profile-protocol-options', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_profile_protocol_options_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_profile_protocol_options': { - 'comment': 'Optional comments.', - 'name': 'default_name_4', - 'oversize_log': 'disable', - 'replacemsg_group': 'test_value_6', - 'rpc_over_http': 'enable', - 'switching_protocols_log': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_profile_protocol_options.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'profile-protocol-options', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_profile_protocol_options_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_profile_protocol_options': { - 'comment': 'Optional comments.', - 'name': 'default_name_4', - 'oversize_log': 'disable', - 'replacemsg_group': 'test_value_6', - 'rpc_over_http': 'enable', - 'switching_protocols_log': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_profile_protocol_options.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'profile-protocol-options', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_profile_protocol_options_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_profile_protocol_options': { - 'comment': 'Optional comments.', - 'name': 'default_name_4', - 'oversize_log': 'disable', - 'replacemsg_group': 'test_value_6', - 'rpc_over_http': 'enable', - 'switching_protocols_log': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_profile_protocol_options.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'name': 'default_name_4', - 'oversize-log': 'disable', - 'replacemsg-group': 'test_value_6', - 'rpc-over-http': 'enable', - 'switching-protocols-log': 'disable' - } - - set_method_mock.assert_called_with('firewall', 'profile-protocol-options', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_profile_protocol_options_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_profile_protocol_options': { - 'random_attribute_not_valid': 'tag', - 'comment': 'Optional comments.', - 'name': 'default_name_4', - 'oversize_log': 'disable', - 'replacemsg_group': 'test_value_6', - 'rpc_over_http': 'enable', - 'switching_protocols_log': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_profile_protocol_options.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'name': 'default_name_4', - 'oversize-log': 'disable', - 'replacemsg-group': 'test_value_6', - 'rpc-over-http': 'enable', - 'switching-protocols-log': 'disable' - } - - set_method_mock.assert_called_with('firewall', 'profile-protocol-options', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_proxy_address.py b/test/units/modules/network/fortios/test_fortios_firewall_proxy_address.py deleted file mode 100644 index c0e77cbb8d6..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_proxy_address.py +++ /dev/null @@ -1,349 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_proxy_address -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_proxy_address.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_proxy_address_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_proxy_address': { - 'case_sensitivity': 'disable', - 'color': '4', - 'comment': 'Optional comments.', - 'header': 'test_value_6', - 'header_name': 'test_value_7', - 'host': 'myhostname8', - 'host_regex': 'myhostname9', - 'method': 'get', - 'name': 'default_name_11', - 'path': 'test_value_12', - 'query': 'test_value_13', - 'referrer': 'enable', - 'type': 'host-regex', - 'ua': 'chrome', - 'uuid': 'test_value_17', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_proxy_address.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'case-sensitivity': 'disable', - 'color': '4', - 'comment': 'Optional comments.', - 'header': 'test_value_6', - 'header-name': 'test_value_7', - 'host': 'myhostname8', - 'host-regex': 'myhostname9', - 'method': 'get', - 'name': 'default_name_11', - 'path': 'test_value_12', - 'query': 'test_value_13', - 'referrer': 'enable', - 'type': 'host-regex', - 'ua': 'chrome', - 'uuid': 'test_value_17', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'proxy-address', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_proxy_address_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_proxy_address': { - 'case_sensitivity': 'disable', - 'color': '4', - 'comment': 'Optional comments.', - 'header': 'test_value_6', - 'header_name': 'test_value_7', - 'host': 'myhostname8', - 'host_regex': 'myhostname9', - 'method': 'get', - 'name': 'default_name_11', - 'path': 'test_value_12', - 'query': 'test_value_13', - 'referrer': 'enable', - 'type': 'host-regex', - 'ua': 'chrome', - 'uuid': 'test_value_17', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_proxy_address.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'case-sensitivity': 'disable', - 'color': '4', - 'comment': 'Optional comments.', - 'header': 'test_value_6', - 'header-name': 'test_value_7', - 'host': 'myhostname8', - 'host-regex': 'myhostname9', - 'method': 'get', - 'name': 'default_name_11', - 'path': 'test_value_12', - 'query': 'test_value_13', - 'referrer': 'enable', - 'type': 'host-regex', - 'ua': 'chrome', - 'uuid': 'test_value_17', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'proxy-address', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_proxy_address_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_proxy_address': { - 'case_sensitivity': 'disable', - 'color': '4', - 'comment': 'Optional comments.', - 'header': 'test_value_6', - 'header_name': 'test_value_7', - 'host': 'myhostname8', - 'host_regex': 'myhostname9', - 'method': 'get', - 'name': 'default_name_11', - 'path': 'test_value_12', - 'query': 'test_value_13', - 'referrer': 'enable', - 'type': 'host-regex', - 'ua': 'chrome', - 'uuid': 'test_value_17', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_proxy_address.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'proxy-address', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_proxy_address_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_proxy_address': { - 'case_sensitivity': 'disable', - 'color': '4', - 'comment': 'Optional comments.', - 'header': 'test_value_6', - 'header_name': 'test_value_7', - 'host': 'myhostname8', - 'host_regex': 'myhostname9', - 'method': 'get', - 'name': 'default_name_11', - 'path': 'test_value_12', - 'query': 'test_value_13', - 'referrer': 'enable', - 'type': 'host-regex', - 'ua': 'chrome', - 'uuid': 'test_value_17', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_proxy_address.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'proxy-address', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_proxy_address_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_proxy_address': { - 'case_sensitivity': 'disable', - 'color': '4', - 'comment': 'Optional comments.', - 'header': 'test_value_6', - 'header_name': 'test_value_7', - 'host': 'myhostname8', - 'host_regex': 'myhostname9', - 'method': 'get', - 'name': 'default_name_11', - 'path': 'test_value_12', - 'query': 'test_value_13', - 'referrer': 'enable', - 'type': 'host-regex', - 'ua': 'chrome', - 'uuid': 'test_value_17', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_proxy_address.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'case-sensitivity': 'disable', - 'color': '4', - 'comment': 'Optional comments.', - 'header': 'test_value_6', - 'header-name': 'test_value_7', - 'host': 'myhostname8', - 'host-regex': 'myhostname9', - 'method': 'get', - 'name': 'default_name_11', - 'path': 'test_value_12', - 'query': 'test_value_13', - 'referrer': 'enable', - 'type': 'host-regex', - 'ua': 'chrome', - 'uuid': 'test_value_17', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'proxy-address', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_proxy_address_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_proxy_address': { - 'random_attribute_not_valid': 'tag', - 'case_sensitivity': 'disable', - 'color': '4', - 'comment': 'Optional comments.', - 'header': 'test_value_6', - 'header_name': 'test_value_7', - 'host': 'myhostname8', - 'host_regex': 'myhostname9', - 'method': 'get', - 'name': 'default_name_11', - 'path': 'test_value_12', - 'query': 'test_value_13', - 'referrer': 'enable', - 'type': 'host-regex', - 'ua': 'chrome', - 'uuid': 'test_value_17', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_proxy_address.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'case-sensitivity': 'disable', - 'color': '4', - 'comment': 'Optional comments.', - 'header': 'test_value_6', - 'header-name': 'test_value_7', - 'host': 'myhostname8', - 'host-regex': 'myhostname9', - 'method': 'get', - 'name': 'default_name_11', - 'path': 'test_value_12', - 'query': 'test_value_13', - 'referrer': 'enable', - 'type': 'host-regex', - 'ua': 'chrome', - 'uuid': 'test_value_17', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'proxy-address', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_proxy_addrgrp.py b/test/units/modules/network/fortios/test_fortios_firewall_proxy_addrgrp.py deleted file mode 100644 index 7bc4477485b..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_proxy_addrgrp.py +++ /dev/null @@ -1,249 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_proxy_addrgrp -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_proxy_addrgrp.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_proxy_addrgrp_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_proxy_addrgrp': { - 'color': '3', - 'comment': 'Optional comments.', - 'name': 'default_name_5', - 'type': 'src', - 'uuid': 'test_value_7', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_proxy_addrgrp.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comment': 'Optional comments.', - 'name': 'default_name_5', - 'type': 'src', - 'uuid': 'test_value_7', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'proxy-addrgrp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_proxy_addrgrp_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_proxy_addrgrp': { - 'color': '3', - 'comment': 'Optional comments.', - 'name': 'default_name_5', - 'type': 'src', - 'uuid': 'test_value_7', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_proxy_addrgrp.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comment': 'Optional comments.', - 'name': 'default_name_5', - 'type': 'src', - 'uuid': 'test_value_7', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'proxy-addrgrp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_proxy_addrgrp_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_proxy_addrgrp': { - 'color': '3', - 'comment': 'Optional comments.', - 'name': 'default_name_5', - 'type': 'src', - 'uuid': 'test_value_7', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_proxy_addrgrp.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'proxy-addrgrp', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_proxy_addrgrp_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_proxy_addrgrp': { - 'color': '3', - 'comment': 'Optional comments.', - 'name': 'default_name_5', - 'type': 'src', - 'uuid': 'test_value_7', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_proxy_addrgrp.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'proxy-addrgrp', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_proxy_addrgrp_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_proxy_addrgrp': { - 'color': '3', - 'comment': 'Optional comments.', - 'name': 'default_name_5', - 'type': 'src', - 'uuid': 'test_value_7', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_proxy_addrgrp.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comment': 'Optional comments.', - 'name': 'default_name_5', - 'type': 'src', - 'uuid': 'test_value_7', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'proxy-addrgrp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_proxy_addrgrp_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_proxy_addrgrp': { - 'random_attribute_not_valid': 'tag', - 'color': '3', - 'comment': 'Optional comments.', - 'name': 'default_name_5', - 'type': 'src', - 'uuid': 'test_value_7', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_proxy_addrgrp.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comment': 'Optional comments.', - 'name': 'default_name_5', - 'type': 'src', - 'uuid': 'test_value_7', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'proxy-addrgrp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_proxy_policy.py b/test/units/modules/network/fortios/test_fortios_firewall_proxy_policy.py deleted file mode 100644 index 72609465efc..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_proxy_policy.py +++ /dev/null @@ -1,599 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_proxy_policy -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_proxy_policy.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_proxy_policy_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_proxy_policy': { - 'action': 'accept', - 'application_list': 'test_value_4', - 'av_profile': 'test_value_5', - 'comments': 'test_value_6', - 'disclaimer': 'disable', - 'dlp_sensor': 'test_value_8', - 'dstaddr_negate': 'enable', - 'global_label': 'test_value_10', - 'http_tunnel_auth': 'enable', - 'icap_profile': 'test_value_12', - 'internet_service': 'enable', - 'internet_service_negate': 'enable', - 'ips_sensor': 'test_value_15', - 'label': 'test_value_16', - 'logtraffic': 'all', - 'logtraffic_start': 'enable', - 'policyid': '19', - 'profile_group': 'test_value_20', - 'profile_protocol_options': 'test_value_21', - 'profile_type': 'single', - 'proxy': 'explicit-web', - 'redirect_url': 'test_value_24', - 'replacemsg_override_group': 'test_value_25', - 'scan_botnet_connections': 'disable', - 'schedule': 'test_value_27', - 'service_negate': 'enable', - 'session_ttl': '29', - 'spamfilter_profile': 'test_value_30', - 'srcaddr_negate': 'enable', - 'ssh_filter_profile': 'test_value_32', - 'ssl_ssh_profile': 'test_value_33', - 'status': 'enable', - 'transparent': 'enable', - 'utm_status': 'enable', - 'uuid': 'test_value_37', - 'waf_profile': 'test_value_38', - 'webcache': 'enable', - 'webcache_https': 'disable', - 'webfilter_profile': 'test_value_41', - 'webproxy_forward_server': 'test_value_42', - 'webproxy_profile': 'test_value_43' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_proxy_policy.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'application-list': 'test_value_4', - 'av-profile': 'test_value_5', - 'comments': 'test_value_6', - 'disclaimer': 'disable', - 'dlp-sensor': 'test_value_8', - 'dstaddr-negate': 'enable', - 'global-label': 'test_value_10', - 'http-tunnel-auth': 'enable', - 'icap-profile': 'test_value_12', - 'internet-service': 'enable', - 'internet-service-negate': 'enable', - 'ips-sensor': 'test_value_15', - 'label': 'test_value_16', - 'logtraffic': 'all', - 'logtraffic-start': 'enable', - 'policyid': '19', - 'profile-group': 'test_value_20', - 'profile-protocol-options': 'test_value_21', - 'profile-type': 'single', - 'proxy': 'explicit-web', - 'redirect-url': 'test_value_24', - 'replacemsg-override-group': 'test_value_25', - 'scan-botnet-connections': 'disable', - 'schedule': 'test_value_27', - 'service-negate': 'enable', - 'session-ttl': '29', - 'spamfilter-profile': 'test_value_30', - 'srcaddr-negate': 'enable', - 'ssh-filter-profile': 'test_value_32', - 'ssl-ssh-profile': 'test_value_33', - 'status': 'enable', - 'transparent': 'enable', - 'utm-status': 'enable', - 'uuid': 'test_value_37', - 'waf-profile': 'test_value_38', - 'webcache': 'enable', - 'webcache-https': 'disable', - 'webfilter-profile': 'test_value_41', - 'webproxy-forward-server': 'test_value_42', - 'webproxy-profile': 'test_value_43' - } - - set_method_mock.assert_called_with('firewall', 'proxy-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_proxy_policy_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_proxy_policy': { - 'action': 'accept', - 'application_list': 'test_value_4', - 'av_profile': 'test_value_5', - 'comments': 'test_value_6', - 'disclaimer': 'disable', - 'dlp_sensor': 'test_value_8', - 'dstaddr_negate': 'enable', - 'global_label': 'test_value_10', - 'http_tunnel_auth': 'enable', - 'icap_profile': 'test_value_12', - 'internet_service': 'enable', - 'internet_service_negate': 'enable', - 'ips_sensor': 'test_value_15', - 'label': 'test_value_16', - 'logtraffic': 'all', - 'logtraffic_start': 'enable', - 'policyid': '19', - 'profile_group': 'test_value_20', - 'profile_protocol_options': 'test_value_21', - 'profile_type': 'single', - 'proxy': 'explicit-web', - 'redirect_url': 'test_value_24', - 'replacemsg_override_group': 'test_value_25', - 'scan_botnet_connections': 'disable', - 'schedule': 'test_value_27', - 'service_negate': 'enable', - 'session_ttl': '29', - 'spamfilter_profile': 'test_value_30', - 'srcaddr_negate': 'enable', - 'ssh_filter_profile': 'test_value_32', - 'ssl_ssh_profile': 'test_value_33', - 'status': 'enable', - 'transparent': 'enable', - 'utm_status': 'enable', - 'uuid': 'test_value_37', - 'waf_profile': 'test_value_38', - 'webcache': 'enable', - 'webcache_https': 'disable', - 'webfilter_profile': 'test_value_41', - 'webproxy_forward_server': 'test_value_42', - 'webproxy_profile': 'test_value_43' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_proxy_policy.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'application-list': 'test_value_4', - 'av-profile': 'test_value_5', - 'comments': 'test_value_6', - 'disclaimer': 'disable', - 'dlp-sensor': 'test_value_8', - 'dstaddr-negate': 'enable', - 'global-label': 'test_value_10', - 'http-tunnel-auth': 'enable', - 'icap-profile': 'test_value_12', - 'internet-service': 'enable', - 'internet-service-negate': 'enable', - 'ips-sensor': 'test_value_15', - 'label': 'test_value_16', - 'logtraffic': 'all', - 'logtraffic-start': 'enable', - 'policyid': '19', - 'profile-group': 'test_value_20', - 'profile-protocol-options': 'test_value_21', - 'profile-type': 'single', - 'proxy': 'explicit-web', - 'redirect-url': 'test_value_24', - 'replacemsg-override-group': 'test_value_25', - 'scan-botnet-connections': 'disable', - 'schedule': 'test_value_27', - 'service-negate': 'enable', - 'session-ttl': '29', - 'spamfilter-profile': 'test_value_30', - 'srcaddr-negate': 'enable', - 'ssh-filter-profile': 'test_value_32', - 'ssl-ssh-profile': 'test_value_33', - 'status': 'enable', - 'transparent': 'enable', - 'utm-status': 'enable', - 'uuid': 'test_value_37', - 'waf-profile': 'test_value_38', - 'webcache': 'enable', - 'webcache-https': 'disable', - 'webfilter-profile': 'test_value_41', - 'webproxy-forward-server': 'test_value_42', - 'webproxy-profile': 'test_value_43' - } - - set_method_mock.assert_called_with('firewall', 'proxy-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_proxy_policy_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_proxy_policy': { - 'action': 'accept', - 'application_list': 'test_value_4', - 'av_profile': 'test_value_5', - 'comments': 'test_value_6', - 'disclaimer': 'disable', - 'dlp_sensor': 'test_value_8', - 'dstaddr_negate': 'enable', - 'global_label': 'test_value_10', - 'http_tunnel_auth': 'enable', - 'icap_profile': 'test_value_12', - 'internet_service': 'enable', - 'internet_service_negate': 'enable', - 'ips_sensor': 'test_value_15', - 'label': 'test_value_16', - 'logtraffic': 'all', - 'logtraffic_start': 'enable', - 'policyid': '19', - 'profile_group': 'test_value_20', - 'profile_protocol_options': 'test_value_21', - 'profile_type': 'single', - 'proxy': 'explicit-web', - 'redirect_url': 'test_value_24', - 'replacemsg_override_group': 'test_value_25', - 'scan_botnet_connections': 'disable', - 'schedule': 'test_value_27', - 'service_negate': 'enable', - 'session_ttl': '29', - 'spamfilter_profile': 'test_value_30', - 'srcaddr_negate': 'enable', - 'ssh_filter_profile': 'test_value_32', - 'ssl_ssh_profile': 'test_value_33', - 'status': 'enable', - 'transparent': 'enable', - 'utm_status': 'enable', - 'uuid': 'test_value_37', - 'waf_profile': 'test_value_38', - 'webcache': 'enable', - 'webcache_https': 'disable', - 'webfilter_profile': 'test_value_41', - 'webproxy_forward_server': 'test_value_42', - 'webproxy_profile': 'test_value_43' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_proxy_policy.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'proxy-policy', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_proxy_policy_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_proxy_policy': { - 'action': 'accept', - 'application_list': 'test_value_4', - 'av_profile': 'test_value_5', - 'comments': 'test_value_6', - 'disclaimer': 'disable', - 'dlp_sensor': 'test_value_8', - 'dstaddr_negate': 'enable', - 'global_label': 'test_value_10', - 'http_tunnel_auth': 'enable', - 'icap_profile': 'test_value_12', - 'internet_service': 'enable', - 'internet_service_negate': 'enable', - 'ips_sensor': 'test_value_15', - 'label': 'test_value_16', - 'logtraffic': 'all', - 'logtraffic_start': 'enable', - 'policyid': '19', - 'profile_group': 'test_value_20', - 'profile_protocol_options': 'test_value_21', - 'profile_type': 'single', - 'proxy': 'explicit-web', - 'redirect_url': 'test_value_24', - 'replacemsg_override_group': 'test_value_25', - 'scan_botnet_connections': 'disable', - 'schedule': 'test_value_27', - 'service_negate': 'enable', - 'session_ttl': '29', - 'spamfilter_profile': 'test_value_30', - 'srcaddr_negate': 'enable', - 'ssh_filter_profile': 'test_value_32', - 'ssl_ssh_profile': 'test_value_33', - 'status': 'enable', - 'transparent': 'enable', - 'utm_status': 'enable', - 'uuid': 'test_value_37', - 'waf_profile': 'test_value_38', - 'webcache': 'enable', - 'webcache_https': 'disable', - 'webfilter_profile': 'test_value_41', - 'webproxy_forward_server': 'test_value_42', - 'webproxy_profile': 'test_value_43' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_proxy_policy.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'proxy-policy', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_proxy_policy_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_proxy_policy': { - 'action': 'accept', - 'application_list': 'test_value_4', - 'av_profile': 'test_value_5', - 'comments': 'test_value_6', - 'disclaimer': 'disable', - 'dlp_sensor': 'test_value_8', - 'dstaddr_negate': 'enable', - 'global_label': 'test_value_10', - 'http_tunnel_auth': 'enable', - 'icap_profile': 'test_value_12', - 'internet_service': 'enable', - 'internet_service_negate': 'enable', - 'ips_sensor': 'test_value_15', - 'label': 'test_value_16', - 'logtraffic': 'all', - 'logtraffic_start': 'enable', - 'policyid': '19', - 'profile_group': 'test_value_20', - 'profile_protocol_options': 'test_value_21', - 'profile_type': 'single', - 'proxy': 'explicit-web', - 'redirect_url': 'test_value_24', - 'replacemsg_override_group': 'test_value_25', - 'scan_botnet_connections': 'disable', - 'schedule': 'test_value_27', - 'service_negate': 'enable', - 'session_ttl': '29', - 'spamfilter_profile': 'test_value_30', - 'srcaddr_negate': 'enable', - 'ssh_filter_profile': 'test_value_32', - 'ssl_ssh_profile': 'test_value_33', - 'status': 'enable', - 'transparent': 'enable', - 'utm_status': 'enable', - 'uuid': 'test_value_37', - 'waf_profile': 'test_value_38', - 'webcache': 'enable', - 'webcache_https': 'disable', - 'webfilter_profile': 'test_value_41', - 'webproxy_forward_server': 'test_value_42', - 'webproxy_profile': 'test_value_43' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_proxy_policy.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'application-list': 'test_value_4', - 'av-profile': 'test_value_5', - 'comments': 'test_value_6', - 'disclaimer': 'disable', - 'dlp-sensor': 'test_value_8', - 'dstaddr-negate': 'enable', - 'global-label': 'test_value_10', - 'http-tunnel-auth': 'enable', - 'icap-profile': 'test_value_12', - 'internet-service': 'enable', - 'internet-service-negate': 'enable', - 'ips-sensor': 'test_value_15', - 'label': 'test_value_16', - 'logtraffic': 'all', - 'logtraffic-start': 'enable', - 'policyid': '19', - 'profile-group': 'test_value_20', - 'profile-protocol-options': 'test_value_21', - 'profile-type': 'single', - 'proxy': 'explicit-web', - 'redirect-url': 'test_value_24', - 'replacemsg-override-group': 'test_value_25', - 'scan-botnet-connections': 'disable', - 'schedule': 'test_value_27', - 'service-negate': 'enable', - 'session-ttl': '29', - 'spamfilter-profile': 'test_value_30', - 'srcaddr-negate': 'enable', - 'ssh-filter-profile': 'test_value_32', - 'ssl-ssh-profile': 'test_value_33', - 'status': 'enable', - 'transparent': 'enable', - 'utm-status': 'enable', - 'uuid': 'test_value_37', - 'waf-profile': 'test_value_38', - 'webcache': 'enable', - 'webcache-https': 'disable', - 'webfilter-profile': 'test_value_41', - 'webproxy-forward-server': 'test_value_42', - 'webproxy-profile': 'test_value_43' - } - - set_method_mock.assert_called_with('firewall', 'proxy-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_proxy_policy_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_proxy_policy': { - 'random_attribute_not_valid': 'tag', - 'action': 'accept', - 'application_list': 'test_value_4', - 'av_profile': 'test_value_5', - 'comments': 'test_value_6', - 'disclaimer': 'disable', - 'dlp_sensor': 'test_value_8', - 'dstaddr_negate': 'enable', - 'global_label': 'test_value_10', - 'http_tunnel_auth': 'enable', - 'icap_profile': 'test_value_12', - 'internet_service': 'enable', - 'internet_service_negate': 'enable', - 'ips_sensor': 'test_value_15', - 'label': 'test_value_16', - 'logtraffic': 'all', - 'logtraffic_start': 'enable', - 'policyid': '19', - 'profile_group': 'test_value_20', - 'profile_protocol_options': 'test_value_21', - 'profile_type': 'single', - 'proxy': 'explicit-web', - 'redirect_url': 'test_value_24', - 'replacemsg_override_group': 'test_value_25', - 'scan_botnet_connections': 'disable', - 'schedule': 'test_value_27', - 'service_negate': 'enable', - 'session_ttl': '29', - 'spamfilter_profile': 'test_value_30', - 'srcaddr_negate': 'enable', - 'ssh_filter_profile': 'test_value_32', - 'ssl_ssh_profile': 'test_value_33', - 'status': 'enable', - 'transparent': 'enable', - 'utm_status': 'enable', - 'uuid': 'test_value_37', - 'waf_profile': 'test_value_38', - 'webcache': 'enable', - 'webcache_https': 'disable', - 'webfilter_profile': 'test_value_41', - 'webproxy_forward_server': 'test_value_42', - 'webproxy_profile': 'test_value_43' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_proxy_policy.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'application-list': 'test_value_4', - 'av-profile': 'test_value_5', - 'comments': 'test_value_6', - 'disclaimer': 'disable', - 'dlp-sensor': 'test_value_8', - 'dstaddr-negate': 'enable', - 'global-label': 'test_value_10', - 'http-tunnel-auth': 'enable', - 'icap-profile': 'test_value_12', - 'internet-service': 'enable', - 'internet-service-negate': 'enable', - 'ips-sensor': 'test_value_15', - 'label': 'test_value_16', - 'logtraffic': 'all', - 'logtraffic-start': 'enable', - 'policyid': '19', - 'profile-group': 'test_value_20', - 'profile-protocol-options': 'test_value_21', - 'profile-type': 'single', - 'proxy': 'explicit-web', - 'redirect-url': 'test_value_24', - 'replacemsg-override-group': 'test_value_25', - 'scan-botnet-connections': 'disable', - 'schedule': 'test_value_27', - 'service-negate': 'enable', - 'session-ttl': '29', - 'spamfilter-profile': 'test_value_30', - 'srcaddr-negate': 'enable', - 'ssh-filter-profile': 'test_value_32', - 'ssl-ssh-profile': 'test_value_33', - 'status': 'enable', - 'transparent': 'enable', - 'utm-status': 'enable', - 'uuid': 'test_value_37', - 'waf-profile': 'test_value_38', - 'webcache': 'enable', - 'webcache-https': 'disable', - 'webfilter-profile': 'test_value_41', - 'webproxy-forward-server': 'test_value_42', - 'webproxy-profile': 'test_value_43' - } - - set_method_mock.assert_called_with('firewall', 'proxy-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_schedule_group.py b/test/units/modules/network/fortios/test_fortios_firewall_schedule_group.py deleted file mode 100644 index 5d0ffac12b8..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_schedule_group.py +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_schedule_group -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_schedule_group.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_schedule_group_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_schedule_group': { - 'color': '3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_schedule_group.fortios_firewall_schedule(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('firewall.schedule', 'group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_schedule_group_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_schedule_group': { - 'color': '3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_schedule_group.fortios_firewall_schedule(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('firewall.schedule', 'group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_schedule_group_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_schedule_group': { - 'color': '3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_schedule_group.fortios_firewall_schedule(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall.schedule', 'group', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_schedule_group_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_schedule_group': { - 'color': '3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_schedule_group.fortios_firewall_schedule(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall.schedule', 'group', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_schedule_group_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_schedule_group': { - 'color': '3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_schedule_group.fortios_firewall_schedule(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('firewall.schedule', 'group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_schedule_group_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_schedule_group': { - 'random_attribute_not_valid': 'tag', - 'color': '3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_schedule_group.fortios_firewall_schedule(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('firewall.schedule', 'group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_schedule_onetime.py b/test/units/modules/network/fortios/test_fortios_firewall_schedule_onetime.py deleted file mode 100644 index ff6f09434a8..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_schedule_onetime.py +++ /dev/null @@ -1,239 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_schedule_onetime -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_schedule_onetime.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_schedule_onetime_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_schedule_onetime': { - 'color': '3', - 'end': 'test_value_4', - 'expiration_days': '5', - 'name': 'default_name_6', - 'start': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_schedule_onetime.fortios_firewall_schedule(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'end': 'test_value_4', - 'expiration-days': '5', - 'name': 'default_name_6', - 'start': 'test_value_7' - } - - set_method_mock.assert_called_with('firewall.schedule', 'onetime', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_schedule_onetime_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_schedule_onetime': { - 'color': '3', - 'end': 'test_value_4', - 'expiration_days': '5', - 'name': 'default_name_6', - 'start': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_schedule_onetime.fortios_firewall_schedule(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'end': 'test_value_4', - 'expiration-days': '5', - 'name': 'default_name_6', - 'start': 'test_value_7' - } - - set_method_mock.assert_called_with('firewall.schedule', 'onetime', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_schedule_onetime_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_schedule_onetime': { - 'color': '3', - 'end': 'test_value_4', - 'expiration_days': '5', - 'name': 'default_name_6', - 'start': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_schedule_onetime.fortios_firewall_schedule(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall.schedule', 'onetime', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_schedule_onetime_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_schedule_onetime': { - 'color': '3', - 'end': 'test_value_4', - 'expiration_days': '5', - 'name': 'default_name_6', - 'start': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_schedule_onetime.fortios_firewall_schedule(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall.schedule', 'onetime', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_schedule_onetime_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_schedule_onetime': { - 'color': '3', - 'end': 'test_value_4', - 'expiration_days': '5', - 'name': 'default_name_6', - 'start': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_schedule_onetime.fortios_firewall_schedule(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'end': 'test_value_4', - 'expiration-days': '5', - 'name': 'default_name_6', - 'start': 'test_value_7' - } - - set_method_mock.assert_called_with('firewall.schedule', 'onetime', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_schedule_onetime_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_schedule_onetime': { - 'random_attribute_not_valid': 'tag', - 'color': '3', - 'end': 'test_value_4', - 'expiration_days': '5', - 'name': 'default_name_6', - 'start': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_schedule_onetime.fortios_firewall_schedule(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'end': 'test_value_4', - 'expiration-days': '5', - 'name': 'default_name_6', - 'start': 'test_value_7' - } - - set_method_mock.assert_called_with('firewall.schedule', 'onetime', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_schedule_recurring.py b/test/units/modules/network/fortios/test_fortios_firewall_schedule_recurring.py deleted file mode 100644 index 8a1463a683e..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_schedule_recurring.py +++ /dev/null @@ -1,239 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_schedule_recurring -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_schedule_recurring.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_schedule_recurring_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_schedule_recurring': { - 'color': '3', - 'day': 'sunday', - 'end': 'test_value_5', - 'name': 'default_name_6', - 'start': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_schedule_recurring.fortios_firewall_schedule(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'day': 'sunday', - 'end': 'test_value_5', - 'name': 'default_name_6', - 'start': 'test_value_7' - } - - set_method_mock.assert_called_with('firewall.schedule', 'recurring', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_schedule_recurring_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_schedule_recurring': { - 'color': '3', - 'day': 'sunday', - 'end': 'test_value_5', - 'name': 'default_name_6', - 'start': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_schedule_recurring.fortios_firewall_schedule(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'day': 'sunday', - 'end': 'test_value_5', - 'name': 'default_name_6', - 'start': 'test_value_7' - } - - set_method_mock.assert_called_with('firewall.schedule', 'recurring', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_schedule_recurring_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_schedule_recurring': { - 'color': '3', - 'day': 'sunday', - 'end': 'test_value_5', - 'name': 'default_name_6', - 'start': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_schedule_recurring.fortios_firewall_schedule(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall.schedule', 'recurring', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_schedule_recurring_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_schedule_recurring': { - 'color': '3', - 'day': 'sunday', - 'end': 'test_value_5', - 'name': 'default_name_6', - 'start': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_schedule_recurring.fortios_firewall_schedule(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall.schedule', 'recurring', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_schedule_recurring_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_schedule_recurring': { - 'color': '3', - 'day': 'sunday', - 'end': 'test_value_5', - 'name': 'default_name_6', - 'start': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_schedule_recurring.fortios_firewall_schedule(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'day': 'sunday', - 'end': 'test_value_5', - 'name': 'default_name_6', - 'start': 'test_value_7' - } - - set_method_mock.assert_called_with('firewall.schedule', 'recurring', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_schedule_recurring_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_schedule_recurring': { - 'random_attribute_not_valid': 'tag', - 'color': '3', - 'day': 'sunday', - 'end': 'test_value_5', - 'name': 'default_name_6', - 'start': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_schedule_recurring.fortios_firewall_schedule(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'day': 'sunday', - 'end': 'test_value_5', - 'name': 'default_name_6', - 'start': 'test_value_7' - } - - set_method_mock.assert_called_with('firewall.schedule', 'recurring', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_service_category.py b/test/units/modules/network/fortios/test_fortios_firewall_service_category.py deleted file mode 100644 index 2c896c3c4a9..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_service_category.py +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_service_category -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_service_category.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_service_category_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_service_category': { - 'comment': 'Comment.', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_service_category.fortios_firewall_service(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('firewall.service', 'category', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_service_category_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_service_category': { - 'comment': 'Comment.', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_service_category.fortios_firewall_service(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('firewall.service', 'category', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_service_category_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_service_category': { - 'comment': 'Comment.', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_service_category.fortios_firewall_service(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall.service', 'category', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_service_category_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_service_category': { - 'comment': 'Comment.', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_service_category.fortios_firewall_service(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall.service', 'category', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_service_category_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_service_category': { - 'comment': 'Comment.', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_service_category.fortios_firewall_service(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('firewall.service', 'category', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_service_category_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_service_category': { - 'random_attribute_not_valid': 'tag', - 'comment': 'Comment.', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_service_category.fortios_firewall_service(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('firewall.service', 'category', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_service_custom.py b/test/units/modules/network/fortios/test_fortios_firewall_service_custom.py deleted file mode 100644 index 15eae37fdb0..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_service_custom.py +++ /dev/null @@ -1,409 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_service_custom -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_service_custom.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_service_custom_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_service_custom': {'app_service_type': 'disable', - 'category': 'test_value_4', - 'check_reset_range': 'disable', - 'color': '6', - 'comment': 'Comment.', - 'fqdn': 'test_value_8', - 'helper': 'auto', - 'icmpcode': '10', - 'icmptype': '11', - 'iprange': 'test_value_12', - 'name': 'default_name_13', - 'protocol': 'TCP/UDP/SCTP', - 'protocol_number': '15', - 'proxy': 'enable', - 'sctp_portrange': 'test_value_17', - 'session_ttl': '18', - 'tcp_halfclose_timer': '19', - 'tcp_halfopen_timer': '20', - 'tcp_portrange': 'test_value_21', - 'tcp_timewait_timer': '22', - 'udp_idle_timer': '23', - 'udp_portrange': 'test_value_24', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_service_custom.fortios_firewall_service(input_data, fos_instance) - - expected_data = {'app-service-type': 'disable', - 'category': 'test_value_4', - 'check-reset-range': 'disable', - 'color': '6', - 'comment': 'Comment.', - 'fqdn': 'test_value_8', - 'helper': 'auto', - 'icmpcode': '10', - 'icmptype': '11', - 'iprange': 'test_value_12', - 'name': 'default_name_13', - 'protocol': 'TCP/UDP/SCTP', - 'protocol-number': '15', - 'proxy': 'enable', - 'sctp-portrange': 'test_value_17', - 'session-ttl': '18', - 'tcp-halfclose-timer': '19', - 'tcp-halfopen-timer': '20', - 'tcp-portrange': 'test_value_21', - 'tcp-timewait-timer': '22', - 'udp-idle-timer': '23', - 'udp-portrange': 'test_value_24', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall.service', 'custom', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_service_custom_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_service_custom': {'app_service_type': 'disable', - 'category': 'test_value_4', - 'check_reset_range': 'disable', - 'color': '6', - 'comment': 'Comment.', - 'fqdn': 'test_value_8', - 'helper': 'auto', - 'icmpcode': '10', - 'icmptype': '11', - 'iprange': 'test_value_12', - 'name': 'default_name_13', - 'protocol': 'TCP/UDP/SCTP', - 'protocol_number': '15', - 'proxy': 'enable', - 'sctp_portrange': 'test_value_17', - 'session_ttl': '18', - 'tcp_halfclose_timer': '19', - 'tcp_halfopen_timer': '20', - 'tcp_portrange': 'test_value_21', - 'tcp_timewait_timer': '22', - 'udp_idle_timer': '23', - 'udp_portrange': 'test_value_24', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_service_custom.fortios_firewall_service(input_data, fos_instance) - - expected_data = {'app-service-type': 'disable', - 'category': 'test_value_4', - 'check-reset-range': 'disable', - 'color': '6', - 'comment': 'Comment.', - 'fqdn': 'test_value_8', - 'helper': 'auto', - 'icmpcode': '10', - 'icmptype': '11', - 'iprange': 'test_value_12', - 'name': 'default_name_13', - 'protocol': 'TCP/UDP/SCTP', - 'protocol-number': '15', - 'proxy': 'enable', - 'sctp-portrange': 'test_value_17', - 'session-ttl': '18', - 'tcp-halfclose-timer': '19', - 'tcp-halfopen-timer': '20', - 'tcp-portrange': 'test_value_21', - 'tcp-timewait-timer': '22', - 'udp-idle-timer': '23', - 'udp-portrange': 'test_value_24', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall.service', 'custom', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_service_custom_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_service_custom': {'app_service_type': 'disable', - 'category': 'test_value_4', - 'check_reset_range': 'disable', - 'color': '6', - 'comment': 'Comment.', - 'fqdn': 'test_value_8', - 'helper': 'auto', - 'icmpcode': '10', - 'icmptype': '11', - 'iprange': 'test_value_12', - 'name': 'default_name_13', - 'protocol': 'TCP/UDP/SCTP', - 'protocol_number': '15', - 'proxy': 'enable', - 'sctp_portrange': 'test_value_17', - 'session_ttl': '18', - 'tcp_halfclose_timer': '19', - 'tcp_halfopen_timer': '20', - 'tcp_portrange': 'test_value_21', - 'tcp_timewait_timer': '22', - 'udp_idle_timer': '23', - 'udp_portrange': 'test_value_24', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_service_custom.fortios_firewall_service(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall.service', 'custom', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_service_custom_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_service_custom': {'app_service_type': 'disable', - 'category': 'test_value_4', - 'check_reset_range': 'disable', - 'color': '6', - 'comment': 'Comment.', - 'fqdn': 'test_value_8', - 'helper': 'auto', - 'icmpcode': '10', - 'icmptype': '11', - 'iprange': 'test_value_12', - 'name': 'default_name_13', - 'protocol': 'TCP/UDP/SCTP', - 'protocol_number': '15', - 'proxy': 'enable', - 'sctp_portrange': 'test_value_17', - 'session_ttl': '18', - 'tcp_halfclose_timer': '19', - 'tcp_halfopen_timer': '20', - 'tcp_portrange': 'test_value_21', - 'tcp_timewait_timer': '22', - 'udp_idle_timer': '23', - 'udp_portrange': 'test_value_24', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_service_custom.fortios_firewall_service(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall.service', 'custom', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_service_custom_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_service_custom': {'app_service_type': 'disable', - 'category': 'test_value_4', - 'check_reset_range': 'disable', - 'color': '6', - 'comment': 'Comment.', - 'fqdn': 'test_value_8', - 'helper': 'auto', - 'icmpcode': '10', - 'icmptype': '11', - 'iprange': 'test_value_12', - 'name': 'default_name_13', - 'protocol': 'TCP/UDP/SCTP', - 'protocol_number': '15', - 'proxy': 'enable', - 'sctp_portrange': 'test_value_17', - 'session_ttl': '18', - 'tcp_halfclose_timer': '19', - 'tcp_halfopen_timer': '20', - 'tcp_portrange': 'test_value_21', - 'tcp_timewait_timer': '22', - 'udp_idle_timer': '23', - 'udp_portrange': 'test_value_24', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_service_custom.fortios_firewall_service(input_data, fos_instance) - - expected_data = {'app-service-type': 'disable', - 'category': 'test_value_4', - 'check-reset-range': 'disable', - 'color': '6', - 'comment': 'Comment.', - 'fqdn': 'test_value_8', - 'helper': 'auto', - 'icmpcode': '10', - 'icmptype': '11', - 'iprange': 'test_value_12', - 'name': 'default_name_13', - 'protocol': 'TCP/UDP/SCTP', - 'protocol-number': '15', - 'proxy': 'enable', - 'sctp-portrange': 'test_value_17', - 'session-ttl': '18', - 'tcp-halfclose-timer': '19', - 'tcp-halfopen-timer': '20', - 'tcp-portrange': 'test_value_21', - 'tcp-timewait-timer': '22', - 'udp-idle-timer': '23', - 'udp-portrange': 'test_value_24', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall.service', 'custom', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_service_custom_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_service_custom': { - 'random_attribute_not_valid': 'tag', 'app_service_type': 'disable', - 'category': 'test_value_4', - 'check_reset_range': 'disable', - 'color': '6', - 'comment': 'Comment.', - 'fqdn': 'test_value_8', - 'helper': 'auto', - 'icmpcode': '10', - 'icmptype': '11', - 'iprange': 'test_value_12', - 'name': 'default_name_13', - 'protocol': 'TCP/UDP/SCTP', - 'protocol_number': '15', - 'proxy': 'enable', - 'sctp_portrange': 'test_value_17', - 'session_ttl': '18', - 'tcp_halfclose_timer': '19', - 'tcp_halfopen_timer': '20', - 'tcp_portrange': 'test_value_21', - 'tcp_timewait_timer': '22', - 'udp_idle_timer': '23', - 'udp_portrange': 'test_value_24', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_service_custom.fortios_firewall_service(input_data, fos_instance) - - expected_data = {'app-service-type': 'disable', - 'category': 'test_value_4', - 'check-reset-range': 'disable', - 'color': '6', - 'comment': 'Comment.', - 'fqdn': 'test_value_8', - 'helper': 'auto', - 'icmpcode': '10', - 'icmptype': '11', - 'iprange': 'test_value_12', - 'name': 'default_name_13', - 'protocol': 'TCP/UDP/SCTP', - 'protocol-number': '15', - 'proxy': 'enable', - 'sctp-portrange': 'test_value_17', - 'session-ttl': '18', - 'tcp-halfclose-timer': '19', - 'tcp-halfopen-timer': '20', - 'tcp-portrange': 'test_value_21', - 'tcp-timewait-timer': '22', - 'udp-idle-timer': '23', - 'udp-portrange': 'test_value_24', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall.service', 'custom', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_service_group.py b/test/units/modules/network/fortios/test_fortios_firewall_service_group.py deleted file mode 100644 index 51b36bdba58..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_service_group.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_service_group -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_service_group.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_service_group_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_service_group': { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'proxy': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_service_group.fortios_firewall_service(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'proxy': 'enable' - } - - set_method_mock.assert_called_with('firewall.service', 'group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_service_group_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_service_group': { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'proxy': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_service_group.fortios_firewall_service(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'proxy': 'enable' - } - - set_method_mock.assert_called_with('firewall.service', 'group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_service_group_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_service_group': { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'proxy': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_service_group.fortios_firewall_service(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall.service', 'group', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_service_group_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_service_group': { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'proxy': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_service_group.fortios_firewall_service(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall.service', 'group', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_service_group_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_service_group': { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'proxy': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_service_group.fortios_firewall_service(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'proxy': 'enable' - } - - set_method_mock.assert_called_with('firewall.service', 'group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_service_group_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_service_group': { - 'random_attribute_not_valid': 'tag', - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'proxy': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_service_group.fortios_firewall_service(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'proxy': 'enable' - } - - set_method_mock.assert_called_with('firewall.service', 'group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_shaper_per_ip_shaper.py b/test/units/modules/network/fortios/test_fortios_firewall_shaper_per_ip_shaper.py deleted file mode 100644 index 54fc4a35137..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_shaper_per_ip_shaper.py +++ /dev/null @@ -1,269 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_shaper_per_ip_shaper -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_shaper_per_ip_shaper.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_shaper_per_ip_shaper_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_shaper_per_ip_shaper': { - 'bandwidth_unit': 'kbps', - 'diffserv_forward': 'enable', - 'diffserv_reverse': 'enable', - 'diffservcode_forward': 'test_value_6', - 'diffservcode_rev': 'test_value_7', - 'max_bandwidth': '8', - 'max_concurrent_session': '9', - 'name': 'default_name_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_shaper_per_ip_shaper.fortios_firewall_shaper(input_data, fos_instance) - - expected_data = { - 'bandwidth-unit': 'kbps', - 'diffserv-forward': 'enable', - 'diffserv-reverse': 'enable', - 'diffservcode-forward': 'test_value_6', - 'diffservcode-rev': 'test_value_7', - 'max-bandwidth': '8', - 'max-concurrent-session': '9', - 'name': 'default_name_10' - } - - set_method_mock.assert_called_with('firewall.shaper', 'per-ip-shaper', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_shaper_per_ip_shaper_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_shaper_per_ip_shaper': { - 'bandwidth_unit': 'kbps', - 'diffserv_forward': 'enable', - 'diffserv_reverse': 'enable', - 'diffservcode_forward': 'test_value_6', - 'diffservcode_rev': 'test_value_7', - 'max_bandwidth': '8', - 'max_concurrent_session': '9', - 'name': 'default_name_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_shaper_per_ip_shaper.fortios_firewall_shaper(input_data, fos_instance) - - expected_data = { - 'bandwidth-unit': 'kbps', - 'diffserv-forward': 'enable', - 'diffserv-reverse': 'enable', - 'diffservcode-forward': 'test_value_6', - 'diffservcode-rev': 'test_value_7', - 'max-bandwidth': '8', - 'max-concurrent-session': '9', - 'name': 'default_name_10' - } - - set_method_mock.assert_called_with('firewall.shaper', 'per-ip-shaper', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_shaper_per_ip_shaper_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_shaper_per_ip_shaper': { - 'bandwidth_unit': 'kbps', - 'diffserv_forward': 'enable', - 'diffserv_reverse': 'enable', - 'diffservcode_forward': 'test_value_6', - 'diffservcode_rev': 'test_value_7', - 'max_bandwidth': '8', - 'max_concurrent_session': '9', - 'name': 'default_name_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_shaper_per_ip_shaper.fortios_firewall_shaper(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall.shaper', 'per-ip-shaper', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_shaper_per_ip_shaper_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_shaper_per_ip_shaper': { - 'bandwidth_unit': 'kbps', - 'diffserv_forward': 'enable', - 'diffserv_reverse': 'enable', - 'diffservcode_forward': 'test_value_6', - 'diffservcode_rev': 'test_value_7', - 'max_bandwidth': '8', - 'max_concurrent_session': '9', - 'name': 'default_name_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_shaper_per_ip_shaper.fortios_firewall_shaper(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall.shaper', 'per-ip-shaper', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_shaper_per_ip_shaper_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_shaper_per_ip_shaper': { - 'bandwidth_unit': 'kbps', - 'diffserv_forward': 'enable', - 'diffserv_reverse': 'enable', - 'diffservcode_forward': 'test_value_6', - 'diffservcode_rev': 'test_value_7', - 'max_bandwidth': '8', - 'max_concurrent_session': '9', - 'name': 'default_name_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_shaper_per_ip_shaper.fortios_firewall_shaper(input_data, fos_instance) - - expected_data = { - 'bandwidth-unit': 'kbps', - 'diffserv-forward': 'enable', - 'diffserv-reverse': 'enable', - 'diffservcode-forward': 'test_value_6', - 'diffservcode-rev': 'test_value_7', - 'max-bandwidth': '8', - 'max-concurrent-session': '9', - 'name': 'default_name_10' - } - - set_method_mock.assert_called_with('firewall.shaper', 'per-ip-shaper', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_shaper_per_ip_shaper_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_shaper_per_ip_shaper': { - 'random_attribute_not_valid': 'tag', - 'bandwidth_unit': 'kbps', - 'diffserv_forward': 'enable', - 'diffserv_reverse': 'enable', - 'diffservcode_forward': 'test_value_6', - 'diffservcode_rev': 'test_value_7', - 'max_bandwidth': '8', - 'max_concurrent_session': '9', - 'name': 'default_name_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_shaper_per_ip_shaper.fortios_firewall_shaper(input_data, fos_instance) - - expected_data = { - 'bandwidth-unit': 'kbps', - 'diffserv-forward': 'enable', - 'diffserv-reverse': 'enable', - 'diffservcode-forward': 'test_value_6', - 'diffservcode-rev': 'test_value_7', - 'max-bandwidth': '8', - 'max-concurrent-session': '9', - 'name': 'default_name_10' - } - - set_method_mock.assert_called_with('firewall.shaper', 'per-ip-shaper', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_shaper_traffic_shaper.py b/test/units/modules/network/fortios/test_fortios_firewall_shaper_traffic_shaper.py deleted file mode 100644 index fb62200ae8a..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_shaper_traffic_shaper.py +++ /dev/null @@ -1,269 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_shaper_traffic_shaper -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_shaper_traffic_shaper.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_shaper_traffic_shaper_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_shaper_traffic_shaper': { - 'bandwidth_unit': 'kbps', - 'diffserv': 'enable', - 'diffservcode': 'test_value_5', - 'guaranteed_bandwidth': '6', - 'maximum_bandwidth': '7', - 'name': 'default_name_8', - 'per_policy': 'disable', - 'priority': 'low' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_shaper_traffic_shaper.fortios_firewall_shaper(input_data, fos_instance) - - expected_data = { - 'bandwidth-unit': 'kbps', - 'diffserv': 'enable', - 'diffservcode': 'test_value_5', - 'guaranteed-bandwidth': '6', - 'maximum-bandwidth': '7', - 'name': 'default_name_8', - 'per-policy': 'disable', - 'priority': 'low' - } - - set_method_mock.assert_called_with('firewall.shaper', 'traffic-shaper', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_shaper_traffic_shaper_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_shaper_traffic_shaper': { - 'bandwidth_unit': 'kbps', - 'diffserv': 'enable', - 'diffservcode': 'test_value_5', - 'guaranteed_bandwidth': '6', - 'maximum_bandwidth': '7', - 'name': 'default_name_8', - 'per_policy': 'disable', - 'priority': 'low' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_shaper_traffic_shaper.fortios_firewall_shaper(input_data, fos_instance) - - expected_data = { - 'bandwidth-unit': 'kbps', - 'diffserv': 'enable', - 'diffservcode': 'test_value_5', - 'guaranteed-bandwidth': '6', - 'maximum-bandwidth': '7', - 'name': 'default_name_8', - 'per-policy': 'disable', - 'priority': 'low' - } - - set_method_mock.assert_called_with('firewall.shaper', 'traffic-shaper', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_shaper_traffic_shaper_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_shaper_traffic_shaper': { - 'bandwidth_unit': 'kbps', - 'diffserv': 'enable', - 'diffservcode': 'test_value_5', - 'guaranteed_bandwidth': '6', - 'maximum_bandwidth': '7', - 'name': 'default_name_8', - 'per_policy': 'disable', - 'priority': 'low' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_shaper_traffic_shaper.fortios_firewall_shaper(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall.shaper', 'traffic-shaper', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_shaper_traffic_shaper_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_shaper_traffic_shaper': { - 'bandwidth_unit': 'kbps', - 'diffserv': 'enable', - 'diffservcode': 'test_value_5', - 'guaranteed_bandwidth': '6', - 'maximum_bandwidth': '7', - 'name': 'default_name_8', - 'per_policy': 'disable', - 'priority': 'low' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_shaper_traffic_shaper.fortios_firewall_shaper(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall.shaper', 'traffic-shaper', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_shaper_traffic_shaper_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_shaper_traffic_shaper': { - 'bandwidth_unit': 'kbps', - 'diffserv': 'enable', - 'diffservcode': 'test_value_5', - 'guaranteed_bandwidth': '6', - 'maximum_bandwidth': '7', - 'name': 'default_name_8', - 'per_policy': 'disable', - 'priority': 'low' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_shaper_traffic_shaper.fortios_firewall_shaper(input_data, fos_instance) - - expected_data = { - 'bandwidth-unit': 'kbps', - 'diffserv': 'enable', - 'diffservcode': 'test_value_5', - 'guaranteed-bandwidth': '6', - 'maximum-bandwidth': '7', - 'name': 'default_name_8', - 'per-policy': 'disable', - 'priority': 'low' - } - - set_method_mock.assert_called_with('firewall.shaper', 'traffic-shaper', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_shaper_traffic_shaper_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_shaper_traffic_shaper': { - 'random_attribute_not_valid': 'tag', - 'bandwidth_unit': 'kbps', - 'diffserv': 'enable', - 'diffservcode': 'test_value_5', - 'guaranteed_bandwidth': '6', - 'maximum_bandwidth': '7', - 'name': 'default_name_8', - 'per_policy': 'disable', - 'priority': 'low' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_shaper_traffic_shaper.fortios_firewall_shaper(input_data, fos_instance) - - expected_data = { - 'bandwidth-unit': 'kbps', - 'diffserv': 'enable', - 'diffservcode': 'test_value_5', - 'guaranteed-bandwidth': '6', - 'maximum-bandwidth': '7', - 'name': 'default_name_8', - 'per-policy': 'disable', - 'priority': 'low' - } - - set_method_mock.assert_called_with('firewall.shaper', 'traffic-shaper', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_shaping_policy.py b/test/units/modules/network/fortios/test_fortios_firewall_shaping_policy.py deleted file mode 100644 index d8812a76e57..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_shaping_policy.py +++ /dev/null @@ -1,299 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_shaping_policy -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_shaping_policy.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_shaping_policy_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_shaping_policy': {'class_id': '3', - 'comment': 'Comments.', - 'id': '5', - 'internet_service': 'enable', - 'internet_service_src': 'enable', - 'ip_version': '4', - 'per_ip_shaper': 'test_value_9', - 'schedule': 'test_value_10', - 'status': 'enable', - 'traffic_shaper': 'test_value_12', - 'traffic_shaper_reverse': 'test_value_13', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_shaping_policy.fortios_firewall(input_data, fos_instance) - - expected_data = {'class-id': '3', - 'comment': 'Comments.', - 'id': '5', - 'internet-service': 'enable', - 'internet-service-src': 'enable', - 'ip-version': '4', - 'per-ip-shaper': 'test_value_9', - 'schedule': 'test_value_10', - 'status': 'enable', - 'traffic-shaper': 'test_value_12', - 'traffic-shaper-reverse': 'test_value_13', - - } - - set_method_mock.assert_called_with('firewall', 'shaping-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_shaping_policy_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_shaping_policy': {'class_id': '3', - 'comment': 'Comments.', - 'id': '5', - 'internet_service': 'enable', - 'internet_service_src': 'enable', - 'ip_version': '4', - 'per_ip_shaper': 'test_value_9', - 'schedule': 'test_value_10', - 'status': 'enable', - 'traffic_shaper': 'test_value_12', - 'traffic_shaper_reverse': 'test_value_13', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_shaping_policy.fortios_firewall(input_data, fos_instance) - - expected_data = {'class-id': '3', - 'comment': 'Comments.', - 'id': '5', - 'internet-service': 'enable', - 'internet-service-src': 'enable', - 'ip-version': '4', - 'per-ip-shaper': 'test_value_9', - 'schedule': 'test_value_10', - 'status': 'enable', - 'traffic-shaper': 'test_value_12', - 'traffic-shaper-reverse': 'test_value_13', - - } - - set_method_mock.assert_called_with('firewall', 'shaping-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_shaping_policy_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_shaping_policy': {'class_id': '3', - 'comment': 'Comments.', - 'id': '5', - 'internet_service': 'enable', - 'internet_service_src': 'enable', - 'ip_version': '4', - 'per_ip_shaper': 'test_value_9', - 'schedule': 'test_value_10', - 'status': 'enable', - 'traffic_shaper': 'test_value_12', - 'traffic_shaper_reverse': 'test_value_13', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_shaping_policy.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'shaping-policy', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_shaping_policy_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_shaping_policy': {'class_id': '3', - 'comment': 'Comments.', - 'id': '5', - 'internet_service': 'enable', - 'internet_service_src': 'enable', - 'ip_version': '4', - 'per_ip_shaper': 'test_value_9', - 'schedule': 'test_value_10', - 'status': 'enable', - 'traffic_shaper': 'test_value_12', - 'traffic_shaper_reverse': 'test_value_13', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_shaping_policy.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'shaping-policy', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_shaping_policy_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_shaping_policy': {'class_id': '3', - 'comment': 'Comments.', - 'id': '5', - 'internet_service': 'enable', - 'internet_service_src': 'enable', - 'ip_version': '4', - 'per_ip_shaper': 'test_value_9', - 'schedule': 'test_value_10', - 'status': 'enable', - 'traffic_shaper': 'test_value_12', - 'traffic_shaper_reverse': 'test_value_13', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_shaping_policy.fortios_firewall(input_data, fos_instance) - - expected_data = {'class-id': '3', - 'comment': 'Comments.', - 'id': '5', - 'internet-service': 'enable', - 'internet-service-src': 'enable', - 'ip-version': '4', - 'per-ip-shaper': 'test_value_9', - 'schedule': 'test_value_10', - 'status': 'enable', - 'traffic-shaper': 'test_value_12', - 'traffic-shaper-reverse': 'test_value_13', - - } - - set_method_mock.assert_called_with('firewall', 'shaping-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_shaping_policy_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_shaping_policy': { - 'random_attribute_not_valid': 'tag', 'class_id': '3', - 'comment': 'Comments.', - 'id': '5', - 'internet_service': 'enable', - 'internet_service_src': 'enable', - 'ip_version': '4', - 'per_ip_shaper': 'test_value_9', - 'schedule': 'test_value_10', - 'status': 'enable', - 'traffic_shaper': 'test_value_12', - 'traffic_shaper_reverse': 'test_value_13', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_shaping_policy.fortios_firewall(input_data, fos_instance) - - expected_data = {'class-id': '3', - 'comment': 'Comments.', - 'id': '5', - 'internet-service': 'enable', - 'internet-service-src': 'enable', - 'ip-version': '4', - 'per-ip-shaper': 'test_value_9', - 'schedule': 'test_value_10', - 'status': 'enable', - 'traffic-shaper': 'test_value_12', - 'traffic-shaper-reverse': 'test_value_13', - - } - - set_method_mock.assert_called_with('firewall', 'shaping-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_shaping_profile.py b/test/units/modules/network/fortios/test_fortios_firewall_shaping_profile.py deleted file mode 100644 index d9522bc7b0c..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_shaping_profile.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_shaping_profile -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_shaping_profile.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_shaping_profile_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_shaping_profile': { - 'comment': 'Comment.', - 'default_class_id': '4', - 'profile_name': 'test_value_5', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_shaping_profile.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'default-class-id': '4', - 'profile-name': 'test_value_5', - - } - - set_method_mock.assert_called_with('firewall', 'shaping-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_shaping_profile_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_shaping_profile': { - 'comment': 'Comment.', - 'default_class_id': '4', - 'profile_name': 'test_value_5', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_shaping_profile.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'default-class-id': '4', - 'profile-name': 'test_value_5', - - } - - set_method_mock.assert_called_with('firewall', 'shaping-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_shaping_profile_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_shaping_profile': { - 'comment': 'Comment.', - 'default_class_id': '4', - 'profile_name': 'test_value_5', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_shaping_profile.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'shaping-profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_shaping_profile_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_shaping_profile': { - 'comment': 'Comment.', - 'default_class_id': '4', - 'profile_name': 'test_value_5', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_shaping_profile.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'shaping-profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_shaping_profile_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_shaping_profile': { - 'comment': 'Comment.', - 'default_class_id': '4', - 'profile_name': 'test_value_5', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_shaping_profile.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'default-class-id': '4', - 'profile-name': 'test_value_5', - - } - - set_method_mock.assert_called_with('firewall', 'shaping-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_shaping_profile_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_shaping_profile': { - 'random_attribute_not_valid': 'tag', - 'comment': 'Comment.', - 'default_class_id': '4', - 'profile_name': 'test_value_5', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_shaping_profile.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'default-class-id': '4', - 'profile-name': 'test_value_5', - - } - - set_method_mock.assert_called_with('firewall', 'shaping-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_sniffer.py b/test/units/modules/network/fortios/test_fortios_firewall_sniffer.py deleted file mode 100644 index b69e26785c4..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_sniffer.py +++ /dev/null @@ -1,439 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_sniffer -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_sniffer.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_sniffer_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_sniffer': {'application_list': 'test_value_3', - 'application_list_status': 'enable', - 'av_profile': 'test_value_5', - 'av_profile_status': 'enable', - 'dlp_sensor': 'test_value_7', - 'dlp_sensor_status': 'enable', - 'dsri': 'enable', - 'host': 'myhostname10', - 'id': '11', - 'interface': 'test_value_12', - 'ips_dos_status': 'enable', - 'ips_sensor': 'test_value_14', - 'ips_sensor_status': 'enable', - 'ipv6': 'enable', - 'logtraffic': 'all', - 'max_packet_count': '18', - 'non_ip': 'enable', - 'port': 'test_value_20', - 'protocol': 'test_value_21', - 'scan_botnet_connections': 'disable', - 'spamfilter_profile': 'test_value_23', - 'spamfilter_profile_status': 'enable', - 'status': 'enable', - 'vlan': 'test_value_26', - 'webfilter_profile': 'test_value_27', - 'webfilter_profile_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_sniffer.fortios_firewall(input_data, fos_instance) - - expected_data = {'application-list': 'test_value_3', - 'application-list-status': 'enable', - 'av-profile': 'test_value_5', - 'av-profile-status': 'enable', - 'dlp-sensor': 'test_value_7', - 'dlp-sensor-status': 'enable', - 'dsri': 'enable', - 'host': 'myhostname10', - 'id': '11', - 'interface': 'test_value_12', - 'ips-dos-status': 'enable', - 'ips-sensor': 'test_value_14', - 'ips-sensor-status': 'enable', - 'ipv6': 'enable', - 'logtraffic': 'all', - 'max-packet-count': '18', - 'non-ip': 'enable', - 'port': 'test_value_20', - 'protocol': 'test_value_21', - 'scan-botnet-connections': 'disable', - 'spamfilter-profile': 'test_value_23', - 'spamfilter-profile-status': 'enable', - 'status': 'enable', - 'vlan': 'test_value_26', - 'webfilter-profile': 'test_value_27', - 'webfilter-profile-status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'sniffer', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_sniffer_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_sniffer': {'application_list': 'test_value_3', - 'application_list_status': 'enable', - 'av_profile': 'test_value_5', - 'av_profile_status': 'enable', - 'dlp_sensor': 'test_value_7', - 'dlp_sensor_status': 'enable', - 'dsri': 'enable', - 'host': 'myhostname10', - 'id': '11', - 'interface': 'test_value_12', - 'ips_dos_status': 'enable', - 'ips_sensor': 'test_value_14', - 'ips_sensor_status': 'enable', - 'ipv6': 'enable', - 'logtraffic': 'all', - 'max_packet_count': '18', - 'non_ip': 'enable', - 'port': 'test_value_20', - 'protocol': 'test_value_21', - 'scan_botnet_connections': 'disable', - 'spamfilter_profile': 'test_value_23', - 'spamfilter_profile_status': 'enable', - 'status': 'enable', - 'vlan': 'test_value_26', - 'webfilter_profile': 'test_value_27', - 'webfilter_profile_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_sniffer.fortios_firewall(input_data, fos_instance) - - expected_data = {'application-list': 'test_value_3', - 'application-list-status': 'enable', - 'av-profile': 'test_value_5', - 'av-profile-status': 'enable', - 'dlp-sensor': 'test_value_7', - 'dlp-sensor-status': 'enable', - 'dsri': 'enable', - 'host': 'myhostname10', - 'id': '11', - 'interface': 'test_value_12', - 'ips-dos-status': 'enable', - 'ips-sensor': 'test_value_14', - 'ips-sensor-status': 'enable', - 'ipv6': 'enable', - 'logtraffic': 'all', - 'max-packet-count': '18', - 'non-ip': 'enable', - 'port': 'test_value_20', - 'protocol': 'test_value_21', - 'scan-botnet-connections': 'disable', - 'spamfilter-profile': 'test_value_23', - 'spamfilter-profile-status': 'enable', - 'status': 'enable', - 'vlan': 'test_value_26', - 'webfilter-profile': 'test_value_27', - 'webfilter-profile-status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'sniffer', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_sniffer_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_sniffer': {'application_list': 'test_value_3', - 'application_list_status': 'enable', - 'av_profile': 'test_value_5', - 'av_profile_status': 'enable', - 'dlp_sensor': 'test_value_7', - 'dlp_sensor_status': 'enable', - 'dsri': 'enable', - 'host': 'myhostname10', - 'id': '11', - 'interface': 'test_value_12', - 'ips_dos_status': 'enable', - 'ips_sensor': 'test_value_14', - 'ips_sensor_status': 'enable', - 'ipv6': 'enable', - 'logtraffic': 'all', - 'max_packet_count': '18', - 'non_ip': 'enable', - 'port': 'test_value_20', - 'protocol': 'test_value_21', - 'scan_botnet_connections': 'disable', - 'spamfilter_profile': 'test_value_23', - 'spamfilter_profile_status': 'enable', - 'status': 'enable', - 'vlan': 'test_value_26', - 'webfilter_profile': 'test_value_27', - 'webfilter_profile_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_sniffer.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'sniffer', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_sniffer_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_sniffer': {'application_list': 'test_value_3', - 'application_list_status': 'enable', - 'av_profile': 'test_value_5', - 'av_profile_status': 'enable', - 'dlp_sensor': 'test_value_7', - 'dlp_sensor_status': 'enable', - 'dsri': 'enable', - 'host': 'myhostname10', - 'id': '11', - 'interface': 'test_value_12', - 'ips_dos_status': 'enable', - 'ips_sensor': 'test_value_14', - 'ips_sensor_status': 'enable', - 'ipv6': 'enable', - 'logtraffic': 'all', - 'max_packet_count': '18', - 'non_ip': 'enable', - 'port': 'test_value_20', - 'protocol': 'test_value_21', - 'scan_botnet_connections': 'disable', - 'spamfilter_profile': 'test_value_23', - 'spamfilter_profile_status': 'enable', - 'status': 'enable', - 'vlan': 'test_value_26', - 'webfilter_profile': 'test_value_27', - 'webfilter_profile_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_sniffer.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'sniffer', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_sniffer_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_sniffer': {'application_list': 'test_value_3', - 'application_list_status': 'enable', - 'av_profile': 'test_value_5', - 'av_profile_status': 'enable', - 'dlp_sensor': 'test_value_7', - 'dlp_sensor_status': 'enable', - 'dsri': 'enable', - 'host': 'myhostname10', - 'id': '11', - 'interface': 'test_value_12', - 'ips_dos_status': 'enable', - 'ips_sensor': 'test_value_14', - 'ips_sensor_status': 'enable', - 'ipv6': 'enable', - 'logtraffic': 'all', - 'max_packet_count': '18', - 'non_ip': 'enable', - 'port': 'test_value_20', - 'protocol': 'test_value_21', - 'scan_botnet_connections': 'disable', - 'spamfilter_profile': 'test_value_23', - 'spamfilter_profile_status': 'enable', - 'status': 'enable', - 'vlan': 'test_value_26', - 'webfilter_profile': 'test_value_27', - 'webfilter_profile_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_sniffer.fortios_firewall(input_data, fos_instance) - - expected_data = {'application-list': 'test_value_3', - 'application-list-status': 'enable', - 'av-profile': 'test_value_5', - 'av-profile-status': 'enable', - 'dlp-sensor': 'test_value_7', - 'dlp-sensor-status': 'enable', - 'dsri': 'enable', - 'host': 'myhostname10', - 'id': '11', - 'interface': 'test_value_12', - 'ips-dos-status': 'enable', - 'ips-sensor': 'test_value_14', - 'ips-sensor-status': 'enable', - 'ipv6': 'enable', - 'logtraffic': 'all', - 'max-packet-count': '18', - 'non-ip': 'enable', - 'port': 'test_value_20', - 'protocol': 'test_value_21', - 'scan-botnet-connections': 'disable', - 'spamfilter-profile': 'test_value_23', - 'spamfilter-profile-status': 'enable', - 'status': 'enable', - 'vlan': 'test_value_26', - 'webfilter-profile': 'test_value_27', - 'webfilter-profile-status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'sniffer', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_sniffer_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_sniffer': { - 'random_attribute_not_valid': 'tag', 'application_list': 'test_value_3', - 'application_list_status': 'enable', - 'av_profile': 'test_value_5', - 'av_profile_status': 'enable', - 'dlp_sensor': 'test_value_7', - 'dlp_sensor_status': 'enable', - 'dsri': 'enable', - 'host': 'myhostname10', - 'id': '11', - 'interface': 'test_value_12', - 'ips_dos_status': 'enable', - 'ips_sensor': 'test_value_14', - 'ips_sensor_status': 'enable', - 'ipv6': 'enable', - 'logtraffic': 'all', - 'max_packet_count': '18', - 'non_ip': 'enable', - 'port': 'test_value_20', - 'protocol': 'test_value_21', - 'scan_botnet_connections': 'disable', - 'spamfilter_profile': 'test_value_23', - 'spamfilter_profile_status': 'enable', - 'status': 'enable', - 'vlan': 'test_value_26', - 'webfilter_profile': 'test_value_27', - 'webfilter_profile_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_sniffer.fortios_firewall(input_data, fos_instance) - - expected_data = {'application-list': 'test_value_3', - 'application-list-status': 'enable', - 'av-profile': 'test_value_5', - 'av-profile-status': 'enable', - 'dlp-sensor': 'test_value_7', - 'dlp-sensor-status': 'enable', - 'dsri': 'enable', - 'host': 'myhostname10', - 'id': '11', - 'interface': 'test_value_12', - 'ips-dos-status': 'enable', - 'ips-sensor': 'test_value_14', - 'ips-sensor-status': 'enable', - 'ipv6': 'enable', - 'logtraffic': 'all', - 'max-packet-count': '18', - 'non-ip': 'enable', - 'port': 'test_value_20', - 'protocol': 'test_value_21', - 'scan-botnet-connections': 'disable', - 'spamfilter-profile': 'test_value_23', - 'spamfilter-profile-status': 'enable', - 'status': 'enable', - 'vlan': 'test_value_26', - 'webfilter-profile': 'test_value_27', - 'webfilter-profile-status': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'sniffer', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_ssh_host_key.py b/test/units/modules/network/fortios/test_fortios_firewall_ssh_host_key.py deleted file mode 100644 index f403cd8a964..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_ssh_host_key.py +++ /dev/null @@ -1,269 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_ssh_host_key -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_ssh_host_key.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_ssh_host_key_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ssh_host_key': { - 'hostname': 'myhostname3', - 'ip': 'test_value_4', - 'name': 'default_name_5', - 'nid': '256', - 'port': '7', - 'public_key': 'test_value_8', - 'status': 'trusted', - 'type': 'RSA' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssh_host_key.fortios_firewall_ssh(input_data, fos_instance) - - expected_data = { - 'hostname': 'myhostname3', - 'ip': 'test_value_4', - 'name': 'default_name_5', - 'nid': '256', - 'port': '7', - 'public-key': 'test_value_8', - 'status': 'trusted', - 'type': 'RSA' - } - - set_method_mock.assert_called_with('firewall.ssh', 'host-key', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_ssh_host_key_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ssh_host_key': { - 'hostname': 'myhostname3', - 'ip': 'test_value_4', - 'name': 'default_name_5', - 'nid': '256', - 'port': '7', - 'public_key': 'test_value_8', - 'status': 'trusted', - 'type': 'RSA' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssh_host_key.fortios_firewall_ssh(input_data, fos_instance) - - expected_data = { - 'hostname': 'myhostname3', - 'ip': 'test_value_4', - 'name': 'default_name_5', - 'nid': '256', - 'port': '7', - 'public-key': 'test_value_8', - 'status': 'trusted', - 'type': 'RSA' - } - - set_method_mock.assert_called_with('firewall.ssh', 'host-key', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_ssh_host_key_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_ssh_host_key': { - 'hostname': 'myhostname3', - 'ip': 'test_value_4', - 'name': 'default_name_5', - 'nid': '256', - 'port': '7', - 'public_key': 'test_value_8', - 'status': 'trusted', - 'type': 'RSA' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssh_host_key.fortios_firewall_ssh(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall.ssh', 'host-key', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_ssh_host_key_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_ssh_host_key': { - 'hostname': 'myhostname3', - 'ip': 'test_value_4', - 'name': 'default_name_5', - 'nid': '256', - 'port': '7', - 'public_key': 'test_value_8', - 'status': 'trusted', - 'type': 'RSA' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssh_host_key.fortios_firewall_ssh(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall.ssh', 'host-key', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_ssh_host_key_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ssh_host_key': { - 'hostname': 'myhostname3', - 'ip': 'test_value_4', - 'name': 'default_name_5', - 'nid': '256', - 'port': '7', - 'public_key': 'test_value_8', - 'status': 'trusted', - 'type': 'RSA' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssh_host_key.fortios_firewall_ssh(input_data, fos_instance) - - expected_data = { - 'hostname': 'myhostname3', - 'ip': 'test_value_4', - 'name': 'default_name_5', - 'nid': '256', - 'port': '7', - 'public-key': 'test_value_8', - 'status': 'trusted', - 'type': 'RSA' - } - - set_method_mock.assert_called_with('firewall.ssh', 'host-key', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_ssh_host_key_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ssh_host_key': { - 'random_attribute_not_valid': 'tag', - 'hostname': 'myhostname3', - 'ip': 'test_value_4', - 'name': 'default_name_5', - 'nid': '256', - 'port': '7', - 'public_key': 'test_value_8', - 'status': 'trusted', - 'type': 'RSA' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssh_host_key.fortios_firewall_ssh(input_data, fos_instance) - - expected_data = { - 'hostname': 'myhostname3', - 'ip': 'test_value_4', - 'name': 'default_name_5', - 'nid': '256', - 'port': '7', - 'public-key': 'test_value_8', - 'status': 'trusted', - 'type': 'RSA' - } - - set_method_mock.assert_called_with('firewall.ssh', 'host-key', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_ssh_local_ca.py b/test/units/modules/network/fortios/test_fortios_firewall_ssh_local_ca.py deleted file mode 100644 index 8105cf00310..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_ssh_local_ca.py +++ /dev/null @@ -1,239 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_ssh_local_ca -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_ssh_local_ca.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_ssh_local_ca_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ssh_local_ca': { - 'name': 'default_name_3', - 'password': 'test_value_4', - 'private_key': 'test_value_5', - 'public_key': 'test_value_6', - 'source': 'built-in' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssh_local_ca.fortios_firewall_ssh(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'password': 'test_value_4', - 'private-key': 'test_value_5', - 'public-key': 'test_value_6', - 'source': 'built-in' - } - - set_method_mock.assert_called_with('firewall.ssh', 'local-ca', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_ssh_local_ca_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ssh_local_ca': { - 'name': 'default_name_3', - 'password': 'test_value_4', - 'private_key': 'test_value_5', - 'public_key': 'test_value_6', - 'source': 'built-in' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssh_local_ca.fortios_firewall_ssh(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'password': 'test_value_4', - 'private-key': 'test_value_5', - 'public-key': 'test_value_6', - 'source': 'built-in' - } - - set_method_mock.assert_called_with('firewall.ssh', 'local-ca', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_ssh_local_ca_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_ssh_local_ca': { - 'name': 'default_name_3', - 'password': 'test_value_4', - 'private_key': 'test_value_5', - 'public_key': 'test_value_6', - 'source': 'built-in' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssh_local_ca.fortios_firewall_ssh(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall.ssh', 'local-ca', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_ssh_local_ca_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_ssh_local_ca': { - 'name': 'default_name_3', - 'password': 'test_value_4', - 'private_key': 'test_value_5', - 'public_key': 'test_value_6', - 'source': 'built-in' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssh_local_ca.fortios_firewall_ssh(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall.ssh', 'local-ca', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_ssh_local_ca_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ssh_local_ca': { - 'name': 'default_name_3', - 'password': 'test_value_4', - 'private_key': 'test_value_5', - 'public_key': 'test_value_6', - 'source': 'built-in' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssh_local_ca.fortios_firewall_ssh(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'password': 'test_value_4', - 'private-key': 'test_value_5', - 'public-key': 'test_value_6', - 'source': 'built-in' - } - - set_method_mock.assert_called_with('firewall.ssh', 'local-ca', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_ssh_local_ca_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ssh_local_ca': { - 'random_attribute_not_valid': 'tag', - 'name': 'default_name_3', - 'password': 'test_value_4', - 'private_key': 'test_value_5', - 'public_key': 'test_value_6', - 'source': 'built-in' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssh_local_ca.fortios_firewall_ssh(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'password': 'test_value_4', - 'private-key': 'test_value_5', - 'public-key': 'test_value_6', - 'source': 'built-in' - } - - set_method_mock.assert_called_with('firewall.ssh', 'local-ca', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_ssh_local_key.py b/test/units/modules/network/fortios/test_fortios_firewall_ssh_local_key.py deleted file mode 100644 index 6b7d03e477e..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_ssh_local_key.py +++ /dev/null @@ -1,239 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_ssh_local_key -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_ssh_local_key.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_ssh_local_key_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ssh_local_key': { - 'name': 'default_name_3', - 'password': 'test_value_4', - 'private_key': 'test_value_5', - 'public_key': 'test_value_6', - 'source': 'built-in' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssh_local_key.fortios_firewall_ssh(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'password': 'test_value_4', - 'private-key': 'test_value_5', - 'public-key': 'test_value_6', - 'source': 'built-in' - } - - set_method_mock.assert_called_with('firewall.ssh', 'local-key', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_ssh_local_key_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ssh_local_key': { - 'name': 'default_name_3', - 'password': 'test_value_4', - 'private_key': 'test_value_5', - 'public_key': 'test_value_6', - 'source': 'built-in' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssh_local_key.fortios_firewall_ssh(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'password': 'test_value_4', - 'private-key': 'test_value_5', - 'public-key': 'test_value_6', - 'source': 'built-in' - } - - set_method_mock.assert_called_with('firewall.ssh', 'local-key', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_ssh_local_key_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_ssh_local_key': { - 'name': 'default_name_3', - 'password': 'test_value_4', - 'private_key': 'test_value_5', - 'public_key': 'test_value_6', - 'source': 'built-in' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssh_local_key.fortios_firewall_ssh(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall.ssh', 'local-key', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_ssh_local_key_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_ssh_local_key': { - 'name': 'default_name_3', - 'password': 'test_value_4', - 'private_key': 'test_value_5', - 'public_key': 'test_value_6', - 'source': 'built-in' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssh_local_key.fortios_firewall_ssh(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall.ssh', 'local-key', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_ssh_local_key_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ssh_local_key': { - 'name': 'default_name_3', - 'password': 'test_value_4', - 'private_key': 'test_value_5', - 'public_key': 'test_value_6', - 'source': 'built-in' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssh_local_key.fortios_firewall_ssh(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'password': 'test_value_4', - 'private-key': 'test_value_5', - 'public-key': 'test_value_6', - 'source': 'built-in' - } - - set_method_mock.assert_called_with('firewall.ssh', 'local-key', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_ssh_local_key_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ssh_local_key': { - 'random_attribute_not_valid': 'tag', - 'name': 'default_name_3', - 'password': 'test_value_4', - 'private_key': 'test_value_5', - 'public_key': 'test_value_6', - 'source': 'built-in' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssh_local_key.fortios_firewall_ssh(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'password': 'test_value_4', - 'private-key': 'test_value_5', - 'public-key': 'test_value_6', - 'source': 'built-in' - } - - set_method_mock.assert_called_with('firewall.ssh', 'local-key', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_ssh_setting.py b/test/units/modules/network/fortios/test_fortios_firewall_ssh_setting.py deleted file mode 100644 index e4b55f1c527..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_ssh_setting.py +++ /dev/null @@ -1,215 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_ssh_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_ssh_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_ssh_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ssh_setting': { - 'caname': 'test_value_3', - 'host_trusted_checking': 'enable', - 'hostkey_dsa1024': 'myhostname5', - 'hostkey_ecdsa256': 'myhostname6', - 'hostkey_ecdsa384': 'myhostname7', - 'hostkey_ecdsa521': 'myhostname8', - 'hostkey_ed25519': 'myhostname9', - 'hostkey_rsa2048': 'myhostname10', - 'untrusted_caname': 'test_value_11' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssh_setting.fortios_firewall_ssh(input_data, fos_instance) - - expected_data = { - 'caname': 'test_value_3', - 'host-trusted-checking': 'enable', - 'hostkey-dsa1024': 'myhostname5', - 'hostkey-ecdsa256': 'myhostname6', - 'hostkey-ecdsa384': 'myhostname7', - 'hostkey-ecdsa521': 'myhostname8', - 'hostkey-ed25519': 'myhostname9', - 'hostkey-rsa2048': 'myhostname10', - 'untrusted-caname': 'test_value_11' - } - - set_method_mock.assert_called_with('firewall.ssh', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_ssh_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ssh_setting': { - 'caname': 'test_value_3', - 'host_trusted_checking': 'enable', - 'hostkey_dsa1024': 'myhostname5', - 'hostkey_ecdsa256': 'myhostname6', - 'hostkey_ecdsa384': 'myhostname7', - 'hostkey_ecdsa521': 'myhostname8', - 'hostkey_ed25519': 'myhostname9', - 'hostkey_rsa2048': 'myhostname10', - 'untrusted_caname': 'test_value_11' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssh_setting.fortios_firewall_ssh(input_data, fos_instance) - - expected_data = { - 'caname': 'test_value_3', - 'host-trusted-checking': 'enable', - 'hostkey-dsa1024': 'myhostname5', - 'hostkey-ecdsa256': 'myhostname6', - 'hostkey-ecdsa384': 'myhostname7', - 'hostkey-ecdsa521': 'myhostname8', - 'hostkey-ed25519': 'myhostname9', - 'hostkey-rsa2048': 'myhostname10', - 'untrusted-caname': 'test_value_11' - } - - set_method_mock.assert_called_with('firewall.ssh', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_ssh_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ssh_setting': { - 'caname': 'test_value_3', - 'host_trusted_checking': 'enable', - 'hostkey_dsa1024': 'myhostname5', - 'hostkey_ecdsa256': 'myhostname6', - 'hostkey_ecdsa384': 'myhostname7', - 'hostkey_ecdsa521': 'myhostname8', - 'hostkey_ed25519': 'myhostname9', - 'hostkey_rsa2048': 'myhostname10', - 'untrusted_caname': 'test_value_11' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssh_setting.fortios_firewall_ssh(input_data, fos_instance) - - expected_data = { - 'caname': 'test_value_3', - 'host-trusted-checking': 'enable', - 'hostkey-dsa1024': 'myhostname5', - 'hostkey-ecdsa256': 'myhostname6', - 'hostkey-ecdsa384': 'myhostname7', - 'hostkey-ecdsa521': 'myhostname8', - 'hostkey-ed25519': 'myhostname9', - 'hostkey-rsa2048': 'myhostname10', - 'untrusted-caname': 'test_value_11' - } - - set_method_mock.assert_called_with('firewall.ssh', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_ssh_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ssh_setting': { - 'random_attribute_not_valid': 'tag', - 'caname': 'test_value_3', - 'host_trusted_checking': 'enable', - 'hostkey_dsa1024': 'myhostname5', - 'hostkey_ecdsa256': 'myhostname6', - 'hostkey_ecdsa384': 'myhostname7', - 'hostkey_ecdsa521': 'myhostname8', - 'hostkey_ed25519': 'myhostname9', - 'hostkey_rsa2048': 'myhostname10', - 'untrusted_caname': 'test_value_11' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssh_setting.fortios_firewall_ssh(input_data, fos_instance) - - expected_data = { - 'caname': 'test_value_3', - 'host-trusted-checking': 'enable', - 'hostkey-dsa1024': 'myhostname5', - 'hostkey-ecdsa256': 'myhostname6', - 'hostkey-ecdsa384': 'myhostname7', - 'hostkey-ecdsa521': 'myhostname8', - 'hostkey-ed25519': 'myhostname9', - 'hostkey-rsa2048': 'myhostname10', - 'untrusted-caname': 'test_value_11' - } - - set_method_mock.assert_called_with('firewall.ssh', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_ssl_server.py b/test/units/modules/network/fortios/test_fortios_firewall_ssl_server.py deleted file mode 100644 index 6e6625e1778..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_ssl_server.py +++ /dev/null @@ -1,329 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_ssl_server -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_ssl_server.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_ssl_server_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ssl_server': { - 'add_header_x_forwarded_proto': 'enable', - 'ip': 'test_value_4', - 'mapped_port': '5', - 'name': 'default_name_6', - 'port': '7', - 'ssl_algorithm': 'high', - 'ssl_cert': 'test_value_9', - 'ssl_client_renegotiation': 'allow', - 'ssl_dh_bits': '768', - 'ssl_max_version': 'tls-1.0', - 'ssl_min_version': 'tls-1.0', - 'ssl_mode': 'half', - 'ssl_send_empty_frags': 'enable', - 'url_rewrite': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssl_server.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'add-header-x-forwarded-proto': 'enable', - 'ip': 'test_value_4', - 'mapped-port': '5', - 'name': 'default_name_6', - 'port': '7', - 'ssl-algorithm': 'high', - 'ssl-cert': 'test_value_9', - 'ssl-client-renegotiation': 'allow', - 'ssl-dh-bits': '768', - 'ssl-max-version': 'tls-1.0', - 'ssl-min-version': 'tls-1.0', - 'ssl-mode': 'half', - 'ssl-send-empty-frags': 'enable', - 'url-rewrite': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'ssl-server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_ssl_server_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ssl_server': { - 'add_header_x_forwarded_proto': 'enable', - 'ip': 'test_value_4', - 'mapped_port': '5', - 'name': 'default_name_6', - 'port': '7', - 'ssl_algorithm': 'high', - 'ssl_cert': 'test_value_9', - 'ssl_client_renegotiation': 'allow', - 'ssl_dh_bits': '768', - 'ssl_max_version': 'tls-1.0', - 'ssl_min_version': 'tls-1.0', - 'ssl_mode': 'half', - 'ssl_send_empty_frags': 'enable', - 'url_rewrite': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssl_server.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'add-header-x-forwarded-proto': 'enable', - 'ip': 'test_value_4', - 'mapped-port': '5', - 'name': 'default_name_6', - 'port': '7', - 'ssl-algorithm': 'high', - 'ssl-cert': 'test_value_9', - 'ssl-client-renegotiation': 'allow', - 'ssl-dh-bits': '768', - 'ssl-max-version': 'tls-1.0', - 'ssl-min-version': 'tls-1.0', - 'ssl-mode': 'half', - 'ssl-send-empty-frags': 'enable', - 'url-rewrite': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'ssl-server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_ssl_server_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_ssl_server': { - 'add_header_x_forwarded_proto': 'enable', - 'ip': 'test_value_4', - 'mapped_port': '5', - 'name': 'default_name_6', - 'port': '7', - 'ssl_algorithm': 'high', - 'ssl_cert': 'test_value_9', - 'ssl_client_renegotiation': 'allow', - 'ssl_dh_bits': '768', - 'ssl_max_version': 'tls-1.0', - 'ssl_min_version': 'tls-1.0', - 'ssl_mode': 'half', - 'ssl_send_empty_frags': 'enable', - 'url_rewrite': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssl_server.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'ssl-server', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_ssl_server_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_ssl_server': { - 'add_header_x_forwarded_proto': 'enable', - 'ip': 'test_value_4', - 'mapped_port': '5', - 'name': 'default_name_6', - 'port': '7', - 'ssl_algorithm': 'high', - 'ssl_cert': 'test_value_9', - 'ssl_client_renegotiation': 'allow', - 'ssl_dh_bits': '768', - 'ssl_max_version': 'tls-1.0', - 'ssl_min_version': 'tls-1.0', - 'ssl_mode': 'half', - 'ssl_send_empty_frags': 'enable', - 'url_rewrite': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssl_server.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'ssl-server', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_ssl_server_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ssl_server': { - 'add_header_x_forwarded_proto': 'enable', - 'ip': 'test_value_4', - 'mapped_port': '5', - 'name': 'default_name_6', - 'port': '7', - 'ssl_algorithm': 'high', - 'ssl_cert': 'test_value_9', - 'ssl_client_renegotiation': 'allow', - 'ssl_dh_bits': '768', - 'ssl_max_version': 'tls-1.0', - 'ssl_min_version': 'tls-1.0', - 'ssl_mode': 'half', - 'ssl_send_empty_frags': 'enable', - 'url_rewrite': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssl_server.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'add-header-x-forwarded-proto': 'enable', - 'ip': 'test_value_4', - 'mapped-port': '5', - 'name': 'default_name_6', - 'port': '7', - 'ssl-algorithm': 'high', - 'ssl-cert': 'test_value_9', - 'ssl-client-renegotiation': 'allow', - 'ssl-dh-bits': '768', - 'ssl-max-version': 'tls-1.0', - 'ssl-min-version': 'tls-1.0', - 'ssl-mode': 'half', - 'ssl-send-empty-frags': 'enable', - 'url-rewrite': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'ssl-server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_ssl_server_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ssl_server': { - 'random_attribute_not_valid': 'tag', - 'add_header_x_forwarded_proto': 'enable', - 'ip': 'test_value_4', - 'mapped_port': '5', - 'name': 'default_name_6', - 'port': '7', - 'ssl_algorithm': 'high', - 'ssl_cert': 'test_value_9', - 'ssl_client_renegotiation': 'allow', - 'ssl_dh_bits': '768', - 'ssl_max_version': 'tls-1.0', - 'ssl_min_version': 'tls-1.0', - 'ssl_mode': 'half', - 'ssl_send_empty_frags': 'enable', - 'url_rewrite': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssl_server.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'add-header-x-forwarded-proto': 'enable', - 'ip': 'test_value_4', - 'mapped-port': '5', - 'name': 'default_name_6', - 'port': '7', - 'ssl-algorithm': 'high', - 'ssl-cert': 'test_value_9', - 'ssl-client-renegotiation': 'allow', - 'ssl-dh-bits': '768', - 'ssl-max-version': 'tls-1.0', - 'ssl-min-version': 'tls-1.0', - 'ssl-mode': 'half', - 'ssl-send-empty-frags': 'enable', - 'url-rewrite': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'ssl-server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_ssl_setting.py b/test/units/modules/network/fortios/test_fortios_firewall_ssl_setting.py deleted file mode 100644 index 363d47768c2..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_ssl_setting.py +++ /dev/null @@ -1,231 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_ssl_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_ssl_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_ssl_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ssl_setting': { - 'abbreviate_handshake': 'enable', - 'cert_cache_capacity': '4', - 'cert_cache_timeout': '5', - 'kxp_queue_threshold': '6', - 'no_matching_cipher_action': 'bypass', - 'proxy_connect_timeout': '8', - 'session_cache_capacity': '9', - 'session_cache_timeout': '10', - 'ssl_dh_bits': '768', - 'ssl_queue_threshold': '12', - 'ssl_send_empty_frags': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssl_setting.fortios_firewall_ssl(input_data, fos_instance) - - expected_data = { - 'abbreviate-handshake': 'enable', - 'cert-cache-capacity': '4', - 'cert-cache-timeout': '5', - 'kxp-queue-threshold': '6', - 'no-matching-cipher-action': 'bypass', - 'proxy-connect-timeout': '8', - 'session-cache-capacity': '9', - 'session-cache-timeout': '10', - 'ssl-dh-bits': '768', - 'ssl-queue-threshold': '12', - 'ssl-send-empty-frags': 'enable' - } - - set_method_mock.assert_called_with('firewall.ssl', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_ssl_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ssl_setting': { - 'abbreviate_handshake': 'enable', - 'cert_cache_capacity': '4', - 'cert_cache_timeout': '5', - 'kxp_queue_threshold': '6', - 'no_matching_cipher_action': 'bypass', - 'proxy_connect_timeout': '8', - 'session_cache_capacity': '9', - 'session_cache_timeout': '10', - 'ssl_dh_bits': '768', - 'ssl_queue_threshold': '12', - 'ssl_send_empty_frags': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssl_setting.fortios_firewall_ssl(input_data, fos_instance) - - expected_data = { - 'abbreviate-handshake': 'enable', - 'cert-cache-capacity': '4', - 'cert-cache-timeout': '5', - 'kxp-queue-threshold': '6', - 'no-matching-cipher-action': 'bypass', - 'proxy-connect-timeout': '8', - 'session-cache-capacity': '9', - 'session-cache-timeout': '10', - 'ssl-dh-bits': '768', - 'ssl-queue-threshold': '12', - 'ssl-send-empty-frags': 'enable' - } - - set_method_mock.assert_called_with('firewall.ssl', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_ssl_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ssl_setting': { - 'abbreviate_handshake': 'enable', - 'cert_cache_capacity': '4', - 'cert_cache_timeout': '5', - 'kxp_queue_threshold': '6', - 'no_matching_cipher_action': 'bypass', - 'proxy_connect_timeout': '8', - 'session_cache_capacity': '9', - 'session_cache_timeout': '10', - 'ssl_dh_bits': '768', - 'ssl_queue_threshold': '12', - 'ssl_send_empty_frags': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssl_setting.fortios_firewall_ssl(input_data, fos_instance) - - expected_data = { - 'abbreviate-handshake': 'enable', - 'cert-cache-capacity': '4', - 'cert-cache-timeout': '5', - 'kxp-queue-threshold': '6', - 'no-matching-cipher-action': 'bypass', - 'proxy-connect-timeout': '8', - 'session-cache-capacity': '9', - 'session-cache-timeout': '10', - 'ssl-dh-bits': '768', - 'ssl-queue-threshold': '12', - 'ssl-send-empty-frags': 'enable' - } - - set_method_mock.assert_called_with('firewall.ssl', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_ssl_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ssl_setting': { - 'random_attribute_not_valid': 'tag', - 'abbreviate_handshake': 'enable', - 'cert_cache_capacity': '4', - 'cert_cache_timeout': '5', - 'kxp_queue_threshold': '6', - 'no_matching_cipher_action': 'bypass', - 'proxy_connect_timeout': '8', - 'session_cache_capacity': '9', - 'session_cache_timeout': '10', - 'ssl_dh_bits': '768', - 'ssl_queue_threshold': '12', - 'ssl_send_empty_frags': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssl_setting.fortios_firewall_ssl(input_data, fos_instance) - - expected_data = { - 'abbreviate-handshake': 'enable', - 'cert-cache-capacity': '4', - 'cert-cache-timeout': '5', - 'kxp-queue-threshold': '6', - 'no-matching-cipher-action': 'bypass', - 'proxy-connect-timeout': '8', - 'session-cache-capacity': '9', - 'session-cache-timeout': '10', - 'ssl-dh-bits': '768', - 'ssl-queue-threshold': '12', - 'ssl-send-empty-frags': 'enable' - } - - set_method_mock.assert_called_with('firewall.ssl', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_ssl_ssh_profile.py b/test/units/modules/network/fortios/test_fortios_firewall_ssl_ssh_profile.py deleted file mode 100644 index 02a2b051ad2..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_ssl_ssh_profile.py +++ /dev/null @@ -1,309 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_ssl_ssh_profile -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_ssl_ssh_profile.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_ssl_ssh_profile_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ssl_ssh_profile': { - 'caname': 'test_value_3', - 'comment': 'Optional comments.', - 'mapi_over_https': 'enable', - 'name': 'default_name_6', - 'rpc_over_https': 'enable', - 'server_cert': 'test_value_8', - 'server_cert_mode': 're-sign', - 'ssl_anomalies_log': 'disable', - 'ssl_exemptions_log': 'disable', - 'untrusted_caname': 'test_value_12', - 'use_ssl_server': 'disable', - 'whitelist': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssl_ssh_profile.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'caname': 'test_value_3', - 'comment': 'Optional comments.', - 'mapi-over-https': 'enable', - 'name': 'default_name_6', - 'rpc-over-https': 'enable', - 'server-cert': 'test_value_8', - 'server-cert-mode': 're-sign', - 'ssl-anomalies-log': 'disable', - 'ssl-exemptions-log': 'disable', - 'untrusted-caname': 'test_value_12', - 'use-ssl-server': 'disable', - 'whitelist': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'ssl-ssh-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_ssl_ssh_profile_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ssl_ssh_profile': { - 'caname': 'test_value_3', - 'comment': 'Optional comments.', - 'mapi_over_https': 'enable', - 'name': 'default_name_6', - 'rpc_over_https': 'enable', - 'server_cert': 'test_value_8', - 'server_cert_mode': 're-sign', - 'ssl_anomalies_log': 'disable', - 'ssl_exemptions_log': 'disable', - 'untrusted_caname': 'test_value_12', - 'use_ssl_server': 'disable', - 'whitelist': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssl_ssh_profile.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'caname': 'test_value_3', - 'comment': 'Optional comments.', - 'mapi-over-https': 'enable', - 'name': 'default_name_6', - 'rpc-over-https': 'enable', - 'server-cert': 'test_value_8', - 'server-cert-mode': 're-sign', - 'ssl-anomalies-log': 'disable', - 'ssl-exemptions-log': 'disable', - 'untrusted-caname': 'test_value_12', - 'use-ssl-server': 'disable', - 'whitelist': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'ssl-ssh-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_ssl_ssh_profile_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_ssl_ssh_profile': { - 'caname': 'test_value_3', - 'comment': 'Optional comments.', - 'mapi_over_https': 'enable', - 'name': 'default_name_6', - 'rpc_over_https': 'enable', - 'server_cert': 'test_value_8', - 'server_cert_mode': 're-sign', - 'ssl_anomalies_log': 'disable', - 'ssl_exemptions_log': 'disable', - 'untrusted_caname': 'test_value_12', - 'use_ssl_server': 'disable', - 'whitelist': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssl_ssh_profile.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'ssl-ssh-profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_ssl_ssh_profile_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_ssl_ssh_profile': { - 'caname': 'test_value_3', - 'comment': 'Optional comments.', - 'mapi_over_https': 'enable', - 'name': 'default_name_6', - 'rpc_over_https': 'enable', - 'server_cert': 'test_value_8', - 'server_cert_mode': 're-sign', - 'ssl_anomalies_log': 'disable', - 'ssl_exemptions_log': 'disable', - 'untrusted_caname': 'test_value_12', - 'use_ssl_server': 'disable', - 'whitelist': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssl_ssh_profile.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'ssl-ssh-profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_ssl_ssh_profile_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ssl_ssh_profile': { - 'caname': 'test_value_3', - 'comment': 'Optional comments.', - 'mapi_over_https': 'enable', - 'name': 'default_name_6', - 'rpc_over_https': 'enable', - 'server_cert': 'test_value_8', - 'server_cert_mode': 're-sign', - 'ssl_anomalies_log': 'disable', - 'ssl_exemptions_log': 'disable', - 'untrusted_caname': 'test_value_12', - 'use_ssl_server': 'disable', - 'whitelist': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssl_ssh_profile.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'caname': 'test_value_3', - 'comment': 'Optional comments.', - 'mapi-over-https': 'enable', - 'name': 'default_name_6', - 'rpc-over-https': 'enable', - 'server-cert': 'test_value_8', - 'server-cert-mode': 're-sign', - 'ssl-anomalies-log': 'disable', - 'ssl-exemptions-log': 'disable', - 'untrusted-caname': 'test_value_12', - 'use-ssl-server': 'disable', - 'whitelist': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'ssl-ssh-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_ssl_ssh_profile_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ssl_ssh_profile': { - 'random_attribute_not_valid': 'tag', - 'caname': 'test_value_3', - 'comment': 'Optional comments.', - 'mapi_over_https': 'enable', - 'name': 'default_name_6', - 'rpc_over_https': 'enable', - 'server_cert': 'test_value_8', - 'server_cert_mode': 're-sign', - 'ssl_anomalies_log': 'disable', - 'ssl_exemptions_log': 'disable', - 'untrusted_caname': 'test_value_12', - 'use_ssl_server': 'disable', - 'whitelist': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ssl_ssh_profile.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'caname': 'test_value_3', - 'comment': 'Optional comments.', - 'mapi-over-https': 'enable', - 'name': 'default_name_6', - 'rpc-over-https': 'enable', - 'server-cert': 'test_value_8', - 'server-cert-mode': 're-sign', - 'ssl-anomalies-log': 'disable', - 'ssl-exemptions-log': 'disable', - 'untrusted-caname': 'test_value_12', - 'use-ssl-server': 'disable', - 'whitelist': 'enable' - } - - set_method_mock.assert_called_with('firewall', 'ssl-ssh-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_ttl_policy.py b/test/units/modules/network/fortios/test_fortios_firewall_ttl_policy.py deleted file mode 100644 index 792fb758770..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_ttl_policy.py +++ /dev/null @@ -1,249 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_ttl_policy -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_ttl_policy.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_ttl_policy_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ttl_policy': { - 'action': 'accept', - 'id': '4', - 'schedule': 'test_value_5', - 'srcintf': 'test_value_6', - 'status': 'enable', - 'ttl': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ttl_policy.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'id': '4', - 'schedule': 'test_value_5', - 'srcintf': 'test_value_6', - 'status': 'enable', - 'ttl': 'test_value_8' - } - - set_method_mock.assert_called_with('firewall', 'ttl-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_ttl_policy_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ttl_policy': { - 'action': 'accept', - 'id': '4', - 'schedule': 'test_value_5', - 'srcintf': 'test_value_6', - 'status': 'enable', - 'ttl': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ttl_policy.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'id': '4', - 'schedule': 'test_value_5', - 'srcintf': 'test_value_6', - 'status': 'enable', - 'ttl': 'test_value_8' - } - - set_method_mock.assert_called_with('firewall', 'ttl-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_ttl_policy_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_ttl_policy': { - 'action': 'accept', - 'id': '4', - 'schedule': 'test_value_5', - 'srcintf': 'test_value_6', - 'status': 'enable', - 'ttl': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ttl_policy.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'ttl-policy', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_ttl_policy_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_ttl_policy': { - 'action': 'accept', - 'id': '4', - 'schedule': 'test_value_5', - 'srcintf': 'test_value_6', - 'status': 'enable', - 'ttl': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ttl_policy.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'ttl-policy', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_ttl_policy_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ttl_policy': { - 'action': 'accept', - 'id': '4', - 'schedule': 'test_value_5', - 'srcintf': 'test_value_6', - 'status': 'enable', - 'ttl': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ttl_policy.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'id': '4', - 'schedule': 'test_value_5', - 'srcintf': 'test_value_6', - 'status': 'enable', - 'ttl': 'test_value_8' - } - - set_method_mock.assert_called_with('firewall', 'ttl-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_ttl_policy_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_ttl_policy': { - 'random_attribute_not_valid': 'tag', - 'action': 'accept', - 'id': '4', - 'schedule': 'test_value_5', - 'srcintf': 'test_value_6', - 'status': 'enable', - 'ttl': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_ttl_policy.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'action': 'accept', - 'id': '4', - 'schedule': 'test_value_5', - 'srcintf': 'test_value_6', - 'status': 'enable', - 'ttl': 'test_value_8' - } - - set_method_mock.assert_called_with('firewall', 'ttl-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_vip.py b/test/units/modules/network/fortios/test_fortios_firewall_vip.py deleted file mode 100644 index a24bdd6b8f3..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_vip.py +++ /dev/null @@ -1,839 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_vip -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_vip.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_vip_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vip': { - 'arp_reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'dns_mapping_ttl': '6', - 'extintf': 'test_value_7', - 'extip': 'test_value_8', - 'extport': 'test_value_9', - 'gratuitous_arp_interval': '10', - 'http_cookie_age': '11', - 'http_cookie_domain': 'test_value_12', - 'http_cookie_domain_from_host': 'disable', - 'http_cookie_generation': '14', - 'http_cookie_path': 'test_value_15', - 'http_cookie_share': 'disable', - 'http_ip_header': 'enable', - 'http_ip_header_name': 'test_value_18', - 'http_multiplex': 'enable', - 'https_cookie_secure': 'disable', - 'id': '21', - 'ldb_method': 'static', - 'mapped_addr': 'test_value_23', - 'mappedport': 'test_value_24', - 'max_embryonic_connections': '25', - 'name': 'default_name_26', - 'nat_source_vip': 'disable', - 'outlook_web_access': 'disable', - 'persistence': 'none', - 'portforward': 'disable', - 'portmapping_type': '1-to-1', - 'protocol': 'tcp', - 'server_type': 'http', - 'ssl_algorithm': 'high', - 'ssl_certificate': 'test_value_35', - 'ssl_client_fallback': 'disable', - 'ssl_client_renegotiation': 'allow', - 'ssl_client_session_state_max': '38', - 'ssl_client_session_state_timeout': '39', - 'ssl_client_session_state_type': 'disable', - 'ssl_dh_bits': '768', - 'ssl_hpkp': 'disable', - 'ssl_hpkp_age': '43', - 'ssl_hpkp_backup': 'test_value_44', - 'ssl_hpkp_include_subdomains': 'disable', - 'ssl_hpkp_primary': 'test_value_46', - 'ssl_hpkp_report_uri': 'test_value_47', - 'ssl_hsts': 'disable', - 'ssl_hsts_age': '49', - 'ssl_hsts_include_subdomains': 'disable', - 'ssl_http_location_conversion': 'enable', - 'ssl_http_match_host': 'enable', - 'ssl_max_version': 'ssl-3.0', - 'ssl_min_version': 'ssl-3.0', - 'ssl_mode': 'half', - 'ssl_pfs': 'require', - 'ssl_send_empty_frags': 'enable', - 'ssl_server_algorithm': 'high', - 'ssl_server_max_version': 'ssl-3.0', - 'ssl_server_min_version': 'ssl-3.0', - 'ssl_server_session_state_max': '61', - 'ssl_server_session_state_timeout': '62', - 'ssl_server_session_state_type': 'disable', - 'type': 'static-nat', - 'uuid': 'test_value_65', - 'weblogic_server': 'disable', - 'websphere_server': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vip.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'arp-reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'dns-mapping-ttl': '6', - 'extintf': 'test_value_7', - 'extip': 'test_value_8', - 'extport': 'test_value_9', - 'gratuitous-arp-interval': '10', - 'http-cookie-age': '11', - 'http-cookie-domain': 'test_value_12', - 'http-cookie-domain-from-host': 'disable', - 'http-cookie-generation': '14', - 'http-cookie-path': 'test_value_15', - 'http-cookie-share': 'disable', - 'http-ip-header': 'enable', - 'http-ip-header-name': 'test_value_18', - 'http-multiplex': 'enable', - 'https-cookie-secure': 'disable', - 'id': '21', - 'ldb-method': 'static', - 'mapped-addr': 'test_value_23', - 'mappedport': 'test_value_24', - 'max-embryonic-connections': '25', - 'name': 'default_name_26', - 'nat-source-vip': 'disable', - 'outlook-web-access': 'disable', - 'persistence': 'none', - 'portforward': 'disable', - 'portmapping-type': '1-to-1', - 'protocol': 'tcp', - 'server-type': 'http', - 'ssl-algorithm': 'high', - 'ssl-certificate': 'test_value_35', - 'ssl-client-fallback': 'disable', - 'ssl-client-renegotiation': 'allow', - 'ssl-client-session-state-max': '38', - 'ssl-client-session-state-timeout': '39', - 'ssl-client-session-state-type': 'disable', - 'ssl-dh-bits': '768', - 'ssl-hpkp': 'disable', - 'ssl-hpkp-age': '43', - 'ssl-hpkp-backup': 'test_value_44', - 'ssl-hpkp-include-subdomains': 'disable', - 'ssl-hpkp-primary': 'test_value_46', - 'ssl-hpkp-report-uri': 'test_value_47', - 'ssl-hsts': 'disable', - 'ssl-hsts-age': '49', - 'ssl-hsts-include-subdomains': 'disable', - 'ssl-http-location-conversion': 'enable', - 'ssl-http-match-host': 'enable', - 'ssl-max-version': 'ssl-3.0', - 'ssl-min-version': 'ssl-3.0', - 'ssl-mode': 'half', - 'ssl-pfs': 'require', - 'ssl-send-empty-frags': 'enable', - 'ssl-server-algorithm': 'high', - 'ssl-server-max-version': 'ssl-3.0', - 'ssl-server-min-version': 'ssl-3.0', - 'ssl-server-session-state-max': '61', - 'ssl-server-session-state-timeout': '62', - 'ssl-server-session-state-type': 'disable', - 'type': 'static-nat', - 'uuid': 'test_value_65', - 'weblogic-server': 'disable', - 'websphere-server': 'disable' - } - - set_method_mock.assert_called_with('firewall', 'vip', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_vip_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vip': { - 'arp_reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'dns_mapping_ttl': '6', - 'extintf': 'test_value_7', - 'extip': 'test_value_8', - 'extport': 'test_value_9', - 'gratuitous_arp_interval': '10', - 'http_cookie_age': '11', - 'http_cookie_domain': 'test_value_12', - 'http_cookie_domain_from_host': 'disable', - 'http_cookie_generation': '14', - 'http_cookie_path': 'test_value_15', - 'http_cookie_share': 'disable', - 'http_ip_header': 'enable', - 'http_ip_header_name': 'test_value_18', - 'http_multiplex': 'enable', - 'https_cookie_secure': 'disable', - 'id': '21', - 'ldb_method': 'static', - 'mapped_addr': 'test_value_23', - 'mappedport': 'test_value_24', - 'max_embryonic_connections': '25', - 'name': 'default_name_26', - 'nat_source_vip': 'disable', - 'outlook_web_access': 'disable', - 'persistence': 'none', - 'portforward': 'disable', - 'portmapping_type': '1-to-1', - 'protocol': 'tcp', - 'server_type': 'http', - 'ssl_algorithm': 'high', - 'ssl_certificate': 'test_value_35', - 'ssl_client_fallback': 'disable', - 'ssl_client_renegotiation': 'allow', - 'ssl_client_session_state_max': '38', - 'ssl_client_session_state_timeout': '39', - 'ssl_client_session_state_type': 'disable', - 'ssl_dh_bits': '768', - 'ssl_hpkp': 'disable', - 'ssl_hpkp_age': '43', - 'ssl_hpkp_backup': 'test_value_44', - 'ssl_hpkp_include_subdomains': 'disable', - 'ssl_hpkp_primary': 'test_value_46', - 'ssl_hpkp_report_uri': 'test_value_47', - 'ssl_hsts': 'disable', - 'ssl_hsts_age': '49', - 'ssl_hsts_include_subdomains': 'disable', - 'ssl_http_location_conversion': 'enable', - 'ssl_http_match_host': 'enable', - 'ssl_max_version': 'ssl-3.0', - 'ssl_min_version': 'ssl-3.0', - 'ssl_mode': 'half', - 'ssl_pfs': 'require', - 'ssl_send_empty_frags': 'enable', - 'ssl_server_algorithm': 'high', - 'ssl_server_max_version': 'ssl-3.0', - 'ssl_server_min_version': 'ssl-3.0', - 'ssl_server_session_state_max': '61', - 'ssl_server_session_state_timeout': '62', - 'ssl_server_session_state_type': 'disable', - 'type': 'static-nat', - 'uuid': 'test_value_65', - 'weblogic_server': 'disable', - 'websphere_server': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vip.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'arp-reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'dns-mapping-ttl': '6', - 'extintf': 'test_value_7', - 'extip': 'test_value_8', - 'extport': 'test_value_9', - 'gratuitous-arp-interval': '10', - 'http-cookie-age': '11', - 'http-cookie-domain': 'test_value_12', - 'http-cookie-domain-from-host': 'disable', - 'http-cookie-generation': '14', - 'http-cookie-path': 'test_value_15', - 'http-cookie-share': 'disable', - 'http-ip-header': 'enable', - 'http-ip-header-name': 'test_value_18', - 'http-multiplex': 'enable', - 'https-cookie-secure': 'disable', - 'id': '21', - 'ldb-method': 'static', - 'mapped-addr': 'test_value_23', - 'mappedport': 'test_value_24', - 'max-embryonic-connections': '25', - 'name': 'default_name_26', - 'nat-source-vip': 'disable', - 'outlook-web-access': 'disable', - 'persistence': 'none', - 'portforward': 'disable', - 'portmapping-type': '1-to-1', - 'protocol': 'tcp', - 'server-type': 'http', - 'ssl-algorithm': 'high', - 'ssl-certificate': 'test_value_35', - 'ssl-client-fallback': 'disable', - 'ssl-client-renegotiation': 'allow', - 'ssl-client-session-state-max': '38', - 'ssl-client-session-state-timeout': '39', - 'ssl-client-session-state-type': 'disable', - 'ssl-dh-bits': '768', - 'ssl-hpkp': 'disable', - 'ssl-hpkp-age': '43', - 'ssl-hpkp-backup': 'test_value_44', - 'ssl-hpkp-include-subdomains': 'disable', - 'ssl-hpkp-primary': 'test_value_46', - 'ssl-hpkp-report-uri': 'test_value_47', - 'ssl-hsts': 'disable', - 'ssl-hsts-age': '49', - 'ssl-hsts-include-subdomains': 'disable', - 'ssl-http-location-conversion': 'enable', - 'ssl-http-match-host': 'enable', - 'ssl-max-version': 'ssl-3.0', - 'ssl-min-version': 'ssl-3.0', - 'ssl-mode': 'half', - 'ssl-pfs': 'require', - 'ssl-send-empty-frags': 'enable', - 'ssl-server-algorithm': 'high', - 'ssl-server-max-version': 'ssl-3.0', - 'ssl-server-min-version': 'ssl-3.0', - 'ssl-server-session-state-max': '61', - 'ssl-server-session-state-timeout': '62', - 'ssl-server-session-state-type': 'disable', - 'type': 'static-nat', - 'uuid': 'test_value_65', - 'weblogic-server': 'disable', - 'websphere-server': 'disable' - } - - set_method_mock.assert_called_with('firewall', 'vip', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_vip_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_vip': { - 'arp_reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'dns_mapping_ttl': '6', - 'extintf': 'test_value_7', - 'extip': 'test_value_8', - 'extport': 'test_value_9', - 'gratuitous_arp_interval': '10', - 'http_cookie_age': '11', - 'http_cookie_domain': 'test_value_12', - 'http_cookie_domain_from_host': 'disable', - 'http_cookie_generation': '14', - 'http_cookie_path': 'test_value_15', - 'http_cookie_share': 'disable', - 'http_ip_header': 'enable', - 'http_ip_header_name': 'test_value_18', - 'http_multiplex': 'enable', - 'https_cookie_secure': 'disable', - 'id': '21', - 'ldb_method': 'static', - 'mapped_addr': 'test_value_23', - 'mappedport': 'test_value_24', - 'max_embryonic_connections': '25', - 'name': 'default_name_26', - 'nat_source_vip': 'disable', - 'outlook_web_access': 'disable', - 'persistence': 'none', - 'portforward': 'disable', - 'portmapping_type': '1-to-1', - 'protocol': 'tcp', - 'server_type': 'http', - 'ssl_algorithm': 'high', - 'ssl_certificate': 'test_value_35', - 'ssl_client_fallback': 'disable', - 'ssl_client_renegotiation': 'allow', - 'ssl_client_session_state_max': '38', - 'ssl_client_session_state_timeout': '39', - 'ssl_client_session_state_type': 'disable', - 'ssl_dh_bits': '768', - 'ssl_hpkp': 'disable', - 'ssl_hpkp_age': '43', - 'ssl_hpkp_backup': 'test_value_44', - 'ssl_hpkp_include_subdomains': 'disable', - 'ssl_hpkp_primary': 'test_value_46', - 'ssl_hpkp_report_uri': 'test_value_47', - 'ssl_hsts': 'disable', - 'ssl_hsts_age': '49', - 'ssl_hsts_include_subdomains': 'disable', - 'ssl_http_location_conversion': 'enable', - 'ssl_http_match_host': 'enable', - 'ssl_max_version': 'ssl-3.0', - 'ssl_min_version': 'ssl-3.0', - 'ssl_mode': 'half', - 'ssl_pfs': 'require', - 'ssl_send_empty_frags': 'enable', - 'ssl_server_algorithm': 'high', - 'ssl_server_max_version': 'ssl-3.0', - 'ssl_server_min_version': 'ssl-3.0', - 'ssl_server_session_state_max': '61', - 'ssl_server_session_state_timeout': '62', - 'ssl_server_session_state_type': 'disable', - 'type': 'static-nat', - 'uuid': 'test_value_65', - 'weblogic_server': 'disable', - 'websphere_server': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vip.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'vip', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_vip_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_vip': { - 'arp_reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'dns_mapping_ttl': '6', - 'extintf': 'test_value_7', - 'extip': 'test_value_8', - 'extport': 'test_value_9', - 'gratuitous_arp_interval': '10', - 'http_cookie_age': '11', - 'http_cookie_domain': 'test_value_12', - 'http_cookie_domain_from_host': 'disable', - 'http_cookie_generation': '14', - 'http_cookie_path': 'test_value_15', - 'http_cookie_share': 'disable', - 'http_ip_header': 'enable', - 'http_ip_header_name': 'test_value_18', - 'http_multiplex': 'enable', - 'https_cookie_secure': 'disable', - 'id': '21', - 'ldb_method': 'static', - 'mapped_addr': 'test_value_23', - 'mappedport': 'test_value_24', - 'max_embryonic_connections': '25', - 'name': 'default_name_26', - 'nat_source_vip': 'disable', - 'outlook_web_access': 'disable', - 'persistence': 'none', - 'portforward': 'disable', - 'portmapping_type': '1-to-1', - 'protocol': 'tcp', - 'server_type': 'http', - 'ssl_algorithm': 'high', - 'ssl_certificate': 'test_value_35', - 'ssl_client_fallback': 'disable', - 'ssl_client_renegotiation': 'allow', - 'ssl_client_session_state_max': '38', - 'ssl_client_session_state_timeout': '39', - 'ssl_client_session_state_type': 'disable', - 'ssl_dh_bits': '768', - 'ssl_hpkp': 'disable', - 'ssl_hpkp_age': '43', - 'ssl_hpkp_backup': 'test_value_44', - 'ssl_hpkp_include_subdomains': 'disable', - 'ssl_hpkp_primary': 'test_value_46', - 'ssl_hpkp_report_uri': 'test_value_47', - 'ssl_hsts': 'disable', - 'ssl_hsts_age': '49', - 'ssl_hsts_include_subdomains': 'disable', - 'ssl_http_location_conversion': 'enable', - 'ssl_http_match_host': 'enable', - 'ssl_max_version': 'ssl-3.0', - 'ssl_min_version': 'ssl-3.0', - 'ssl_mode': 'half', - 'ssl_pfs': 'require', - 'ssl_send_empty_frags': 'enable', - 'ssl_server_algorithm': 'high', - 'ssl_server_max_version': 'ssl-3.0', - 'ssl_server_min_version': 'ssl-3.0', - 'ssl_server_session_state_max': '61', - 'ssl_server_session_state_timeout': '62', - 'ssl_server_session_state_type': 'disable', - 'type': 'static-nat', - 'uuid': 'test_value_65', - 'weblogic_server': 'disable', - 'websphere_server': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vip.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'vip', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_vip_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vip': { - 'arp_reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'dns_mapping_ttl': '6', - 'extintf': 'test_value_7', - 'extip': 'test_value_8', - 'extport': 'test_value_9', - 'gratuitous_arp_interval': '10', - 'http_cookie_age': '11', - 'http_cookie_domain': 'test_value_12', - 'http_cookie_domain_from_host': 'disable', - 'http_cookie_generation': '14', - 'http_cookie_path': 'test_value_15', - 'http_cookie_share': 'disable', - 'http_ip_header': 'enable', - 'http_ip_header_name': 'test_value_18', - 'http_multiplex': 'enable', - 'https_cookie_secure': 'disable', - 'id': '21', - 'ldb_method': 'static', - 'mapped_addr': 'test_value_23', - 'mappedport': 'test_value_24', - 'max_embryonic_connections': '25', - 'name': 'default_name_26', - 'nat_source_vip': 'disable', - 'outlook_web_access': 'disable', - 'persistence': 'none', - 'portforward': 'disable', - 'portmapping_type': '1-to-1', - 'protocol': 'tcp', - 'server_type': 'http', - 'ssl_algorithm': 'high', - 'ssl_certificate': 'test_value_35', - 'ssl_client_fallback': 'disable', - 'ssl_client_renegotiation': 'allow', - 'ssl_client_session_state_max': '38', - 'ssl_client_session_state_timeout': '39', - 'ssl_client_session_state_type': 'disable', - 'ssl_dh_bits': '768', - 'ssl_hpkp': 'disable', - 'ssl_hpkp_age': '43', - 'ssl_hpkp_backup': 'test_value_44', - 'ssl_hpkp_include_subdomains': 'disable', - 'ssl_hpkp_primary': 'test_value_46', - 'ssl_hpkp_report_uri': 'test_value_47', - 'ssl_hsts': 'disable', - 'ssl_hsts_age': '49', - 'ssl_hsts_include_subdomains': 'disable', - 'ssl_http_location_conversion': 'enable', - 'ssl_http_match_host': 'enable', - 'ssl_max_version': 'ssl-3.0', - 'ssl_min_version': 'ssl-3.0', - 'ssl_mode': 'half', - 'ssl_pfs': 'require', - 'ssl_send_empty_frags': 'enable', - 'ssl_server_algorithm': 'high', - 'ssl_server_max_version': 'ssl-3.0', - 'ssl_server_min_version': 'ssl-3.0', - 'ssl_server_session_state_max': '61', - 'ssl_server_session_state_timeout': '62', - 'ssl_server_session_state_type': 'disable', - 'type': 'static-nat', - 'uuid': 'test_value_65', - 'weblogic_server': 'disable', - 'websphere_server': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vip.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'arp-reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'dns-mapping-ttl': '6', - 'extintf': 'test_value_7', - 'extip': 'test_value_8', - 'extport': 'test_value_9', - 'gratuitous-arp-interval': '10', - 'http-cookie-age': '11', - 'http-cookie-domain': 'test_value_12', - 'http-cookie-domain-from-host': 'disable', - 'http-cookie-generation': '14', - 'http-cookie-path': 'test_value_15', - 'http-cookie-share': 'disable', - 'http-ip-header': 'enable', - 'http-ip-header-name': 'test_value_18', - 'http-multiplex': 'enable', - 'https-cookie-secure': 'disable', - 'id': '21', - 'ldb-method': 'static', - 'mapped-addr': 'test_value_23', - 'mappedport': 'test_value_24', - 'max-embryonic-connections': '25', - 'name': 'default_name_26', - 'nat-source-vip': 'disable', - 'outlook-web-access': 'disable', - 'persistence': 'none', - 'portforward': 'disable', - 'portmapping-type': '1-to-1', - 'protocol': 'tcp', - 'server-type': 'http', - 'ssl-algorithm': 'high', - 'ssl-certificate': 'test_value_35', - 'ssl-client-fallback': 'disable', - 'ssl-client-renegotiation': 'allow', - 'ssl-client-session-state-max': '38', - 'ssl-client-session-state-timeout': '39', - 'ssl-client-session-state-type': 'disable', - 'ssl-dh-bits': '768', - 'ssl-hpkp': 'disable', - 'ssl-hpkp-age': '43', - 'ssl-hpkp-backup': 'test_value_44', - 'ssl-hpkp-include-subdomains': 'disable', - 'ssl-hpkp-primary': 'test_value_46', - 'ssl-hpkp-report-uri': 'test_value_47', - 'ssl-hsts': 'disable', - 'ssl-hsts-age': '49', - 'ssl-hsts-include-subdomains': 'disable', - 'ssl-http-location-conversion': 'enable', - 'ssl-http-match-host': 'enable', - 'ssl-max-version': 'ssl-3.0', - 'ssl-min-version': 'ssl-3.0', - 'ssl-mode': 'half', - 'ssl-pfs': 'require', - 'ssl-send-empty-frags': 'enable', - 'ssl-server-algorithm': 'high', - 'ssl-server-max-version': 'ssl-3.0', - 'ssl-server-min-version': 'ssl-3.0', - 'ssl-server-session-state-max': '61', - 'ssl-server-session-state-timeout': '62', - 'ssl-server-session-state-type': 'disable', - 'type': 'static-nat', - 'uuid': 'test_value_65', - 'weblogic-server': 'disable', - 'websphere-server': 'disable' - } - - set_method_mock.assert_called_with('firewall', 'vip', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_vip_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vip': { - 'random_attribute_not_valid': 'tag', - 'arp_reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'dns_mapping_ttl': '6', - 'extintf': 'test_value_7', - 'extip': 'test_value_8', - 'extport': 'test_value_9', - 'gratuitous_arp_interval': '10', - 'http_cookie_age': '11', - 'http_cookie_domain': 'test_value_12', - 'http_cookie_domain_from_host': 'disable', - 'http_cookie_generation': '14', - 'http_cookie_path': 'test_value_15', - 'http_cookie_share': 'disable', - 'http_ip_header': 'enable', - 'http_ip_header_name': 'test_value_18', - 'http_multiplex': 'enable', - 'https_cookie_secure': 'disable', - 'id': '21', - 'ldb_method': 'static', - 'mapped_addr': 'test_value_23', - 'mappedport': 'test_value_24', - 'max_embryonic_connections': '25', - 'name': 'default_name_26', - 'nat_source_vip': 'disable', - 'outlook_web_access': 'disable', - 'persistence': 'none', - 'portforward': 'disable', - 'portmapping_type': '1-to-1', - 'protocol': 'tcp', - 'server_type': 'http', - 'ssl_algorithm': 'high', - 'ssl_certificate': 'test_value_35', - 'ssl_client_fallback': 'disable', - 'ssl_client_renegotiation': 'allow', - 'ssl_client_session_state_max': '38', - 'ssl_client_session_state_timeout': '39', - 'ssl_client_session_state_type': 'disable', - 'ssl_dh_bits': '768', - 'ssl_hpkp': 'disable', - 'ssl_hpkp_age': '43', - 'ssl_hpkp_backup': 'test_value_44', - 'ssl_hpkp_include_subdomains': 'disable', - 'ssl_hpkp_primary': 'test_value_46', - 'ssl_hpkp_report_uri': 'test_value_47', - 'ssl_hsts': 'disable', - 'ssl_hsts_age': '49', - 'ssl_hsts_include_subdomains': 'disable', - 'ssl_http_location_conversion': 'enable', - 'ssl_http_match_host': 'enable', - 'ssl_max_version': 'ssl-3.0', - 'ssl_min_version': 'ssl-3.0', - 'ssl_mode': 'half', - 'ssl_pfs': 'require', - 'ssl_send_empty_frags': 'enable', - 'ssl_server_algorithm': 'high', - 'ssl_server_max_version': 'ssl-3.0', - 'ssl_server_min_version': 'ssl-3.0', - 'ssl_server_session_state_max': '61', - 'ssl_server_session_state_timeout': '62', - 'ssl_server_session_state_type': 'disable', - 'type': 'static-nat', - 'uuid': 'test_value_65', - 'weblogic_server': 'disable', - 'websphere_server': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vip.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'arp-reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'dns-mapping-ttl': '6', - 'extintf': 'test_value_7', - 'extip': 'test_value_8', - 'extport': 'test_value_9', - 'gratuitous-arp-interval': '10', - 'http-cookie-age': '11', - 'http-cookie-domain': 'test_value_12', - 'http-cookie-domain-from-host': 'disable', - 'http-cookie-generation': '14', - 'http-cookie-path': 'test_value_15', - 'http-cookie-share': 'disable', - 'http-ip-header': 'enable', - 'http-ip-header-name': 'test_value_18', - 'http-multiplex': 'enable', - 'https-cookie-secure': 'disable', - 'id': '21', - 'ldb-method': 'static', - 'mapped-addr': 'test_value_23', - 'mappedport': 'test_value_24', - 'max-embryonic-connections': '25', - 'name': 'default_name_26', - 'nat-source-vip': 'disable', - 'outlook-web-access': 'disable', - 'persistence': 'none', - 'portforward': 'disable', - 'portmapping-type': '1-to-1', - 'protocol': 'tcp', - 'server-type': 'http', - 'ssl-algorithm': 'high', - 'ssl-certificate': 'test_value_35', - 'ssl-client-fallback': 'disable', - 'ssl-client-renegotiation': 'allow', - 'ssl-client-session-state-max': '38', - 'ssl-client-session-state-timeout': '39', - 'ssl-client-session-state-type': 'disable', - 'ssl-dh-bits': '768', - 'ssl-hpkp': 'disable', - 'ssl-hpkp-age': '43', - 'ssl-hpkp-backup': 'test_value_44', - 'ssl-hpkp-include-subdomains': 'disable', - 'ssl-hpkp-primary': 'test_value_46', - 'ssl-hpkp-report-uri': 'test_value_47', - 'ssl-hsts': 'disable', - 'ssl-hsts-age': '49', - 'ssl-hsts-include-subdomains': 'disable', - 'ssl-http-location-conversion': 'enable', - 'ssl-http-match-host': 'enable', - 'ssl-max-version': 'ssl-3.0', - 'ssl-min-version': 'ssl-3.0', - 'ssl-mode': 'half', - 'ssl-pfs': 'require', - 'ssl-send-empty-frags': 'enable', - 'ssl-server-algorithm': 'high', - 'ssl-server-max-version': 'ssl-3.0', - 'ssl-server-min-version': 'ssl-3.0', - 'ssl-server-session-state-max': '61', - 'ssl-server-session-state-timeout': '62', - 'ssl-server-session-state-type': 'disable', - 'type': 'static-nat', - 'uuid': 'test_value_65', - 'weblogic-server': 'disable', - 'websphere-server': 'disable' - } - - set_method_mock.assert_called_with('firewall', 'vip', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_vip46.py b/test/units/modules/network/fortios/test_fortios_firewall_vip46.py deleted file mode 100644 index dd8cacb67da..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_vip46.py +++ /dev/null @@ -1,339 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_vip46 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_vip46.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_vip46_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vip46': { - 'arp_reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'id': '8', - 'ldb_method': 'static', - 'mappedip': 'test_value_10', - 'mappedport': 'test_value_11', - 'name': 'default_name_12', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server_type': 'http', - 'type': 'static-nat', - 'uuid': 'test_value_17' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vip46.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'arp-reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'id': '8', - 'ldb-method': 'static', - 'mappedip': 'test_value_10', - 'mappedport': 'test_value_11', - 'name': 'default_name_12', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server-type': 'http', - 'type': 'static-nat', - 'uuid': 'test_value_17' - } - - set_method_mock.assert_called_with('firewall', 'vip46', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_vip46_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vip46': { - 'arp_reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'id': '8', - 'ldb_method': 'static', - 'mappedip': 'test_value_10', - 'mappedport': 'test_value_11', - 'name': 'default_name_12', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server_type': 'http', - 'type': 'static-nat', - 'uuid': 'test_value_17' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vip46.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'arp-reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'id': '8', - 'ldb-method': 'static', - 'mappedip': 'test_value_10', - 'mappedport': 'test_value_11', - 'name': 'default_name_12', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server-type': 'http', - 'type': 'static-nat', - 'uuid': 'test_value_17' - } - - set_method_mock.assert_called_with('firewall', 'vip46', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_vip46_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_vip46': { - 'arp_reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'id': '8', - 'ldb_method': 'static', - 'mappedip': 'test_value_10', - 'mappedport': 'test_value_11', - 'name': 'default_name_12', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server_type': 'http', - 'type': 'static-nat', - 'uuid': 'test_value_17' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vip46.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'vip46', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_vip46_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_vip46': { - 'arp_reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'id': '8', - 'ldb_method': 'static', - 'mappedip': 'test_value_10', - 'mappedport': 'test_value_11', - 'name': 'default_name_12', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server_type': 'http', - 'type': 'static-nat', - 'uuid': 'test_value_17' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vip46.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'vip46', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_vip46_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vip46': { - 'arp_reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'id': '8', - 'ldb_method': 'static', - 'mappedip': 'test_value_10', - 'mappedport': 'test_value_11', - 'name': 'default_name_12', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server_type': 'http', - 'type': 'static-nat', - 'uuid': 'test_value_17' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vip46.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'arp-reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'id': '8', - 'ldb-method': 'static', - 'mappedip': 'test_value_10', - 'mappedport': 'test_value_11', - 'name': 'default_name_12', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server-type': 'http', - 'type': 'static-nat', - 'uuid': 'test_value_17' - } - - set_method_mock.assert_called_with('firewall', 'vip46', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_vip46_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vip46': { - 'random_attribute_not_valid': 'tag', - 'arp_reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'id': '8', - 'ldb_method': 'static', - 'mappedip': 'test_value_10', - 'mappedport': 'test_value_11', - 'name': 'default_name_12', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server_type': 'http', - 'type': 'static-nat', - 'uuid': 'test_value_17' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vip46.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'arp-reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'id': '8', - 'ldb-method': 'static', - 'mappedip': 'test_value_10', - 'mappedport': 'test_value_11', - 'name': 'default_name_12', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server-type': 'http', - 'type': 'static-nat', - 'uuid': 'test_value_17' - } - - set_method_mock.assert_called_with('firewall', 'vip46', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_vip6.py b/test/units/modules/network/fortios/test_fortios_firewall_vip6.py deleted file mode 100644 index 2d6aaf036c1..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_vip6.py +++ /dev/null @@ -1,789 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_vip6 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_vip6.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_vip6_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vip6': { - 'arp_reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'http_cookie_age': '8', - 'http_cookie_domain': 'test_value_9', - 'http_cookie_domain_from_host': 'disable', - 'http_cookie_generation': '11', - 'http_cookie_path': 'test_value_12', - 'http_cookie_share': 'disable', - 'http_ip_header': 'enable', - 'http_ip_header_name': 'test_value_15', - 'http_multiplex': 'enable', - 'https_cookie_secure': 'disable', - 'id': '18', - 'ldb_method': 'static', - 'mappedip': 'test_value_20', - 'mappedport': 'test_value_21', - 'max_embryonic_connections': '22', - 'name': 'default_name_23', - 'outlook_web_access': 'disable', - 'persistence': 'none', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server_type': 'http', - 'ssl_algorithm': 'high', - 'ssl_certificate': 'test_value_30', - 'ssl_client_fallback': 'disable', - 'ssl_client_renegotiation': 'allow', - 'ssl_client_session_state_max': '33', - 'ssl_client_session_state_timeout': '34', - 'ssl_client_session_state_type': 'disable', - 'ssl_dh_bits': '768', - 'ssl_hpkp': 'disable', - 'ssl_hpkp_age': '38', - 'ssl_hpkp_backup': 'test_value_39', - 'ssl_hpkp_include_subdomains': 'disable', - 'ssl_hpkp_primary': 'test_value_41', - 'ssl_hpkp_report_uri': 'test_value_42', - 'ssl_hsts': 'disable', - 'ssl_hsts_age': '44', - 'ssl_hsts_include_subdomains': 'disable', - 'ssl_http_location_conversion': 'enable', - 'ssl_http_match_host': 'enable', - 'ssl_max_version': 'ssl-3.0', - 'ssl_min_version': 'ssl-3.0', - 'ssl_mode': 'half', - 'ssl_pfs': 'require', - 'ssl_send_empty_frags': 'enable', - 'ssl_server_algorithm': 'high', - 'ssl_server_max_version': 'ssl-3.0', - 'ssl_server_min_version': 'ssl-3.0', - 'ssl_server_session_state_max': '56', - 'ssl_server_session_state_timeout': '57', - 'ssl_server_session_state_type': 'disable', - 'type': 'static-nat', - 'uuid': 'test_value_60', - 'weblogic_server': 'disable', - 'websphere_server': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vip6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'arp-reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'http-cookie-age': '8', - 'http-cookie-domain': 'test_value_9', - 'http-cookie-domain-from-host': 'disable', - 'http-cookie-generation': '11', - 'http-cookie-path': 'test_value_12', - 'http-cookie-share': 'disable', - 'http-ip-header': 'enable', - 'http-ip-header-name': 'test_value_15', - 'http-multiplex': 'enable', - 'https-cookie-secure': 'disable', - 'id': '18', - 'ldb-method': 'static', - 'mappedip': 'test_value_20', - 'mappedport': 'test_value_21', - 'max-embryonic-connections': '22', - 'name': 'default_name_23', - 'outlook-web-access': 'disable', - 'persistence': 'none', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server-type': 'http', - 'ssl-algorithm': 'high', - 'ssl-certificate': 'test_value_30', - 'ssl-client-fallback': 'disable', - 'ssl-client-renegotiation': 'allow', - 'ssl-client-session-state-max': '33', - 'ssl-client-session-state-timeout': '34', - 'ssl-client-session-state-type': 'disable', - 'ssl-dh-bits': '768', - 'ssl-hpkp': 'disable', - 'ssl-hpkp-age': '38', - 'ssl-hpkp-backup': 'test_value_39', - 'ssl-hpkp-include-subdomains': 'disable', - 'ssl-hpkp-primary': 'test_value_41', - 'ssl-hpkp-report-uri': 'test_value_42', - 'ssl-hsts': 'disable', - 'ssl-hsts-age': '44', - 'ssl-hsts-include-subdomains': 'disable', - 'ssl-http-location-conversion': 'enable', - 'ssl-http-match-host': 'enable', - 'ssl-max-version': 'ssl-3.0', - 'ssl-min-version': 'ssl-3.0', - 'ssl-mode': 'half', - 'ssl-pfs': 'require', - 'ssl-send-empty-frags': 'enable', - 'ssl-server-algorithm': 'high', - 'ssl-server-max-version': 'ssl-3.0', - 'ssl-server-min-version': 'ssl-3.0', - 'ssl-server-session-state-max': '56', - 'ssl-server-session-state-timeout': '57', - 'ssl-server-session-state-type': 'disable', - 'type': 'static-nat', - 'uuid': 'test_value_60', - 'weblogic-server': 'disable', - 'websphere-server': 'disable' - } - - set_method_mock.assert_called_with('firewall', 'vip6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_vip6_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vip6': { - 'arp_reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'http_cookie_age': '8', - 'http_cookie_domain': 'test_value_9', - 'http_cookie_domain_from_host': 'disable', - 'http_cookie_generation': '11', - 'http_cookie_path': 'test_value_12', - 'http_cookie_share': 'disable', - 'http_ip_header': 'enable', - 'http_ip_header_name': 'test_value_15', - 'http_multiplex': 'enable', - 'https_cookie_secure': 'disable', - 'id': '18', - 'ldb_method': 'static', - 'mappedip': 'test_value_20', - 'mappedport': 'test_value_21', - 'max_embryonic_connections': '22', - 'name': 'default_name_23', - 'outlook_web_access': 'disable', - 'persistence': 'none', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server_type': 'http', - 'ssl_algorithm': 'high', - 'ssl_certificate': 'test_value_30', - 'ssl_client_fallback': 'disable', - 'ssl_client_renegotiation': 'allow', - 'ssl_client_session_state_max': '33', - 'ssl_client_session_state_timeout': '34', - 'ssl_client_session_state_type': 'disable', - 'ssl_dh_bits': '768', - 'ssl_hpkp': 'disable', - 'ssl_hpkp_age': '38', - 'ssl_hpkp_backup': 'test_value_39', - 'ssl_hpkp_include_subdomains': 'disable', - 'ssl_hpkp_primary': 'test_value_41', - 'ssl_hpkp_report_uri': 'test_value_42', - 'ssl_hsts': 'disable', - 'ssl_hsts_age': '44', - 'ssl_hsts_include_subdomains': 'disable', - 'ssl_http_location_conversion': 'enable', - 'ssl_http_match_host': 'enable', - 'ssl_max_version': 'ssl-3.0', - 'ssl_min_version': 'ssl-3.0', - 'ssl_mode': 'half', - 'ssl_pfs': 'require', - 'ssl_send_empty_frags': 'enable', - 'ssl_server_algorithm': 'high', - 'ssl_server_max_version': 'ssl-3.0', - 'ssl_server_min_version': 'ssl-3.0', - 'ssl_server_session_state_max': '56', - 'ssl_server_session_state_timeout': '57', - 'ssl_server_session_state_type': 'disable', - 'type': 'static-nat', - 'uuid': 'test_value_60', - 'weblogic_server': 'disable', - 'websphere_server': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vip6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'arp-reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'http-cookie-age': '8', - 'http-cookie-domain': 'test_value_9', - 'http-cookie-domain-from-host': 'disable', - 'http-cookie-generation': '11', - 'http-cookie-path': 'test_value_12', - 'http-cookie-share': 'disable', - 'http-ip-header': 'enable', - 'http-ip-header-name': 'test_value_15', - 'http-multiplex': 'enable', - 'https-cookie-secure': 'disable', - 'id': '18', - 'ldb-method': 'static', - 'mappedip': 'test_value_20', - 'mappedport': 'test_value_21', - 'max-embryonic-connections': '22', - 'name': 'default_name_23', - 'outlook-web-access': 'disable', - 'persistence': 'none', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server-type': 'http', - 'ssl-algorithm': 'high', - 'ssl-certificate': 'test_value_30', - 'ssl-client-fallback': 'disable', - 'ssl-client-renegotiation': 'allow', - 'ssl-client-session-state-max': '33', - 'ssl-client-session-state-timeout': '34', - 'ssl-client-session-state-type': 'disable', - 'ssl-dh-bits': '768', - 'ssl-hpkp': 'disable', - 'ssl-hpkp-age': '38', - 'ssl-hpkp-backup': 'test_value_39', - 'ssl-hpkp-include-subdomains': 'disable', - 'ssl-hpkp-primary': 'test_value_41', - 'ssl-hpkp-report-uri': 'test_value_42', - 'ssl-hsts': 'disable', - 'ssl-hsts-age': '44', - 'ssl-hsts-include-subdomains': 'disable', - 'ssl-http-location-conversion': 'enable', - 'ssl-http-match-host': 'enable', - 'ssl-max-version': 'ssl-3.0', - 'ssl-min-version': 'ssl-3.0', - 'ssl-mode': 'half', - 'ssl-pfs': 'require', - 'ssl-send-empty-frags': 'enable', - 'ssl-server-algorithm': 'high', - 'ssl-server-max-version': 'ssl-3.0', - 'ssl-server-min-version': 'ssl-3.0', - 'ssl-server-session-state-max': '56', - 'ssl-server-session-state-timeout': '57', - 'ssl-server-session-state-type': 'disable', - 'type': 'static-nat', - 'uuid': 'test_value_60', - 'weblogic-server': 'disable', - 'websphere-server': 'disable' - } - - set_method_mock.assert_called_with('firewall', 'vip6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_vip6_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_vip6': { - 'arp_reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'http_cookie_age': '8', - 'http_cookie_domain': 'test_value_9', - 'http_cookie_domain_from_host': 'disable', - 'http_cookie_generation': '11', - 'http_cookie_path': 'test_value_12', - 'http_cookie_share': 'disable', - 'http_ip_header': 'enable', - 'http_ip_header_name': 'test_value_15', - 'http_multiplex': 'enable', - 'https_cookie_secure': 'disable', - 'id': '18', - 'ldb_method': 'static', - 'mappedip': 'test_value_20', - 'mappedport': 'test_value_21', - 'max_embryonic_connections': '22', - 'name': 'default_name_23', - 'outlook_web_access': 'disable', - 'persistence': 'none', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server_type': 'http', - 'ssl_algorithm': 'high', - 'ssl_certificate': 'test_value_30', - 'ssl_client_fallback': 'disable', - 'ssl_client_renegotiation': 'allow', - 'ssl_client_session_state_max': '33', - 'ssl_client_session_state_timeout': '34', - 'ssl_client_session_state_type': 'disable', - 'ssl_dh_bits': '768', - 'ssl_hpkp': 'disable', - 'ssl_hpkp_age': '38', - 'ssl_hpkp_backup': 'test_value_39', - 'ssl_hpkp_include_subdomains': 'disable', - 'ssl_hpkp_primary': 'test_value_41', - 'ssl_hpkp_report_uri': 'test_value_42', - 'ssl_hsts': 'disable', - 'ssl_hsts_age': '44', - 'ssl_hsts_include_subdomains': 'disable', - 'ssl_http_location_conversion': 'enable', - 'ssl_http_match_host': 'enable', - 'ssl_max_version': 'ssl-3.0', - 'ssl_min_version': 'ssl-3.0', - 'ssl_mode': 'half', - 'ssl_pfs': 'require', - 'ssl_send_empty_frags': 'enable', - 'ssl_server_algorithm': 'high', - 'ssl_server_max_version': 'ssl-3.0', - 'ssl_server_min_version': 'ssl-3.0', - 'ssl_server_session_state_max': '56', - 'ssl_server_session_state_timeout': '57', - 'ssl_server_session_state_type': 'disable', - 'type': 'static-nat', - 'uuid': 'test_value_60', - 'weblogic_server': 'disable', - 'websphere_server': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vip6.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'vip6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_vip6_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_vip6': { - 'arp_reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'http_cookie_age': '8', - 'http_cookie_domain': 'test_value_9', - 'http_cookie_domain_from_host': 'disable', - 'http_cookie_generation': '11', - 'http_cookie_path': 'test_value_12', - 'http_cookie_share': 'disable', - 'http_ip_header': 'enable', - 'http_ip_header_name': 'test_value_15', - 'http_multiplex': 'enable', - 'https_cookie_secure': 'disable', - 'id': '18', - 'ldb_method': 'static', - 'mappedip': 'test_value_20', - 'mappedport': 'test_value_21', - 'max_embryonic_connections': '22', - 'name': 'default_name_23', - 'outlook_web_access': 'disable', - 'persistence': 'none', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server_type': 'http', - 'ssl_algorithm': 'high', - 'ssl_certificate': 'test_value_30', - 'ssl_client_fallback': 'disable', - 'ssl_client_renegotiation': 'allow', - 'ssl_client_session_state_max': '33', - 'ssl_client_session_state_timeout': '34', - 'ssl_client_session_state_type': 'disable', - 'ssl_dh_bits': '768', - 'ssl_hpkp': 'disable', - 'ssl_hpkp_age': '38', - 'ssl_hpkp_backup': 'test_value_39', - 'ssl_hpkp_include_subdomains': 'disable', - 'ssl_hpkp_primary': 'test_value_41', - 'ssl_hpkp_report_uri': 'test_value_42', - 'ssl_hsts': 'disable', - 'ssl_hsts_age': '44', - 'ssl_hsts_include_subdomains': 'disable', - 'ssl_http_location_conversion': 'enable', - 'ssl_http_match_host': 'enable', - 'ssl_max_version': 'ssl-3.0', - 'ssl_min_version': 'ssl-3.0', - 'ssl_mode': 'half', - 'ssl_pfs': 'require', - 'ssl_send_empty_frags': 'enable', - 'ssl_server_algorithm': 'high', - 'ssl_server_max_version': 'ssl-3.0', - 'ssl_server_min_version': 'ssl-3.0', - 'ssl_server_session_state_max': '56', - 'ssl_server_session_state_timeout': '57', - 'ssl_server_session_state_type': 'disable', - 'type': 'static-nat', - 'uuid': 'test_value_60', - 'weblogic_server': 'disable', - 'websphere_server': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vip6.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'vip6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_vip6_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vip6': { - 'arp_reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'http_cookie_age': '8', - 'http_cookie_domain': 'test_value_9', - 'http_cookie_domain_from_host': 'disable', - 'http_cookie_generation': '11', - 'http_cookie_path': 'test_value_12', - 'http_cookie_share': 'disable', - 'http_ip_header': 'enable', - 'http_ip_header_name': 'test_value_15', - 'http_multiplex': 'enable', - 'https_cookie_secure': 'disable', - 'id': '18', - 'ldb_method': 'static', - 'mappedip': 'test_value_20', - 'mappedport': 'test_value_21', - 'max_embryonic_connections': '22', - 'name': 'default_name_23', - 'outlook_web_access': 'disable', - 'persistence': 'none', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server_type': 'http', - 'ssl_algorithm': 'high', - 'ssl_certificate': 'test_value_30', - 'ssl_client_fallback': 'disable', - 'ssl_client_renegotiation': 'allow', - 'ssl_client_session_state_max': '33', - 'ssl_client_session_state_timeout': '34', - 'ssl_client_session_state_type': 'disable', - 'ssl_dh_bits': '768', - 'ssl_hpkp': 'disable', - 'ssl_hpkp_age': '38', - 'ssl_hpkp_backup': 'test_value_39', - 'ssl_hpkp_include_subdomains': 'disable', - 'ssl_hpkp_primary': 'test_value_41', - 'ssl_hpkp_report_uri': 'test_value_42', - 'ssl_hsts': 'disable', - 'ssl_hsts_age': '44', - 'ssl_hsts_include_subdomains': 'disable', - 'ssl_http_location_conversion': 'enable', - 'ssl_http_match_host': 'enable', - 'ssl_max_version': 'ssl-3.0', - 'ssl_min_version': 'ssl-3.0', - 'ssl_mode': 'half', - 'ssl_pfs': 'require', - 'ssl_send_empty_frags': 'enable', - 'ssl_server_algorithm': 'high', - 'ssl_server_max_version': 'ssl-3.0', - 'ssl_server_min_version': 'ssl-3.0', - 'ssl_server_session_state_max': '56', - 'ssl_server_session_state_timeout': '57', - 'ssl_server_session_state_type': 'disable', - 'type': 'static-nat', - 'uuid': 'test_value_60', - 'weblogic_server': 'disable', - 'websphere_server': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vip6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'arp-reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'http-cookie-age': '8', - 'http-cookie-domain': 'test_value_9', - 'http-cookie-domain-from-host': 'disable', - 'http-cookie-generation': '11', - 'http-cookie-path': 'test_value_12', - 'http-cookie-share': 'disable', - 'http-ip-header': 'enable', - 'http-ip-header-name': 'test_value_15', - 'http-multiplex': 'enable', - 'https-cookie-secure': 'disable', - 'id': '18', - 'ldb-method': 'static', - 'mappedip': 'test_value_20', - 'mappedport': 'test_value_21', - 'max-embryonic-connections': '22', - 'name': 'default_name_23', - 'outlook-web-access': 'disable', - 'persistence': 'none', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server-type': 'http', - 'ssl-algorithm': 'high', - 'ssl-certificate': 'test_value_30', - 'ssl-client-fallback': 'disable', - 'ssl-client-renegotiation': 'allow', - 'ssl-client-session-state-max': '33', - 'ssl-client-session-state-timeout': '34', - 'ssl-client-session-state-type': 'disable', - 'ssl-dh-bits': '768', - 'ssl-hpkp': 'disable', - 'ssl-hpkp-age': '38', - 'ssl-hpkp-backup': 'test_value_39', - 'ssl-hpkp-include-subdomains': 'disable', - 'ssl-hpkp-primary': 'test_value_41', - 'ssl-hpkp-report-uri': 'test_value_42', - 'ssl-hsts': 'disable', - 'ssl-hsts-age': '44', - 'ssl-hsts-include-subdomains': 'disable', - 'ssl-http-location-conversion': 'enable', - 'ssl-http-match-host': 'enable', - 'ssl-max-version': 'ssl-3.0', - 'ssl-min-version': 'ssl-3.0', - 'ssl-mode': 'half', - 'ssl-pfs': 'require', - 'ssl-send-empty-frags': 'enable', - 'ssl-server-algorithm': 'high', - 'ssl-server-max-version': 'ssl-3.0', - 'ssl-server-min-version': 'ssl-3.0', - 'ssl-server-session-state-max': '56', - 'ssl-server-session-state-timeout': '57', - 'ssl-server-session-state-type': 'disable', - 'type': 'static-nat', - 'uuid': 'test_value_60', - 'weblogic-server': 'disable', - 'websphere-server': 'disable' - } - - set_method_mock.assert_called_with('firewall', 'vip6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_vip6_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vip6': { - 'random_attribute_not_valid': 'tag', - 'arp_reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'http_cookie_age': '8', - 'http_cookie_domain': 'test_value_9', - 'http_cookie_domain_from_host': 'disable', - 'http_cookie_generation': '11', - 'http_cookie_path': 'test_value_12', - 'http_cookie_share': 'disable', - 'http_ip_header': 'enable', - 'http_ip_header_name': 'test_value_15', - 'http_multiplex': 'enable', - 'https_cookie_secure': 'disable', - 'id': '18', - 'ldb_method': 'static', - 'mappedip': 'test_value_20', - 'mappedport': 'test_value_21', - 'max_embryonic_connections': '22', - 'name': 'default_name_23', - 'outlook_web_access': 'disable', - 'persistence': 'none', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server_type': 'http', - 'ssl_algorithm': 'high', - 'ssl_certificate': 'test_value_30', - 'ssl_client_fallback': 'disable', - 'ssl_client_renegotiation': 'allow', - 'ssl_client_session_state_max': '33', - 'ssl_client_session_state_timeout': '34', - 'ssl_client_session_state_type': 'disable', - 'ssl_dh_bits': '768', - 'ssl_hpkp': 'disable', - 'ssl_hpkp_age': '38', - 'ssl_hpkp_backup': 'test_value_39', - 'ssl_hpkp_include_subdomains': 'disable', - 'ssl_hpkp_primary': 'test_value_41', - 'ssl_hpkp_report_uri': 'test_value_42', - 'ssl_hsts': 'disable', - 'ssl_hsts_age': '44', - 'ssl_hsts_include_subdomains': 'disable', - 'ssl_http_location_conversion': 'enable', - 'ssl_http_match_host': 'enable', - 'ssl_max_version': 'ssl-3.0', - 'ssl_min_version': 'ssl-3.0', - 'ssl_mode': 'half', - 'ssl_pfs': 'require', - 'ssl_send_empty_frags': 'enable', - 'ssl_server_algorithm': 'high', - 'ssl_server_max_version': 'ssl-3.0', - 'ssl_server_min_version': 'ssl-3.0', - 'ssl_server_session_state_max': '56', - 'ssl_server_session_state_timeout': '57', - 'ssl_server_session_state_type': 'disable', - 'type': 'static-nat', - 'uuid': 'test_value_60', - 'weblogic_server': 'disable', - 'websphere_server': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vip6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'arp-reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'http-cookie-age': '8', - 'http-cookie-domain': 'test_value_9', - 'http-cookie-domain-from-host': 'disable', - 'http-cookie-generation': '11', - 'http-cookie-path': 'test_value_12', - 'http-cookie-share': 'disable', - 'http-ip-header': 'enable', - 'http-ip-header-name': 'test_value_15', - 'http-multiplex': 'enable', - 'https-cookie-secure': 'disable', - 'id': '18', - 'ldb-method': 'static', - 'mappedip': 'test_value_20', - 'mappedport': 'test_value_21', - 'max-embryonic-connections': '22', - 'name': 'default_name_23', - 'outlook-web-access': 'disable', - 'persistence': 'none', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server-type': 'http', - 'ssl-algorithm': 'high', - 'ssl-certificate': 'test_value_30', - 'ssl-client-fallback': 'disable', - 'ssl-client-renegotiation': 'allow', - 'ssl-client-session-state-max': '33', - 'ssl-client-session-state-timeout': '34', - 'ssl-client-session-state-type': 'disable', - 'ssl-dh-bits': '768', - 'ssl-hpkp': 'disable', - 'ssl-hpkp-age': '38', - 'ssl-hpkp-backup': 'test_value_39', - 'ssl-hpkp-include-subdomains': 'disable', - 'ssl-hpkp-primary': 'test_value_41', - 'ssl-hpkp-report-uri': 'test_value_42', - 'ssl-hsts': 'disable', - 'ssl-hsts-age': '44', - 'ssl-hsts-include-subdomains': 'disable', - 'ssl-http-location-conversion': 'enable', - 'ssl-http-match-host': 'enable', - 'ssl-max-version': 'ssl-3.0', - 'ssl-min-version': 'ssl-3.0', - 'ssl-mode': 'half', - 'ssl-pfs': 'require', - 'ssl-send-empty-frags': 'enable', - 'ssl-server-algorithm': 'high', - 'ssl-server-max-version': 'ssl-3.0', - 'ssl-server-min-version': 'ssl-3.0', - 'ssl-server-session-state-max': '56', - 'ssl-server-session-state-timeout': '57', - 'ssl-server-session-state-type': 'disable', - 'type': 'static-nat', - 'uuid': 'test_value_60', - 'weblogic-server': 'disable', - 'websphere-server': 'disable' - } - - set_method_mock.assert_called_with('firewall', 'vip6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_vip64.py b/test/units/modules/network/fortios/test_fortios_firewall_vip64.py deleted file mode 100644 index b496be600b3..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_vip64.py +++ /dev/null @@ -1,339 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_vip64 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_vip64.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_vip64_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vip64': { - 'arp_reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'id': '8', - 'ldb_method': 'static', - 'mappedip': 'test_value_10', - 'mappedport': 'test_value_11', - 'name': 'default_name_12', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server_type': 'http', - 'type': 'static-nat', - 'uuid': 'test_value_17' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vip64.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'arp-reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'id': '8', - 'ldb-method': 'static', - 'mappedip': 'test_value_10', - 'mappedport': 'test_value_11', - 'name': 'default_name_12', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server-type': 'http', - 'type': 'static-nat', - 'uuid': 'test_value_17' - } - - set_method_mock.assert_called_with('firewall', 'vip64', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_vip64_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vip64': { - 'arp_reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'id': '8', - 'ldb_method': 'static', - 'mappedip': 'test_value_10', - 'mappedport': 'test_value_11', - 'name': 'default_name_12', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server_type': 'http', - 'type': 'static-nat', - 'uuid': 'test_value_17' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vip64.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'arp-reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'id': '8', - 'ldb-method': 'static', - 'mappedip': 'test_value_10', - 'mappedport': 'test_value_11', - 'name': 'default_name_12', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server-type': 'http', - 'type': 'static-nat', - 'uuid': 'test_value_17' - } - - set_method_mock.assert_called_with('firewall', 'vip64', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_vip64_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_vip64': { - 'arp_reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'id': '8', - 'ldb_method': 'static', - 'mappedip': 'test_value_10', - 'mappedport': 'test_value_11', - 'name': 'default_name_12', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server_type': 'http', - 'type': 'static-nat', - 'uuid': 'test_value_17' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vip64.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'vip64', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_vip64_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_vip64': { - 'arp_reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'id': '8', - 'ldb_method': 'static', - 'mappedip': 'test_value_10', - 'mappedport': 'test_value_11', - 'name': 'default_name_12', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server_type': 'http', - 'type': 'static-nat', - 'uuid': 'test_value_17' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vip64.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'vip64', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_vip64_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vip64': { - 'arp_reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'id': '8', - 'ldb_method': 'static', - 'mappedip': 'test_value_10', - 'mappedport': 'test_value_11', - 'name': 'default_name_12', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server_type': 'http', - 'type': 'static-nat', - 'uuid': 'test_value_17' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vip64.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'arp-reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'id': '8', - 'ldb-method': 'static', - 'mappedip': 'test_value_10', - 'mappedport': 'test_value_11', - 'name': 'default_name_12', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server-type': 'http', - 'type': 'static-nat', - 'uuid': 'test_value_17' - } - - set_method_mock.assert_called_with('firewall', 'vip64', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_vip64_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vip64': { - 'random_attribute_not_valid': 'tag', - 'arp_reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'id': '8', - 'ldb_method': 'static', - 'mappedip': 'test_value_10', - 'mappedport': 'test_value_11', - 'name': 'default_name_12', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server_type': 'http', - 'type': 'static-nat', - 'uuid': 'test_value_17' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vip64.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'arp-reply': 'disable', - 'color': '4', - 'comment': 'Comment.', - 'extip': 'test_value_6', - 'extport': 'test_value_7', - 'id': '8', - 'ldb-method': 'static', - 'mappedip': 'test_value_10', - 'mappedport': 'test_value_11', - 'name': 'default_name_12', - 'portforward': 'disable', - 'protocol': 'tcp', - 'server-type': 'http', - 'type': 'static-nat', - 'uuid': 'test_value_17' - } - - set_method_mock.assert_called_with('firewall', 'vip64', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_vipgrp.py b/test/units/modules/network/fortios/test_fortios_firewall_vipgrp.py deleted file mode 100644 index b4b94325698..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_vipgrp.py +++ /dev/null @@ -1,239 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_vipgrp -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_vipgrp.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_vipgrp_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vipgrp': { - 'color': '3', - 'comments': 'test_value_4', - 'interface': 'test_value_5', - 'name': 'default_name_6', - 'uuid': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vipgrp.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comments': 'test_value_4', - 'interface': 'test_value_5', - 'name': 'default_name_6', - 'uuid': 'test_value_7' - } - - set_method_mock.assert_called_with('firewall', 'vipgrp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_vipgrp_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vipgrp': { - 'color': '3', - 'comments': 'test_value_4', - 'interface': 'test_value_5', - 'name': 'default_name_6', - 'uuid': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vipgrp.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comments': 'test_value_4', - 'interface': 'test_value_5', - 'name': 'default_name_6', - 'uuid': 'test_value_7' - } - - set_method_mock.assert_called_with('firewall', 'vipgrp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_vipgrp_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_vipgrp': { - 'color': '3', - 'comments': 'test_value_4', - 'interface': 'test_value_5', - 'name': 'default_name_6', - 'uuid': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vipgrp.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'vipgrp', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_vipgrp_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_vipgrp': { - 'color': '3', - 'comments': 'test_value_4', - 'interface': 'test_value_5', - 'name': 'default_name_6', - 'uuid': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vipgrp.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'vipgrp', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_vipgrp_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vipgrp': { - 'color': '3', - 'comments': 'test_value_4', - 'interface': 'test_value_5', - 'name': 'default_name_6', - 'uuid': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vipgrp.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comments': 'test_value_4', - 'interface': 'test_value_5', - 'name': 'default_name_6', - 'uuid': 'test_value_7' - } - - set_method_mock.assert_called_with('firewall', 'vipgrp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_vipgrp_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vipgrp': { - 'random_attribute_not_valid': 'tag', - 'color': '3', - 'comments': 'test_value_4', - 'interface': 'test_value_5', - 'name': 'default_name_6', - 'uuid': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vipgrp.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comments': 'test_value_4', - 'interface': 'test_value_5', - 'name': 'default_name_6', - 'uuid': 'test_value_7' - } - - set_method_mock.assert_called_with('firewall', 'vipgrp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_vipgrp46.py b/test/units/modules/network/fortios/test_fortios_firewall_vipgrp46.py deleted file mode 100644 index 9ab148df7d8..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_vipgrp46.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_vipgrp46 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_vipgrp46.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_vipgrp46_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vipgrp46': { - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vipgrp46.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - } - - set_method_mock.assert_called_with('firewall', 'vipgrp46', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_vipgrp46_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vipgrp46': { - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vipgrp46.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - } - - set_method_mock.assert_called_with('firewall', 'vipgrp46', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_vipgrp46_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_vipgrp46': { - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vipgrp46.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'vipgrp46', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_vipgrp46_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_vipgrp46': { - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vipgrp46.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'vipgrp46', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_vipgrp46_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vipgrp46': { - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vipgrp46.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - } - - set_method_mock.assert_called_with('firewall', 'vipgrp46', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_vipgrp46_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vipgrp46': { - 'random_attribute_not_valid': 'tag', - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vipgrp46.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - } - - set_method_mock.assert_called_with('firewall', 'vipgrp46', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_vipgrp6.py b/test/units/modules/network/fortios/test_fortios_firewall_vipgrp6.py deleted file mode 100644 index 808a9c26a38..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_vipgrp6.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_vipgrp6 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_vipgrp6.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_vipgrp6_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vipgrp6': { - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vipgrp6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - } - - set_method_mock.assert_called_with('firewall', 'vipgrp6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_vipgrp6_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vipgrp6': { - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vipgrp6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - } - - set_method_mock.assert_called_with('firewall', 'vipgrp6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_vipgrp6_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_vipgrp6': { - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vipgrp6.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'vipgrp6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_vipgrp6_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_vipgrp6': { - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vipgrp6.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'vipgrp6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_vipgrp6_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vipgrp6': { - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vipgrp6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - } - - set_method_mock.assert_called_with('firewall', 'vipgrp6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_vipgrp6_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vipgrp6': { - 'random_attribute_not_valid': 'tag', - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vipgrp6.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - } - - set_method_mock.assert_called_with('firewall', 'vipgrp6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_vipgrp64.py b/test/units/modules/network/fortios/test_fortios_firewall_vipgrp64.py deleted file mode 100644 index 41a48c9fa15..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_vipgrp64.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_vipgrp64 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_vipgrp64.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_vipgrp64_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vipgrp64': { - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vipgrp64.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - } - - set_method_mock.assert_called_with('firewall', 'vipgrp64', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_vipgrp64_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vipgrp64': { - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vipgrp64.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - } - - set_method_mock.assert_called_with('firewall', 'vipgrp64', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_vipgrp64_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_vipgrp64': { - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vipgrp64.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'vipgrp64', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_vipgrp64_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_vipgrp64': { - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vipgrp64.fortios_firewall(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall', 'vipgrp64', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_vipgrp64_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vipgrp64': { - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vipgrp64.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - } - - set_method_mock.assert_called_with('firewall', 'vipgrp64', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_vipgrp64_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_vipgrp64': { - 'random_attribute_not_valid': 'tag', - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_vipgrp64.fortios_firewall(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'uuid': 'test_value_6' - } - - set_method_mock.assert_called_with('firewall', 'vipgrp64', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_wildcard_fqdn_custom.py b/test/units/modules/network/fortios/test_fortios_firewall_wildcard_fqdn_custom.py deleted file mode 100644 index 55a91a37470..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_wildcard_fqdn_custom.py +++ /dev/null @@ -1,249 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_wildcard_fqdn_custom -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_wildcard_fqdn_custom.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_wildcard_fqdn_custom_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_wildcard_fqdn_custom': { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable', - 'wildcard_fqdn': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_wildcard_fqdn_custom.fortios_firewall_wildcard_fqdn(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable', - 'wildcard-fqdn': 'test_value_8' - } - - set_method_mock.assert_called_with('firewall.wildcard-fqdn', 'custom', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_wildcard_fqdn_custom_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_wildcard_fqdn_custom': { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable', - 'wildcard_fqdn': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_wildcard_fqdn_custom.fortios_firewall_wildcard_fqdn(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable', - 'wildcard-fqdn': 'test_value_8' - } - - set_method_mock.assert_called_with('firewall.wildcard-fqdn', 'custom', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_wildcard_fqdn_custom_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_wildcard_fqdn_custom': { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable', - 'wildcard_fqdn': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_wildcard_fqdn_custom.fortios_firewall_wildcard_fqdn(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall.wildcard-fqdn', 'custom', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_wildcard_fqdn_custom_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_wildcard_fqdn_custom': { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable', - 'wildcard_fqdn': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_wildcard_fqdn_custom.fortios_firewall_wildcard_fqdn(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall.wildcard-fqdn', 'custom', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_wildcard_fqdn_custom_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_wildcard_fqdn_custom': { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable', - 'wildcard_fqdn': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_wildcard_fqdn_custom.fortios_firewall_wildcard_fqdn(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable', - 'wildcard-fqdn': 'test_value_8' - } - - set_method_mock.assert_called_with('firewall.wildcard-fqdn', 'custom', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_wildcard_fqdn_custom_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_wildcard_fqdn_custom': { - 'random_attribute_not_valid': 'tag', - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable', - 'wildcard_fqdn': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_wildcard_fqdn_custom.fortios_firewall_wildcard_fqdn(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable', - 'wildcard-fqdn': 'test_value_8' - } - - set_method_mock.assert_called_with('firewall.wildcard-fqdn', 'custom', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_firewall_wildcard_fqdn_group.py b/test/units/modules/network/fortios/test_fortios_firewall_wildcard_fqdn_group.py deleted file mode 100644 index 59e86978b71..00000000000 --- a/test/units/modules/network/fortios/test_fortios_firewall_wildcard_fqdn_group.py +++ /dev/null @@ -1,239 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_firewall_wildcard_fqdn_group -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_firewall_wildcard_fqdn_group.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_firewall_wildcard_fqdn_group_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_wildcard_fqdn_group': { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_wildcard_fqdn_group.fortios_firewall_wildcard_fqdn(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall.wildcard-fqdn', 'group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_wildcard_fqdn_group_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_wildcard_fqdn_group': { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_wildcard_fqdn_group.fortios_firewall_wildcard_fqdn(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall.wildcard-fqdn', 'group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_wildcard_fqdn_group_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_wildcard_fqdn_group': { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_wildcard_fqdn_group.fortios_firewall_wildcard_fqdn(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall.wildcard-fqdn', 'group', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_firewall_wildcard_fqdn_group_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'firewall_wildcard_fqdn_group': { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_wildcard_fqdn_group.fortios_firewall_wildcard_fqdn(input_data, fos_instance) - - delete_method_mock.assert_called_with('firewall.wildcard-fqdn', 'group', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_firewall_wildcard_fqdn_group_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_wildcard_fqdn_group': { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_wildcard_fqdn_group.fortios_firewall_wildcard_fqdn(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall.wildcard-fqdn', 'group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_firewall_wildcard_fqdn_group_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'firewall_wildcard_fqdn_group': { - 'random_attribute_not_valid': 'tag', - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_firewall_wildcard_fqdn_group.fortios_firewall_wildcard_fqdn(input_data, fos_instance) - - expected_data = { - 'color': '3', - 'comment': 'Comment.', - 'name': 'default_name_5', - 'uuid': 'test_value_6', - 'visibility': 'enable' - } - - set_method_mock.assert_called_with('firewall.wildcard-fqdn', 'group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_ftp_proxy_explicit.py b/test/units/modules/network/fortios/test_fortios_ftp_proxy_explicit.py deleted file mode 100644 index 3773eda0e85..00000000000 --- a/test/units/modules/network/fortios/test_fortios_ftp_proxy_explicit.py +++ /dev/null @@ -1,183 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_ftp_proxy_explicit -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_ftp_proxy_explicit.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_ftp_proxy_explicit_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ftp_proxy_explicit': { - 'incoming_ip': 'test_value_3', - 'incoming_port': 'test_value_4', - 'outgoing_ip': 'test_value_5', - 'sec_default_action': 'accept', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ftp_proxy_explicit.fortios_ftp_proxy(input_data, fos_instance) - - expected_data = { - 'incoming-ip': 'test_value_3', - 'incoming-port': 'test_value_4', - 'outgoing-ip': 'test_value_5', - 'sec-default-action': 'accept', - 'status': 'enable' - } - - set_method_mock.assert_called_with('ftp-proxy', 'explicit', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_ftp_proxy_explicit_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ftp_proxy_explicit': { - 'incoming_ip': 'test_value_3', - 'incoming_port': 'test_value_4', - 'outgoing_ip': 'test_value_5', - 'sec_default_action': 'accept', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ftp_proxy_explicit.fortios_ftp_proxy(input_data, fos_instance) - - expected_data = { - 'incoming-ip': 'test_value_3', - 'incoming-port': 'test_value_4', - 'outgoing-ip': 'test_value_5', - 'sec-default-action': 'accept', - 'status': 'enable' - } - - set_method_mock.assert_called_with('ftp-proxy', 'explicit', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_ftp_proxy_explicit_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ftp_proxy_explicit': { - 'incoming_ip': 'test_value_3', - 'incoming_port': 'test_value_4', - 'outgoing_ip': 'test_value_5', - 'sec_default_action': 'accept', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ftp_proxy_explicit.fortios_ftp_proxy(input_data, fos_instance) - - expected_data = { - 'incoming-ip': 'test_value_3', - 'incoming-port': 'test_value_4', - 'outgoing-ip': 'test_value_5', - 'sec-default-action': 'accept', - 'status': 'enable' - } - - set_method_mock.assert_called_with('ftp-proxy', 'explicit', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_ftp_proxy_explicit_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ftp_proxy_explicit': { - 'random_attribute_not_valid': 'tag', - 'incoming_ip': 'test_value_3', - 'incoming_port': 'test_value_4', - 'outgoing_ip': 'test_value_5', - 'sec_default_action': 'accept', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ftp_proxy_explicit.fortios_ftp_proxy(input_data, fos_instance) - - expected_data = { - 'incoming-ip': 'test_value_3', - 'incoming-port': 'test_value_4', - 'outgoing-ip': 'test_value_5', - 'sec-default-action': 'accept', - 'status': 'enable' - } - - set_method_mock.assert_called_with('ftp-proxy', 'explicit', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_icap_profile.py b/test/units/modules/network/fortios/test_fortios_icap_profile.py deleted file mode 100644 index 1e2640bcf1a..00000000000 --- a/test/units/modules/network/fortios/test_fortios_icap_profile.py +++ /dev/null @@ -1,309 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_icap_profile -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_icap_profile.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_icap_profile_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'icap_profile': { - 'methods': 'delete', - 'name': 'default_name_4', - 'replacemsg_group': 'test_value_5', - 'request': 'disable', - 'request_failure': 'error', - 'request_path': 'test_value_8', - 'request_server': 'test_value_9', - 'response': 'disable', - 'response_failure': 'error', - 'response_path': 'test_value_12', - 'response_server': 'test_value_13', - 'streaming_content_bypass': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_icap_profile.fortios_icap(input_data, fos_instance) - - expected_data = { - 'methods': 'delete', - 'name': 'default_name_4', - 'replacemsg-group': 'test_value_5', - 'request': 'disable', - 'request-failure': 'error', - 'request-path': 'test_value_8', - 'request-server': 'test_value_9', - 'response': 'disable', - 'response-failure': 'error', - 'response-path': 'test_value_12', - 'response-server': 'test_value_13', - 'streaming-content-bypass': 'disable' - } - - set_method_mock.assert_called_with('icap', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_icap_profile_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'icap_profile': { - 'methods': 'delete', - 'name': 'default_name_4', - 'replacemsg_group': 'test_value_5', - 'request': 'disable', - 'request_failure': 'error', - 'request_path': 'test_value_8', - 'request_server': 'test_value_9', - 'response': 'disable', - 'response_failure': 'error', - 'response_path': 'test_value_12', - 'response_server': 'test_value_13', - 'streaming_content_bypass': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_icap_profile.fortios_icap(input_data, fos_instance) - - expected_data = { - 'methods': 'delete', - 'name': 'default_name_4', - 'replacemsg-group': 'test_value_5', - 'request': 'disable', - 'request-failure': 'error', - 'request-path': 'test_value_8', - 'request-server': 'test_value_9', - 'response': 'disable', - 'response-failure': 'error', - 'response-path': 'test_value_12', - 'response-server': 'test_value_13', - 'streaming-content-bypass': 'disable' - } - - set_method_mock.assert_called_with('icap', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_icap_profile_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'icap_profile': { - 'methods': 'delete', - 'name': 'default_name_4', - 'replacemsg_group': 'test_value_5', - 'request': 'disable', - 'request_failure': 'error', - 'request_path': 'test_value_8', - 'request_server': 'test_value_9', - 'response': 'disable', - 'response_failure': 'error', - 'response_path': 'test_value_12', - 'response_server': 'test_value_13', - 'streaming_content_bypass': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_icap_profile.fortios_icap(input_data, fos_instance) - - delete_method_mock.assert_called_with('icap', 'profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_icap_profile_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'icap_profile': { - 'methods': 'delete', - 'name': 'default_name_4', - 'replacemsg_group': 'test_value_5', - 'request': 'disable', - 'request_failure': 'error', - 'request_path': 'test_value_8', - 'request_server': 'test_value_9', - 'response': 'disable', - 'response_failure': 'error', - 'response_path': 'test_value_12', - 'response_server': 'test_value_13', - 'streaming_content_bypass': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_icap_profile.fortios_icap(input_data, fos_instance) - - delete_method_mock.assert_called_with('icap', 'profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_icap_profile_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'icap_profile': { - 'methods': 'delete', - 'name': 'default_name_4', - 'replacemsg_group': 'test_value_5', - 'request': 'disable', - 'request_failure': 'error', - 'request_path': 'test_value_8', - 'request_server': 'test_value_9', - 'response': 'disable', - 'response_failure': 'error', - 'response_path': 'test_value_12', - 'response_server': 'test_value_13', - 'streaming_content_bypass': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_icap_profile.fortios_icap(input_data, fos_instance) - - expected_data = { - 'methods': 'delete', - 'name': 'default_name_4', - 'replacemsg-group': 'test_value_5', - 'request': 'disable', - 'request-failure': 'error', - 'request-path': 'test_value_8', - 'request-server': 'test_value_9', - 'response': 'disable', - 'response-failure': 'error', - 'response-path': 'test_value_12', - 'response-server': 'test_value_13', - 'streaming-content-bypass': 'disable' - } - - set_method_mock.assert_called_with('icap', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_icap_profile_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'icap_profile': { - 'random_attribute_not_valid': 'tag', - 'methods': 'delete', - 'name': 'default_name_4', - 'replacemsg_group': 'test_value_5', - 'request': 'disable', - 'request_failure': 'error', - 'request_path': 'test_value_8', - 'request_server': 'test_value_9', - 'response': 'disable', - 'response_failure': 'error', - 'response_path': 'test_value_12', - 'response_server': 'test_value_13', - 'streaming_content_bypass': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_icap_profile.fortios_icap(input_data, fos_instance) - - expected_data = { - 'methods': 'delete', - 'name': 'default_name_4', - 'replacemsg-group': 'test_value_5', - 'request': 'disable', - 'request-failure': 'error', - 'request-path': 'test_value_8', - 'request-server': 'test_value_9', - 'response': 'disable', - 'response-failure': 'error', - 'response-path': 'test_value_12', - 'response-server': 'test_value_13', - 'streaming-content-bypass': 'disable' - } - - set_method_mock.assert_called_with('icap', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_icap_server.py b/test/units/modules/network/fortios/test_fortios_icap_server.py deleted file mode 100644 index f430c3a219e..00000000000 --- a/test/units/modules/network/fortios/test_fortios_icap_server.py +++ /dev/null @@ -1,249 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_icap_server -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_icap_server.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_icap_server_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'icap_server': { - 'ip_address': 'test_value_3', - 'ip_version': '4', - 'ip6_address': 'test_value_5', - 'max_connections': '6', - 'name': 'default_name_7', - 'port': '8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_icap_server.fortios_icap(input_data, fos_instance) - - expected_data = { - 'ip-address': 'test_value_3', - 'ip-version': '4', - 'ip6-address': 'test_value_5', - 'max-connections': '6', - 'name': 'default_name_7', - 'port': '8' - } - - set_method_mock.assert_called_with('icap', 'server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_icap_server_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'icap_server': { - 'ip_address': 'test_value_3', - 'ip_version': '4', - 'ip6_address': 'test_value_5', - 'max_connections': '6', - 'name': 'default_name_7', - 'port': '8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_icap_server.fortios_icap(input_data, fos_instance) - - expected_data = { - 'ip-address': 'test_value_3', - 'ip-version': '4', - 'ip6-address': 'test_value_5', - 'max-connections': '6', - 'name': 'default_name_7', - 'port': '8' - } - - set_method_mock.assert_called_with('icap', 'server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_icap_server_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'icap_server': { - 'ip_address': 'test_value_3', - 'ip_version': '4', - 'ip6_address': 'test_value_5', - 'max_connections': '6', - 'name': 'default_name_7', - 'port': '8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_icap_server.fortios_icap(input_data, fos_instance) - - delete_method_mock.assert_called_with('icap', 'server', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_icap_server_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'icap_server': { - 'ip_address': 'test_value_3', - 'ip_version': '4', - 'ip6_address': 'test_value_5', - 'max_connections': '6', - 'name': 'default_name_7', - 'port': '8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_icap_server.fortios_icap(input_data, fos_instance) - - delete_method_mock.assert_called_with('icap', 'server', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_icap_server_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'icap_server': { - 'ip_address': 'test_value_3', - 'ip_version': '4', - 'ip6_address': 'test_value_5', - 'max_connections': '6', - 'name': 'default_name_7', - 'port': '8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_icap_server.fortios_icap(input_data, fos_instance) - - expected_data = { - 'ip-address': 'test_value_3', - 'ip-version': '4', - 'ip6-address': 'test_value_5', - 'max-connections': '6', - 'name': 'default_name_7', - 'port': '8' - } - - set_method_mock.assert_called_with('icap', 'server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_icap_server_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'icap_server': { - 'random_attribute_not_valid': 'tag', - 'ip_address': 'test_value_3', - 'ip_version': '4', - 'ip6_address': 'test_value_5', - 'max_connections': '6', - 'name': 'default_name_7', - 'port': '8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_icap_server.fortios_icap(input_data, fos_instance) - - expected_data = { - 'ip-address': 'test_value_3', - 'ip-version': '4', - 'ip6-address': 'test_value_5', - 'max-connections': '6', - 'name': 'default_name_7', - 'port': '8' - } - - set_method_mock.assert_called_with('icap', 'server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_ips_custom.py b/test/units/modules/network/fortios/test_fortios_ips_custom.py deleted file mode 100644 index 17b0599ec18..00000000000 --- a/test/units/modules/network/fortios/test_fortios_ips_custom.py +++ /dev/null @@ -1,329 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_ips_custom -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_ips_custom.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_ips_custom_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ips_custom': { - 'action': 'pass', - 'application': 'test_value_4', - 'comment': 'Comment.', - 'location': 'test_value_6', - 'log': 'disable', - 'log_packet': 'disable', - 'os': 'test_value_9', - 'protocol': 'test_value_10', - 'rule_id': '11', - 'severity': 'test_value_12', - 'sig_name': 'test_value_13', - 'signature': 'test_value_14', - 'status': 'disable', - 'tag': 'test_value_16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_custom.fortios_ips(input_data, fos_instance) - - expected_data = { - 'action': 'pass', - 'application': 'test_value_4', - 'comment': 'Comment.', - 'location': 'test_value_6', - 'log': 'disable', - 'log-packet': 'disable', - 'os': 'test_value_9', - 'protocol': 'test_value_10', - 'rule-id': '11', - 'severity': 'test_value_12', - 'sig-name': 'test_value_13', - 'signature': 'test_value_14', - 'status': 'disable', - 'tag': 'test_value_16' - } - - set_method_mock.assert_called_with('ips', 'custom', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_ips_custom_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ips_custom': { - 'action': 'pass', - 'application': 'test_value_4', - 'comment': 'Comment.', - 'location': 'test_value_6', - 'log': 'disable', - 'log_packet': 'disable', - 'os': 'test_value_9', - 'protocol': 'test_value_10', - 'rule_id': '11', - 'severity': 'test_value_12', - 'sig_name': 'test_value_13', - 'signature': 'test_value_14', - 'status': 'disable', - 'tag': 'test_value_16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_custom.fortios_ips(input_data, fos_instance) - - expected_data = { - 'action': 'pass', - 'application': 'test_value_4', - 'comment': 'Comment.', - 'location': 'test_value_6', - 'log': 'disable', - 'log-packet': 'disable', - 'os': 'test_value_9', - 'protocol': 'test_value_10', - 'rule-id': '11', - 'severity': 'test_value_12', - 'sig-name': 'test_value_13', - 'signature': 'test_value_14', - 'status': 'disable', - 'tag': 'test_value_16' - } - - set_method_mock.assert_called_with('ips', 'custom', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_ips_custom_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'ips_custom': { - 'action': 'pass', - 'application': 'test_value_4', - 'comment': 'Comment.', - 'location': 'test_value_6', - 'log': 'disable', - 'log_packet': 'disable', - 'os': 'test_value_9', - 'protocol': 'test_value_10', - 'rule_id': '11', - 'severity': 'test_value_12', - 'sig_name': 'test_value_13', - 'signature': 'test_value_14', - 'status': 'disable', - 'tag': 'test_value_16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_custom.fortios_ips(input_data, fos_instance) - - delete_method_mock.assert_called_with('ips', 'custom', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_ips_custom_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'ips_custom': { - 'action': 'pass', - 'application': 'test_value_4', - 'comment': 'Comment.', - 'location': 'test_value_6', - 'log': 'disable', - 'log_packet': 'disable', - 'os': 'test_value_9', - 'protocol': 'test_value_10', - 'rule_id': '11', - 'severity': 'test_value_12', - 'sig_name': 'test_value_13', - 'signature': 'test_value_14', - 'status': 'disable', - 'tag': 'test_value_16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_custom.fortios_ips(input_data, fos_instance) - - delete_method_mock.assert_called_with('ips', 'custom', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_ips_custom_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ips_custom': { - 'action': 'pass', - 'application': 'test_value_4', - 'comment': 'Comment.', - 'location': 'test_value_6', - 'log': 'disable', - 'log_packet': 'disable', - 'os': 'test_value_9', - 'protocol': 'test_value_10', - 'rule_id': '11', - 'severity': 'test_value_12', - 'sig_name': 'test_value_13', - 'signature': 'test_value_14', - 'status': 'disable', - 'tag': 'test_value_16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_custom.fortios_ips(input_data, fos_instance) - - expected_data = { - 'action': 'pass', - 'application': 'test_value_4', - 'comment': 'Comment.', - 'location': 'test_value_6', - 'log': 'disable', - 'log-packet': 'disable', - 'os': 'test_value_9', - 'protocol': 'test_value_10', - 'rule-id': '11', - 'severity': 'test_value_12', - 'sig-name': 'test_value_13', - 'signature': 'test_value_14', - 'status': 'disable', - 'tag': 'test_value_16' - } - - set_method_mock.assert_called_with('ips', 'custom', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_ips_custom_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ips_custom': { - 'random_attribute_not_valid': 'tag', - 'action': 'pass', - 'application': 'test_value_4', - 'comment': 'Comment.', - 'location': 'test_value_6', - 'log': 'disable', - 'log_packet': 'disable', - 'os': 'test_value_9', - 'protocol': 'test_value_10', - 'rule_id': '11', - 'severity': 'test_value_12', - 'sig_name': 'test_value_13', - 'signature': 'test_value_14', - 'status': 'disable', - 'tag': 'test_value_16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_custom.fortios_ips(input_data, fos_instance) - - expected_data = { - 'action': 'pass', - 'application': 'test_value_4', - 'comment': 'Comment.', - 'location': 'test_value_6', - 'log': 'disable', - 'log-packet': 'disable', - 'os': 'test_value_9', - 'protocol': 'test_value_10', - 'rule-id': '11', - 'severity': 'test_value_12', - 'sig-name': 'test_value_13', - 'signature': 'test_value_14', - 'status': 'disable', - 'tag': 'test_value_16' - } - - set_method_mock.assert_called_with('ips', 'custom', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_ips_decoder.py b/test/units/modules/network/fortios/test_fortios_ips_decoder.py deleted file mode 100644 index 4b1ed124166..00000000000 --- a/test/units/modules/network/fortios/test_fortios_ips_decoder.py +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_ips_decoder -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_ips_decoder.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_ips_decoder_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ips_decoder': { - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_decoder.fortios_ips(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - - } - - set_method_mock.assert_called_with('ips', 'decoder', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_ips_decoder_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ips_decoder': { - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_decoder.fortios_ips(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - - } - - set_method_mock.assert_called_with('ips', 'decoder', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_ips_decoder_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'ips_decoder': { - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_decoder.fortios_ips(input_data, fos_instance) - - delete_method_mock.assert_called_with('ips', 'decoder', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_ips_decoder_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'ips_decoder': { - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_decoder.fortios_ips(input_data, fos_instance) - - delete_method_mock.assert_called_with('ips', 'decoder', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_ips_decoder_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ips_decoder': { - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_decoder.fortios_ips(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - - } - - set_method_mock.assert_called_with('ips', 'decoder', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_ips_decoder_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ips_decoder': { - 'random_attribute_not_valid': 'tag', - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_decoder.fortios_ips(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - - } - - set_method_mock.assert_called_with('ips', 'decoder', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_ips_global.py b/test/units/modules/network/fortios/test_fortios_ips_global.py deleted file mode 100644 index a0772ab7ecd..00000000000 --- a/test/units/modules/network/fortios/test_fortios_ips_global.py +++ /dev/null @@ -1,247 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_ips_global -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_ips_global.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_ips_global_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ips_global': { - 'anomaly_mode': 'periodical', - 'database': 'regular', - 'deep_app_insp_db_limit': '5', - 'deep_app_insp_timeout': '6', - 'engine_count': '7', - 'exclude_signatures': 'none', - 'fail_open': 'enable', - 'intelligent_mode': 'enable', - 'session_limit_mode': 'accurate', - 'skype_client_public_ipaddr': 'test_value_12', - 'socket_size': '13', - 'sync_session_ttl': 'enable', - 'traffic_submit': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_global.fortios_ips(input_data, fos_instance) - - expected_data = { - 'anomaly-mode': 'periodical', - 'database': 'regular', - 'deep-app-insp-db-limit': '5', - 'deep-app-insp-timeout': '6', - 'engine-count': '7', - 'exclude-signatures': 'none', - 'fail-open': 'enable', - 'intelligent-mode': 'enable', - 'session-limit-mode': 'accurate', - 'skype-client-public-ipaddr': 'test_value_12', - 'socket-size': '13', - 'sync-session-ttl': 'enable', - 'traffic-submit': 'enable' - } - - set_method_mock.assert_called_with('ips', 'global', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_ips_global_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ips_global': { - 'anomaly_mode': 'periodical', - 'database': 'regular', - 'deep_app_insp_db_limit': '5', - 'deep_app_insp_timeout': '6', - 'engine_count': '7', - 'exclude_signatures': 'none', - 'fail_open': 'enable', - 'intelligent_mode': 'enable', - 'session_limit_mode': 'accurate', - 'skype_client_public_ipaddr': 'test_value_12', - 'socket_size': '13', - 'sync_session_ttl': 'enable', - 'traffic_submit': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_global.fortios_ips(input_data, fos_instance) - - expected_data = { - 'anomaly-mode': 'periodical', - 'database': 'regular', - 'deep-app-insp-db-limit': '5', - 'deep-app-insp-timeout': '6', - 'engine-count': '7', - 'exclude-signatures': 'none', - 'fail-open': 'enable', - 'intelligent-mode': 'enable', - 'session-limit-mode': 'accurate', - 'skype-client-public-ipaddr': 'test_value_12', - 'socket-size': '13', - 'sync-session-ttl': 'enable', - 'traffic-submit': 'enable' - } - - set_method_mock.assert_called_with('ips', 'global', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_ips_global_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ips_global': { - 'anomaly_mode': 'periodical', - 'database': 'regular', - 'deep_app_insp_db_limit': '5', - 'deep_app_insp_timeout': '6', - 'engine_count': '7', - 'exclude_signatures': 'none', - 'fail_open': 'enable', - 'intelligent_mode': 'enable', - 'session_limit_mode': 'accurate', - 'skype_client_public_ipaddr': 'test_value_12', - 'socket_size': '13', - 'sync_session_ttl': 'enable', - 'traffic_submit': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_global.fortios_ips(input_data, fos_instance) - - expected_data = { - 'anomaly-mode': 'periodical', - 'database': 'regular', - 'deep-app-insp-db-limit': '5', - 'deep-app-insp-timeout': '6', - 'engine-count': '7', - 'exclude-signatures': 'none', - 'fail-open': 'enable', - 'intelligent-mode': 'enable', - 'session-limit-mode': 'accurate', - 'skype-client-public-ipaddr': 'test_value_12', - 'socket-size': '13', - 'sync-session-ttl': 'enable', - 'traffic-submit': 'enable' - } - - set_method_mock.assert_called_with('ips', 'global', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_ips_global_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ips_global': { - 'random_attribute_not_valid': 'tag', - 'anomaly_mode': 'periodical', - 'database': 'regular', - 'deep_app_insp_db_limit': '5', - 'deep_app_insp_timeout': '6', - 'engine_count': '7', - 'exclude_signatures': 'none', - 'fail_open': 'enable', - 'intelligent_mode': 'enable', - 'session_limit_mode': 'accurate', - 'skype_client_public_ipaddr': 'test_value_12', - 'socket_size': '13', - 'sync_session_ttl': 'enable', - 'traffic_submit': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_global.fortios_ips(input_data, fos_instance) - - expected_data = { - 'anomaly-mode': 'periodical', - 'database': 'regular', - 'deep-app-insp-db-limit': '5', - 'deep-app-insp-timeout': '6', - 'engine-count': '7', - 'exclude-signatures': 'none', - 'fail-open': 'enable', - 'intelligent-mode': 'enable', - 'session-limit-mode': 'accurate', - 'skype-client-public-ipaddr': 'test_value_12', - 'socket-size': '13', - 'sync-session-ttl': 'enable', - 'traffic-submit': 'enable' - } - - set_method_mock.assert_called_with('ips', 'global', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_ips_rule.py b/test/units/modules/network/fortios/test_fortios_ips_rule.py deleted file mode 100644 index 5ca2e06e26a..00000000000 --- a/test/units/modules/network/fortios/test_fortios_ips_rule.py +++ /dev/null @@ -1,329 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_ips_rule -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_ips_rule.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_ips_rule_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ips_rule': { - 'action': 'pass', - 'application': 'test_value_4', - 'date': '5', - 'group': 'test_value_6', - 'location': 'test_value_7,', - 'log': 'disable', - 'log_packet': 'disable', - 'name': 'default_name_10', - 'os': 'test_value_11', - 'rev': '12', - 'rule_id': '13', - 'service': 'test_value_14', - 'severity': 'test_value_15,', - 'status': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_rule.fortios_ips(input_data, fos_instance) - - expected_data = { - 'action': 'pass', - 'application': 'test_value_4', - 'date': '5', - 'group': 'test_value_6', - 'location': 'test_value_7,', - 'log': 'disable', - 'log-packet': 'disable', - 'name': 'default_name_10', - 'os': 'test_value_11', - 'rev': '12', - 'rule-id': '13', - 'service': 'test_value_14', - 'severity': 'test_value_15,', - 'status': 'disable' - } - - set_method_mock.assert_called_with('ips', 'rule', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_ips_rule_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ips_rule': { - 'action': 'pass', - 'application': 'test_value_4', - 'date': '5', - 'group': 'test_value_6', - 'location': 'test_value_7,', - 'log': 'disable', - 'log_packet': 'disable', - 'name': 'default_name_10', - 'os': 'test_value_11', - 'rev': '12', - 'rule_id': '13', - 'service': 'test_value_14', - 'severity': 'test_value_15,', - 'status': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_rule.fortios_ips(input_data, fos_instance) - - expected_data = { - 'action': 'pass', - 'application': 'test_value_4', - 'date': '5', - 'group': 'test_value_6', - 'location': 'test_value_7,', - 'log': 'disable', - 'log-packet': 'disable', - 'name': 'default_name_10', - 'os': 'test_value_11', - 'rev': '12', - 'rule-id': '13', - 'service': 'test_value_14', - 'severity': 'test_value_15,', - 'status': 'disable' - } - - set_method_mock.assert_called_with('ips', 'rule', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_ips_rule_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'ips_rule': { - 'action': 'pass', - 'application': 'test_value_4', - 'date': '5', - 'group': 'test_value_6', - 'location': 'test_value_7,', - 'log': 'disable', - 'log_packet': 'disable', - 'name': 'default_name_10', - 'os': 'test_value_11', - 'rev': '12', - 'rule_id': '13', - 'service': 'test_value_14', - 'severity': 'test_value_15,', - 'status': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_rule.fortios_ips(input_data, fos_instance) - - delete_method_mock.assert_called_with('ips', 'rule', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_ips_rule_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'ips_rule': { - 'action': 'pass', - 'application': 'test_value_4', - 'date': '5', - 'group': 'test_value_6', - 'location': 'test_value_7,', - 'log': 'disable', - 'log_packet': 'disable', - 'name': 'default_name_10', - 'os': 'test_value_11', - 'rev': '12', - 'rule_id': '13', - 'service': 'test_value_14', - 'severity': 'test_value_15,', - 'status': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_rule.fortios_ips(input_data, fos_instance) - - delete_method_mock.assert_called_with('ips', 'rule', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_ips_rule_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ips_rule': { - 'action': 'pass', - 'application': 'test_value_4', - 'date': '5', - 'group': 'test_value_6', - 'location': 'test_value_7,', - 'log': 'disable', - 'log_packet': 'disable', - 'name': 'default_name_10', - 'os': 'test_value_11', - 'rev': '12', - 'rule_id': '13', - 'service': 'test_value_14', - 'severity': 'test_value_15,', - 'status': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_rule.fortios_ips(input_data, fos_instance) - - expected_data = { - 'action': 'pass', - 'application': 'test_value_4', - 'date': '5', - 'group': 'test_value_6', - 'location': 'test_value_7,', - 'log': 'disable', - 'log-packet': 'disable', - 'name': 'default_name_10', - 'os': 'test_value_11', - 'rev': '12', - 'rule-id': '13', - 'service': 'test_value_14', - 'severity': 'test_value_15,', - 'status': 'disable' - } - - set_method_mock.assert_called_with('ips', 'rule', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_ips_rule_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ips_rule': { - 'random_attribute_not_valid': 'tag', - 'action': 'pass', - 'application': 'test_value_4', - 'date': '5', - 'group': 'test_value_6', - 'location': 'test_value_7,', - 'log': 'disable', - 'log_packet': 'disable', - 'name': 'default_name_10', - 'os': 'test_value_11', - 'rev': '12', - 'rule_id': '13', - 'service': 'test_value_14', - 'severity': 'test_value_15,', - 'status': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_rule.fortios_ips(input_data, fos_instance) - - expected_data = { - 'action': 'pass', - 'application': 'test_value_4', - 'date': '5', - 'group': 'test_value_6', - 'location': 'test_value_7,', - 'log': 'disable', - 'log-packet': 'disable', - 'name': 'default_name_10', - 'os': 'test_value_11', - 'rev': '12', - 'rule-id': '13', - 'service': 'test_value_14', - 'severity': 'test_value_15,', - 'status': 'disable' - } - - set_method_mock.assert_called_with('ips', 'rule', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_ips_rule_settings.py b/test/units/modules/network/fortios/test_fortios_ips_rule_settings.py deleted file mode 100644 index 73dc9015fb8..00000000000 --- a/test/units/modules/network/fortios/test_fortios_ips_rule_settings.py +++ /dev/null @@ -1,199 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_ips_rule_settings -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_ips_rule_settings.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_ips_rule_settings_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ips_rule_settings': { - 'id': '3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_rule_settings.fortios_ips(input_data, fos_instance) - - expected_data = { - 'id': '3' - } - - set_method_mock.assert_called_with('ips', 'rule-settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_ips_rule_settings_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ips_rule_settings': { - 'id': '3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_rule_settings.fortios_ips(input_data, fos_instance) - - expected_data = { - 'id': '3' - } - - set_method_mock.assert_called_with('ips', 'rule-settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_ips_rule_settings_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'ips_rule_settings': { - 'id': '3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_rule_settings.fortios_ips(input_data, fos_instance) - - delete_method_mock.assert_called_with('ips', 'rule-settings', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_ips_rule_settings_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'ips_rule_settings': { - 'id': '3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_rule_settings.fortios_ips(input_data, fos_instance) - - delete_method_mock.assert_called_with('ips', 'rule-settings', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_ips_rule_settings_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ips_rule_settings': { - 'id': '3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_rule_settings.fortios_ips(input_data, fos_instance) - - expected_data = { - 'id': '3' - } - - set_method_mock.assert_called_with('ips', 'rule-settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_ips_rule_settings_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ips_rule_settings': { - 'random_attribute_not_valid': 'tag', - 'id': '3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_rule_settings.fortios_ips(input_data, fos_instance) - - expected_data = { - 'id': '3' - } - - set_method_mock.assert_called_with('ips', 'rule-settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_ips_sensor.py b/test/units/modules/network/fortios/test_fortios_ips_sensor.py deleted file mode 100644 index dad537080c4..00000000000 --- a/test/units/modules/network/fortios/test_fortios_ips_sensor.py +++ /dev/null @@ -1,239 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_ips_sensor -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_ips_sensor.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_ips_sensor_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ips_sensor': { - 'block_malicious_url': 'disable', - 'comment': 'Comment.', - 'extended_log': 'enable', - 'name': 'default_name_6', - 'replacemsg_group': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_sensor.fortios_ips(input_data, fos_instance) - - expected_data = { - 'block-malicious-url': 'disable', - 'comment': 'Comment.', - 'extended-log': 'enable', - 'name': 'default_name_6', - 'replacemsg-group': 'test_value_7' - } - - set_method_mock.assert_called_with('ips', 'sensor', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_ips_sensor_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ips_sensor': { - 'block_malicious_url': 'disable', - 'comment': 'Comment.', - 'extended_log': 'enable', - 'name': 'default_name_6', - 'replacemsg_group': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_sensor.fortios_ips(input_data, fos_instance) - - expected_data = { - 'block-malicious-url': 'disable', - 'comment': 'Comment.', - 'extended-log': 'enable', - 'name': 'default_name_6', - 'replacemsg-group': 'test_value_7' - } - - set_method_mock.assert_called_with('ips', 'sensor', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_ips_sensor_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'ips_sensor': { - 'block_malicious_url': 'disable', - 'comment': 'Comment.', - 'extended_log': 'enable', - 'name': 'default_name_6', - 'replacemsg_group': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_sensor.fortios_ips(input_data, fos_instance) - - delete_method_mock.assert_called_with('ips', 'sensor', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_ips_sensor_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'ips_sensor': { - 'block_malicious_url': 'disable', - 'comment': 'Comment.', - 'extended_log': 'enable', - 'name': 'default_name_6', - 'replacemsg_group': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_sensor.fortios_ips(input_data, fos_instance) - - delete_method_mock.assert_called_with('ips', 'sensor', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_ips_sensor_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ips_sensor': { - 'block_malicious_url': 'disable', - 'comment': 'Comment.', - 'extended_log': 'enable', - 'name': 'default_name_6', - 'replacemsg_group': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_sensor.fortios_ips(input_data, fos_instance) - - expected_data = { - 'block-malicious-url': 'disable', - 'comment': 'Comment.', - 'extended-log': 'enable', - 'name': 'default_name_6', - 'replacemsg-group': 'test_value_7' - } - - set_method_mock.assert_called_with('ips', 'sensor', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_ips_sensor_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ips_sensor': { - 'random_attribute_not_valid': 'tag', - 'block_malicious_url': 'disable', - 'comment': 'Comment.', - 'extended_log': 'enable', - 'name': 'default_name_6', - 'replacemsg_group': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_sensor.fortios_ips(input_data, fos_instance) - - expected_data = { - 'block-malicious-url': 'disable', - 'comment': 'Comment.', - 'extended-log': 'enable', - 'name': 'default_name_6', - 'replacemsg-group': 'test_value_7' - } - - set_method_mock.assert_called_with('ips', 'sensor', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_ips_settings.py b/test/units/modules/network/fortios/test_fortios_ips_settings.py deleted file mode 100644 index 00132bcd835..00000000000 --- a/test/units/modules/network/fortios/test_fortios_ips_settings.py +++ /dev/null @@ -1,175 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_ips_settings -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_ips_settings.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_ips_settings_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ips_settings': { - 'ips_packet_quota': '3', - 'packet_log_history': '4', - 'packet_log_memory': '5', - 'packet_log_post_attack': '6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_settings.fortios_ips(input_data, fos_instance) - - expected_data = { - 'ips-packet-quota': '3', - 'packet-log-history': '4', - 'packet-log-memory': '5', - 'packet-log-post-attack': '6' - } - - set_method_mock.assert_called_with('ips', 'settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_ips_settings_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ips_settings': { - 'ips_packet_quota': '3', - 'packet_log_history': '4', - 'packet_log_memory': '5', - 'packet_log_post_attack': '6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_settings.fortios_ips(input_data, fos_instance) - - expected_data = { - 'ips-packet-quota': '3', - 'packet-log-history': '4', - 'packet-log-memory': '5', - 'packet-log-post-attack': '6' - } - - set_method_mock.assert_called_with('ips', 'settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_ips_settings_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ips_settings': { - 'ips_packet_quota': '3', - 'packet_log_history': '4', - 'packet_log_memory': '5', - 'packet_log_post_attack': '6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_settings.fortios_ips(input_data, fos_instance) - - expected_data = { - 'ips-packet-quota': '3', - 'packet-log-history': '4', - 'packet-log-memory': '5', - 'packet-log-post-attack': '6' - } - - set_method_mock.assert_called_with('ips', 'settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_ips_settings_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ips_settings': { - 'random_attribute_not_valid': 'tag', - 'ips_packet_quota': '3', - 'packet_log_history': '4', - 'packet_log_memory': '5', - 'packet_log_post_attack': '6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ips_settings.fortios_ips(input_data, fos_instance) - - expected_data = { - 'ips-packet-quota': '3', - 'packet-log-history': '4', - 'packet-log-memory': '5', - 'packet-log-post-attack': '6' - } - - set_method_mock.assert_called_with('ips', 'settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_custom_field.py b/test/units/modules/network/fortios/test_fortios_log_custom_field.py deleted file mode 100644 index 74035aa91ec..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_custom_field.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_custom_field -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_custom_field.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_custom_field_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_custom_field': { - 'id': '3', - 'name': 'default_name_4', - 'value': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_custom_field.fortios_log(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'name': 'default_name_4', - 'value': 'test_value_5' - } - - set_method_mock.assert_called_with('log', 'custom-field', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_custom_field_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_custom_field': { - 'id': '3', - 'name': 'default_name_4', - 'value': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_custom_field.fortios_log(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'name': 'default_name_4', - 'value': 'test_value_5' - } - - set_method_mock.assert_called_with('log', 'custom-field', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_custom_field_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'log_custom_field': { - 'id': '3', - 'name': 'default_name_4', - 'value': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_custom_field.fortios_log(input_data, fos_instance) - - delete_method_mock.assert_called_with('log', 'custom-field', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_custom_field_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'log_custom_field': { - 'id': '3', - 'name': 'default_name_4', - 'value': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_custom_field.fortios_log(input_data, fos_instance) - - delete_method_mock.assert_called_with('log', 'custom-field', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_custom_field_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_custom_field': { - 'id': '3', - 'name': 'default_name_4', - 'value': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_custom_field.fortios_log(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'name': 'default_name_4', - 'value': 'test_value_5' - } - - set_method_mock.assert_called_with('log', 'custom-field', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_custom_field_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_custom_field': { - 'random_attribute_not_valid': 'tag', - 'id': '3', - 'name': 'default_name_4', - 'value': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_custom_field.fortios_log(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'name': 'default_name_4', - 'value': 'test_value_5' - } - - set_method_mock.assert_called_with('log', 'custom-field', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_disk_filter.py b/test/units/modules/network/fortios/test_fortios_log_disk_filter.py deleted file mode 100644 index 6ffef21cdb0..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_disk_filter.py +++ /dev/null @@ -1,407 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_disk_filter -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_disk_filter.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_disk_filter_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_disk_filter': { - 'admin': 'enable', - 'anomaly': 'enable', - 'auth': 'enable', - 'cpu_memory_usage': 'enable', - 'dhcp': 'enable', - 'dlp_archive': 'enable', - 'dns': 'enable', - 'event': 'enable', - 'filter': 'test_value_11', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'ha': 'enable', - 'ipsec': 'enable', - 'ldb_monitor': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_20,', - 'netscan_vulnerability': 'test_value_21,', - 'pattern': 'enable', - 'ppp': 'enable', - 'radius': 'enable', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'sslvpn_log_adm': 'enable', - 'sslvpn_log_auth': 'enable', - 'sslvpn_log_session': 'enable', - 'system': 'enable', - 'vip_ssl': 'enable', - 'voip': 'enable', - 'wan_opt': 'enable', - 'wireless_activity': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_disk_filter.fortios_log_disk(input_data, fos_instance) - - expected_data = { - 'admin': 'enable', - 'anomaly': 'enable', - 'auth': 'enable', - 'cpu-memory-usage': 'enable', - 'dhcp': 'enable', - 'dlp-archive': 'enable', - 'dns': 'enable', - 'event': 'enable', - 'filter': 'test_value_11', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'ha': 'enable', - 'ipsec': 'enable', - 'ldb-monitor': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_20,', - 'netscan-vulnerability': 'test_value_21,', - 'pattern': 'enable', - 'ppp': 'enable', - 'radius': 'enable', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'sslvpn-log-adm': 'enable', - 'sslvpn-log-auth': 'enable', - 'sslvpn-log-session': 'enable', - 'system': 'enable', - 'vip-ssl': 'enable', - 'voip': 'enable', - 'wan-opt': 'enable', - 'wireless-activity': 'enable' - } - - set_method_mock.assert_called_with('log.disk', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_disk_filter_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_disk_filter': { - 'admin': 'enable', - 'anomaly': 'enable', - 'auth': 'enable', - 'cpu_memory_usage': 'enable', - 'dhcp': 'enable', - 'dlp_archive': 'enable', - 'dns': 'enable', - 'event': 'enable', - 'filter': 'test_value_11', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'ha': 'enable', - 'ipsec': 'enable', - 'ldb_monitor': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_20,', - 'netscan_vulnerability': 'test_value_21,', - 'pattern': 'enable', - 'ppp': 'enable', - 'radius': 'enable', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'sslvpn_log_adm': 'enable', - 'sslvpn_log_auth': 'enable', - 'sslvpn_log_session': 'enable', - 'system': 'enable', - 'vip_ssl': 'enable', - 'voip': 'enable', - 'wan_opt': 'enable', - 'wireless_activity': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_disk_filter.fortios_log_disk(input_data, fos_instance) - - expected_data = { - 'admin': 'enable', - 'anomaly': 'enable', - 'auth': 'enable', - 'cpu-memory-usage': 'enable', - 'dhcp': 'enable', - 'dlp-archive': 'enable', - 'dns': 'enable', - 'event': 'enable', - 'filter': 'test_value_11', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'ha': 'enable', - 'ipsec': 'enable', - 'ldb-monitor': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_20,', - 'netscan-vulnerability': 'test_value_21,', - 'pattern': 'enable', - 'ppp': 'enable', - 'radius': 'enable', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'sslvpn-log-adm': 'enable', - 'sslvpn-log-auth': 'enable', - 'sslvpn-log-session': 'enable', - 'system': 'enable', - 'vip-ssl': 'enable', - 'voip': 'enable', - 'wan-opt': 'enable', - 'wireless-activity': 'enable' - } - - set_method_mock.assert_called_with('log.disk', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_disk_filter_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_disk_filter': { - 'admin': 'enable', - 'anomaly': 'enable', - 'auth': 'enable', - 'cpu_memory_usage': 'enable', - 'dhcp': 'enable', - 'dlp_archive': 'enable', - 'dns': 'enable', - 'event': 'enable', - 'filter': 'test_value_11', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'ha': 'enable', - 'ipsec': 'enable', - 'ldb_monitor': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_20,', - 'netscan_vulnerability': 'test_value_21,', - 'pattern': 'enable', - 'ppp': 'enable', - 'radius': 'enable', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'sslvpn_log_adm': 'enable', - 'sslvpn_log_auth': 'enable', - 'sslvpn_log_session': 'enable', - 'system': 'enable', - 'vip_ssl': 'enable', - 'voip': 'enable', - 'wan_opt': 'enable', - 'wireless_activity': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_disk_filter.fortios_log_disk(input_data, fos_instance) - - expected_data = { - 'admin': 'enable', - 'anomaly': 'enable', - 'auth': 'enable', - 'cpu-memory-usage': 'enable', - 'dhcp': 'enable', - 'dlp-archive': 'enable', - 'dns': 'enable', - 'event': 'enable', - 'filter': 'test_value_11', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'ha': 'enable', - 'ipsec': 'enable', - 'ldb-monitor': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_20,', - 'netscan-vulnerability': 'test_value_21,', - 'pattern': 'enable', - 'ppp': 'enable', - 'radius': 'enable', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'sslvpn-log-adm': 'enable', - 'sslvpn-log-auth': 'enable', - 'sslvpn-log-session': 'enable', - 'system': 'enable', - 'vip-ssl': 'enable', - 'voip': 'enable', - 'wan-opt': 'enable', - 'wireless-activity': 'enable' - } - - set_method_mock.assert_called_with('log.disk', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_disk_filter_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_disk_filter': { - 'random_attribute_not_valid': 'tag', - 'admin': 'enable', - 'anomaly': 'enable', - 'auth': 'enable', - 'cpu_memory_usage': 'enable', - 'dhcp': 'enable', - 'dlp_archive': 'enable', - 'dns': 'enable', - 'event': 'enable', - 'filter': 'test_value_11', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'ha': 'enable', - 'ipsec': 'enable', - 'ldb_monitor': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_20,', - 'netscan_vulnerability': 'test_value_21,', - 'pattern': 'enable', - 'ppp': 'enable', - 'radius': 'enable', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'sslvpn_log_adm': 'enable', - 'sslvpn_log_auth': 'enable', - 'sslvpn_log_session': 'enable', - 'system': 'enable', - 'vip_ssl': 'enable', - 'voip': 'enable', - 'wan_opt': 'enable', - 'wireless_activity': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_disk_filter.fortios_log_disk(input_data, fos_instance) - - expected_data = { - 'admin': 'enable', - 'anomaly': 'enable', - 'auth': 'enable', - 'cpu-memory-usage': 'enable', - 'dhcp': 'enable', - 'dlp-archive': 'enable', - 'dns': 'enable', - 'event': 'enable', - 'filter': 'test_value_11', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'ha': 'enable', - 'ipsec': 'enable', - 'ldb-monitor': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_20,', - 'netscan-vulnerability': 'test_value_21,', - 'pattern': 'enable', - 'ppp': 'enable', - 'radius': 'enable', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'sslvpn-log-adm': 'enable', - 'sslvpn-log-auth': 'enable', - 'sslvpn-log-session': 'enable', - 'system': 'enable', - 'vip-ssl': 'enable', - 'voip': 'enable', - 'wan-opt': 'enable', - 'wireless-activity': 'enable' - } - - set_method_mock.assert_called_with('log.disk', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_disk_setting.py b/test/units/modules/network/fortios/test_fortios_log_disk_setting.py deleted file mode 100644 index 17515716785..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_disk_setting.py +++ /dev/null @@ -1,367 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_disk_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_disk_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_disk_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_disk_setting': { - 'diskfull': 'overwrite', - 'dlp_archive_quota': '4', - 'full_final_warning_threshold': '5', - 'full_first_warning_threshold': '6', - 'full_second_warning_threshold': '7', - 'ips_archive': 'enable', - 'log_quota': '9', - 'max_log_file_size': '10', - 'max_policy_packet_capture_size': '11', - 'maximum_log_age': '12', - 'report_quota': '13', - 'roll_day': 'sunday', - 'roll_schedule': 'daily', - 'roll_time': 'test_value_16', - 'source_ip': '84.230.14.17', - 'status': 'enable', - 'upload': 'enable', - 'upload_delete_files': 'enable', - 'upload_destination': 'ftp-server', - 'upload_ssl_conn': 'default', - 'uploaddir': 'test_value_23', - 'uploadip': 'test_value_24', - 'uploadpass': 'test_value_25', - 'uploadport': '26', - 'uploadsched': 'disable', - 'uploadtime': 'test_value_28', - 'uploadtype': 'traffic', - 'uploaduser': 'test_value_30' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_disk_setting.fortios_log_disk(input_data, fos_instance) - - expected_data = { - 'diskfull': 'overwrite', - 'dlp-archive-quota': '4', - 'full-final-warning-threshold': '5', - 'full-first-warning-threshold': '6', - 'full-second-warning-threshold': '7', - 'ips-archive': 'enable', - 'log-quota': '9', - 'max-log-file-size': '10', - 'max-policy-packet-capture-size': '11', - 'maximum-log-age': '12', - 'report-quota': '13', - 'roll-day': 'sunday', - 'roll-schedule': 'daily', - 'roll-time': 'test_value_16', - 'source-ip': '84.230.14.17', - 'status': 'enable', - 'upload': 'enable', - 'upload-delete-files': 'enable', - 'upload-destination': 'ftp-server', - 'upload-ssl-conn': 'default', - 'uploaddir': 'test_value_23', - 'uploadip': 'test_value_24', - 'uploadpass': 'test_value_25', - 'uploadport': '26', - 'uploadsched': 'disable', - 'uploadtime': 'test_value_28', - 'uploadtype': 'traffic', - 'uploaduser': 'test_value_30' - } - - set_method_mock.assert_called_with('log.disk', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_disk_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_disk_setting': { - 'diskfull': 'overwrite', - 'dlp_archive_quota': '4', - 'full_final_warning_threshold': '5', - 'full_first_warning_threshold': '6', - 'full_second_warning_threshold': '7', - 'ips_archive': 'enable', - 'log_quota': '9', - 'max_log_file_size': '10', - 'max_policy_packet_capture_size': '11', - 'maximum_log_age': '12', - 'report_quota': '13', - 'roll_day': 'sunday', - 'roll_schedule': 'daily', - 'roll_time': 'test_value_16', - 'source_ip': '84.230.14.17', - 'status': 'enable', - 'upload': 'enable', - 'upload_delete_files': 'enable', - 'upload_destination': 'ftp-server', - 'upload_ssl_conn': 'default', - 'uploaddir': 'test_value_23', - 'uploadip': 'test_value_24', - 'uploadpass': 'test_value_25', - 'uploadport': '26', - 'uploadsched': 'disable', - 'uploadtime': 'test_value_28', - 'uploadtype': 'traffic', - 'uploaduser': 'test_value_30' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_disk_setting.fortios_log_disk(input_data, fos_instance) - - expected_data = { - 'diskfull': 'overwrite', - 'dlp-archive-quota': '4', - 'full-final-warning-threshold': '5', - 'full-first-warning-threshold': '6', - 'full-second-warning-threshold': '7', - 'ips-archive': 'enable', - 'log-quota': '9', - 'max-log-file-size': '10', - 'max-policy-packet-capture-size': '11', - 'maximum-log-age': '12', - 'report-quota': '13', - 'roll-day': 'sunday', - 'roll-schedule': 'daily', - 'roll-time': 'test_value_16', - 'source-ip': '84.230.14.17', - 'status': 'enable', - 'upload': 'enable', - 'upload-delete-files': 'enable', - 'upload-destination': 'ftp-server', - 'upload-ssl-conn': 'default', - 'uploaddir': 'test_value_23', - 'uploadip': 'test_value_24', - 'uploadpass': 'test_value_25', - 'uploadport': '26', - 'uploadsched': 'disable', - 'uploadtime': 'test_value_28', - 'uploadtype': 'traffic', - 'uploaduser': 'test_value_30' - } - - set_method_mock.assert_called_with('log.disk', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_disk_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_disk_setting': { - 'diskfull': 'overwrite', - 'dlp_archive_quota': '4', - 'full_final_warning_threshold': '5', - 'full_first_warning_threshold': '6', - 'full_second_warning_threshold': '7', - 'ips_archive': 'enable', - 'log_quota': '9', - 'max_log_file_size': '10', - 'max_policy_packet_capture_size': '11', - 'maximum_log_age': '12', - 'report_quota': '13', - 'roll_day': 'sunday', - 'roll_schedule': 'daily', - 'roll_time': 'test_value_16', - 'source_ip': '84.230.14.17', - 'status': 'enable', - 'upload': 'enable', - 'upload_delete_files': 'enable', - 'upload_destination': 'ftp-server', - 'upload_ssl_conn': 'default', - 'uploaddir': 'test_value_23', - 'uploadip': 'test_value_24', - 'uploadpass': 'test_value_25', - 'uploadport': '26', - 'uploadsched': 'disable', - 'uploadtime': 'test_value_28', - 'uploadtype': 'traffic', - 'uploaduser': 'test_value_30' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_disk_setting.fortios_log_disk(input_data, fos_instance) - - expected_data = { - 'diskfull': 'overwrite', - 'dlp-archive-quota': '4', - 'full-final-warning-threshold': '5', - 'full-first-warning-threshold': '6', - 'full-second-warning-threshold': '7', - 'ips-archive': 'enable', - 'log-quota': '9', - 'max-log-file-size': '10', - 'max-policy-packet-capture-size': '11', - 'maximum-log-age': '12', - 'report-quota': '13', - 'roll-day': 'sunday', - 'roll-schedule': 'daily', - 'roll-time': 'test_value_16', - 'source-ip': '84.230.14.17', - 'status': 'enable', - 'upload': 'enable', - 'upload-delete-files': 'enable', - 'upload-destination': 'ftp-server', - 'upload-ssl-conn': 'default', - 'uploaddir': 'test_value_23', - 'uploadip': 'test_value_24', - 'uploadpass': 'test_value_25', - 'uploadport': '26', - 'uploadsched': 'disable', - 'uploadtime': 'test_value_28', - 'uploadtype': 'traffic', - 'uploaduser': 'test_value_30' - } - - set_method_mock.assert_called_with('log.disk', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_disk_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_disk_setting': { - 'random_attribute_not_valid': 'tag', - 'diskfull': 'overwrite', - 'dlp_archive_quota': '4', - 'full_final_warning_threshold': '5', - 'full_first_warning_threshold': '6', - 'full_second_warning_threshold': '7', - 'ips_archive': 'enable', - 'log_quota': '9', - 'max_log_file_size': '10', - 'max_policy_packet_capture_size': '11', - 'maximum_log_age': '12', - 'report_quota': '13', - 'roll_day': 'sunday', - 'roll_schedule': 'daily', - 'roll_time': 'test_value_16', - 'source_ip': '84.230.14.17', - 'status': 'enable', - 'upload': 'enable', - 'upload_delete_files': 'enable', - 'upload_destination': 'ftp-server', - 'upload_ssl_conn': 'default', - 'uploaddir': 'test_value_23', - 'uploadip': 'test_value_24', - 'uploadpass': 'test_value_25', - 'uploadport': '26', - 'uploadsched': 'disable', - 'uploadtime': 'test_value_28', - 'uploadtype': 'traffic', - 'uploaduser': 'test_value_30' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_disk_setting.fortios_log_disk(input_data, fos_instance) - - expected_data = { - 'diskfull': 'overwrite', - 'dlp-archive-quota': '4', - 'full-final-warning-threshold': '5', - 'full-first-warning-threshold': '6', - 'full-second-warning-threshold': '7', - 'ips-archive': 'enable', - 'log-quota': '9', - 'max-log-file-size': '10', - 'max-policy-packet-capture-size': '11', - 'maximum-log-age': '12', - 'report-quota': '13', - 'roll-day': 'sunday', - 'roll-schedule': 'daily', - 'roll-time': 'test_value_16', - 'source-ip': '84.230.14.17', - 'status': 'enable', - 'upload': 'enable', - 'upload-delete-files': 'enable', - 'upload-destination': 'ftp-server', - 'upload-ssl-conn': 'default', - 'uploaddir': 'test_value_23', - 'uploadip': 'test_value_24', - 'uploadpass': 'test_value_25', - 'uploadport': '26', - 'uploadsched': 'disable', - 'uploadtime': 'test_value_28', - 'uploadtype': 'traffic', - 'uploaduser': 'test_value_30' - } - - set_method_mock.assert_called_with('log.disk', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_eventfilter.py b/test/units/modules/network/fortios/test_fortios_log_eventfilter.py deleted file mode 100644 index 09d66d4adaa..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_eventfilter.py +++ /dev/null @@ -1,231 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_eventfilter -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_eventfilter.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_eventfilter_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_eventfilter': { - 'compliance_check': 'enable', - 'endpoint': 'enable', - 'event': 'enable', - 'ha': 'enable', - 'router': 'enable', - 'security_rating': 'enable', - 'system': 'enable', - 'user': 'enable', - 'vpn': 'enable', - 'wan_opt': 'enable', - 'wireless_activity': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_eventfilter.fortios_log(input_data, fos_instance) - - expected_data = { - 'compliance-check': 'enable', - 'endpoint': 'enable', - 'event': 'enable', - 'ha': 'enable', - 'router': 'enable', - 'security-rating': 'enable', - 'system': 'enable', - 'user': 'enable', - 'vpn': 'enable', - 'wan-opt': 'enable', - 'wireless-activity': 'enable' - } - - set_method_mock.assert_called_with('log', 'eventfilter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_eventfilter_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_eventfilter': { - 'compliance_check': 'enable', - 'endpoint': 'enable', - 'event': 'enable', - 'ha': 'enable', - 'router': 'enable', - 'security_rating': 'enable', - 'system': 'enable', - 'user': 'enable', - 'vpn': 'enable', - 'wan_opt': 'enable', - 'wireless_activity': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_eventfilter.fortios_log(input_data, fos_instance) - - expected_data = { - 'compliance-check': 'enable', - 'endpoint': 'enable', - 'event': 'enable', - 'ha': 'enable', - 'router': 'enable', - 'security-rating': 'enable', - 'system': 'enable', - 'user': 'enable', - 'vpn': 'enable', - 'wan-opt': 'enable', - 'wireless-activity': 'enable' - } - - set_method_mock.assert_called_with('log', 'eventfilter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_eventfilter_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_eventfilter': { - 'compliance_check': 'enable', - 'endpoint': 'enable', - 'event': 'enable', - 'ha': 'enable', - 'router': 'enable', - 'security_rating': 'enable', - 'system': 'enable', - 'user': 'enable', - 'vpn': 'enable', - 'wan_opt': 'enable', - 'wireless_activity': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_eventfilter.fortios_log(input_data, fos_instance) - - expected_data = { - 'compliance-check': 'enable', - 'endpoint': 'enable', - 'event': 'enable', - 'ha': 'enable', - 'router': 'enable', - 'security-rating': 'enable', - 'system': 'enable', - 'user': 'enable', - 'vpn': 'enable', - 'wan-opt': 'enable', - 'wireless-activity': 'enable' - } - - set_method_mock.assert_called_with('log', 'eventfilter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_eventfilter_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_eventfilter': { - 'random_attribute_not_valid': 'tag', - 'compliance_check': 'enable', - 'endpoint': 'enable', - 'event': 'enable', - 'ha': 'enable', - 'router': 'enable', - 'security_rating': 'enable', - 'system': 'enable', - 'user': 'enable', - 'vpn': 'enable', - 'wan_opt': 'enable', - 'wireless_activity': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_eventfilter.fortios_log(input_data, fos_instance) - - expected_data = { - 'compliance-check': 'enable', - 'endpoint': 'enable', - 'event': 'enable', - 'ha': 'enable', - 'router': 'enable', - 'security-rating': 'enable', - 'system': 'enable', - 'user': 'enable', - 'vpn': 'enable', - 'wan-opt': 'enable', - 'wireless-activity': 'enable' - } - - set_method_mock.assert_called_with('log', 'eventfilter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_fortianalyzer2_filter.py b/test/units/modules/network/fortios/test_fortios_log_fortianalyzer2_filter.py deleted file mode 100644 index 76436603613..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_fortianalyzer2_filter.py +++ /dev/null @@ -1,263 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_fortianalyzer2_filter -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortianalyzer2_filter.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_fortianalyzer2_filter_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer2_filter': { - 'anomaly': 'enable', - 'dlp_archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_12,', - 'netscan_vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer2_filter.fortios_log_fortianalyzer2(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dlp-archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_12,', - 'netscan-vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.fortianalyzer2', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_fortianalyzer2_filter_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer2_filter': { - 'anomaly': 'enable', - 'dlp_archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_12,', - 'netscan_vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer2_filter.fortios_log_fortianalyzer2(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dlp-archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_12,', - 'netscan-vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.fortianalyzer2', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_fortianalyzer2_filter_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer2_filter': { - 'anomaly': 'enable', - 'dlp_archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_12,', - 'netscan_vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer2_filter.fortios_log_fortianalyzer2(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dlp-archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_12,', - 'netscan-vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.fortianalyzer2', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_fortianalyzer2_filter_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer2_filter': { - 'random_attribute_not_valid': 'tag', - 'anomaly': 'enable', - 'dlp_archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_12,', - 'netscan_vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer2_filter.fortios_log_fortianalyzer2(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dlp-archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_12,', - 'netscan-vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.fortianalyzer2', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_fortianalyzer2_setting.py b/test/units/modules/network/fortios/test_fortios_log_fortianalyzer2_setting.py deleted file mode 100644 index 7b1b3269d30..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_fortianalyzer2_setting.py +++ /dev/null @@ -1,295 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_fortianalyzer2_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortianalyzer2_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_fortianalyzer2_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer2_setting': { - '__change_ip': '3', - 'certificate': 'test_value_4', - 'conn_timeout': '5', - 'enc_algorithm': 'high-medium', - 'faz_type': '7', - 'hmac_algorithm': 'sha256', - 'ips_archive': 'enable', - 'mgmt_name': 'test_value_10', - 'monitor_failure_retry_period': '11', - 'monitor_keepalive_period': '12', - 'reliable': 'enable', - 'server': '192.168.100.14', - 'source_ip': '84.230.14.15', - 'ssl_min_proto_version': 'default', - 'status': 'enable', - 'upload_day': 'test_value_18', - 'upload_interval': 'daily', - 'upload_option': 'store-and-upload', - 'upload_time': 'test_value_21' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer2_setting.fortios_log_fortianalyzer2(input_data, fos_instance) - - expected_data = { - '--change-ip': '3', - 'certificate': 'test_value_4', - 'conn-timeout': '5', - 'enc-algorithm': 'high-medium', - 'faz-type': '7', - 'hmac-algorithm': 'sha256', - 'ips-archive': 'enable', - 'mgmt-name': 'test_value_10', - 'monitor-failure-retry-period': '11', - 'monitor-keepalive-period': '12', - 'reliable': 'enable', - 'server': '192.168.100.14', - 'source-ip': '84.230.14.15', - 'ssl-min-proto-version': 'default', - 'status': 'enable', - 'upload-day': 'test_value_18', - 'upload-interval': 'daily', - 'upload-option': 'store-and-upload', - 'upload-time': 'test_value_21' - } - - set_method_mock.assert_called_with('log.fortianalyzer2', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_fortianalyzer2_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer2_setting': { - '__change_ip': '3', - 'certificate': 'test_value_4', - 'conn_timeout': '5', - 'enc_algorithm': 'high-medium', - 'faz_type': '7', - 'hmac_algorithm': 'sha256', - 'ips_archive': 'enable', - 'mgmt_name': 'test_value_10', - 'monitor_failure_retry_period': '11', - 'monitor_keepalive_period': '12', - 'reliable': 'enable', - 'server': '192.168.100.14', - 'source_ip': '84.230.14.15', - 'ssl_min_proto_version': 'default', - 'status': 'enable', - 'upload_day': 'test_value_18', - 'upload_interval': 'daily', - 'upload_option': 'store-and-upload', - 'upload_time': 'test_value_21' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer2_setting.fortios_log_fortianalyzer2(input_data, fos_instance) - - expected_data = { - '--change-ip': '3', - 'certificate': 'test_value_4', - 'conn-timeout': '5', - 'enc-algorithm': 'high-medium', - 'faz-type': '7', - 'hmac-algorithm': 'sha256', - 'ips-archive': 'enable', - 'mgmt-name': 'test_value_10', - 'monitor-failure-retry-period': '11', - 'monitor-keepalive-period': '12', - 'reliable': 'enable', - 'server': '192.168.100.14', - 'source-ip': '84.230.14.15', - 'ssl-min-proto-version': 'default', - 'status': 'enable', - 'upload-day': 'test_value_18', - 'upload-interval': 'daily', - 'upload-option': 'store-and-upload', - 'upload-time': 'test_value_21' - } - - set_method_mock.assert_called_with('log.fortianalyzer2', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_fortianalyzer2_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer2_setting': { - '__change_ip': '3', - 'certificate': 'test_value_4', - 'conn_timeout': '5', - 'enc_algorithm': 'high-medium', - 'faz_type': '7', - 'hmac_algorithm': 'sha256', - 'ips_archive': 'enable', - 'mgmt_name': 'test_value_10', - 'monitor_failure_retry_period': '11', - 'monitor_keepalive_period': '12', - 'reliable': 'enable', - 'server': '192.168.100.14', - 'source_ip': '84.230.14.15', - 'ssl_min_proto_version': 'default', - 'status': 'enable', - 'upload_day': 'test_value_18', - 'upload_interval': 'daily', - 'upload_option': 'store-and-upload', - 'upload_time': 'test_value_21' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer2_setting.fortios_log_fortianalyzer2(input_data, fos_instance) - - expected_data = { - '--change-ip': '3', - 'certificate': 'test_value_4', - 'conn-timeout': '5', - 'enc-algorithm': 'high-medium', - 'faz-type': '7', - 'hmac-algorithm': 'sha256', - 'ips-archive': 'enable', - 'mgmt-name': 'test_value_10', - 'monitor-failure-retry-period': '11', - 'monitor-keepalive-period': '12', - 'reliable': 'enable', - 'server': '192.168.100.14', - 'source-ip': '84.230.14.15', - 'ssl-min-proto-version': 'default', - 'status': 'enable', - 'upload-day': 'test_value_18', - 'upload-interval': 'daily', - 'upload-option': 'store-and-upload', - 'upload-time': 'test_value_21' - } - - set_method_mock.assert_called_with('log.fortianalyzer2', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_fortianalyzer2_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer2_setting': { - 'random_attribute_not_valid': 'tag', - '__change_ip': '3', - 'certificate': 'test_value_4', - 'conn_timeout': '5', - 'enc_algorithm': 'high-medium', - 'faz_type': '7', - 'hmac_algorithm': 'sha256', - 'ips_archive': 'enable', - 'mgmt_name': 'test_value_10', - 'monitor_failure_retry_period': '11', - 'monitor_keepalive_period': '12', - 'reliable': 'enable', - 'server': '192.168.100.14', - 'source_ip': '84.230.14.15', - 'ssl_min_proto_version': 'default', - 'status': 'enable', - 'upload_day': 'test_value_18', - 'upload_interval': 'daily', - 'upload_option': 'store-and-upload', - 'upload_time': 'test_value_21' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer2_setting.fortios_log_fortianalyzer2(input_data, fos_instance) - - expected_data = { - '--change-ip': '3', - 'certificate': 'test_value_4', - 'conn-timeout': '5', - 'enc-algorithm': 'high-medium', - 'faz-type': '7', - 'hmac-algorithm': 'sha256', - 'ips-archive': 'enable', - 'mgmt-name': 'test_value_10', - 'monitor-failure-retry-period': '11', - 'monitor-keepalive-period': '12', - 'reliable': 'enable', - 'server': '192.168.100.14', - 'source-ip': '84.230.14.15', - 'ssl-min-proto-version': 'default', - 'status': 'enable', - 'upload-day': 'test_value_18', - 'upload-interval': 'daily', - 'upload-option': 'store-and-upload', - 'upload-time': 'test_value_21' - } - - set_method_mock.assert_called_with('log.fortianalyzer2', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_fortianalyzer3_filter.py b/test/units/modules/network/fortios/test_fortios_log_fortianalyzer3_filter.py deleted file mode 100644 index 325f4cace17..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_fortianalyzer3_filter.py +++ /dev/null @@ -1,263 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_fortianalyzer3_filter -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortianalyzer3_filter.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_fortianalyzer3_filter_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer3_filter': { - 'anomaly': 'enable', - 'dlp_archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_12,', - 'netscan_vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer3_filter.fortios_log_fortianalyzer3(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dlp-archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_12,', - 'netscan-vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.fortianalyzer3', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_fortianalyzer3_filter_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer3_filter': { - 'anomaly': 'enable', - 'dlp_archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_12,', - 'netscan_vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer3_filter.fortios_log_fortianalyzer3(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dlp-archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_12,', - 'netscan-vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.fortianalyzer3', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_fortianalyzer3_filter_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer3_filter': { - 'anomaly': 'enable', - 'dlp_archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_12,', - 'netscan_vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer3_filter.fortios_log_fortianalyzer3(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dlp-archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_12,', - 'netscan-vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.fortianalyzer3', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_fortianalyzer3_filter_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer3_filter': { - 'random_attribute_not_valid': 'tag', - 'anomaly': 'enable', - 'dlp_archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_12,', - 'netscan_vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer3_filter.fortios_log_fortianalyzer3(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dlp-archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_12,', - 'netscan-vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.fortianalyzer3', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_fortianalyzer3_setting.py b/test/units/modules/network/fortios/test_fortios_log_fortianalyzer3_setting.py deleted file mode 100644 index 59a76a48e46..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_fortianalyzer3_setting.py +++ /dev/null @@ -1,295 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_fortianalyzer3_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortianalyzer3_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_fortianalyzer3_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer3_setting': { - '__change_ip': '3', - 'certificate': 'test_value_4', - 'conn_timeout': '5', - 'enc_algorithm': 'high-medium', - 'faz_type': '7', - 'hmac_algorithm': 'sha256', - 'ips_archive': 'enable', - 'mgmt_name': 'test_value_10', - 'monitor_failure_retry_period': '11', - 'monitor_keepalive_period': '12', - 'reliable': 'enable', - 'server': '192.168.100.14', - 'source_ip': '84.230.14.15', - 'ssl_min_proto_version': 'default', - 'status': 'enable', - 'upload_day': 'test_value_18', - 'upload_interval': 'daily', - 'upload_option': 'store-and-upload', - 'upload_time': 'test_value_21' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer3_setting.fortios_log_fortianalyzer3(input_data, fos_instance) - - expected_data = { - '--change-ip': '3', - 'certificate': 'test_value_4', - 'conn-timeout': '5', - 'enc-algorithm': 'high-medium', - 'faz-type': '7', - 'hmac-algorithm': 'sha256', - 'ips-archive': 'enable', - 'mgmt-name': 'test_value_10', - 'monitor-failure-retry-period': '11', - 'monitor-keepalive-period': '12', - 'reliable': 'enable', - 'server': '192.168.100.14', - 'source-ip': '84.230.14.15', - 'ssl-min-proto-version': 'default', - 'status': 'enable', - 'upload-day': 'test_value_18', - 'upload-interval': 'daily', - 'upload-option': 'store-and-upload', - 'upload-time': 'test_value_21' - } - - set_method_mock.assert_called_with('log.fortianalyzer3', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_fortianalyzer3_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer3_setting': { - '__change_ip': '3', - 'certificate': 'test_value_4', - 'conn_timeout': '5', - 'enc_algorithm': 'high-medium', - 'faz_type': '7', - 'hmac_algorithm': 'sha256', - 'ips_archive': 'enable', - 'mgmt_name': 'test_value_10', - 'monitor_failure_retry_period': '11', - 'monitor_keepalive_period': '12', - 'reliable': 'enable', - 'server': '192.168.100.14', - 'source_ip': '84.230.14.15', - 'ssl_min_proto_version': 'default', - 'status': 'enable', - 'upload_day': 'test_value_18', - 'upload_interval': 'daily', - 'upload_option': 'store-and-upload', - 'upload_time': 'test_value_21' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer3_setting.fortios_log_fortianalyzer3(input_data, fos_instance) - - expected_data = { - '--change-ip': '3', - 'certificate': 'test_value_4', - 'conn-timeout': '5', - 'enc-algorithm': 'high-medium', - 'faz-type': '7', - 'hmac-algorithm': 'sha256', - 'ips-archive': 'enable', - 'mgmt-name': 'test_value_10', - 'monitor-failure-retry-period': '11', - 'monitor-keepalive-period': '12', - 'reliable': 'enable', - 'server': '192.168.100.14', - 'source-ip': '84.230.14.15', - 'ssl-min-proto-version': 'default', - 'status': 'enable', - 'upload-day': 'test_value_18', - 'upload-interval': 'daily', - 'upload-option': 'store-and-upload', - 'upload-time': 'test_value_21' - } - - set_method_mock.assert_called_with('log.fortianalyzer3', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_fortianalyzer3_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer3_setting': { - '__change_ip': '3', - 'certificate': 'test_value_4', - 'conn_timeout': '5', - 'enc_algorithm': 'high-medium', - 'faz_type': '7', - 'hmac_algorithm': 'sha256', - 'ips_archive': 'enable', - 'mgmt_name': 'test_value_10', - 'monitor_failure_retry_period': '11', - 'monitor_keepalive_period': '12', - 'reliable': 'enable', - 'server': '192.168.100.14', - 'source_ip': '84.230.14.15', - 'ssl_min_proto_version': 'default', - 'status': 'enable', - 'upload_day': 'test_value_18', - 'upload_interval': 'daily', - 'upload_option': 'store-and-upload', - 'upload_time': 'test_value_21' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer3_setting.fortios_log_fortianalyzer3(input_data, fos_instance) - - expected_data = { - '--change-ip': '3', - 'certificate': 'test_value_4', - 'conn-timeout': '5', - 'enc-algorithm': 'high-medium', - 'faz-type': '7', - 'hmac-algorithm': 'sha256', - 'ips-archive': 'enable', - 'mgmt-name': 'test_value_10', - 'monitor-failure-retry-period': '11', - 'monitor-keepalive-period': '12', - 'reliable': 'enable', - 'server': '192.168.100.14', - 'source-ip': '84.230.14.15', - 'ssl-min-proto-version': 'default', - 'status': 'enable', - 'upload-day': 'test_value_18', - 'upload-interval': 'daily', - 'upload-option': 'store-and-upload', - 'upload-time': 'test_value_21' - } - - set_method_mock.assert_called_with('log.fortianalyzer3', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_fortianalyzer3_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer3_setting': { - 'random_attribute_not_valid': 'tag', - '__change_ip': '3', - 'certificate': 'test_value_4', - 'conn_timeout': '5', - 'enc_algorithm': 'high-medium', - 'faz_type': '7', - 'hmac_algorithm': 'sha256', - 'ips_archive': 'enable', - 'mgmt_name': 'test_value_10', - 'monitor_failure_retry_period': '11', - 'monitor_keepalive_period': '12', - 'reliable': 'enable', - 'server': '192.168.100.14', - 'source_ip': '84.230.14.15', - 'ssl_min_proto_version': 'default', - 'status': 'enable', - 'upload_day': 'test_value_18', - 'upload_interval': 'daily', - 'upload_option': 'store-and-upload', - 'upload_time': 'test_value_21' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer3_setting.fortios_log_fortianalyzer3(input_data, fos_instance) - - expected_data = { - '--change-ip': '3', - 'certificate': 'test_value_4', - 'conn-timeout': '5', - 'enc-algorithm': 'high-medium', - 'faz-type': '7', - 'hmac-algorithm': 'sha256', - 'ips-archive': 'enable', - 'mgmt-name': 'test_value_10', - 'monitor-failure-retry-period': '11', - 'monitor-keepalive-period': '12', - 'reliable': 'enable', - 'server': '192.168.100.14', - 'source-ip': '84.230.14.15', - 'ssl-min-proto-version': 'default', - 'status': 'enable', - 'upload-day': 'test_value_18', - 'upload-interval': 'daily', - 'upload-option': 'store-and-upload', - 'upload-time': 'test_value_21' - } - - set_method_mock.assert_called_with('log.fortianalyzer3', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_fortianalyzer_filter.py b/test/units/modules/network/fortios/test_fortios_log_fortianalyzer_filter.py deleted file mode 100644 index cd3273cb330..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_fortianalyzer_filter.py +++ /dev/null @@ -1,263 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_fortianalyzer_filter -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortianalyzer_filter.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_fortianalyzer_filter_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer_filter': { - 'anomaly': 'enable', - 'dlp_archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_12,', - 'netscan_vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer_filter.fortios_log_fortianalyzer(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dlp-archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_12,', - 'netscan-vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.fortianalyzer', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_fortianalyzer_filter_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer_filter': { - 'anomaly': 'enable', - 'dlp_archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_12,', - 'netscan_vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer_filter.fortios_log_fortianalyzer(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dlp-archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_12,', - 'netscan-vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.fortianalyzer', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_fortianalyzer_filter_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer_filter': { - 'anomaly': 'enable', - 'dlp_archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_12,', - 'netscan_vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer_filter.fortios_log_fortianalyzer(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dlp-archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_12,', - 'netscan-vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.fortianalyzer', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_fortianalyzer_filter_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer_filter': { - 'random_attribute_not_valid': 'tag', - 'anomaly': 'enable', - 'dlp_archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_12,', - 'netscan_vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer_filter.fortios_log_fortianalyzer(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dlp-archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_12,', - 'netscan-vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.fortianalyzer', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_fortianalyzer_override_filter.py b/test/units/modules/network/fortios/test_fortios_log_fortianalyzer_override_filter.py deleted file mode 100644 index 30e42c9c2ad..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_fortianalyzer_override_filter.py +++ /dev/null @@ -1,263 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_fortianalyzer_override_filter -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortianalyzer_override_filter.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_fortianalyzer_override_filter_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer_override_filter': { - 'anomaly': 'enable', - 'dlp_archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_12,', - 'netscan_vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer_override_filter.fortios_log_fortianalyzer(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dlp-archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_12,', - 'netscan-vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.fortianalyzer', 'override-filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_fortianalyzer_override_filter_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer_override_filter': { - 'anomaly': 'enable', - 'dlp_archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_12,', - 'netscan_vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer_override_filter.fortios_log_fortianalyzer(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dlp-archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_12,', - 'netscan-vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.fortianalyzer', 'override-filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_fortianalyzer_override_filter_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer_override_filter': { - 'anomaly': 'enable', - 'dlp_archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_12,', - 'netscan_vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer_override_filter.fortios_log_fortianalyzer(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dlp-archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_12,', - 'netscan-vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.fortianalyzer', 'override-filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_fortianalyzer_override_filter_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer_override_filter': { - 'random_attribute_not_valid': 'tag', - 'anomaly': 'enable', - 'dlp_archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_12,', - 'netscan_vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer_override_filter.fortios_log_fortianalyzer(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dlp-archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_12,', - 'netscan-vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.fortianalyzer', 'override-filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_fortianalyzer_override_setting.py b/test/units/modules/network/fortios/test_fortios_log_fortianalyzer_override_setting.py deleted file mode 100644 index c933de926f1..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_fortianalyzer_override_setting.py +++ /dev/null @@ -1,311 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_fortianalyzer_override_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortianalyzer_override_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_fortianalyzer_override_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer_override_setting': { - '__change_ip': '3', - 'certificate': 'test_value_4', - 'conn_timeout': '5', - 'enc_algorithm': 'high-medium', - 'faz_type': '7', - 'hmac_algorithm': 'sha256', - 'ips_archive': 'enable', - 'mgmt_name': 'test_value_10', - 'monitor_failure_retry_period': '11', - 'monitor_keepalive_period': '12', - 'override': 'enable', - 'reliable': 'enable', - 'server': '192.168.100.15', - 'source_ip': '84.230.14.16', - 'ssl_min_proto_version': 'default', - 'status': 'enable', - 'upload_day': 'test_value_19', - 'upload_interval': 'daily', - 'upload_option': 'store-and-upload', - 'upload_time': 'test_value_22', - 'use_management_vdom': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer_override_setting.fortios_log_fortianalyzer(input_data, fos_instance) - - expected_data = { - '--change-ip': '3', - 'certificate': 'test_value_4', - 'conn-timeout': '5', - 'enc-algorithm': 'high-medium', - 'faz-type': '7', - 'hmac-algorithm': 'sha256', - 'ips-archive': 'enable', - 'mgmt-name': 'test_value_10', - 'monitor-failure-retry-period': '11', - 'monitor-keepalive-period': '12', - 'override': 'enable', - 'reliable': 'enable', - 'server': '192.168.100.15', - 'source-ip': '84.230.14.16', - 'ssl-min-proto-version': 'default', - 'status': 'enable', - 'upload-day': 'test_value_19', - 'upload-interval': 'daily', - 'upload-option': 'store-and-upload', - 'upload-time': 'test_value_22', - 'use-management-vdom': 'enable' - } - - set_method_mock.assert_called_with('log.fortianalyzer', 'override-setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_fortianalyzer_override_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer_override_setting': { - '__change_ip': '3', - 'certificate': 'test_value_4', - 'conn_timeout': '5', - 'enc_algorithm': 'high-medium', - 'faz_type': '7', - 'hmac_algorithm': 'sha256', - 'ips_archive': 'enable', - 'mgmt_name': 'test_value_10', - 'monitor_failure_retry_period': '11', - 'monitor_keepalive_period': '12', - 'override': 'enable', - 'reliable': 'enable', - 'server': '192.168.100.15', - 'source_ip': '84.230.14.16', - 'ssl_min_proto_version': 'default', - 'status': 'enable', - 'upload_day': 'test_value_19', - 'upload_interval': 'daily', - 'upload_option': 'store-and-upload', - 'upload_time': 'test_value_22', - 'use_management_vdom': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer_override_setting.fortios_log_fortianalyzer(input_data, fos_instance) - - expected_data = { - '--change-ip': '3', - 'certificate': 'test_value_4', - 'conn-timeout': '5', - 'enc-algorithm': 'high-medium', - 'faz-type': '7', - 'hmac-algorithm': 'sha256', - 'ips-archive': 'enable', - 'mgmt-name': 'test_value_10', - 'monitor-failure-retry-period': '11', - 'monitor-keepalive-period': '12', - 'override': 'enable', - 'reliable': 'enable', - 'server': '192.168.100.15', - 'source-ip': '84.230.14.16', - 'ssl-min-proto-version': 'default', - 'status': 'enable', - 'upload-day': 'test_value_19', - 'upload-interval': 'daily', - 'upload-option': 'store-and-upload', - 'upload-time': 'test_value_22', - 'use-management-vdom': 'enable' - } - - set_method_mock.assert_called_with('log.fortianalyzer', 'override-setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_fortianalyzer_override_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer_override_setting': { - '__change_ip': '3', - 'certificate': 'test_value_4', - 'conn_timeout': '5', - 'enc_algorithm': 'high-medium', - 'faz_type': '7', - 'hmac_algorithm': 'sha256', - 'ips_archive': 'enable', - 'mgmt_name': 'test_value_10', - 'monitor_failure_retry_period': '11', - 'monitor_keepalive_period': '12', - 'override': 'enable', - 'reliable': 'enable', - 'server': '192.168.100.15', - 'source_ip': '84.230.14.16', - 'ssl_min_proto_version': 'default', - 'status': 'enable', - 'upload_day': 'test_value_19', - 'upload_interval': 'daily', - 'upload_option': 'store-and-upload', - 'upload_time': 'test_value_22', - 'use_management_vdom': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer_override_setting.fortios_log_fortianalyzer(input_data, fos_instance) - - expected_data = { - '--change-ip': '3', - 'certificate': 'test_value_4', - 'conn-timeout': '5', - 'enc-algorithm': 'high-medium', - 'faz-type': '7', - 'hmac-algorithm': 'sha256', - 'ips-archive': 'enable', - 'mgmt-name': 'test_value_10', - 'monitor-failure-retry-period': '11', - 'monitor-keepalive-period': '12', - 'override': 'enable', - 'reliable': 'enable', - 'server': '192.168.100.15', - 'source-ip': '84.230.14.16', - 'ssl-min-proto-version': 'default', - 'status': 'enable', - 'upload-day': 'test_value_19', - 'upload-interval': 'daily', - 'upload-option': 'store-and-upload', - 'upload-time': 'test_value_22', - 'use-management-vdom': 'enable' - } - - set_method_mock.assert_called_with('log.fortianalyzer', 'override-setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_fortianalyzer_override_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer_override_setting': { - 'random_attribute_not_valid': 'tag', - '__change_ip': '3', - 'certificate': 'test_value_4', - 'conn_timeout': '5', - 'enc_algorithm': 'high-medium', - 'faz_type': '7', - 'hmac_algorithm': 'sha256', - 'ips_archive': 'enable', - 'mgmt_name': 'test_value_10', - 'monitor_failure_retry_period': '11', - 'monitor_keepalive_period': '12', - 'override': 'enable', - 'reliable': 'enable', - 'server': '192.168.100.15', - 'source_ip': '84.230.14.16', - 'ssl_min_proto_version': 'default', - 'status': 'enable', - 'upload_day': 'test_value_19', - 'upload_interval': 'daily', - 'upload_option': 'store-and-upload', - 'upload_time': 'test_value_22', - 'use_management_vdom': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer_override_setting.fortios_log_fortianalyzer(input_data, fos_instance) - - expected_data = { - '--change-ip': '3', - 'certificate': 'test_value_4', - 'conn-timeout': '5', - 'enc-algorithm': 'high-medium', - 'faz-type': '7', - 'hmac-algorithm': 'sha256', - 'ips-archive': 'enable', - 'mgmt-name': 'test_value_10', - 'monitor-failure-retry-period': '11', - 'monitor-keepalive-period': '12', - 'override': 'enable', - 'reliable': 'enable', - 'server': '192.168.100.15', - 'source-ip': '84.230.14.16', - 'ssl-min-proto-version': 'default', - 'status': 'enable', - 'upload-day': 'test_value_19', - 'upload-interval': 'daily', - 'upload-option': 'store-and-upload', - 'upload-time': 'test_value_22', - 'use-management-vdom': 'enable' - } - - set_method_mock.assert_called_with('log.fortianalyzer', 'override-setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_fortianalyzer_setting.py b/test/units/modules/network/fortios/test_fortios_log_fortianalyzer_setting.py deleted file mode 100644 index 6f19cf21e3e..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_fortianalyzer_setting.py +++ /dev/null @@ -1,295 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_fortianalyzer_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortianalyzer_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_fortianalyzer_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer_setting': { - '__change_ip': '3', - 'certificate': 'test_value_4', - 'conn_timeout': '5', - 'enc_algorithm': 'high-medium', - 'faz_type': '7', - 'hmac_algorithm': 'sha256', - 'ips_archive': 'enable', - 'mgmt_name': 'test_value_10', - 'monitor_failure_retry_period': '11', - 'monitor_keepalive_period': '12', - 'reliable': 'enable', - 'server': '192.168.100.14', - 'source_ip': '84.230.14.15', - 'ssl_min_proto_version': 'default', - 'status': 'enable', - 'upload_day': 'test_value_18', - 'upload_interval': 'daily', - 'upload_option': 'store-and-upload', - 'upload_time': 'test_value_21' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer_setting.fortios_log_fortianalyzer(input_data, fos_instance) - - expected_data = { - '--change-ip': '3', - 'certificate': 'test_value_4', - 'conn-timeout': '5', - 'enc-algorithm': 'high-medium', - 'faz-type': '7', - 'hmac-algorithm': 'sha256', - 'ips-archive': 'enable', - 'mgmt-name': 'test_value_10', - 'monitor-failure-retry-period': '11', - 'monitor-keepalive-period': '12', - 'reliable': 'enable', - 'server': '192.168.100.14', - 'source-ip': '84.230.14.15', - 'ssl-min-proto-version': 'default', - 'status': 'enable', - 'upload-day': 'test_value_18', - 'upload-interval': 'daily', - 'upload-option': 'store-and-upload', - 'upload-time': 'test_value_21' - } - - set_method_mock.assert_called_with('log.fortianalyzer', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_fortianalyzer_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer_setting': { - '__change_ip': '3', - 'certificate': 'test_value_4', - 'conn_timeout': '5', - 'enc_algorithm': 'high-medium', - 'faz_type': '7', - 'hmac_algorithm': 'sha256', - 'ips_archive': 'enable', - 'mgmt_name': 'test_value_10', - 'monitor_failure_retry_period': '11', - 'monitor_keepalive_period': '12', - 'reliable': 'enable', - 'server': '192.168.100.14', - 'source_ip': '84.230.14.15', - 'ssl_min_proto_version': 'default', - 'status': 'enable', - 'upload_day': 'test_value_18', - 'upload_interval': 'daily', - 'upload_option': 'store-and-upload', - 'upload_time': 'test_value_21' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer_setting.fortios_log_fortianalyzer(input_data, fos_instance) - - expected_data = { - '--change-ip': '3', - 'certificate': 'test_value_4', - 'conn-timeout': '5', - 'enc-algorithm': 'high-medium', - 'faz-type': '7', - 'hmac-algorithm': 'sha256', - 'ips-archive': 'enable', - 'mgmt-name': 'test_value_10', - 'monitor-failure-retry-period': '11', - 'monitor-keepalive-period': '12', - 'reliable': 'enable', - 'server': '192.168.100.14', - 'source-ip': '84.230.14.15', - 'ssl-min-proto-version': 'default', - 'status': 'enable', - 'upload-day': 'test_value_18', - 'upload-interval': 'daily', - 'upload-option': 'store-and-upload', - 'upload-time': 'test_value_21' - } - - set_method_mock.assert_called_with('log.fortianalyzer', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_fortianalyzer_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer_setting': { - '__change_ip': '3', - 'certificate': 'test_value_4', - 'conn_timeout': '5', - 'enc_algorithm': 'high-medium', - 'faz_type': '7', - 'hmac_algorithm': 'sha256', - 'ips_archive': 'enable', - 'mgmt_name': 'test_value_10', - 'monitor_failure_retry_period': '11', - 'monitor_keepalive_period': '12', - 'reliable': 'enable', - 'server': '192.168.100.14', - 'source_ip': '84.230.14.15', - 'ssl_min_proto_version': 'default', - 'status': 'enable', - 'upload_day': 'test_value_18', - 'upload_interval': 'daily', - 'upload_option': 'store-and-upload', - 'upload_time': 'test_value_21' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer_setting.fortios_log_fortianalyzer(input_data, fos_instance) - - expected_data = { - '--change-ip': '3', - 'certificate': 'test_value_4', - 'conn-timeout': '5', - 'enc-algorithm': 'high-medium', - 'faz-type': '7', - 'hmac-algorithm': 'sha256', - 'ips-archive': 'enable', - 'mgmt-name': 'test_value_10', - 'monitor-failure-retry-period': '11', - 'monitor-keepalive-period': '12', - 'reliable': 'enable', - 'server': '192.168.100.14', - 'source-ip': '84.230.14.15', - 'ssl-min-proto-version': 'default', - 'status': 'enable', - 'upload-day': 'test_value_18', - 'upload-interval': 'daily', - 'upload-option': 'store-and-upload', - 'upload-time': 'test_value_21' - } - - set_method_mock.assert_called_with('log.fortianalyzer', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_fortianalyzer_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortianalyzer_setting': { - 'random_attribute_not_valid': 'tag', - '__change_ip': '3', - 'certificate': 'test_value_4', - 'conn_timeout': '5', - 'enc_algorithm': 'high-medium', - 'faz_type': '7', - 'hmac_algorithm': 'sha256', - 'ips_archive': 'enable', - 'mgmt_name': 'test_value_10', - 'monitor_failure_retry_period': '11', - 'monitor_keepalive_period': '12', - 'reliable': 'enable', - 'server': '192.168.100.14', - 'source_ip': '84.230.14.15', - 'ssl_min_proto_version': 'default', - 'status': 'enable', - 'upload_day': 'test_value_18', - 'upload_interval': 'daily', - 'upload_option': 'store-and-upload', - 'upload_time': 'test_value_21' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortianalyzer_setting.fortios_log_fortianalyzer(input_data, fos_instance) - - expected_data = { - '--change-ip': '3', - 'certificate': 'test_value_4', - 'conn-timeout': '5', - 'enc-algorithm': 'high-medium', - 'faz-type': '7', - 'hmac-algorithm': 'sha256', - 'ips-archive': 'enable', - 'mgmt-name': 'test_value_10', - 'monitor-failure-retry-period': '11', - 'monitor-keepalive-period': '12', - 'reliable': 'enable', - 'server': '192.168.100.14', - 'source-ip': '84.230.14.15', - 'ssl-min-proto-version': 'default', - 'status': 'enable', - 'upload-day': 'test_value_18', - 'upload-interval': 'daily', - 'upload-option': 'store-and-upload', - 'upload-time': 'test_value_21' - } - - set_method_mock.assert_called_with('log.fortianalyzer', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_fortiguard_filter.py b/test/units/modules/network/fortios/test_fortios_log_fortiguard_filter.py deleted file mode 100644 index 94bf1ff49fa..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_fortiguard_filter.py +++ /dev/null @@ -1,263 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_fortiguard_filter -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortiguard_filter.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_fortiguard_filter_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortiguard_filter': { - 'anomaly': 'enable', - 'dlp_archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_12,', - 'netscan_vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortiguard_filter.fortios_log_fortiguard(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dlp-archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_12,', - 'netscan-vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.fortiguard', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_fortiguard_filter_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortiguard_filter': { - 'anomaly': 'enable', - 'dlp_archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_12,', - 'netscan_vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortiguard_filter.fortios_log_fortiguard(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dlp-archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_12,', - 'netscan-vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.fortiguard', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_fortiguard_filter_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortiguard_filter': { - 'anomaly': 'enable', - 'dlp_archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_12,', - 'netscan_vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortiguard_filter.fortios_log_fortiguard(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dlp-archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_12,', - 'netscan-vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.fortiguard', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_fortiguard_filter_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortiguard_filter': { - 'random_attribute_not_valid': 'tag', - 'anomaly': 'enable', - 'dlp_archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_12,', - 'netscan_vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortiguard_filter.fortios_log_fortiguard(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dlp-archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_12,', - 'netscan-vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.fortiguard', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_fortiguard_override_filter.py b/test/units/modules/network/fortios/test_fortios_log_fortiguard_override_filter.py deleted file mode 100644 index b28f9d81e3c..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_fortiguard_override_filter.py +++ /dev/null @@ -1,263 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_fortiguard_override_filter -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortiguard_override_filter.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_fortiguard_override_filter_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortiguard_override_filter': { - 'anomaly': 'enable', - 'dlp_archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_12,', - 'netscan_vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortiguard_override_filter.fortios_log_fortiguard(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dlp-archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_12,', - 'netscan-vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.fortiguard', 'override-filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_fortiguard_override_filter_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortiguard_override_filter': { - 'anomaly': 'enable', - 'dlp_archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_12,', - 'netscan_vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortiguard_override_filter.fortios_log_fortiguard(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dlp-archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_12,', - 'netscan-vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.fortiguard', 'override-filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_fortiguard_override_filter_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortiguard_override_filter': { - 'anomaly': 'enable', - 'dlp_archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_12,', - 'netscan_vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortiguard_override_filter.fortios_log_fortiguard(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dlp-archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_12,', - 'netscan-vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.fortiguard', 'override-filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_fortiguard_override_filter_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortiguard_override_filter': { - 'random_attribute_not_valid': 'tag', - 'anomaly': 'enable', - 'dlp_archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_12,', - 'netscan_vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortiguard_override_filter.fortios_log_fortiguard(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dlp-archive': 'enable', - 'dns': 'enable', - 'filter': 'test_value_6', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_12,', - 'netscan-vulnerability': 'test_value_13,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.fortiguard', 'override-filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_fortiguard_override_setting.py b/test/units/modules/network/fortios/test_fortios_log_fortiguard_override_setting.py deleted file mode 100644 index 4882a1027a5..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_fortiguard_override_setting.py +++ /dev/null @@ -1,191 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_fortiguard_override_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortiguard_override_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_fortiguard_override_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortiguard_override_setting': { - 'override': 'enable', - 'status': 'enable', - 'upload_day': 'test_value_5', - 'upload_interval': 'daily', - 'upload_option': 'store-and-upload', - 'upload_time': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortiguard_override_setting.fortios_log_fortiguard(input_data, fos_instance) - - expected_data = { - 'override': 'enable', - 'status': 'enable', - 'upload-day': 'test_value_5', - 'upload-interval': 'daily', - 'upload-option': 'store-and-upload', - 'upload-time': 'test_value_8' - } - - set_method_mock.assert_called_with('log.fortiguard', 'override-setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_fortiguard_override_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortiguard_override_setting': { - 'override': 'enable', - 'status': 'enable', - 'upload_day': 'test_value_5', - 'upload_interval': 'daily', - 'upload_option': 'store-and-upload', - 'upload_time': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortiguard_override_setting.fortios_log_fortiguard(input_data, fos_instance) - - expected_data = { - 'override': 'enable', - 'status': 'enable', - 'upload-day': 'test_value_5', - 'upload-interval': 'daily', - 'upload-option': 'store-and-upload', - 'upload-time': 'test_value_8' - } - - set_method_mock.assert_called_with('log.fortiguard', 'override-setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_fortiguard_override_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortiguard_override_setting': { - 'override': 'enable', - 'status': 'enable', - 'upload_day': 'test_value_5', - 'upload_interval': 'daily', - 'upload_option': 'store-and-upload', - 'upload_time': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortiguard_override_setting.fortios_log_fortiguard(input_data, fos_instance) - - expected_data = { - 'override': 'enable', - 'status': 'enable', - 'upload-day': 'test_value_5', - 'upload-interval': 'daily', - 'upload-option': 'store-and-upload', - 'upload-time': 'test_value_8' - } - - set_method_mock.assert_called_with('log.fortiguard', 'override-setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_fortiguard_override_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortiguard_override_setting': { - 'random_attribute_not_valid': 'tag', - 'override': 'enable', - 'status': 'enable', - 'upload_day': 'test_value_5', - 'upload_interval': 'daily', - 'upload_option': 'store-and-upload', - 'upload_time': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortiguard_override_setting.fortios_log_fortiguard(input_data, fos_instance) - - expected_data = { - 'override': 'enable', - 'status': 'enable', - 'upload-day': 'test_value_5', - 'upload-interval': 'daily', - 'upload-option': 'store-and-upload', - 'upload-time': 'test_value_8' - } - - set_method_mock.assert_called_with('log.fortiguard', 'override-setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_fortiguard_setting.py b/test/units/modules/network/fortios/test_fortios_log_fortiguard_setting.py deleted file mode 100644 index 5978b84e3e3..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_fortiguard_setting.py +++ /dev/null @@ -1,207 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_fortiguard_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_fortiguard_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_fortiguard_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortiguard_setting': { - 'enc_algorithm': 'high-medium', - 'source_ip': '84.230.14.4', - 'ssl_min_proto_version': 'default', - 'status': 'enable', - 'upload_day': 'test_value_7', - 'upload_interval': 'daily', - 'upload_option': 'store-and-upload', - 'upload_time': 'test_value_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortiguard_setting.fortios_log_fortiguard(input_data, fos_instance) - - expected_data = { - 'enc-algorithm': 'high-medium', - 'source-ip': '84.230.14.4', - 'ssl-min-proto-version': 'default', - 'status': 'enable', - 'upload-day': 'test_value_7', - 'upload-interval': 'daily', - 'upload-option': 'store-and-upload', - 'upload-time': 'test_value_10' - } - - set_method_mock.assert_called_with('log.fortiguard', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_fortiguard_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortiguard_setting': { - 'enc_algorithm': 'high-medium', - 'source_ip': '84.230.14.4', - 'ssl_min_proto_version': 'default', - 'status': 'enable', - 'upload_day': 'test_value_7', - 'upload_interval': 'daily', - 'upload_option': 'store-and-upload', - 'upload_time': 'test_value_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortiguard_setting.fortios_log_fortiguard(input_data, fos_instance) - - expected_data = { - 'enc-algorithm': 'high-medium', - 'source-ip': '84.230.14.4', - 'ssl-min-proto-version': 'default', - 'status': 'enable', - 'upload-day': 'test_value_7', - 'upload-interval': 'daily', - 'upload-option': 'store-and-upload', - 'upload-time': 'test_value_10' - } - - set_method_mock.assert_called_with('log.fortiguard', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_fortiguard_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortiguard_setting': { - 'enc_algorithm': 'high-medium', - 'source_ip': '84.230.14.4', - 'ssl_min_proto_version': 'default', - 'status': 'enable', - 'upload_day': 'test_value_7', - 'upload_interval': 'daily', - 'upload_option': 'store-and-upload', - 'upload_time': 'test_value_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortiguard_setting.fortios_log_fortiguard(input_data, fos_instance) - - expected_data = { - 'enc-algorithm': 'high-medium', - 'source-ip': '84.230.14.4', - 'ssl-min-proto-version': 'default', - 'status': 'enable', - 'upload-day': 'test_value_7', - 'upload-interval': 'daily', - 'upload-option': 'store-and-upload', - 'upload-time': 'test_value_10' - } - - set_method_mock.assert_called_with('log.fortiguard', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_fortiguard_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_fortiguard_setting': { - 'random_attribute_not_valid': 'tag', - 'enc_algorithm': 'high-medium', - 'source_ip': '84.230.14.4', - 'ssl_min_proto_version': 'default', - 'status': 'enable', - 'upload_day': 'test_value_7', - 'upload_interval': 'daily', - 'upload_option': 'store-and-upload', - 'upload_time': 'test_value_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_fortiguard_setting.fortios_log_fortiguard(input_data, fos_instance) - - expected_data = { - 'enc-algorithm': 'high-medium', - 'source-ip': '84.230.14.4', - 'ssl-min-proto-version': 'default', - 'status': 'enable', - 'upload-day': 'test_value_7', - 'upload-interval': 'daily', - 'upload-option': 'store-and-upload', - 'upload-time': 'test_value_10' - } - - set_method_mock.assert_called_with('log.fortiguard', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_gui_display.py b/test/units/modules/network/fortios/test_fortios_log_gui_display.py deleted file mode 100644 index f54b2d66fe1..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_gui_display.py +++ /dev/null @@ -1,167 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_gui_display -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_gui_display.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_gui_display_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_gui_display': { - 'fortiview_unscanned_apps': 'enable', - 'resolve_apps': 'enable', - 'resolve_hosts': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_gui_display.fortios_log(input_data, fos_instance) - - expected_data = { - 'fortiview-unscanned-apps': 'enable', - 'resolve-apps': 'enable', - 'resolve-hosts': 'enable' - } - - set_method_mock.assert_called_with('log', 'gui-display', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_gui_display_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_gui_display': { - 'fortiview_unscanned_apps': 'enable', - 'resolve_apps': 'enable', - 'resolve_hosts': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_gui_display.fortios_log(input_data, fos_instance) - - expected_data = { - 'fortiview-unscanned-apps': 'enable', - 'resolve-apps': 'enable', - 'resolve-hosts': 'enable' - } - - set_method_mock.assert_called_with('log', 'gui-display', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_gui_display_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_gui_display': { - 'fortiview_unscanned_apps': 'enable', - 'resolve_apps': 'enable', - 'resolve_hosts': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_gui_display.fortios_log(input_data, fos_instance) - - expected_data = { - 'fortiview-unscanned-apps': 'enable', - 'resolve-apps': 'enable', - 'resolve-hosts': 'enable' - } - - set_method_mock.assert_called_with('log', 'gui-display', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_gui_display_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_gui_display': { - 'random_attribute_not_valid': 'tag', - 'fortiview_unscanned_apps': 'enable', - 'resolve_apps': 'enable', - 'resolve_hosts': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_gui_display.fortios_log(input_data, fos_instance) - - expected_data = { - 'fortiview-unscanned-apps': 'enable', - 'resolve-apps': 'enable', - 'resolve-hosts': 'enable' - } - - set_method_mock.assert_called_with('log', 'gui-display', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_memory_filter.py b/test/units/modules/network/fortios/test_fortios_log_memory_filter.py deleted file mode 100644 index 488709c52fe..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_memory_filter.py +++ /dev/null @@ -1,399 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_memory_filter -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_memory_filter.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_memory_filter_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_memory_filter': { - 'admin': 'enable', - 'anomaly': 'enable', - 'auth': 'enable', - 'cpu_memory_usage': 'enable', - 'dhcp': 'enable', - 'dns': 'enable', - 'event': 'enable', - 'filter': 'test_value_10', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'ha': 'enable', - 'ipsec': 'enable', - 'ldb_monitor': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_19,', - 'netscan_vulnerability': 'test_value_20,', - 'pattern': 'enable', - 'ppp': 'enable', - 'radius': 'enable', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'sslvpn_log_adm': 'enable', - 'sslvpn_log_auth': 'enable', - 'sslvpn_log_session': 'enable', - 'system': 'enable', - 'vip_ssl': 'enable', - 'voip': 'enable', - 'wan_opt': 'enable', - 'wireless_activity': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_memory_filter.fortios_log_memory(input_data, fos_instance) - - expected_data = { - 'admin': 'enable', - 'anomaly': 'enable', - 'auth': 'enable', - 'cpu-memory-usage': 'enable', - 'dhcp': 'enable', - 'dns': 'enable', - 'event': 'enable', - 'filter': 'test_value_10', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'ha': 'enable', - 'ipsec': 'enable', - 'ldb-monitor': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_19,', - 'netscan-vulnerability': 'test_value_20,', - 'pattern': 'enable', - 'ppp': 'enable', - 'radius': 'enable', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'sslvpn-log-adm': 'enable', - 'sslvpn-log-auth': 'enable', - 'sslvpn-log-session': 'enable', - 'system': 'enable', - 'vip-ssl': 'enable', - 'voip': 'enable', - 'wan-opt': 'enable', - 'wireless-activity': 'enable' - } - - set_method_mock.assert_called_with('log.memory', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_memory_filter_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_memory_filter': { - 'admin': 'enable', - 'anomaly': 'enable', - 'auth': 'enable', - 'cpu_memory_usage': 'enable', - 'dhcp': 'enable', - 'dns': 'enable', - 'event': 'enable', - 'filter': 'test_value_10', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'ha': 'enable', - 'ipsec': 'enable', - 'ldb_monitor': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_19,', - 'netscan_vulnerability': 'test_value_20,', - 'pattern': 'enable', - 'ppp': 'enable', - 'radius': 'enable', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'sslvpn_log_adm': 'enable', - 'sslvpn_log_auth': 'enable', - 'sslvpn_log_session': 'enable', - 'system': 'enable', - 'vip_ssl': 'enable', - 'voip': 'enable', - 'wan_opt': 'enable', - 'wireless_activity': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_memory_filter.fortios_log_memory(input_data, fos_instance) - - expected_data = { - 'admin': 'enable', - 'anomaly': 'enable', - 'auth': 'enable', - 'cpu-memory-usage': 'enable', - 'dhcp': 'enable', - 'dns': 'enable', - 'event': 'enable', - 'filter': 'test_value_10', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'ha': 'enable', - 'ipsec': 'enable', - 'ldb-monitor': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_19,', - 'netscan-vulnerability': 'test_value_20,', - 'pattern': 'enable', - 'ppp': 'enable', - 'radius': 'enable', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'sslvpn-log-adm': 'enable', - 'sslvpn-log-auth': 'enable', - 'sslvpn-log-session': 'enable', - 'system': 'enable', - 'vip-ssl': 'enable', - 'voip': 'enable', - 'wan-opt': 'enable', - 'wireless-activity': 'enable' - } - - set_method_mock.assert_called_with('log.memory', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_memory_filter_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_memory_filter': { - 'admin': 'enable', - 'anomaly': 'enable', - 'auth': 'enable', - 'cpu_memory_usage': 'enable', - 'dhcp': 'enable', - 'dns': 'enable', - 'event': 'enable', - 'filter': 'test_value_10', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'ha': 'enable', - 'ipsec': 'enable', - 'ldb_monitor': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_19,', - 'netscan_vulnerability': 'test_value_20,', - 'pattern': 'enable', - 'ppp': 'enable', - 'radius': 'enable', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'sslvpn_log_adm': 'enable', - 'sslvpn_log_auth': 'enable', - 'sslvpn_log_session': 'enable', - 'system': 'enable', - 'vip_ssl': 'enable', - 'voip': 'enable', - 'wan_opt': 'enable', - 'wireless_activity': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_memory_filter.fortios_log_memory(input_data, fos_instance) - - expected_data = { - 'admin': 'enable', - 'anomaly': 'enable', - 'auth': 'enable', - 'cpu-memory-usage': 'enable', - 'dhcp': 'enable', - 'dns': 'enable', - 'event': 'enable', - 'filter': 'test_value_10', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'ha': 'enable', - 'ipsec': 'enable', - 'ldb-monitor': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_19,', - 'netscan-vulnerability': 'test_value_20,', - 'pattern': 'enable', - 'ppp': 'enable', - 'radius': 'enable', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'sslvpn-log-adm': 'enable', - 'sslvpn-log-auth': 'enable', - 'sslvpn-log-session': 'enable', - 'system': 'enable', - 'vip-ssl': 'enable', - 'voip': 'enable', - 'wan-opt': 'enable', - 'wireless-activity': 'enable' - } - - set_method_mock.assert_called_with('log.memory', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_memory_filter_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_memory_filter': { - 'random_attribute_not_valid': 'tag', - 'admin': 'enable', - 'anomaly': 'enable', - 'auth': 'enable', - 'cpu_memory_usage': 'enable', - 'dhcp': 'enable', - 'dns': 'enable', - 'event': 'enable', - 'filter': 'test_value_10', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'ha': 'enable', - 'ipsec': 'enable', - 'ldb_monitor': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_19,', - 'netscan_vulnerability': 'test_value_20,', - 'pattern': 'enable', - 'ppp': 'enable', - 'radius': 'enable', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'sslvpn_log_adm': 'enable', - 'sslvpn_log_auth': 'enable', - 'sslvpn_log_session': 'enable', - 'system': 'enable', - 'vip_ssl': 'enable', - 'voip': 'enable', - 'wan_opt': 'enable', - 'wireless_activity': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_memory_filter.fortios_log_memory(input_data, fos_instance) - - expected_data = { - 'admin': 'enable', - 'anomaly': 'enable', - 'auth': 'enable', - 'cpu-memory-usage': 'enable', - 'dhcp': 'enable', - 'dns': 'enable', - 'event': 'enable', - 'filter': 'test_value_10', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'ha': 'enable', - 'ipsec': 'enable', - 'ldb-monitor': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_19,', - 'netscan-vulnerability': 'test_value_20,', - 'pattern': 'enable', - 'ppp': 'enable', - 'radius': 'enable', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'sslvpn-log-adm': 'enable', - 'sslvpn-log-auth': 'enable', - 'sslvpn-log-session': 'enable', - 'system': 'enable', - 'vip-ssl': 'enable', - 'voip': 'enable', - 'wan-opt': 'enable', - 'wireless-activity': 'enable' - } - - set_method_mock.assert_called_with('log.memory', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_memory_global_setting.py b/test/units/modules/network/fortios/test_fortios_log_memory_global_setting.py deleted file mode 100644 index 0782f5e9a9f..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_memory_global_setting.py +++ /dev/null @@ -1,175 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_memory_global_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_memory_global_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_memory_global_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_memory_global_setting': { - 'full_final_warning_threshold': '3', - 'full_first_warning_threshold': '4', - 'full_second_warning_threshold': '5', - 'max_size': '6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_memory_global_setting.fortios_log_memory(input_data, fos_instance) - - expected_data = { - 'full-final-warning-threshold': '3', - 'full-first-warning-threshold': '4', - 'full-second-warning-threshold': '5', - 'max-size': '6' - } - - set_method_mock.assert_called_with('log.memory', 'global-setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_memory_global_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_memory_global_setting': { - 'full_final_warning_threshold': '3', - 'full_first_warning_threshold': '4', - 'full_second_warning_threshold': '5', - 'max_size': '6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_memory_global_setting.fortios_log_memory(input_data, fos_instance) - - expected_data = { - 'full-final-warning-threshold': '3', - 'full-first-warning-threshold': '4', - 'full-second-warning-threshold': '5', - 'max-size': '6' - } - - set_method_mock.assert_called_with('log.memory', 'global-setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_memory_global_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_memory_global_setting': { - 'full_final_warning_threshold': '3', - 'full_first_warning_threshold': '4', - 'full_second_warning_threshold': '5', - 'max_size': '6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_memory_global_setting.fortios_log_memory(input_data, fos_instance) - - expected_data = { - 'full-final-warning-threshold': '3', - 'full-first-warning-threshold': '4', - 'full-second-warning-threshold': '5', - 'max-size': '6' - } - - set_method_mock.assert_called_with('log.memory', 'global-setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_memory_global_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_memory_global_setting': { - 'random_attribute_not_valid': 'tag', - 'full_final_warning_threshold': '3', - 'full_first_warning_threshold': '4', - 'full_second_warning_threshold': '5', - 'max_size': '6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_memory_global_setting.fortios_log_memory(input_data, fos_instance) - - expected_data = { - 'full-final-warning-threshold': '3', - 'full-first-warning-threshold': '4', - 'full-second-warning-threshold': '5', - 'max-size': '6' - } - - set_method_mock.assert_called_with('log.memory', 'global-setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_memory_setting.py b/test/units/modules/network/fortios/test_fortios_log_memory_setting.py deleted file mode 100644 index 64101c7a146..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_memory_setting.py +++ /dev/null @@ -1,159 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_memory_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_memory_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_memory_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_memory_setting': { - 'diskfull': 'overwrite', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_memory_setting.fortios_log_memory(input_data, fos_instance) - - expected_data = { - 'diskfull': 'overwrite', - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.memory', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_memory_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_memory_setting': { - 'diskfull': 'overwrite', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_memory_setting.fortios_log_memory(input_data, fos_instance) - - expected_data = { - 'diskfull': 'overwrite', - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.memory', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_memory_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_memory_setting': { - 'diskfull': 'overwrite', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_memory_setting.fortios_log_memory(input_data, fos_instance) - - expected_data = { - 'diskfull': 'overwrite', - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.memory', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_memory_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_memory_setting': { - 'random_attribute_not_valid': 'tag', - 'diskfull': 'overwrite', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_memory_setting.fortios_log_memory(input_data, fos_instance) - - expected_data = { - 'diskfull': 'overwrite', - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.memory', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_null_device_filter.py b/test/units/modules/network/fortios/test_fortios_log_null_device_filter.py deleted file mode 100644 index 86c2c90799c..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_null_device_filter.py +++ /dev/null @@ -1,255 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_null_device_filter -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_null_device_filter.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_null_device_filter_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_null_device_filter': { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_11,', - 'netscan_vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_null_device_filter.fortios_log_null_device(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_11,', - 'netscan-vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.null-device', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_null_device_filter_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_null_device_filter': { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_11,', - 'netscan_vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_null_device_filter.fortios_log_null_device(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_11,', - 'netscan-vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.null-device', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_null_device_filter_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_null_device_filter': { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_11,', - 'netscan_vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_null_device_filter.fortios_log_null_device(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_11,', - 'netscan-vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.null-device', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_null_device_filter_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_null_device_filter': { - 'random_attribute_not_valid': 'tag', - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_11,', - 'netscan_vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_null_device_filter.fortios_log_null_device(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_11,', - 'netscan-vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.null-device', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_null_device_setting.py b/test/units/modules/network/fortios/test_fortios_log_null_device_setting.py deleted file mode 100644 index bf4e63c478a..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_null_device_setting.py +++ /dev/null @@ -1,151 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_null_device_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_null_device_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_null_device_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_null_device_setting': { - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_null_device_setting.fortios_log_null_device(input_data, fos_instance) - - expected_data = { - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.null-device', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_null_device_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_null_device_setting': { - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_null_device_setting.fortios_log_null_device(input_data, fos_instance) - - expected_data = { - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.null-device', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_null_device_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_null_device_setting': { - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_null_device_setting.fortios_log_null_device(input_data, fos_instance) - - expected_data = { - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.null-device', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_null_device_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_null_device_setting': { - 'random_attribute_not_valid': 'tag', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_null_device_setting.fortios_log_null_device(input_data, fos_instance) - - expected_data = { - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.null-device', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_setting.py b/test/units/modules/network/fortios/test_fortios_log_setting.py deleted file mode 100644 index e3434e531ae..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_setting.py +++ /dev/null @@ -1,279 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_setting': { - 'brief_traffic_format': 'enable', - 'daemon_log': 'enable', - 'expolicy_implicit_log': 'enable', - 'fwpolicy_implicit_log': 'enable', - 'fwpolicy6_implicit_log': 'enable', - 'local_in_allow': 'enable', - 'local_in_deny_broadcast': 'enable', - 'local_in_deny_unicast': 'enable', - 'local_out': 'enable', - 'log_invalid_packet': 'enable', - 'log_policy_comment': 'enable', - 'log_policy_name': 'enable', - 'log_user_in_upper': 'enable', - 'neighbor_event': 'enable', - 'resolve_ip': 'enable', - 'resolve_port': 'enable', - 'user_anonymize': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_setting.fortios_log(input_data, fos_instance) - - expected_data = { - 'brief-traffic-format': 'enable', - 'daemon-log': 'enable', - 'expolicy-implicit-log': 'enable', - 'fwpolicy-implicit-log': 'enable', - 'fwpolicy6-implicit-log': 'enable', - 'local-in-allow': 'enable', - 'local-in-deny-broadcast': 'enable', - 'local-in-deny-unicast': 'enable', - 'local-out': 'enable', - 'log-invalid-packet': 'enable', - 'log-policy-comment': 'enable', - 'log-policy-name': 'enable', - 'log-user-in-upper': 'enable', - 'neighbor-event': 'enable', - 'resolve-ip': 'enable', - 'resolve-port': 'enable', - 'user-anonymize': 'enable' - } - - set_method_mock.assert_called_with('log', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_setting': { - 'brief_traffic_format': 'enable', - 'daemon_log': 'enable', - 'expolicy_implicit_log': 'enable', - 'fwpolicy_implicit_log': 'enable', - 'fwpolicy6_implicit_log': 'enable', - 'local_in_allow': 'enable', - 'local_in_deny_broadcast': 'enable', - 'local_in_deny_unicast': 'enable', - 'local_out': 'enable', - 'log_invalid_packet': 'enable', - 'log_policy_comment': 'enable', - 'log_policy_name': 'enable', - 'log_user_in_upper': 'enable', - 'neighbor_event': 'enable', - 'resolve_ip': 'enable', - 'resolve_port': 'enable', - 'user_anonymize': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_setting.fortios_log(input_data, fos_instance) - - expected_data = { - 'brief-traffic-format': 'enable', - 'daemon-log': 'enable', - 'expolicy-implicit-log': 'enable', - 'fwpolicy-implicit-log': 'enable', - 'fwpolicy6-implicit-log': 'enable', - 'local-in-allow': 'enable', - 'local-in-deny-broadcast': 'enable', - 'local-in-deny-unicast': 'enable', - 'local-out': 'enable', - 'log-invalid-packet': 'enable', - 'log-policy-comment': 'enable', - 'log-policy-name': 'enable', - 'log-user-in-upper': 'enable', - 'neighbor-event': 'enable', - 'resolve-ip': 'enable', - 'resolve-port': 'enable', - 'user-anonymize': 'enable' - } - - set_method_mock.assert_called_with('log', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_setting': { - 'brief_traffic_format': 'enable', - 'daemon_log': 'enable', - 'expolicy_implicit_log': 'enable', - 'fwpolicy_implicit_log': 'enable', - 'fwpolicy6_implicit_log': 'enable', - 'local_in_allow': 'enable', - 'local_in_deny_broadcast': 'enable', - 'local_in_deny_unicast': 'enable', - 'local_out': 'enable', - 'log_invalid_packet': 'enable', - 'log_policy_comment': 'enable', - 'log_policy_name': 'enable', - 'log_user_in_upper': 'enable', - 'neighbor_event': 'enable', - 'resolve_ip': 'enable', - 'resolve_port': 'enable', - 'user_anonymize': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_setting.fortios_log(input_data, fos_instance) - - expected_data = { - 'brief-traffic-format': 'enable', - 'daemon-log': 'enable', - 'expolicy-implicit-log': 'enable', - 'fwpolicy-implicit-log': 'enable', - 'fwpolicy6-implicit-log': 'enable', - 'local-in-allow': 'enable', - 'local-in-deny-broadcast': 'enable', - 'local-in-deny-unicast': 'enable', - 'local-out': 'enable', - 'log-invalid-packet': 'enable', - 'log-policy-comment': 'enable', - 'log-policy-name': 'enable', - 'log-user-in-upper': 'enable', - 'neighbor-event': 'enable', - 'resolve-ip': 'enable', - 'resolve-port': 'enable', - 'user-anonymize': 'enable' - } - - set_method_mock.assert_called_with('log', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_setting': { - 'random_attribute_not_valid': 'tag', - 'brief_traffic_format': 'enable', - 'daemon_log': 'enable', - 'expolicy_implicit_log': 'enable', - 'fwpolicy_implicit_log': 'enable', - 'fwpolicy6_implicit_log': 'enable', - 'local_in_allow': 'enable', - 'local_in_deny_broadcast': 'enable', - 'local_in_deny_unicast': 'enable', - 'local_out': 'enable', - 'log_invalid_packet': 'enable', - 'log_policy_comment': 'enable', - 'log_policy_name': 'enable', - 'log_user_in_upper': 'enable', - 'neighbor_event': 'enable', - 'resolve_ip': 'enable', - 'resolve_port': 'enable', - 'user_anonymize': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_setting.fortios_log(input_data, fos_instance) - - expected_data = { - 'brief-traffic-format': 'enable', - 'daemon-log': 'enable', - 'expolicy-implicit-log': 'enable', - 'fwpolicy-implicit-log': 'enable', - 'fwpolicy6-implicit-log': 'enable', - 'local-in-allow': 'enable', - 'local-in-deny-broadcast': 'enable', - 'local-in-deny-unicast': 'enable', - 'local-out': 'enable', - 'log-invalid-packet': 'enable', - 'log-policy-comment': 'enable', - 'log-policy-name': 'enable', - 'log-user-in-upper': 'enable', - 'neighbor-event': 'enable', - 'resolve-ip': 'enable', - 'resolve-port': 'enable', - 'user-anonymize': 'enable' - } - - set_method_mock.assert_called_with('log', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_syslogd2_filter.py b/test/units/modules/network/fortios/test_fortios_log_syslogd2_filter.py deleted file mode 100644 index ee915494364..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_syslogd2_filter.py +++ /dev/null @@ -1,255 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_syslogd2_filter -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_syslogd2_filter.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_syslogd2_filter_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd2_filter': { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_11,', - 'netscan_vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd2_filter.fortios_log_syslogd2(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_11,', - 'netscan-vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd2', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_syslogd2_filter_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd2_filter': { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_11,', - 'netscan_vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd2_filter.fortios_log_syslogd2(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_11,', - 'netscan-vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd2', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_syslogd2_filter_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd2_filter': { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_11,', - 'netscan_vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd2_filter.fortios_log_syslogd2(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_11,', - 'netscan-vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd2', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_syslogd2_filter_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd2_filter': { - 'random_attribute_not_valid': 'tag', - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_11,', - 'netscan_vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd2_filter.fortios_log_syslogd2(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_11,', - 'netscan-vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd2', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_syslogd2_setting.py b/test/units/modules/network/fortios/test_fortios_log_syslogd2_setting.py deleted file mode 100644 index ec4061bb6dd..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_syslogd2_setting.py +++ /dev/null @@ -1,223 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_syslogd2_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_syslogd2_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_syslogd2_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd2_setting': { - 'certificate': 'test_value_3', - 'enc_algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source_ip': '84.230.14.10', - 'ssl_min_proto_version': 'default', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd2_setting.fortios_log_syslogd2(input_data, fos_instance) - - expected_data = { - 'certificate': 'test_value_3', - 'enc-algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source-ip': '84.230.14.10', - 'ssl-min-proto-version': 'default', - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd2', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_syslogd2_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd2_setting': { - 'certificate': 'test_value_3', - 'enc_algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source_ip': '84.230.14.10', - 'ssl_min_proto_version': 'default', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd2_setting.fortios_log_syslogd2(input_data, fos_instance) - - expected_data = { - 'certificate': 'test_value_3', - 'enc-algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source-ip': '84.230.14.10', - 'ssl-min-proto-version': 'default', - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd2', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_syslogd2_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd2_setting': { - 'certificate': 'test_value_3', - 'enc_algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source_ip': '84.230.14.10', - 'ssl_min_proto_version': 'default', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd2_setting.fortios_log_syslogd2(input_data, fos_instance) - - expected_data = { - 'certificate': 'test_value_3', - 'enc-algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source-ip': '84.230.14.10', - 'ssl-min-proto-version': 'default', - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd2', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_syslogd2_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd2_setting': { - 'random_attribute_not_valid': 'tag', - 'certificate': 'test_value_3', - 'enc_algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source_ip': '84.230.14.10', - 'ssl_min_proto_version': 'default', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd2_setting.fortios_log_syslogd2(input_data, fos_instance) - - expected_data = { - 'certificate': 'test_value_3', - 'enc-algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source-ip': '84.230.14.10', - 'ssl-min-proto-version': 'default', - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd2', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_syslogd3_filter.py b/test/units/modules/network/fortios/test_fortios_log_syslogd3_filter.py deleted file mode 100644 index ff3fc99c8b2..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_syslogd3_filter.py +++ /dev/null @@ -1,255 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_syslogd3_filter -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_syslogd3_filter.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_syslogd3_filter_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd3_filter': { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_11,', - 'netscan_vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd3_filter.fortios_log_syslogd3(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_11,', - 'netscan-vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd3', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_syslogd3_filter_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd3_filter': { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_11,', - 'netscan_vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd3_filter.fortios_log_syslogd3(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_11,', - 'netscan-vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd3', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_syslogd3_filter_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd3_filter': { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_11,', - 'netscan_vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd3_filter.fortios_log_syslogd3(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_11,', - 'netscan-vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd3', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_syslogd3_filter_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd3_filter': { - 'random_attribute_not_valid': 'tag', - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_11,', - 'netscan_vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd3_filter.fortios_log_syslogd3(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_11,', - 'netscan-vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd3', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_syslogd3_setting.py b/test/units/modules/network/fortios/test_fortios_log_syslogd3_setting.py deleted file mode 100644 index 3398f57623b..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_syslogd3_setting.py +++ /dev/null @@ -1,223 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_syslogd3_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_syslogd3_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_syslogd3_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd3_setting': { - 'certificate': 'test_value_3', - 'enc_algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source_ip': '84.230.14.10', - 'ssl_min_proto_version': 'default', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd3_setting.fortios_log_syslogd3(input_data, fos_instance) - - expected_data = { - 'certificate': 'test_value_3', - 'enc-algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source-ip': '84.230.14.10', - 'ssl-min-proto-version': 'default', - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd3', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_syslogd3_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd3_setting': { - 'certificate': 'test_value_3', - 'enc_algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source_ip': '84.230.14.10', - 'ssl_min_proto_version': 'default', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd3_setting.fortios_log_syslogd3(input_data, fos_instance) - - expected_data = { - 'certificate': 'test_value_3', - 'enc-algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source-ip': '84.230.14.10', - 'ssl-min-proto-version': 'default', - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd3', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_syslogd3_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd3_setting': { - 'certificate': 'test_value_3', - 'enc_algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source_ip': '84.230.14.10', - 'ssl_min_proto_version': 'default', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd3_setting.fortios_log_syslogd3(input_data, fos_instance) - - expected_data = { - 'certificate': 'test_value_3', - 'enc-algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source-ip': '84.230.14.10', - 'ssl-min-proto-version': 'default', - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd3', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_syslogd3_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd3_setting': { - 'random_attribute_not_valid': 'tag', - 'certificate': 'test_value_3', - 'enc_algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source_ip': '84.230.14.10', - 'ssl_min_proto_version': 'default', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd3_setting.fortios_log_syslogd3(input_data, fos_instance) - - expected_data = { - 'certificate': 'test_value_3', - 'enc-algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source-ip': '84.230.14.10', - 'ssl-min-proto-version': 'default', - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd3', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_syslogd4_filter.py b/test/units/modules/network/fortios/test_fortios_log_syslogd4_filter.py deleted file mode 100644 index 5e16cc48049..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_syslogd4_filter.py +++ /dev/null @@ -1,255 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_syslogd4_filter -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_syslogd4_filter.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_syslogd4_filter_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd4_filter': { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_11,', - 'netscan_vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd4_filter.fortios_log_syslogd4(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_11,', - 'netscan-vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd4', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_syslogd4_filter_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd4_filter': { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_11,', - 'netscan_vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd4_filter.fortios_log_syslogd4(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_11,', - 'netscan-vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd4', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_syslogd4_filter_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd4_filter': { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_11,', - 'netscan_vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd4_filter.fortios_log_syslogd4(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_11,', - 'netscan-vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd4', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_syslogd4_filter_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd4_filter': { - 'random_attribute_not_valid': 'tag', - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_11,', - 'netscan_vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd4_filter.fortios_log_syslogd4(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_11,', - 'netscan-vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd4', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_syslogd4_setting.py b/test/units/modules/network/fortios/test_fortios_log_syslogd4_setting.py deleted file mode 100644 index 582865fe435..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_syslogd4_setting.py +++ /dev/null @@ -1,223 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_syslogd4_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_syslogd4_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_syslogd4_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd4_setting': { - 'certificate': 'test_value_3', - 'enc_algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source_ip': '84.230.14.10', - 'ssl_min_proto_version': 'default', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd4_setting.fortios_log_syslogd4(input_data, fos_instance) - - expected_data = { - 'certificate': 'test_value_3', - 'enc-algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source-ip': '84.230.14.10', - 'ssl-min-proto-version': 'default', - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd4', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_syslogd4_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd4_setting': { - 'certificate': 'test_value_3', - 'enc_algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source_ip': '84.230.14.10', - 'ssl_min_proto_version': 'default', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd4_setting.fortios_log_syslogd4(input_data, fos_instance) - - expected_data = { - 'certificate': 'test_value_3', - 'enc-algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source-ip': '84.230.14.10', - 'ssl-min-proto-version': 'default', - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd4', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_syslogd4_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd4_setting': { - 'certificate': 'test_value_3', - 'enc_algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source_ip': '84.230.14.10', - 'ssl_min_proto_version': 'default', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd4_setting.fortios_log_syslogd4(input_data, fos_instance) - - expected_data = { - 'certificate': 'test_value_3', - 'enc-algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source-ip': '84.230.14.10', - 'ssl-min-proto-version': 'default', - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd4', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_syslogd4_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd4_setting': { - 'random_attribute_not_valid': 'tag', - 'certificate': 'test_value_3', - 'enc_algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source_ip': '84.230.14.10', - 'ssl_min_proto_version': 'default', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd4_setting.fortios_log_syslogd4(input_data, fos_instance) - - expected_data = { - 'certificate': 'test_value_3', - 'enc-algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source-ip': '84.230.14.10', - 'ssl-min-proto-version': 'default', - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd4', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_syslogd_filter.py b/test/units/modules/network/fortios/test_fortios_log_syslogd_filter.py deleted file mode 100644 index 2ecaf064413..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_syslogd_filter.py +++ /dev/null @@ -1,255 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_syslogd_filter -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_syslogd_filter.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_syslogd_filter_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd_filter': { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_11,', - 'netscan_vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd_filter.fortios_log_syslogd(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_11,', - 'netscan-vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_syslogd_filter_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd_filter': { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_11,', - 'netscan_vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd_filter.fortios_log_syslogd(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_11,', - 'netscan-vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_syslogd_filter_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd_filter': { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_11,', - 'netscan_vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd_filter.fortios_log_syslogd(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_11,', - 'netscan-vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_syslogd_filter_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd_filter': { - 'random_attribute_not_valid': 'tag', - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_11,', - 'netscan_vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd_filter.fortios_log_syslogd(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_11,', - 'netscan-vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_syslogd_override_filter.py b/test/units/modules/network/fortios/test_fortios_log_syslogd_override_filter.py deleted file mode 100644 index eedbcbdf320..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_syslogd_override_filter.py +++ /dev/null @@ -1,255 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_syslogd_override_filter -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_syslogd_override_filter.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_syslogd_override_filter_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd_override_filter': { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_11,', - 'netscan_vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd_override_filter.fortios_log_syslogd(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_11,', - 'netscan-vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd', 'override-filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_syslogd_override_filter_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd_override_filter': { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_11,', - 'netscan_vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd_override_filter.fortios_log_syslogd(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_11,', - 'netscan-vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd', 'override-filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_syslogd_override_filter_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd_override_filter': { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_11,', - 'netscan_vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd_override_filter.fortios_log_syslogd(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_11,', - 'netscan-vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd', 'override-filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_syslogd_override_filter_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd_override_filter': { - 'random_attribute_not_valid': 'tag', - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_11,', - 'netscan_vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd_override_filter.fortios_log_syslogd(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_11,', - 'netscan-vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd', 'override-filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_syslogd_override_setting.py b/test/units/modules/network/fortios/test_fortios_log_syslogd_override_setting.py deleted file mode 100644 index 460d03bab9d..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_syslogd_override_setting.py +++ /dev/null @@ -1,231 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_syslogd_override_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_syslogd_override_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_syslogd_override_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd_override_setting': { - 'certificate': 'test_value_3', - 'enc_algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'override': 'enable', - 'port': '9', - 'server': '192.168.100.10', - 'source_ip': '84.230.14.11', - 'ssl_min_proto_version': 'default', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd_override_setting.fortios_log_syslogd(input_data, fos_instance) - - expected_data = { - 'certificate': 'test_value_3', - 'enc-algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'override': 'enable', - 'port': '9', - 'server': '192.168.100.10', - 'source-ip': '84.230.14.11', - 'ssl-min-proto-version': 'default', - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd', 'override-setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_syslogd_override_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd_override_setting': { - 'certificate': 'test_value_3', - 'enc_algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'override': 'enable', - 'port': '9', - 'server': '192.168.100.10', - 'source_ip': '84.230.14.11', - 'ssl_min_proto_version': 'default', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd_override_setting.fortios_log_syslogd(input_data, fos_instance) - - expected_data = { - 'certificate': 'test_value_3', - 'enc-algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'override': 'enable', - 'port': '9', - 'server': '192.168.100.10', - 'source-ip': '84.230.14.11', - 'ssl-min-proto-version': 'default', - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd', 'override-setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_syslogd_override_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd_override_setting': { - 'certificate': 'test_value_3', - 'enc_algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'override': 'enable', - 'port': '9', - 'server': '192.168.100.10', - 'source_ip': '84.230.14.11', - 'ssl_min_proto_version': 'default', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd_override_setting.fortios_log_syslogd(input_data, fos_instance) - - expected_data = { - 'certificate': 'test_value_3', - 'enc-algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'override': 'enable', - 'port': '9', - 'server': '192.168.100.10', - 'source-ip': '84.230.14.11', - 'ssl-min-proto-version': 'default', - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd', 'override-setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_syslogd_override_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd_override_setting': { - 'random_attribute_not_valid': 'tag', - 'certificate': 'test_value_3', - 'enc_algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'override': 'enable', - 'port': '9', - 'server': '192.168.100.10', - 'source_ip': '84.230.14.11', - 'ssl_min_proto_version': 'default', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd_override_setting.fortios_log_syslogd(input_data, fos_instance) - - expected_data = { - 'certificate': 'test_value_3', - 'enc-algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'override': 'enable', - 'port': '9', - 'server': '192.168.100.10', - 'source-ip': '84.230.14.11', - 'ssl-min-proto-version': 'default', - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd', 'override-setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_syslogd_setting.py b/test/units/modules/network/fortios/test_fortios_log_syslogd_setting.py deleted file mode 100644 index 8f63cda92d2..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_syslogd_setting.py +++ /dev/null @@ -1,223 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_syslogd_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_syslogd_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_syslogd_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd_setting': { - 'certificate': 'test_value_3', - 'enc_algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source_ip': '84.230.14.10', - 'ssl_min_proto_version': 'default', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd_setting.fortios_log_syslogd(input_data, fos_instance) - - expected_data = { - 'certificate': 'test_value_3', - 'enc-algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source-ip': '84.230.14.10', - 'ssl-min-proto-version': 'default', - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_syslogd_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd_setting': { - 'certificate': 'test_value_3', - 'enc_algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source_ip': '84.230.14.10', - 'ssl_min_proto_version': 'default', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd_setting.fortios_log_syslogd(input_data, fos_instance) - - expected_data = { - 'certificate': 'test_value_3', - 'enc-algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source-ip': '84.230.14.10', - 'ssl-min-proto-version': 'default', - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_syslogd_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd_setting': { - 'certificate': 'test_value_3', - 'enc_algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source_ip': '84.230.14.10', - 'ssl_min_proto_version': 'default', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd_setting.fortios_log_syslogd(input_data, fos_instance) - - expected_data = { - 'certificate': 'test_value_3', - 'enc-algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source-ip': '84.230.14.10', - 'ssl-min-proto-version': 'default', - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_syslogd_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_syslogd_setting': { - 'random_attribute_not_valid': 'tag', - 'certificate': 'test_value_3', - 'enc_algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source_ip': '84.230.14.10', - 'ssl_min_proto_version': 'default', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_syslogd_setting.fortios_log_syslogd(input_data, fos_instance) - - expected_data = { - 'certificate': 'test_value_3', - 'enc-algorithm': 'high-medium', - 'facility': 'kernel', - 'format': 'default', - 'mode': 'udp', - 'port': '8', - 'server': '192.168.100.9', - 'source-ip': '84.230.14.10', - 'ssl-min-proto-version': 'default', - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.syslogd', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_threat_weight.py b/test/units/modules/network/fortios/test_fortios_log_threat_weight.py deleted file mode 100644 index 991529da8cc..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_threat_weight.py +++ /dev/null @@ -1,175 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_threat_weight -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_threat_weight.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_threat_weight_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_threat_weight': {'blocked_connection': 'disable', - 'failed_connection': 'disable', - 'status': 'enable', - 'url_block_detected': 'disable', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_threat_weight.fortios_log(input_data, fos_instance) - - expected_data = {'blocked-connection': 'disable', - 'failed-connection': 'disable', - 'status': 'enable', - 'url-block-detected': 'disable', - - } - - set_method_mock.assert_called_with('log', 'threat-weight', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_threat_weight_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_threat_weight': {'blocked_connection': 'disable', - 'failed_connection': 'disable', - 'status': 'enable', - 'url_block_detected': 'disable', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_threat_weight.fortios_log(input_data, fos_instance) - - expected_data = {'blocked-connection': 'disable', - 'failed-connection': 'disable', - 'status': 'enable', - 'url-block-detected': 'disable', - - } - - set_method_mock.assert_called_with('log', 'threat-weight', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_threat_weight_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_threat_weight': {'blocked_connection': 'disable', - 'failed_connection': 'disable', - 'status': 'enable', - 'url_block_detected': 'disable', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_threat_weight.fortios_log(input_data, fos_instance) - - expected_data = {'blocked-connection': 'disable', - 'failed-connection': 'disable', - 'status': 'enable', - 'url-block-detected': 'disable', - - } - - set_method_mock.assert_called_with('log', 'threat-weight', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_threat_weight_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_threat_weight': { - 'random_attribute_not_valid': 'tag', 'blocked_connection': 'disable', - 'failed_connection': 'disable', - 'status': 'enable', - 'url_block_detected': 'disable', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_threat_weight.fortios_log(input_data, fos_instance) - - expected_data = {'blocked-connection': 'disable', - 'failed-connection': 'disable', - 'status': 'enable', - 'url-block-detected': 'disable', - - } - - set_method_mock.assert_called_with('log', 'threat-weight', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_webtrends_filter.py b/test/units/modules/network/fortios/test_fortios_log_webtrends_filter.py deleted file mode 100644 index c955da75ca3..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_webtrends_filter.py +++ /dev/null @@ -1,255 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_webtrends_filter -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_webtrends_filter.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_webtrends_filter_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_webtrends_filter': { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_11,', - 'netscan_vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_webtrends_filter.fortios_log_webtrends(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_11,', - 'netscan-vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.webtrends', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_webtrends_filter_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_webtrends_filter': { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_11,', - 'netscan_vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_webtrends_filter.fortios_log_webtrends(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_11,', - 'netscan-vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.webtrends', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_webtrends_filter_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_webtrends_filter': { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_11,', - 'netscan_vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_webtrends_filter.fortios_log_webtrends(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_11,', - 'netscan-vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.webtrends', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_webtrends_filter_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_webtrends_filter': { - 'random_attribute_not_valid': 'tag', - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter_type': 'include', - 'forward_traffic': 'enable', - 'gtp': 'enable', - 'local_traffic': 'enable', - 'multicast_traffic': 'enable', - 'netscan_discovery': 'test_value_11,', - 'netscan_vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer_traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_webtrends_filter.fortios_log_webtrends(input_data, fos_instance) - - expected_data = { - 'anomaly': 'enable', - 'dns': 'enable', - 'filter': 'test_value_5', - 'filter-type': 'include', - 'forward-traffic': 'enable', - 'gtp': 'enable', - 'local-traffic': 'enable', - 'multicast-traffic': 'enable', - 'netscan-discovery': 'test_value_11,', - 'netscan-vulnerability': 'test_value_12,', - 'severity': 'emergency', - 'sniffer-traffic': 'enable', - 'ssh': 'enable', - 'voip': 'enable' - } - - set_method_mock.assert_called_with('log.webtrends', 'filter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_log_webtrends_setting.py b/test/units/modules/network/fortios/test_fortios_log_webtrends_setting.py deleted file mode 100644 index 0685fff5dc3..00000000000 --- a/test/units/modules/network/fortios/test_fortios_log_webtrends_setting.py +++ /dev/null @@ -1,159 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_log_webtrends_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_log_webtrends_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_log_webtrends_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_webtrends_setting': { - 'server': '192.168.100.3', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_webtrends_setting.fortios_log_webtrends(input_data, fos_instance) - - expected_data = { - 'server': '192.168.100.3', - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.webtrends', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_log_webtrends_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_webtrends_setting': { - 'server': '192.168.100.3', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_webtrends_setting.fortios_log_webtrends(input_data, fos_instance) - - expected_data = { - 'server': '192.168.100.3', - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.webtrends', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_log_webtrends_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_webtrends_setting': { - 'server': '192.168.100.3', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_webtrends_setting.fortios_log_webtrends(input_data, fos_instance) - - expected_data = { - 'server': '192.168.100.3', - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.webtrends', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_log_webtrends_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'log_webtrends_setting': { - 'random_attribute_not_valid': 'tag', - 'server': '192.168.100.3', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_log_webtrends_setting.fortios_log_webtrends(input_data, fos_instance) - - expected_data = { - 'server': '192.168.100.3', - 'status': 'enable' - } - - set_method_mock.assert_called_with('log.webtrends', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_report_chart.py b/test/units/modules/network/fortios/test_fortios_report_chart.py deleted file mode 100644 index 211ee299364..00000000000 --- a/test/units/modules/network/fortios/test_fortios_report_chart.py +++ /dev/null @@ -1,369 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_report_chart -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_report_chart.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_report_chart_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'report_chart': { - 'background': 'test_value_3', - 'category': 'misc', - 'color_palette': 'test_value_5', - 'comments': 'test_value_6', - 'dataset': 'test_value_7', - 'dimension': '2D', - 'favorite': 'no', - 'graph_type': 'none', - 'legend': 'enable', - 'legend_font_size': '12', - 'name': 'default_name_13', - 'period': 'last24h', - 'policy': '15', - 'style': 'auto', - 'title': 'test_value_17', - 'title_font_size': '18', - 'type': 'graph', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_chart.fortios_report(input_data, fos_instance) - - expected_data = { - 'background': 'test_value_3', - 'category': 'misc', - 'color-palette': 'test_value_5', - 'comments': 'test_value_6', - 'dataset': 'test_value_7', - 'dimension': '2D', - 'favorite': 'no', - 'graph-type': 'none', - 'legend': 'enable', - 'legend-font-size': '12', - 'name': 'default_name_13', - 'period': 'last24h', - 'policy': '15', - 'style': 'auto', - 'title': 'test_value_17', - 'title-font-size': '18', - 'type': 'graph', - - } - - set_method_mock.assert_called_with('report', 'chart', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_report_chart_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'report_chart': { - 'background': 'test_value_3', - 'category': 'misc', - 'color_palette': 'test_value_5', - 'comments': 'test_value_6', - 'dataset': 'test_value_7', - 'dimension': '2D', - 'favorite': 'no', - 'graph_type': 'none', - 'legend': 'enable', - 'legend_font_size': '12', - 'name': 'default_name_13', - 'period': 'last24h', - 'policy': '15', - 'style': 'auto', - 'title': 'test_value_17', - 'title_font_size': '18', - 'type': 'graph', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_chart.fortios_report(input_data, fos_instance) - - expected_data = { - 'background': 'test_value_3', - 'category': 'misc', - 'color-palette': 'test_value_5', - 'comments': 'test_value_6', - 'dataset': 'test_value_7', - 'dimension': '2D', - 'favorite': 'no', - 'graph-type': 'none', - 'legend': 'enable', - 'legend-font-size': '12', - 'name': 'default_name_13', - 'period': 'last24h', - 'policy': '15', - 'style': 'auto', - 'title': 'test_value_17', - 'title-font-size': '18', - 'type': 'graph', - - } - - set_method_mock.assert_called_with('report', 'chart', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_report_chart_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'report_chart': { - 'background': 'test_value_3', - 'category': 'misc', - 'color_palette': 'test_value_5', - 'comments': 'test_value_6', - 'dataset': 'test_value_7', - 'dimension': '2D', - 'favorite': 'no', - 'graph_type': 'none', - 'legend': 'enable', - 'legend_font_size': '12', - 'name': 'default_name_13', - 'period': 'last24h', - 'policy': '15', - 'style': 'auto', - 'title': 'test_value_17', - 'title_font_size': '18', - 'type': 'graph', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_chart.fortios_report(input_data, fos_instance) - - delete_method_mock.assert_called_with('report', 'chart', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_report_chart_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'report_chart': { - 'background': 'test_value_3', - 'category': 'misc', - 'color_palette': 'test_value_5', - 'comments': 'test_value_6', - 'dataset': 'test_value_7', - 'dimension': '2D', - 'favorite': 'no', - 'graph_type': 'none', - 'legend': 'enable', - 'legend_font_size': '12', - 'name': 'default_name_13', - 'period': 'last24h', - 'policy': '15', - 'style': 'auto', - 'title': 'test_value_17', - 'title_font_size': '18', - 'type': 'graph', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_chart.fortios_report(input_data, fos_instance) - - delete_method_mock.assert_called_with('report', 'chart', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_report_chart_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'report_chart': { - 'background': 'test_value_3', - 'category': 'misc', - 'color_palette': 'test_value_5', - 'comments': 'test_value_6', - 'dataset': 'test_value_7', - 'dimension': '2D', - 'favorite': 'no', - 'graph_type': 'none', - 'legend': 'enable', - 'legend_font_size': '12', - 'name': 'default_name_13', - 'period': 'last24h', - 'policy': '15', - 'style': 'auto', - 'title': 'test_value_17', - 'title_font_size': '18', - 'type': 'graph', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_chart.fortios_report(input_data, fos_instance) - - expected_data = { - 'background': 'test_value_3', - 'category': 'misc', - 'color-palette': 'test_value_5', - 'comments': 'test_value_6', - 'dataset': 'test_value_7', - 'dimension': '2D', - 'favorite': 'no', - 'graph-type': 'none', - 'legend': 'enable', - 'legend-font-size': '12', - 'name': 'default_name_13', - 'period': 'last24h', - 'policy': '15', - 'style': 'auto', - 'title': 'test_value_17', - 'title-font-size': '18', - 'type': 'graph', - - } - - set_method_mock.assert_called_with('report', 'chart', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_report_chart_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'report_chart': { - 'random_attribute_not_valid': 'tag', - 'background': 'test_value_3', - 'category': 'misc', - 'color_palette': 'test_value_5', - 'comments': 'test_value_6', - 'dataset': 'test_value_7', - 'dimension': '2D', - 'favorite': 'no', - 'graph_type': 'none', - 'legend': 'enable', - 'legend_font_size': '12', - 'name': 'default_name_13', - 'period': 'last24h', - 'policy': '15', - 'style': 'auto', - 'title': 'test_value_17', - 'title_font_size': '18', - 'type': 'graph', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_chart.fortios_report(input_data, fos_instance) - - expected_data = { - 'background': 'test_value_3', - 'category': 'misc', - 'color-palette': 'test_value_5', - 'comments': 'test_value_6', - 'dataset': 'test_value_7', - 'dimension': '2D', - 'favorite': 'no', - 'graph-type': 'none', - 'legend': 'enable', - 'legend-font-size': '12', - 'name': 'default_name_13', - 'period': 'last24h', - 'policy': '15', - 'style': 'auto', - 'title': 'test_value_17', - 'title-font-size': '18', - 'type': 'graph', - - } - - set_method_mock.assert_called_with('report', 'chart', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_report_dataset.py b/test/units/modules/network/fortios/test_fortios_report_dataset.py deleted file mode 100644 index 6026d8e514f..00000000000 --- a/test/units/modules/network/fortios/test_fortios_report_dataset.py +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_report_dataset -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_report_dataset.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_report_dataset_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'report_dataset': {'name': 'default_name_3', - 'policy': '4', - 'query': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_dataset.fortios_report(input_data, fos_instance) - - expected_data = {'name': 'default_name_3', - 'policy': '4', - 'query': 'test_value_5' - } - - set_method_mock.assert_called_with('report', 'dataset', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_report_dataset_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'report_dataset': {'name': 'default_name_3', - 'policy': '4', - 'query': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_dataset.fortios_report(input_data, fos_instance) - - expected_data = {'name': 'default_name_3', - 'policy': '4', - 'query': 'test_value_5' - } - - set_method_mock.assert_called_with('report', 'dataset', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_report_dataset_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'report_dataset': {'name': 'default_name_3', - 'policy': '4', - 'query': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_dataset.fortios_report(input_data, fos_instance) - - delete_method_mock.assert_called_with('report', 'dataset', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_report_dataset_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'report_dataset': {'name': 'default_name_3', - 'policy': '4', - 'query': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_dataset.fortios_report(input_data, fos_instance) - - delete_method_mock.assert_called_with('report', 'dataset', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_report_dataset_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'report_dataset': {'name': 'default_name_3', - 'policy': '4', - 'query': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_dataset.fortios_report(input_data, fos_instance) - - expected_data = {'name': 'default_name_3', - 'policy': '4', - 'query': 'test_value_5' - } - - set_method_mock.assert_called_with('report', 'dataset', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_report_dataset_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'report_dataset': { - 'random_attribute_not_valid': 'tag', 'name': 'default_name_3', - 'policy': '4', - 'query': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_dataset.fortios_report(input_data, fos_instance) - - expected_data = {'name': 'default_name_3', - 'policy': '4', - 'query': 'test_value_5' - } - - set_method_mock.assert_called_with('report', 'dataset', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_report_layout.py b/test/units/modules/network/fortios/test_fortios_report_layout.py deleted file mode 100644 index 63ed503ed52..00000000000 --- a/test/units/modules/network/fortios/test_fortios_report_layout.py +++ /dev/null @@ -1,329 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_report_layout -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_report_layout.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_report_layout_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'report_layout': {'cutoff_option': 'run-time', - 'cutoff_time': 'test_value_4', - 'day': 'sunday', - 'description': 'test_value_6', - 'email_recipients': 'test_value_7', - 'email_send': 'enable', - 'format': 'pdf', - 'max_pdf_report': '10', - 'name': 'default_name_11', - 'options': 'include-table-of-content', - 'schedule_type': 'demand', - 'style_theme': 'test_value_14', - 'subtitle': 'test_value_15', - 'time': 'test_value_16', - 'title': 'test_value_17' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_layout.fortios_report(input_data, fos_instance) - - expected_data = {'cutoff-option': 'run-time', - 'cutoff-time': 'test_value_4', - 'day': 'sunday', - 'description': 'test_value_6', - 'email-recipients': 'test_value_7', - 'email-send': 'enable', - 'format': 'pdf', - 'max-pdf-report': '10', - 'name': 'default_name_11', - 'options': 'include-table-of-content', - 'schedule-type': 'demand', - 'style-theme': 'test_value_14', - 'subtitle': 'test_value_15', - 'time': 'test_value_16', - 'title': 'test_value_17' - } - - set_method_mock.assert_called_with('report', 'layout', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_report_layout_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'report_layout': {'cutoff_option': 'run-time', - 'cutoff_time': 'test_value_4', - 'day': 'sunday', - 'description': 'test_value_6', - 'email_recipients': 'test_value_7', - 'email_send': 'enable', - 'format': 'pdf', - 'max_pdf_report': '10', - 'name': 'default_name_11', - 'options': 'include-table-of-content', - 'schedule_type': 'demand', - 'style_theme': 'test_value_14', - 'subtitle': 'test_value_15', - 'time': 'test_value_16', - 'title': 'test_value_17' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_layout.fortios_report(input_data, fos_instance) - - expected_data = {'cutoff-option': 'run-time', - 'cutoff-time': 'test_value_4', - 'day': 'sunday', - 'description': 'test_value_6', - 'email-recipients': 'test_value_7', - 'email-send': 'enable', - 'format': 'pdf', - 'max-pdf-report': '10', - 'name': 'default_name_11', - 'options': 'include-table-of-content', - 'schedule-type': 'demand', - 'style-theme': 'test_value_14', - 'subtitle': 'test_value_15', - 'time': 'test_value_16', - 'title': 'test_value_17' - } - - set_method_mock.assert_called_with('report', 'layout', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_report_layout_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'report_layout': {'cutoff_option': 'run-time', - 'cutoff_time': 'test_value_4', - 'day': 'sunday', - 'description': 'test_value_6', - 'email_recipients': 'test_value_7', - 'email_send': 'enable', - 'format': 'pdf', - 'max_pdf_report': '10', - 'name': 'default_name_11', - 'options': 'include-table-of-content', - 'schedule_type': 'demand', - 'style_theme': 'test_value_14', - 'subtitle': 'test_value_15', - 'time': 'test_value_16', - 'title': 'test_value_17' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_layout.fortios_report(input_data, fos_instance) - - delete_method_mock.assert_called_with('report', 'layout', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_report_layout_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'report_layout': {'cutoff_option': 'run-time', - 'cutoff_time': 'test_value_4', - 'day': 'sunday', - 'description': 'test_value_6', - 'email_recipients': 'test_value_7', - 'email_send': 'enable', - 'format': 'pdf', - 'max_pdf_report': '10', - 'name': 'default_name_11', - 'options': 'include-table-of-content', - 'schedule_type': 'demand', - 'style_theme': 'test_value_14', - 'subtitle': 'test_value_15', - 'time': 'test_value_16', - 'title': 'test_value_17' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_layout.fortios_report(input_data, fos_instance) - - delete_method_mock.assert_called_with('report', 'layout', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_report_layout_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'report_layout': {'cutoff_option': 'run-time', - 'cutoff_time': 'test_value_4', - 'day': 'sunday', - 'description': 'test_value_6', - 'email_recipients': 'test_value_7', - 'email_send': 'enable', - 'format': 'pdf', - 'max_pdf_report': '10', - 'name': 'default_name_11', - 'options': 'include-table-of-content', - 'schedule_type': 'demand', - 'style_theme': 'test_value_14', - 'subtitle': 'test_value_15', - 'time': 'test_value_16', - 'title': 'test_value_17' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_layout.fortios_report(input_data, fos_instance) - - expected_data = {'cutoff-option': 'run-time', - 'cutoff-time': 'test_value_4', - 'day': 'sunday', - 'description': 'test_value_6', - 'email-recipients': 'test_value_7', - 'email-send': 'enable', - 'format': 'pdf', - 'max-pdf-report': '10', - 'name': 'default_name_11', - 'options': 'include-table-of-content', - 'schedule-type': 'demand', - 'style-theme': 'test_value_14', - 'subtitle': 'test_value_15', - 'time': 'test_value_16', - 'title': 'test_value_17' - } - - set_method_mock.assert_called_with('report', 'layout', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_report_layout_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'report_layout': { - 'random_attribute_not_valid': 'tag', 'cutoff_option': 'run-time', - 'cutoff_time': 'test_value_4', - 'day': 'sunday', - 'description': 'test_value_6', - 'email_recipients': 'test_value_7', - 'email_send': 'enable', - 'format': 'pdf', - 'max_pdf_report': '10', - 'name': 'default_name_11', - 'options': 'include-table-of-content', - 'schedule_type': 'demand', - 'style_theme': 'test_value_14', - 'subtitle': 'test_value_15', - 'time': 'test_value_16', - 'title': 'test_value_17' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_layout.fortios_report(input_data, fos_instance) - - expected_data = {'cutoff-option': 'run-time', - 'cutoff-time': 'test_value_4', - 'day': 'sunday', - 'description': 'test_value_6', - 'email-recipients': 'test_value_7', - 'email-send': 'enable', - 'format': 'pdf', - 'max-pdf-report': '10', - 'name': 'default_name_11', - 'options': 'include-table-of-content', - 'schedule-type': 'demand', - 'style-theme': 'test_value_14', - 'subtitle': 'test_value_15', - 'time': 'test_value_16', - 'title': 'test_value_17' - } - - set_method_mock.assert_called_with('report', 'layout', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_report_setting.py b/test/units/modules/network/fortios/test_fortios_report_setting.py deleted file mode 100644 index b8450dabd74..00000000000 --- a/test/units/modules/network/fortios/test_fortios_report_setting.py +++ /dev/null @@ -1,183 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_report_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_report_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_report_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'report_setting': { - 'fortiview': 'enable', - 'pdf_report': 'enable', - 'report_source': 'forward-traffic', - 'top_n': '6', - 'web_browsing_threshold': '7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_setting.fortios_report(input_data, fos_instance) - - expected_data = { - 'fortiview': 'enable', - 'pdf-report': 'enable', - 'report-source': 'forward-traffic', - 'top-n': '6', - 'web-browsing-threshold': '7' - } - - set_method_mock.assert_called_with('report', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_report_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'report_setting': { - 'fortiview': 'enable', - 'pdf_report': 'enable', - 'report_source': 'forward-traffic', - 'top_n': '6', - 'web_browsing_threshold': '7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_setting.fortios_report(input_data, fos_instance) - - expected_data = { - 'fortiview': 'enable', - 'pdf-report': 'enable', - 'report-source': 'forward-traffic', - 'top-n': '6', - 'web-browsing-threshold': '7' - } - - set_method_mock.assert_called_with('report', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_report_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'report_setting': { - 'fortiview': 'enable', - 'pdf_report': 'enable', - 'report_source': 'forward-traffic', - 'top_n': '6', - 'web_browsing_threshold': '7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_setting.fortios_report(input_data, fos_instance) - - expected_data = { - 'fortiview': 'enable', - 'pdf-report': 'enable', - 'report-source': 'forward-traffic', - 'top-n': '6', - 'web-browsing-threshold': '7' - } - - set_method_mock.assert_called_with('report', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_report_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'report_setting': { - 'random_attribute_not_valid': 'tag', - 'fortiview': 'enable', - 'pdf_report': 'enable', - 'report_source': 'forward-traffic', - 'top_n': '6', - 'web_browsing_threshold': '7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_setting.fortios_report(input_data, fos_instance) - - expected_data = { - 'fortiview': 'enable', - 'pdf-report': 'enable', - 'report-source': 'forward-traffic', - 'top-n': '6', - 'web-browsing-threshold': '7' - } - - set_method_mock.assert_called_with('report', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_report_style.py b/test/units/modules/network/fortios/test_fortios_report_style.py deleted file mode 100644 index bf97f0be03b..00000000000 --- a/test/units/modules/network/fortios/test_fortios_report_style.py +++ /dev/null @@ -1,449 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_report_style -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_report_style.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_report_style_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'report_style': { - 'align': 'left', - 'bg_color': 'test_value_4', - 'border_bottom': 'test_value_5', - 'border_left': 'test_value_6', - 'border_right': 'test_value_7', - 'border_top': 'test_value_8', - 'column_gap': 'test_value_9', - 'column_span': 'none', - 'fg_color': 'test_value_11', - 'font_family': 'Verdana', - 'font_size': 'test_value_13', - 'font_style': 'normal', - 'font_weight': 'normal', - 'height': 'test_value_16', - 'line_height': 'test_value_17', - 'margin_bottom': 'test_value_18', - 'margin_left': 'test_value_19', - 'margin_right': 'test_value_20', - 'margin_top': 'test_value_21', - 'name': 'default_name_22', - 'options': 'font', - 'padding_bottom': 'test_value_24', - 'padding_left': 'test_value_25', - 'padding_right': 'test_value_26', - 'padding_top': 'test_value_27', - 'width': 'test_value_28' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_style.fortios_report(input_data, fos_instance) - - expected_data = { - 'align': 'left', - 'bg-color': 'test_value_4', - 'border-bottom': 'test_value_5', - 'border-left': 'test_value_6', - 'border-right': 'test_value_7', - 'border-top': 'test_value_8', - 'column-gap': 'test_value_9', - 'column-span': 'none', - 'fg-color': 'test_value_11', - 'font-family': 'Verdana', - 'font-size': 'test_value_13', - 'font-style': 'normal', - 'font-weight': 'normal', - 'height': 'test_value_16', - 'line-height': 'test_value_17', - 'margin-bottom': 'test_value_18', - 'margin-left': 'test_value_19', - 'margin-right': 'test_value_20', - 'margin-top': 'test_value_21', - 'name': 'default_name_22', - 'options': 'font', - 'padding-bottom': 'test_value_24', - 'padding-left': 'test_value_25', - 'padding-right': 'test_value_26', - 'padding-top': 'test_value_27', - 'width': 'test_value_28' - } - - set_method_mock.assert_called_with('report', 'style', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_report_style_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'report_style': { - 'align': 'left', - 'bg_color': 'test_value_4', - 'border_bottom': 'test_value_5', - 'border_left': 'test_value_6', - 'border_right': 'test_value_7', - 'border_top': 'test_value_8', - 'column_gap': 'test_value_9', - 'column_span': 'none', - 'fg_color': 'test_value_11', - 'font_family': 'Verdana', - 'font_size': 'test_value_13', - 'font_style': 'normal', - 'font_weight': 'normal', - 'height': 'test_value_16', - 'line_height': 'test_value_17', - 'margin_bottom': 'test_value_18', - 'margin_left': 'test_value_19', - 'margin_right': 'test_value_20', - 'margin_top': 'test_value_21', - 'name': 'default_name_22', - 'options': 'font', - 'padding_bottom': 'test_value_24', - 'padding_left': 'test_value_25', - 'padding_right': 'test_value_26', - 'padding_top': 'test_value_27', - 'width': 'test_value_28' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_style.fortios_report(input_data, fos_instance) - - expected_data = { - 'align': 'left', - 'bg-color': 'test_value_4', - 'border-bottom': 'test_value_5', - 'border-left': 'test_value_6', - 'border-right': 'test_value_7', - 'border-top': 'test_value_8', - 'column-gap': 'test_value_9', - 'column-span': 'none', - 'fg-color': 'test_value_11', - 'font-family': 'Verdana', - 'font-size': 'test_value_13', - 'font-style': 'normal', - 'font-weight': 'normal', - 'height': 'test_value_16', - 'line-height': 'test_value_17', - 'margin-bottom': 'test_value_18', - 'margin-left': 'test_value_19', - 'margin-right': 'test_value_20', - 'margin-top': 'test_value_21', - 'name': 'default_name_22', - 'options': 'font', - 'padding-bottom': 'test_value_24', - 'padding-left': 'test_value_25', - 'padding-right': 'test_value_26', - 'padding-top': 'test_value_27', - 'width': 'test_value_28' - } - - set_method_mock.assert_called_with('report', 'style', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_report_style_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'report_style': { - 'align': 'left', - 'bg_color': 'test_value_4', - 'border_bottom': 'test_value_5', - 'border_left': 'test_value_6', - 'border_right': 'test_value_7', - 'border_top': 'test_value_8', - 'column_gap': 'test_value_9', - 'column_span': 'none', - 'fg_color': 'test_value_11', - 'font_family': 'Verdana', - 'font_size': 'test_value_13', - 'font_style': 'normal', - 'font_weight': 'normal', - 'height': 'test_value_16', - 'line_height': 'test_value_17', - 'margin_bottom': 'test_value_18', - 'margin_left': 'test_value_19', - 'margin_right': 'test_value_20', - 'margin_top': 'test_value_21', - 'name': 'default_name_22', - 'options': 'font', - 'padding_bottom': 'test_value_24', - 'padding_left': 'test_value_25', - 'padding_right': 'test_value_26', - 'padding_top': 'test_value_27', - 'width': 'test_value_28' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_style.fortios_report(input_data, fos_instance) - - delete_method_mock.assert_called_with('report', 'style', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_report_style_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'report_style': { - 'align': 'left', - 'bg_color': 'test_value_4', - 'border_bottom': 'test_value_5', - 'border_left': 'test_value_6', - 'border_right': 'test_value_7', - 'border_top': 'test_value_8', - 'column_gap': 'test_value_9', - 'column_span': 'none', - 'fg_color': 'test_value_11', - 'font_family': 'Verdana', - 'font_size': 'test_value_13', - 'font_style': 'normal', - 'font_weight': 'normal', - 'height': 'test_value_16', - 'line_height': 'test_value_17', - 'margin_bottom': 'test_value_18', - 'margin_left': 'test_value_19', - 'margin_right': 'test_value_20', - 'margin_top': 'test_value_21', - 'name': 'default_name_22', - 'options': 'font', - 'padding_bottom': 'test_value_24', - 'padding_left': 'test_value_25', - 'padding_right': 'test_value_26', - 'padding_top': 'test_value_27', - 'width': 'test_value_28' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_style.fortios_report(input_data, fos_instance) - - delete_method_mock.assert_called_with('report', 'style', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_report_style_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'report_style': { - 'align': 'left', - 'bg_color': 'test_value_4', - 'border_bottom': 'test_value_5', - 'border_left': 'test_value_6', - 'border_right': 'test_value_7', - 'border_top': 'test_value_8', - 'column_gap': 'test_value_9', - 'column_span': 'none', - 'fg_color': 'test_value_11', - 'font_family': 'Verdana', - 'font_size': 'test_value_13', - 'font_style': 'normal', - 'font_weight': 'normal', - 'height': 'test_value_16', - 'line_height': 'test_value_17', - 'margin_bottom': 'test_value_18', - 'margin_left': 'test_value_19', - 'margin_right': 'test_value_20', - 'margin_top': 'test_value_21', - 'name': 'default_name_22', - 'options': 'font', - 'padding_bottom': 'test_value_24', - 'padding_left': 'test_value_25', - 'padding_right': 'test_value_26', - 'padding_top': 'test_value_27', - 'width': 'test_value_28' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_style.fortios_report(input_data, fos_instance) - - expected_data = { - 'align': 'left', - 'bg-color': 'test_value_4', - 'border-bottom': 'test_value_5', - 'border-left': 'test_value_6', - 'border-right': 'test_value_7', - 'border-top': 'test_value_8', - 'column-gap': 'test_value_9', - 'column-span': 'none', - 'fg-color': 'test_value_11', - 'font-family': 'Verdana', - 'font-size': 'test_value_13', - 'font-style': 'normal', - 'font-weight': 'normal', - 'height': 'test_value_16', - 'line-height': 'test_value_17', - 'margin-bottom': 'test_value_18', - 'margin-left': 'test_value_19', - 'margin-right': 'test_value_20', - 'margin-top': 'test_value_21', - 'name': 'default_name_22', - 'options': 'font', - 'padding-bottom': 'test_value_24', - 'padding-left': 'test_value_25', - 'padding-right': 'test_value_26', - 'padding-top': 'test_value_27', - 'width': 'test_value_28' - } - - set_method_mock.assert_called_with('report', 'style', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_report_style_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'report_style': { - 'random_attribute_not_valid': 'tag', - 'align': 'left', - 'bg_color': 'test_value_4', - 'border_bottom': 'test_value_5', - 'border_left': 'test_value_6', - 'border_right': 'test_value_7', - 'border_top': 'test_value_8', - 'column_gap': 'test_value_9', - 'column_span': 'none', - 'fg_color': 'test_value_11', - 'font_family': 'Verdana', - 'font_size': 'test_value_13', - 'font_style': 'normal', - 'font_weight': 'normal', - 'height': 'test_value_16', - 'line_height': 'test_value_17', - 'margin_bottom': 'test_value_18', - 'margin_left': 'test_value_19', - 'margin_right': 'test_value_20', - 'margin_top': 'test_value_21', - 'name': 'default_name_22', - 'options': 'font', - 'padding_bottom': 'test_value_24', - 'padding_left': 'test_value_25', - 'padding_right': 'test_value_26', - 'padding_top': 'test_value_27', - 'width': 'test_value_28' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_style.fortios_report(input_data, fos_instance) - - expected_data = { - 'align': 'left', - 'bg-color': 'test_value_4', - 'border-bottom': 'test_value_5', - 'border-left': 'test_value_6', - 'border-right': 'test_value_7', - 'border-top': 'test_value_8', - 'column-gap': 'test_value_9', - 'column-span': 'none', - 'fg-color': 'test_value_11', - 'font-family': 'Verdana', - 'font-size': 'test_value_13', - 'font-style': 'normal', - 'font-weight': 'normal', - 'height': 'test_value_16', - 'line-height': 'test_value_17', - 'margin-bottom': 'test_value_18', - 'margin-left': 'test_value_19', - 'margin-right': 'test_value_20', - 'margin-top': 'test_value_21', - 'name': 'default_name_22', - 'options': 'font', - 'padding-bottom': 'test_value_24', - 'padding-left': 'test_value_25', - 'padding-right': 'test_value_26', - 'padding-top': 'test_value_27', - 'width': 'test_value_28' - } - - set_method_mock.assert_called_with('report', 'style', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_report_theme.py b/test/units/modules/network/fortios/test_fortios_report_theme.py deleted file mode 100644 index 2164b3da61e..00000000000 --- a/test/units/modules/network/fortios/test_fortios_report_theme.py +++ /dev/null @@ -1,489 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_report_theme -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_report_theme.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_report_theme_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'report_theme': { - 'bullet_list_style': 'test_value_3', - 'column_count': '1', - 'default_html_style': 'test_value_5', - 'default_pdf_style': 'test_value_6', - 'graph_chart_style': 'test_value_7', - 'heading1_style': 'test_value_8', - 'heading2_style': 'test_value_9', - 'heading3_style': 'test_value_10', - 'heading4_style': 'test_value_11', - 'hline_style': 'test_value_12', - 'image_style': 'test_value_13', - 'name': 'default_name_14', - 'normal_text_style': 'test_value_15', - 'numbered_list_style': 'test_value_16', - 'page_footer_style': 'test_value_17', - 'page_header_style': 'test_value_18', - 'page_orient': 'portrait', - 'page_style': 'test_value_20', - 'report_subtitle_style': 'test_value_21', - 'report_title_style': 'test_value_22', - 'table_chart_caption_style': 'test_value_23', - 'table_chart_even_row_style': 'test_value_24', - 'table_chart_head_style': 'test_value_25', - 'table_chart_odd_row_style': 'test_value_26', - 'table_chart_style': 'test_value_27', - 'toc_heading1_style': 'test_value_28', - 'toc_heading2_style': 'test_value_29', - 'toc_heading3_style': 'test_value_30', - 'toc_heading4_style': 'test_value_31', - 'toc_title_style': 'test_value_32' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_theme.fortios_report(input_data, fos_instance) - - expected_data = { - 'bullet-list-style': 'test_value_3', - 'column-count': '1', - 'default-html-style': 'test_value_5', - 'default-pdf-style': 'test_value_6', - 'graph-chart-style': 'test_value_7', - 'heading1-style': 'test_value_8', - 'heading2-style': 'test_value_9', - 'heading3-style': 'test_value_10', - 'heading4-style': 'test_value_11', - 'hline-style': 'test_value_12', - 'image-style': 'test_value_13', - 'name': 'default_name_14', - 'normal-text-style': 'test_value_15', - 'numbered-list-style': 'test_value_16', - 'page-footer-style': 'test_value_17', - 'page-header-style': 'test_value_18', - 'page-orient': 'portrait', - 'page-style': 'test_value_20', - 'report-subtitle-style': 'test_value_21', - 'report-title-style': 'test_value_22', - 'table-chart-caption-style': 'test_value_23', - 'table-chart-even-row-style': 'test_value_24', - 'table-chart-head-style': 'test_value_25', - 'table-chart-odd-row-style': 'test_value_26', - 'table-chart-style': 'test_value_27', - 'toc-heading1-style': 'test_value_28', - 'toc-heading2-style': 'test_value_29', - 'toc-heading3-style': 'test_value_30', - 'toc-heading4-style': 'test_value_31', - 'toc-title-style': 'test_value_32' - } - - set_method_mock.assert_called_with('report', 'theme', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_report_theme_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'report_theme': { - 'bullet_list_style': 'test_value_3', - 'column_count': '1', - 'default_html_style': 'test_value_5', - 'default_pdf_style': 'test_value_6', - 'graph_chart_style': 'test_value_7', - 'heading1_style': 'test_value_8', - 'heading2_style': 'test_value_9', - 'heading3_style': 'test_value_10', - 'heading4_style': 'test_value_11', - 'hline_style': 'test_value_12', - 'image_style': 'test_value_13', - 'name': 'default_name_14', - 'normal_text_style': 'test_value_15', - 'numbered_list_style': 'test_value_16', - 'page_footer_style': 'test_value_17', - 'page_header_style': 'test_value_18', - 'page_orient': 'portrait', - 'page_style': 'test_value_20', - 'report_subtitle_style': 'test_value_21', - 'report_title_style': 'test_value_22', - 'table_chart_caption_style': 'test_value_23', - 'table_chart_even_row_style': 'test_value_24', - 'table_chart_head_style': 'test_value_25', - 'table_chart_odd_row_style': 'test_value_26', - 'table_chart_style': 'test_value_27', - 'toc_heading1_style': 'test_value_28', - 'toc_heading2_style': 'test_value_29', - 'toc_heading3_style': 'test_value_30', - 'toc_heading4_style': 'test_value_31', - 'toc_title_style': 'test_value_32' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_theme.fortios_report(input_data, fos_instance) - - expected_data = { - 'bullet-list-style': 'test_value_3', - 'column-count': '1', - 'default-html-style': 'test_value_5', - 'default-pdf-style': 'test_value_6', - 'graph-chart-style': 'test_value_7', - 'heading1-style': 'test_value_8', - 'heading2-style': 'test_value_9', - 'heading3-style': 'test_value_10', - 'heading4-style': 'test_value_11', - 'hline-style': 'test_value_12', - 'image-style': 'test_value_13', - 'name': 'default_name_14', - 'normal-text-style': 'test_value_15', - 'numbered-list-style': 'test_value_16', - 'page-footer-style': 'test_value_17', - 'page-header-style': 'test_value_18', - 'page-orient': 'portrait', - 'page-style': 'test_value_20', - 'report-subtitle-style': 'test_value_21', - 'report-title-style': 'test_value_22', - 'table-chart-caption-style': 'test_value_23', - 'table-chart-even-row-style': 'test_value_24', - 'table-chart-head-style': 'test_value_25', - 'table-chart-odd-row-style': 'test_value_26', - 'table-chart-style': 'test_value_27', - 'toc-heading1-style': 'test_value_28', - 'toc-heading2-style': 'test_value_29', - 'toc-heading3-style': 'test_value_30', - 'toc-heading4-style': 'test_value_31', - 'toc-title-style': 'test_value_32' - } - - set_method_mock.assert_called_with('report', 'theme', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_report_theme_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'report_theme': { - 'bullet_list_style': 'test_value_3', - 'column_count': '1', - 'default_html_style': 'test_value_5', - 'default_pdf_style': 'test_value_6', - 'graph_chart_style': 'test_value_7', - 'heading1_style': 'test_value_8', - 'heading2_style': 'test_value_9', - 'heading3_style': 'test_value_10', - 'heading4_style': 'test_value_11', - 'hline_style': 'test_value_12', - 'image_style': 'test_value_13', - 'name': 'default_name_14', - 'normal_text_style': 'test_value_15', - 'numbered_list_style': 'test_value_16', - 'page_footer_style': 'test_value_17', - 'page_header_style': 'test_value_18', - 'page_orient': 'portrait', - 'page_style': 'test_value_20', - 'report_subtitle_style': 'test_value_21', - 'report_title_style': 'test_value_22', - 'table_chart_caption_style': 'test_value_23', - 'table_chart_even_row_style': 'test_value_24', - 'table_chart_head_style': 'test_value_25', - 'table_chart_odd_row_style': 'test_value_26', - 'table_chart_style': 'test_value_27', - 'toc_heading1_style': 'test_value_28', - 'toc_heading2_style': 'test_value_29', - 'toc_heading3_style': 'test_value_30', - 'toc_heading4_style': 'test_value_31', - 'toc_title_style': 'test_value_32' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_theme.fortios_report(input_data, fos_instance) - - delete_method_mock.assert_called_with('report', 'theme', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_report_theme_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'report_theme': { - 'bullet_list_style': 'test_value_3', - 'column_count': '1', - 'default_html_style': 'test_value_5', - 'default_pdf_style': 'test_value_6', - 'graph_chart_style': 'test_value_7', - 'heading1_style': 'test_value_8', - 'heading2_style': 'test_value_9', - 'heading3_style': 'test_value_10', - 'heading4_style': 'test_value_11', - 'hline_style': 'test_value_12', - 'image_style': 'test_value_13', - 'name': 'default_name_14', - 'normal_text_style': 'test_value_15', - 'numbered_list_style': 'test_value_16', - 'page_footer_style': 'test_value_17', - 'page_header_style': 'test_value_18', - 'page_orient': 'portrait', - 'page_style': 'test_value_20', - 'report_subtitle_style': 'test_value_21', - 'report_title_style': 'test_value_22', - 'table_chart_caption_style': 'test_value_23', - 'table_chart_even_row_style': 'test_value_24', - 'table_chart_head_style': 'test_value_25', - 'table_chart_odd_row_style': 'test_value_26', - 'table_chart_style': 'test_value_27', - 'toc_heading1_style': 'test_value_28', - 'toc_heading2_style': 'test_value_29', - 'toc_heading3_style': 'test_value_30', - 'toc_heading4_style': 'test_value_31', - 'toc_title_style': 'test_value_32' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_theme.fortios_report(input_data, fos_instance) - - delete_method_mock.assert_called_with('report', 'theme', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_report_theme_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'report_theme': { - 'bullet_list_style': 'test_value_3', - 'column_count': '1', - 'default_html_style': 'test_value_5', - 'default_pdf_style': 'test_value_6', - 'graph_chart_style': 'test_value_7', - 'heading1_style': 'test_value_8', - 'heading2_style': 'test_value_9', - 'heading3_style': 'test_value_10', - 'heading4_style': 'test_value_11', - 'hline_style': 'test_value_12', - 'image_style': 'test_value_13', - 'name': 'default_name_14', - 'normal_text_style': 'test_value_15', - 'numbered_list_style': 'test_value_16', - 'page_footer_style': 'test_value_17', - 'page_header_style': 'test_value_18', - 'page_orient': 'portrait', - 'page_style': 'test_value_20', - 'report_subtitle_style': 'test_value_21', - 'report_title_style': 'test_value_22', - 'table_chart_caption_style': 'test_value_23', - 'table_chart_even_row_style': 'test_value_24', - 'table_chart_head_style': 'test_value_25', - 'table_chart_odd_row_style': 'test_value_26', - 'table_chart_style': 'test_value_27', - 'toc_heading1_style': 'test_value_28', - 'toc_heading2_style': 'test_value_29', - 'toc_heading3_style': 'test_value_30', - 'toc_heading4_style': 'test_value_31', - 'toc_title_style': 'test_value_32' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_theme.fortios_report(input_data, fos_instance) - - expected_data = { - 'bullet-list-style': 'test_value_3', - 'column-count': '1', - 'default-html-style': 'test_value_5', - 'default-pdf-style': 'test_value_6', - 'graph-chart-style': 'test_value_7', - 'heading1-style': 'test_value_8', - 'heading2-style': 'test_value_9', - 'heading3-style': 'test_value_10', - 'heading4-style': 'test_value_11', - 'hline-style': 'test_value_12', - 'image-style': 'test_value_13', - 'name': 'default_name_14', - 'normal-text-style': 'test_value_15', - 'numbered-list-style': 'test_value_16', - 'page-footer-style': 'test_value_17', - 'page-header-style': 'test_value_18', - 'page-orient': 'portrait', - 'page-style': 'test_value_20', - 'report-subtitle-style': 'test_value_21', - 'report-title-style': 'test_value_22', - 'table-chart-caption-style': 'test_value_23', - 'table-chart-even-row-style': 'test_value_24', - 'table-chart-head-style': 'test_value_25', - 'table-chart-odd-row-style': 'test_value_26', - 'table-chart-style': 'test_value_27', - 'toc-heading1-style': 'test_value_28', - 'toc-heading2-style': 'test_value_29', - 'toc-heading3-style': 'test_value_30', - 'toc-heading4-style': 'test_value_31', - 'toc-title-style': 'test_value_32' - } - - set_method_mock.assert_called_with('report', 'theme', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_report_theme_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'report_theme': { - 'random_attribute_not_valid': 'tag', - 'bullet_list_style': 'test_value_3', - 'column_count': '1', - 'default_html_style': 'test_value_5', - 'default_pdf_style': 'test_value_6', - 'graph_chart_style': 'test_value_7', - 'heading1_style': 'test_value_8', - 'heading2_style': 'test_value_9', - 'heading3_style': 'test_value_10', - 'heading4_style': 'test_value_11', - 'hline_style': 'test_value_12', - 'image_style': 'test_value_13', - 'name': 'default_name_14', - 'normal_text_style': 'test_value_15', - 'numbered_list_style': 'test_value_16', - 'page_footer_style': 'test_value_17', - 'page_header_style': 'test_value_18', - 'page_orient': 'portrait', - 'page_style': 'test_value_20', - 'report_subtitle_style': 'test_value_21', - 'report_title_style': 'test_value_22', - 'table_chart_caption_style': 'test_value_23', - 'table_chart_even_row_style': 'test_value_24', - 'table_chart_head_style': 'test_value_25', - 'table_chart_odd_row_style': 'test_value_26', - 'table_chart_style': 'test_value_27', - 'toc_heading1_style': 'test_value_28', - 'toc_heading2_style': 'test_value_29', - 'toc_heading3_style': 'test_value_30', - 'toc_heading4_style': 'test_value_31', - 'toc_title_style': 'test_value_32' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_report_theme.fortios_report(input_data, fos_instance) - - expected_data = { - 'bullet-list-style': 'test_value_3', - 'column-count': '1', - 'default-html-style': 'test_value_5', - 'default-pdf-style': 'test_value_6', - 'graph-chart-style': 'test_value_7', - 'heading1-style': 'test_value_8', - 'heading2-style': 'test_value_9', - 'heading3-style': 'test_value_10', - 'heading4-style': 'test_value_11', - 'hline-style': 'test_value_12', - 'image-style': 'test_value_13', - 'name': 'default_name_14', - 'normal-text-style': 'test_value_15', - 'numbered-list-style': 'test_value_16', - 'page-footer-style': 'test_value_17', - 'page-header-style': 'test_value_18', - 'page-orient': 'portrait', - 'page-style': 'test_value_20', - 'report-subtitle-style': 'test_value_21', - 'report-title-style': 'test_value_22', - 'table-chart-caption-style': 'test_value_23', - 'table-chart-even-row-style': 'test_value_24', - 'table-chart-head-style': 'test_value_25', - 'table-chart-odd-row-style': 'test_value_26', - 'table-chart-style': 'test_value_27', - 'toc-heading1-style': 'test_value_28', - 'toc-heading2-style': 'test_value_29', - 'toc-heading3-style': 'test_value_30', - 'toc-heading4-style': 'test_value_31', - 'toc-title-style': 'test_value_32' - } - - set_method_mock.assert_called_with('report', 'theme', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_router_access_list.py b/test/units/modules/network/fortios/test_fortios_router_access_list.py deleted file mode 100644 index f0cf338ba6f..00000000000 --- a/test/units/modules/network/fortios/test_fortios_router_access_list.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_router_access_list -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_router_access_list.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_router_access_list_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_access_list': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_access_list.fortios_router(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('router', 'access-list', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_access_list_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_access_list': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_access_list.fortios_router(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('router', 'access-list', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_access_list_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'router_access_list': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_access_list.fortios_router(input_data, fos_instance) - - delete_method_mock.assert_called_with('router', 'access-list', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_access_list_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'router_access_list': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_access_list.fortios_router(input_data, fos_instance) - - delete_method_mock.assert_called_with('router', 'access-list', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_access_list_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_access_list': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_access_list.fortios_router(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('router', 'access-list', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_router_access_list_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_access_list': { - 'random_attribute_not_valid': 'tag', - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_access_list.fortios_router(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('router', 'access-list', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_router_access_list6.py b/test/units/modules/network/fortios/test_fortios_router_access_list6.py deleted file mode 100644 index 9b45dfd282c..00000000000 --- a/test/units/modules/network/fortios/test_fortios_router_access_list6.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_router_access_list6 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_router_access_list6.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_router_access_list6_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_access_list6': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_access_list6.fortios_router(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('router', 'access-list6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_access_list6_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_access_list6': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_access_list6.fortios_router(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('router', 'access-list6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_access_list6_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'router_access_list6': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_access_list6.fortios_router(input_data, fos_instance) - - delete_method_mock.assert_called_with('router', 'access-list6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_access_list6_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'router_access_list6': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_access_list6.fortios_router(input_data, fos_instance) - - delete_method_mock.assert_called_with('router', 'access-list6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_access_list6_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_access_list6': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_access_list6.fortios_router(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('router', 'access-list6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_router_access_list6_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_access_list6': { - 'random_attribute_not_valid': 'tag', - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_access_list6.fortios_router(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('router', 'access-list6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_router_aspath_list.py b/test/units/modules/network/fortios/test_fortios_router_aspath_list.py deleted file mode 100644 index 3441ac26840..00000000000 --- a/test/units/modules/network/fortios/test_fortios_router_aspath_list.py +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_router_aspath_list -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_router_aspath_list.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_router_aspath_list_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_aspath_list': { - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_aspath_list.fortios_router(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - - } - - set_method_mock.assert_called_with('router', 'aspath-list', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_aspath_list_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_aspath_list': { - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_aspath_list.fortios_router(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - - } - - set_method_mock.assert_called_with('router', 'aspath-list', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_aspath_list_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'router_aspath_list': { - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_aspath_list.fortios_router(input_data, fos_instance) - - delete_method_mock.assert_called_with('router', 'aspath-list', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_aspath_list_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'router_aspath_list': { - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_aspath_list.fortios_router(input_data, fos_instance) - - delete_method_mock.assert_called_with('router', 'aspath-list', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_aspath_list_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_aspath_list': { - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_aspath_list.fortios_router(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - - } - - set_method_mock.assert_called_with('router', 'aspath-list', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_router_aspath_list_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_aspath_list': { - 'random_attribute_not_valid': 'tag', - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_aspath_list.fortios_router(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - - } - - set_method_mock.assert_called_with('router', 'aspath-list', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_router_auth_path.py b/test/units/modules/network/fortios/test_fortios_router_auth_path.py deleted file mode 100644 index 8762f7d60be..00000000000 --- a/test/units/modules/network/fortios/test_fortios_router_auth_path.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_router_auth_path -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_router_auth_path.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_router_auth_path_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_auth_path': { - 'device': 'test_value_3', - 'gateway': 'test_value_4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_auth_path.fortios_router(input_data, fos_instance) - - expected_data = { - 'device': 'test_value_3', - 'gateway': 'test_value_4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('router', 'auth-path', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_auth_path_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_auth_path': { - 'device': 'test_value_3', - 'gateway': 'test_value_4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_auth_path.fortios_router(input_data, fos_instance) - - expected_data = { - 'device': 'test_value_3', - 'gateway': 'test_value_4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('router', 'auth-path', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_auth_path_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'router_auth_path': { - 'device': 'test_value_3', - 'gateway': 'test_value_4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_auth_path.fortios_router(input_data, fos_instance) - - delete_method_mock.assert_called_with('router', 'auth-path', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_auth_path_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'router_auth_path': { - 'device': 'test_value_3', - 'gateway': 'test_value_4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_auth_path.fortios_router(input_data, fos_instance) - - delete_method_mock.assert_called_with('router', 'auth-path', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_auth_path_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_auth_path': { - 'device': 'test_value_3', - 'gateway': 'test_value_4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_auth_path.fortios_router(input_data, fos_instance) - - expected_data = { - 'device': 'test_value_3', - 'gateway': 'test_value_4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('router', 'auth-path', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_router_auth_path_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_auth_path': { - 'random_attribute_not_valid': 'tag', - 'device': 'test_value_3', - 'gateway': 'test_value_4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_auth_path.fortios_router(input_data, fos_instance) - - expected_data = { - 'device': 'test_value_3', - 'gateway': 'test_value_4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('router', 'auth-path', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_router_bfd.py b/test/units/modules/network/fortios/test_fortios_router_bfd.py deleted file mode 100644 index d462853d904..00000000000 --- a/test/units/modules/network/fortios/test_fortios_router_bfd.py +++ /dev/null @@ -1,143 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_router_bfd -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_router_bfd.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_router_bfd_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_bfd': { - 'neighbor': [{'interface': 'if1', 'ip': '10.20.10.10'}] - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_bfd.fortios_router(input_data, fos_instance) - - expected_data = {'neighbor': [{'interface': 'if1', 'ip': '10.20.10.10'}]} - - set_method_mock.assert_called_with('router', 'bfd', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_bfd_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_bfd': { - 'neighbor': [{'interface': 'if1', 'ip': '10.20.10.10'}] - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_bfd.fortios_router(input_data, fos_instance) - - expected_data = {'neighbor': [{'interface': 'if1', 'ip': '10.20.10.10'}]} - - set_method_mock.assert_called_with('router', 'bfd', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_bfd_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_bfd': { - 'neighbor': [{'interface': 'if1', 'ip': '10.20.10.10'}] - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_bfd.fortios_router(input_data, fos_instance) - - expected_data = {'neighbor': [{'interface': 'if1', 'ip': '10.20.10.10'}]} - - set_method_mock.assert_called_with('router', 'bfd', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_router_bfd_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_bfd': { - 'random_attribute_not_valid': 'tag', - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_bfd.fortios_router(input_data, fos_instance) - - expected_data = { - } - - set_method_mock.assert_called_with('router', 'bfd', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_router_bfd6.py b/test/units/modules/network/fortios/test_fortios_router_bfd6.py deleted file mode 100644 index 94b6e3d7fb1..00000000000 --- a/test/units/modules/network/fortios/test_fortios_router_bfd6.py +++ /dev/null @@ -1,143 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_router_bfd6 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_router_bfd6.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_router_bfd6_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_bfd6': { - 'neighbor': [{'interface': 'if1', 'ip': '10.20.10.10'}] - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_bfd6.fortios_router(input_data, fos_instance) - - expected_data = {'neighbor': [{'interface': 'if1', 'ip': '10.20.10.10'}]} - - set_method_mock.assert_called_with('router', 'bfd6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_bfd6_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_bfd6': { - 'neighbor': [{'interface': 'if1', 'ip': '10.20.10.10'}] - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_bfd6.fortios_router(input_data, fos_instance) - - expected_data = {'neighbor': [{'interface': 'if1', 'ip': '10.20.10.10'}]} - - set_method_mock.assert_called_with('router', 'bfd6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_bfd6_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_bfd6': { - 'neighbor': [{'interface': 'if1', 'ip': '10.20.10.10'}] - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_bfd6.fortios_router(input_data, fos_instance) - - expected_data = {'neighbor': [{'interface': 'if1', 'ip': '10.20.10.10'}]} - - set_method_mock.assert_called_with('router', 'bfd6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_router_bfd6_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_bfd6': { - 'random_attribute_not_valid': 'tag', - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_bfd6.fortios_router(input_data, fos_instance) - - expected_data = { - } - - set_method_mock.assert_called_with('router', 'bfd6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_router_bgp.py b/test/units/modules/network/fortios/test_fortios_router_bgp.py deleted file mode 100644 index 0d7617ee7ad..00000000000 --- a/test/units/modules/network/fortios/test_fortios_router_bgp.py +++ /dev/null @@ -1,447 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_router_bgp -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_router_bgp.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_router_bgp_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_bgp': {'always_compare_med': 'enable', - 'as': '4', - 'bestpath_as_path_ignore': 'enable', - 'bestpath_cmp_confed_aspath': 'enable', - 'bestpath_cmp_routerid': 'enable', - 'bestpath_med_confed': 'enable', - 'bestpath_med_missing_as_worst': 'enable', - 'client_to_client_reflection': 'enable', - 'cluster_id': 'test_value_11', - 'confederation_identifier': '12', - 'dampening': 'enable', - 'dampening_max_suppress_time': '14', - 'dampening_reachability_half_life': '15', - 'dampening_reuse': '16', - 'dampening_route_map': 'test_value_17', - 'dampening_suppress': '18', - 'dampening_unreachability_half_life': '19', - 'default_local_preference': '20', - 'deterministic_med': 'enable', - 'distance_external': '22', - 'distance_internal': '23', - 'distance_local': '24', - 'ebgp_multipath': 'enable', - 'enforce_first_as': 'enable', - 'fast_external_failover': 'enable', - 'graceful_end_on_timer': 'enable', - 'graceful_restart': 'enable', - 'graceful_restart_time': '30', - 'graceful_stalepath_time': '31', - 'graceful_update_delay': '32', - 'holdtime_timer': '33', - 'ibgp_multipath': 'enable', - 'ignore_optional_capability': 'enable', - 'keepalive_timer': '36', - 'log_neighbour_changes': 'enable', - 'network_import_check': 'enable', - 'router_id': 'test_value_39', - 'scan_time': '40', - 'synchronization': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_bgp.fortios_router(input_data, fos_instance) - - expected_data = {'always-compare-med': 'enable', - 'as': '4', - 'bestpath-as-path-ignore': 'enable', - 'bestpath-cmp-confed-aspath': 'enable', - 'bestpath-cmp-routerid': 'enable', - 'bestpath-med-confed': 'enable', - 'bestpath-med-missing-as-worst': 'enable', - 'client-to-client-reflection': 'enable', - 'cluster-id': 'test_value_11', - 'confederation-identifier': '12', - 'dampening': 'enable', - 'dampening-max-suppress-time': '14', - 'dampening-reachability-half-life': '15', - 'dampening-reuse': '16', - 'dampening-route-map': 'test_value_17', - 'dampening-suppress': '18', - 'dampening-unreachability-half-life': '19', - 'default-local-preference': '20', - 'deterministic-med': 'enable', - 'distance-external': '22', - 'distance-internal': '23', - 'distance-local': '24', - 'ebgp-multipath': 'enable', - 'enforce-first-as': 'enable', - 'fast-external-failover': 'enable', - 'graceful-end-on-timer': 'enable', - 'graceful-restart': 'enable', - 'graceful-restart-time': '30', - 'graceful-stalepath-time': '31', - 'graceful-update-delay': '32', - 'holdtime-timer': '33', - 'ibgp-multipath': 'enable', - 'ignore-optional-capability': 'enable', - 'keepalive-timer': '36', - 'log-neighbour-changes': 'enable', - 'network-import-check': 'enable', - 'router-id': 'test_value_39', - 'scan-time': '40', - 'synchronization': 'enable' - } - - set_method_mock.assert_called_with('router', 'bgp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_bgp_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_bgp': {'always_compare_med': 'enable', - 'as': '4', - 'bestpath_as_path_ignore': 'enable', - 'bestpath_cmp_confed_aspath': 'enable', - 'bestpath_cmp_routerid': 'enable', - 'bestpath_med_confed': 'enable', - 'bestpath_med_missing_as_worst': 'enable', - 'client_to_client_reflection': 'enable', - 'cluster_id': 'test_value_11', - 'confederation_identifier': '12', - 'dampening': 'enable', - 'dampening_max_suppress_time': '14', - 'dampening_reachability_half_life': '15', - 'dampening_reuse': '16', - 'dampening_route_map': 'test_value_17', - 'dampening_suppress': '18', - 'dampening_unreachability_half_life': '19', - 'default_local_preference': '20', - 'deterministic_med': 'enable', - 'distance_external': '22', - 'distance_internal': '23', - 'distance_local': '24', - 'ebgp_multipath': 'enable', - 'enforce_first_as': 'enable', - 'fast_external_failover': 'enable', - 'graceful_end_on_timer': 'enable', - 'graceful_restart': 'enable', - 'graceful_restart_time': '30', - 'graceful_stalepath_time': '31', - 'graceful_update_delay': '32', - 'holdtime_timer': '33', - 'ibgp_multipath': 'enable', - 'ignore_optional_capability': 'enable', - 'keepalive_timer': '36', - 'log_neighbour_changes': 'enable', - 'network_import_check': 'enable', - 'router_id': 'test_value_39', - 'scan_time': '40', - 'synchronization': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_bgp.fortios_router(input_data, fos_instance) - - expected_data = {'always-compare-med': 'enable', - 'as': '4', - 'bestpath-as-path-ignore': 'enable', - 'bestpath-cmp-confed-aspath': 'enable', - 'bestpath-cmp-routerid': 'enable', - 'bestpath-med-confed': 'enable', - 'bestpath-med-missing-as-worst': 'enable', - 'client-to-client-reflection': 'enable', - 'cluster-id': 'test_value_11', - 'confederation-identifier': '12', - 'dampening': 'enable', - 'dampening-max-suppress-time': '14', - 'dampening-reachability-half-life': '15', - 'dampening-reuse': '16', - 'dampening-route-map': 'test_value_17', - 'dampening-suppress': '18', - 'dampening-unreachability-half-life': '19', - 'default-local-preference': '20', - 'deterministic-med': 'enable', - 'distance-external': '22', - 'distance-internal': '23', - 'distance-local': '24', - 'ebgp-multipath': 'enable', - 'enforce-first-as': 'enable', - 'fast-external-failover': 'enable', - 'graceful-end-on-timer': 'enable', - 'graceful-restart': 'enable', - 'graceful-restart-time': '30', - 'graceful-stalepath-time': '31', - 'graceful-update-delay': '32', - 'holdtime-timer': '33', - 'ibgp-multipath': 'enable', - 'ignore-optional-capability': 'enable', - 'keepalive-timer': '36', - 'log-neighbour-changes': 'enable', - 'network-import-check': 'enable', - 'router-id': 'test_value_39', - 'scan-time': '40', - 'synchronization': 'enable' - } - - set_method_mock.assert_called_with('router', 'bgp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_bgp_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_bgp': {'always_compare_med': 'enable', - 'as': '4', - 'bestpath_as_path_ignore': 'enable', - 'bestpath_cmp_confed_aspath': 'enable', - 'bestpath_cmp_routerid': 'enable', - 'bestpath_med_confed': 'enable', - 'bestpath_med_missing_as_worst': 'enable', - 'client_to_client_reflection': 'enable', - 'cluster_id': 'test_value_11', - 'confederation_identifier': '12', - 'dampening': 'enable', - 'dampening_max_suppress_time': '14', - 'dampening_reachability_half_life': '15', - 'dampening_reuse': '16', - 'dampening_route_map': 'test_value_17', - 'dampening_suppress': '18', - 'dampening_unreachability_half_life': '19', - 'default_local_preference': '20', - 'deterministic_med': 'enable', - 'distance_external': '22', - 'distance_internal': '23', - 'distance_local': '24', - 'ebgp_multipath': 'enable', - 'enforce_first_as': 'enable', - 'fast_external_failover': 'enable', - 'graceful_end_on_timer': 'enable', - 'graceful_restart': 'enable', - 'graceful_restart_time': '30', - 'graceful_stalepath_time': '31', - 'graceful_update_delay': '32', - 'holdtime_timer': '33', - 'ibgp_multipath': 'enable', - 'ignore_optional_capability': 'enable', - 'keepalive_timer': '36', - 'log_neighbour_changes': 'enable', - 'network_import_check': 'enable', - 'router_id': 'test_value_39', - 'scan_time': '40', - 'synchronization': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_bgp.fortios_router(input_data, fos_instance) - - expected_data = {'always-compare-med': 'enable', - 'as': '4', - 'bestpath-as-path-ignore': 'enable', - 'bestpath-cmp-confed-aspath': 'enable', - 'bestpath-cmp-routerid': 'enable', - 'bestpath-med-confed': 'enable', - 'bestpath-med-missing-as-worst': 'enable', - 'client-to-client-reflection': 'enable', - 'cluster-id': 'test_value_11', - 'confederation-identifier': '12', - 'dampening': 'enable', - 'dampening-max-suppress-time': '14', - 'dampening-reachability-half-life': '15', - 'dampening-reuse': '16', - 'dampening-route-map': 'test_value_17', - 'dampening-suppress': '18', - 'dampening-unreachability-half-life': '19', - 'default-local-preference': '20', - 'deterministic-med': 'enable', - 'distance-external': '22', - 'distance-internal': '23', - 'distance-local': '24', - 'ebgp-multipath': 'enable', - 'enforce-first-as': 'enable', - 'fast-external-failover': 'enable', - 'graceful-end-on-timer': 'enable', - 'graceful-restart': 'enable', - 'graceful-restart-time': '30', - 'graceful-stalepath-time': '31', - 'graceful-update-delay': '32', - 'holdtime-timer': '33', - 'ibgp-multipath': 'enable', - 'ignore-optional-capability': 'enable', - 'keepalive-timer': '36', - 'log-neighbour-changes': 'enable', - 'network-import-check': 'enable', - 'router-id': 'test_value_39', - 'scan-time': '40', - 'synchronization': 'enable' - } - - set_method_mock.assert_called_with('router', 'bgp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_router_bgp_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_bgp': { - 'random_attribute_not_valid': 'tag', 'always_compare_med': 'enable', - 'as': '4', - 'bestpath_as_path_ignore': 'enable', - 'bestpath_cmp_confed_aspath': 'enable', - 'bestpath_cmp_routerid': 'enable', - 'bestpath_med_confed': 'enable', - 'bestpath_med_missing_as_worst': 'enable', - 'client_to_client_reflection': 'enable', - 'cluster_id': 'test_value_11', - 'confederation_identifier': '12', - 'dampening': 'enable', - 'dampening_max_suppress_time': '14', - 'dampening_reachability_half_life': '15', - 'dampening_reuse': '16', - 'dampening_route_map': 'test_value_17', - 'dampening_suppress': '18', - 'dampening_unreachability_half_life': '19', - 'default_local_preference': '20', - 'deterministic_med': 'enable', - 'distance_external': '22', - 'distance_internal': '23', - 'distance_local': '24', - 'ebgp_multipath': 'enable', - 'enforce_first_as': 'enable', - 'fast_external_failover': 'enable', - 'graceful_end_on_timer': 'enable', - 'graceful_restart': 'enable', - 'graceful_restart_time': '30', - 'graceful_stalepath_time': '31', - 'graceful_update_delay': '32', - 'holdtime_timer': '33', - 'ibgp_multipath': 'enable', - 'ignore_optional_capability': 'enable', - 'keepalive_timer': '36', - 'log_neighbour_changes': 'enable', - 'network_import_check': 'enable', - 'router_id': 'test_value_39', - 'scan_time': '40', - 'synchronization': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_bgp.fortios_router(input_data, fos_instance) - - expected_data = {'always-compare-med': 'enable', - 'as': '4', - 'bestpath-as-path-ignore': 'enable', - 'bestpath-cmp-confed-aspath': 'enable', - 'bestpath-cmp-routerid': 'enable', - 'bestpath-med-confed': 'enable', - 'bestpath-med-missing-as-worst': 'enable', - 'client-to-client-reflection': 'enable', - 'cluster-id': 'test_value_11', - 'confederation-identifier': '12', - 'dampening': 'enable', - 'dampening-max-suppress-time': '14', - 'dampening-reachability-half-life': '15', - 'dampening-reuse': '16', - 'dampening-route-map': 'test_value_17', - 'dampening-suppress': '18', - 'dampening-unreachability-half-life': '19', - 'default-local-preference': '20', - 'deterministic-med': 'enable', - 'distance-external': '22', - 'distance-internal': '23', - 'distance-local': '24', - 'ebgp-multipath': 'enable', - 'enforce-first-as': 'enable', - 'fast-external-failover': 'enable', - 'graceful-end-on-timer': 'enable', - 'graceful-restart': 'enable', - 'graceful-restart-time': '30', - 'graceful-stalepath-time': '31', - 'graceful-update-delay': '32', - 'holdtime-timer': '33', - 'ibgp-multipath': 'enable', - 'ignore-optional-capability': 'enable', - 'keepalive-timer': '36', - 'log-neighbour-changes': 'enable', - 'network-import-check': 'enable', - 'router-id': 'test_value_39', - 'scan-time': '40', - 'synchronization': 'enable' - } - - set_method_mock.assert_called_with('router', 'bgp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_router_community_list.py b/test/units/modules/network/fortios/test_fortios_router_community_list.py deleted file mode 100644 index 7891d005e79..00000000000 --- a/test/units/modules/network/fortios/test_fortios_router_community_list.py +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_router_community_list -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_router_community_list.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_router_community_list_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_community_list': { - 'name': 'default_name_3', - 'type': 'standard' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_community_list.fortios_router(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'type': 'standard' - } - - set_method_mock.assert_called_with('router', 'community-list', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_community_list_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_community_list': { - 'name': 'default_name_3', - 'type': 'standard' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_community_list.fortios_router(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'type': 'standard' - } - - set_method_mock.assert_called_with('router', 'community-list', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_community_list_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'router_community_list': { - 'name': 'default_name_3', - 'type': 'standard' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_community_list.fortios_router(input_data, fos_instance) - - delete_method_mock.assert_called_with('router', 'community-list', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_community_list_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'router_community_list': { - 'name': 'default_name_3', - 'type': 'standard' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_community_list.fortios_router(input_data, fos_instance) - - delete_method_mock.assert_called_with('router', 'community-list', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_community_list_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_community_list': { - 'name': 'default_name_3', - 'type': 'standard' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_community_list.fortios_router(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'type': 'standard' - } - - set_method_mock.assert_called_with('router', 'community-list', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_router_community_list_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_community_list': { - 'random_attribute_not_valid': 'tag', - 'name': 'default_name_3', - 'type': 'standard' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_community_list.fortios_router(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'type': 'standard' - } - - set_method_mock.assert_called_with('router', 'community-list', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_router_isis.py b/test/units/modules/network/fortios/test_fortios_router_isis.py deleted file mode 100644 index 708ea1ab662..00000000000 --- a/test/units/modules/network/fortios/test_fortios_router_isis.py +++ /dev/null @@ -1,431 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_router_isis -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_router_isis.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_router_isis_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_isis': { - 'adjacency_check': 'enable', - 'adjacency_check6': 'enable', - 'adv_passive_only': 'enable', - 'adv_passive_only6': 'enable', - 'auth_keychain_l1': 'test_value_7', - 'auth_keychain_l2': 'test_value_8', - 'auth_mode_l1': 'password', - 'auth_mode_l2': 'password', - 'auth_password_l1': 'test_value_11', - 'auth_password_l2': 'test_value_12', - 'auth_sendonly_l1': 'enable', - 'auth_sendonly_l2': 'enable', - 'default_originate': 'enable', - 'default_originate6': 'enable', - 'dynamic_hostname': 'enable', - 'ignore_lsp_errors': 'enable', - 'is_type': 'level-1-2', - 'lsp_gen_interval_l1': '20', - 'lsp_gen_interval_l2': '21', - 'lsp_refresh_interval': '22', - 'max_lsp_lifetime': '23', - 'metric_style': 'narrow', - 'overload_bit': 'enable', - 'overload_bit_on_startup': '26', - 'overload_bit_suppress': 'external', - 'redistribute_l1': 'enable', - 'redistribute_l1_list': 'test_value_29', - 'redistribute_l2': 'enable', - 'redistribute_l2_list': 'test_value_31', - 'redistribute6_l1': 'enable', - 'redistribute6_l1_list': 'test_value_33', - 'redistribute6_l2': 'enable', - 'redistribute6_l2_list': 'test_value_35', - 'spf_interval_exp_l1': 'test_value_36', - 'spf_interval_exp_l2': 'test_value_37', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_isis.fortios_router(input_data, fos_instance) - - expected_data = { - 'adjacency-check': 'enable', - 'adjacency-check6': 'enable', - 'adv-passive-only': 'enable', - 'adv-passive-only6': 'enable', - 'auth-keychain-l1': 'test_value_7', - 'auth-keychain-l2': 'test_value_8', - 'auth-mode-l1': 'password', - 'auth-mode-l2': 'password', - 'auth-password-l1': 'test_value_11', - 'auth-password-l2': 'test_value_12', - 'auth-sendonly-l1': 'enable', - 'auth-sendonly-l2': 'enable', - 'default-originate': 'enable', - 'default-originate6': 'enable', - 'dynamic-hostname': 'enable', - 'ignore-lsp-errors': 'enable', - 'is-type': 'level-1-2', - 'lsp-gen-interval-l1': '20', - 'lsp-gen-interval-l2': '21', - 'lsp-refresh-interval': '22', - 'max-lsp-lifetime': '23', - 'metric-style': 'narrow', - 'overload-bit': 'enable', - 'overload-bit-on-startup': '26', - 'overload-bit-suppress': 'external', - 'redistribute-l1': 'enable', - 'redistribute-l1-list': 'test_value_29', - 'redistribute-l2': 'enable', - 'redistribute-l2-list': 'test_value_31', - 'redistribute6-l1': 'enable', - 'redistribute6-l1-list': 'test_value_33', - 'redistribute6-l2': 'enable', - 'redistribute6-l2-list': 'test_value_35', - 'spf-interval-exp-l1': 'test_value_36', - 'spf-interval-exp-l2': 'test_value_37', - - } - - set_method_mock.assert_called_with('router', 'isis', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_isis_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_isis': { - 'adjacency_check': 'enable', - 'adjacency_check6': 'enable', - 'adv_passive_only': 'enable', - 'adv_passive_only6': 'enable', - 'auth_keychain_l1': 'test_value_7', - 'auth_keychain_l2': 'test_value_8', - 'auth_mode_l1': 'password', - 'auth_mode_l2': 'password', - 'auth_password_l1': 'test_value_11', - 'auth_password_l2': 'test_value_12', - 'auth_sendonly_l1': 'enable', - 'auth_sendonly_l2': 'enable', - 'default_originate': 'enable', - 'default_originate6': 'enable', - 'dynamic_hostname': 'enable', - 'ignore_lsp_errors': 'enable', - 'is_type': 'level-1-2', - 'lsp_gen_interval_l1': '20', - 'lsp_gen_interval_l2': '21', - 'lsp_refresh_interval': '22', - 'max_lsp_lifetime': '23', - 'metric_style': 'narrow', - 'overload_bit': 'enable', - 'overload_bit_on_startup': '26', - 'overload_bit_suppress': 'external', - 'redistribute_l1': 'enable', - 'redistribute_l1_list': 'test_value_29', - 'redistribute_l2': 'enable', - 'redistribute_l2_list': 'test_value_31', - 'redistribute6_l1': 'enable', - 'redistribute6_l1_list': 'test_value_33', - 'redistribute6_l2': 'enable', - 'redistribute6_l2_list': 'test_value_35', - 'spf_interval_exp_l1': 'test_value_36', - 'spf_interval_exp_l2': 'test_value_37', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_isis.fortios_router(input_data, fos_instance) - - expected_data = { - 'adjacency-check': 'enable', - 'adjacency-check6': 'enable', - 'adv-passive-only': 'enable', - 'adv-passive-only6': 'enable', - 'auth-keychain-l1': 'test_value_7', - 'auth-keychain-l2': 'test_value_8', - 'auth-mode-l1': 'password', - 'auth-mode-l2': 'password', - 'auth-password-l1': 'test_value_11', - 'auth-password-l2': 'test_value_12', - 'auth-sendonly-l1': 'enable', - 'auth-sendonly-l2': 'enable', - 'default-originate': 'enable', - 'default-originate6': 'enable', - 'dynamic-hostname': 'enable', - 'ignore-lsp-errors': 'enable', - 'is-type': 'level-1-2', - 'lsp-gen-interval-l1': '20', - 'lsp-gen-interval-l2': '21', - 'lsp-refresh-interval': '22', - 'max-lsp-lifetime': '23', - 'metric-style': 'narrow', - 'overload-bit': 'enable', - 'overload-bit-on-startup': '26', - 'overload-bit-suppress': 'external', - 'redistribute-l1': 'enable', - 'redistribute-l1-list': 'test_value_29', - 'redistribute-l2': 'enable', - 'redistribute-l2-list': 'test_value_31', - 'redistribute6-l1': 'enable', - 'redistribute6-l1-list': 'test_value_33', - 'redistribute6-l2': 'enable', - 'redistribute6-l2-list': 'test_value_35', - 'spf-interval-exp-l1': 'test_value_36', - 'spf-interval-exp-l2': 'test_value_37', - - } - - set_method_mock.assert_called_with('router', 'isis', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_isis_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_isis': { - 'adjacency_check': 'enable', - 'adjacency_check6': 'enable', - 'adv_passive_only': 'enable', - 'adv_passive_only6': 'enable', - 'auth_keychain_l1': 'test_value_7', - 'auth_keychain_l2': 'test_value_8', - 'auth_mode_l1': 'password', - 'auth_mode_l2': 'password', - 'auth_password_l1': 'test_value_11', - 'auth_password_l2': 'test_value_12', - 'auth_sendonly_l1': 'enable', - 'auth_sendonly_l2': 'enable', - 'default_originate': 'enable', - 'default_originate6': 'enable', - 'dynamic_hostname': 'enable', - 'ignore_lsp_errors': 'enable', - 'is_type': 'level-1-2', - 'lsp_gen_interval_l1': '20', - 'lsp_gen_interval_l2': '21', - 'lsp_refresh_interval': '22', - 'max_lsp_lifetime': '23', - 'metric_style': 'narrow', - 'overload_bit': 'enable', - 'overload_bit_on_startup': '26', - 'overload_bit_suppress': 'external', - 'redistribute_l1': 'enable', - 'redistribute_l1_list': 'test_value_29', - 'redistribute_l2': 'enable', - 'redistribute_l2_list': 'test_value_31', - 'redistribute6_l1': 'enable', - 'redistribute6_l1_list': 'test_value_33', - 'redistribute6_l2': 'enable', - 'redistribute6_l2_list': 'test_value_35', - 'spf_interval_exp_l1': 'test_value_36', - 'spf_interval_exp_l2': 'test_value_37', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_isis.fortios_router(input_data, fos_instance) - - expected_data = { - 'adjacency-check': 'enable', - 'adjacency-check6': 'enable', - 'adv-passive-only': 'enable', - 'adv-passive-only6': 'enable', - 'auth-keychain-l1': 'test_value_7', - 'auth-keychain-l2': 'test_value_8', - 'auth-mode-l1': 'password', - 'auth-mode-l2': 'password', - 'auth-password-l1': 'test_value_11', - 'auth-password-l2': 'test_value_12', - 'auth-sendonly-l1': 'enable', - 'auth-sendonly-l2': 'enable', - 'default-originate': 'enable', - 'default-originate6': 'enable', - 'dynamic-hostname': 'enable', - 'ignore-lsp-errors': 'enable', - 'is-type': 'level-1-2', - 'lsp-gen-interval-l1': '20', - 'lsp-gen-interval-l2': '21', - 'lsp-refresh-interval': '22', - 'max-lsp-lifetime': '23', - 'metric-style': 'narrow', - 'overload-bit': 'enable', - 'overload-bit-on-startup': '26', - 'overload-bit-suppress': 'external', - 'redistribute-l1': 'enable', - 'redistribute-l1-list': 'test_value_29', - 'redistribute-l2': 'enable', - 'redistribute-l2-list': 'test_value_31', - 'redistribute6-l1': 'enable', - 'redistribute6-l1-list': 'test_value_33', - 'redistribute6-l2': 'enable', - 'redistribute6-l2-list': 'test_value_35', - 'spf-interval-exp-l1': 'test_value_36', - 'spf-interval-exp-l2': 'test_value_37', - - } - - set_method_mock.assert_called_with('router', 'isis', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_router_isis_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_isis': { - 'random_attribute_not_valid': 'tag', - 'adjacency_check': 'enable', - 'adjacency_check6': 'enable', - 'adv_passive_only': 'enable', - 'adv_passive_only6': 'enable', - 'auth_keychain_l1': 'test_value_7', - 'auth_keychain_l2': 'test_value_8', - 'auth_mode_l1': 'password', - 'auth_mode_l2': 'password', - 'auth_password_l1': 'test_value_11', - 'auth_password_l2': 'test_value_12', - 'auth_sendonly_l1': 'enable', - 'auth_sendonly_l2': 'enable', - 'default_originate': 'enable', - 'default_originate6': 'enable', - 'dynamic_hostname': 'enable', - 'ignore_lsp_errors': 'enable', - 'is_type': 'level-1-2', - 'lsp_gen_interval_l1': '20', - 'lsp_gen_interval_l2': '21', - 'lsp_refresh_interval': '22', - 'max_lsp_lifetime': '23', - 'metric_style': 'narrow', - 'overload_bit': 'enable', - 'overload_bit_on_startup': '26', - 'overload_bit_suppress': 'external', - 'redistribute_l1': 'enable', - 'redistribute_l1_list': 'test_value_29', - 'redistribute_l2': 'enable', - 'redistribute_l2_list': 'test_value_31', - 'redistribute6_l1': 'enable', - 'redistribute6_l1_list': 'test_value_33', - 'redistribute6_l2': 'enable', - 'redistribute6_l2_list': 'test_value_35', - 'spf_interval_exp_l1': 'test_value_36', - 'spf_interval_exp_l2': 'test_value_37', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_isis.fortios_router(input_data, fos_instance) - - expected_data = { - 'adjacency-check': 'enable', - 'adjacency-check6': 'enable', - 'adv-passive-only': 'enable', - 'adv-passive-only6': 'enable', - 'auth-keychain-l1': 'test_value_7', - 'auth-keychain-l2': 'test_value_8', - 'auth-mode-l1': 'password', - 'auth-mode-l2': 'password', - 'auth-password-l1': 'test_value_11', - 'auth-password-l2': 'test_value_12', - 'auth-sendonly-l1': 'enable', - 'auth-sendonly-l2': 'enable', - 'default-originate': 'enable', - 'default-originate6': 'enable', - 'dynamic-hostname': 'enable', - 'ignore-lsp-errors': 'enable', - 'is-type': 'level-1-2', - 'lsp-gen-interval-l1': '20', - 'lsp-gen-interval-l2': '21', - 'lsp-refresh-interval': '22', - 'max-lsp-lifetime': '23', - 'metric-style': 'narrow', - 'overload-bit': 'enable', - 'overload-bit-on-startup': '26', - 'overload-bit-suppress': 'external', - 'redistribute-l1': 'enable', - 'redistribute-l1-list': 'test_value_29', - 'redistribute-l2': 'enable', - 'redistribute-l2-list': 'test_value_31', - 'redistribute6-l1': 'enable', - 'redistribute6-l1-list': 'test_value_33', - 'redistribute6-l2': 'enable', - 'redistribute6-l2-list': 'test_value_35', - 'spf-interval-exp-l1': 'test_value_36', - 'spf-interval-exp-l2': 'test_value_37', - - } - - set_method_mock.assert_called_with('router', 'isis', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_router_key_chain.py b/test/units/modules/network/fortios/test_fortios_router_key_chain.py deleted file mode 100644 index 09277d2b34b..00000000000 --- a/test/units/modules/network/fortios/test_fortios_router_key_chain.py +++ /dev/null @@ -1,189 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_router_key_chain -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_router_key_chain.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_router_key_chain_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_key_chain': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_key_chain.fortios_router(input_data, fos_instance) - - expected_data = {'name': 'default_name_3' - } - - set_method_mock.assert_called_with('router', 'key-chain', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_key_chain_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_key_chain': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_key_chain.fortios_router(input_data, fos_instance) - - expected_data = {'name': 'default_name_3' - } - - set_method_mock.assert_called_with('router', 'key-chain', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_key_chain_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'router_key_chain': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_key_chain.fortios_router(input_data, fos_instance) - - delete_method_mock.assert_called_with('router', 'key-chain', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_key_chain_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'router_key_chain': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_key_chain.fortios_router(input_data, fos_instance) - - delete_method_mock.assert_called_with('router', 'key-chain', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_key_chain_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_key_chain': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_key_chain.fortios_router(input_data, fos_instance) - - expected_data = {'name': 'default_name_3' - } - - set_method_mock.assert_called_with('router', 'key-chain', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_router_key_chain_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_key_chain': { - 'random_attribute_not_valid': 'tag', 'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_key_chain.fortios_router(input_data, fos_instance) - - expected_data = {'name': 'default_name_3' - } - - set_method_mock.assert_called_with('router', 'key-chain', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_router_multicast.py b/test/units/modules/network/fortios/test_fortios_router_multicast.py deleted file mode 100644 index 34e3dc562dd..00000000000 --- a/test/units/modules/network/fortios/test_fortios_router_multicast.py +++ /dev/null @@ -1,159 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_router_multicast -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_router_multicast.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_router_multicast_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_multicast': {'multicast_routing': 'enable', - 'route_limit': '4', - 'route_threshold': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_multicast.fortios_router(input_data, fos_instance) - - expected_data = {'multicast-routing': 'enable', - 'route-limit': '4', - 'route-threshold': '5' - } - - set_method_mock.assert_called_with('router', 'multicast', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_multicast_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_multicast': {'multicast_routing': 'enable', - 'route_limit': '4', - 'route_threshold': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_multicast.fortios_router(input_data, fos_instance) - - expected_data = {'multicast-routing': 'enable', - 'route-limit': '4', - 'route-threshold': '5' - } - - set_method_mock.assert_called_with('router', 'multicast', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_multicast_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_multicast': {'multicast_routing': 'enable', - 'route_limit': '4', - 'route_threshold': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_multicast.fortios_router(input_data, fos_instance) - - expected_data = {'multicast-routing': 'enable', - 'route-limit': '4', - 'route-threshold': '5' - } - - set_method_mock.assert_called_with('router', 'multicast', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_router_multicast_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_multicast': { - 'random_attribute_not_valid': 'tag', 'multicast_routing': 'enable', - 'route_limit': '4', - 'route_threshold': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_multicast.fortios_router(input_data, fos_instance) - - expected_data = {'multicast-routing': 'enable', - 'route-limit': '4', - 'route-threshold': '5' - } - - set_method_mock.assert_called_with('router', 'multicast', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_router_multicast6.py b/test/units/modules/network/fortios/test_fortios_router_multicast6.py deleted file mode 100644 index 5fb6e25a87f..00000000000 --- a/test/units/modules/network/fortios/test_fortios_router_multicast6.py +++ /dev/null @@ -1,159 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_router_multicast6 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_router_multicast6.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_router_multicast6_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_multicast6': {'multicast_pmtu': 'enable', - 'multicast_routing': 'enable', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_multicast6.fortios_router(input_data, fos_instance) - - expected_data = {'multicast-pmtu': 'enable', - 'multicast-routing': 'enable', - - } - - set_method_mock.assert_called_with('router', 'multicast6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_multicast6_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_multicast6': {'multicast_pmtu': 'enable', - 'multicast_routing': 'enable', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_multicast6.fortios_router(input_data, fos_instance) - - expected_data = {'multicast-pmtu': 'enable', - 'multicast-routing': 'enable', - - } - - set_method_mock.assert_called_with('router', 'multicast6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_multicast6_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_multicast6': {'multicast_pmtu': 'enable', - 'multicast_routing': 'enable', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_multicast6.fortios_router(input_data, fos_instance) - - expected_data = {'multicast-pmtu': 'enable', - 'multicast-routing': 'enable', - - } - - set_method_mock.assert_called_with('router', 'multicast6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_router_multicast6_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_multicast6': { - 'random_attribute_not_valid': 'tag', 'multicast_pmtu': 'enable', - 'multicast_routing': 'enable', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_multicast6.fortios_router(input_data, fos_instance) - - expected_data = {'multicast-pmtu': 'enable', - 'multicast-routing': 'enable', - - } - - set_method_mock.assert_called_with('router', 'multicast6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_router_multicast_flow.py b/test/units/modules/network/fortios/test_fortios_router_multicast_flow.py deleted file mode 100644 index 92eada85f32..00000000000 --- a/test/units/modules/network/fortios/test_fortios_router_multicast_flow.py +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_router_multicast_flow -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_router_multicast_flow.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_router_multicast_flow_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_multicast_flow': { - 'comments': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_multicast_flow.fortios_router(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('router', 'multicast-flow', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_multicast_flow_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_multicast_flow': { - 'comments': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_multicast_flow.fortios_router(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('router', 'multicast-flow', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_multicast_flow_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'router_multicast_flow': { - 'comments': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_multicast_flow.fortios_router(input_data, fos_instance) - - delete_method_mock.assert_called_with('router', 'multicast-flow', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_multicast_flow_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'router_multicast_flow': { - 'comments': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_multicast_flow.fortios_router(input_data, fos_instance) - - delete_method_mock.assert_called_with('router', 'multicast-flow', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_multicast_flow_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_multicast_flow': { - 'comments': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_multicast_flow.fortios_router(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('router', 'multicast-flow', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_router_multicast_flow_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_multicast_flow': { - 'random_attribute_not_valid': 'tag', - 'comments': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_multicast_flow.fortios_router(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('router', 'multicast-flow', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_router_ospf.py b/test/units/modules/network/fortios/test_fortios_router_ospf.py deleted file mode 100644 index f7b8565d094..00000000000 --- a/test/units/modules/network/fortios/test_fortios_router_ospf.py +++ /dev/null @@ -1,335 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_router_ospf -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_router_ospf.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_router_ospf_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_ospf': { - 'abr_type': 'cisco', - 'auto_cost_ref_bandwidth': '4', - 'bfd': 'enable', - 'database_overflow': 'enable', - 'database_overflow_max_lsas': '7', - 'database_overflow_time_to_recover': '8', - 'default_information_metric': '9', - 'default_information_metric_type': '1', - 'default_information_originate': 'enable', - 'default_information_route_map': 'test_value_12', - 'default_metric': '13', - 'distance': '14', - 'distance_external': '15', - 'distance_inter_area': '16', - 'distance_intra_area': '17', - 'distribute_list_in': 'test_value_18', - 'distribute_route_map_in': 'test_value_19', - 'log_neighbour_changes': 'enable', - 'restart_mode': 'none', - 'restart_period': '22', - 'rfc1583_compatible': 'enable', - 'router_id': 'test_value_24', - 'spf_timers': 'test_value_25', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_ospf.fortios_router(input_data, fos_instance) - - expected_data = { - 'abr-type': 'cisco', - 'auto-cost-ref-bandwidth': '4', - 'bfd': 'enable', - 'database-overflow': 'enable', - 'database-overflow-max-lsas': '7', - 'database-overflow-time-to-recover': '8', - 'default-information-metric': '9', - 'default-information-metric-type': '1', - 'default-information-originate': 'enable', - 'default-information-route-map': 'test_value_12', - 'default-metric': '13', - 'distance': '14', - 'distance-external': '15', - 'distance-inter-area': '16', - 'distance-intra-area': '17', - 'distribute-list-in': 'test_value_18', - 'distribute-route-map-in': 'test_value_19', - 'log-neighbour-changes': 'enable', - 'restart-mode': 'none', - 'restart-period': '22', - 'rfc1583-compatible': 'enable', - 'router-id': 'test_value_24', - 'spf-timers': 'test_value_25', - - } - - set_method_mock.assert_called_with('router', 'ospf', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_ospf_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_ospf': { - 'abr_type': 'cisco', - 'auto_cost_ref_bandwidth': '4', - 'bfd': 'enable', - 'database_overflow': 'enable', - 'database_overflow_max_lsas': '7', - 'database_overflow_time_to_recover': '8', - 'default_information_metric': '9', - 'default_information_metric_type': '1', - 'default_information_originate': 'enable', - 'default_information_route_map': 'test_value_12', - 'default_metric': '13', - 'distance': '14', - 'distance_external': '15', - 'distance_inter_area': '16', - 'distance_intra_area': '17', - 'distribute_list_in': 'test_value_18', - 'distribute_route_map_in': 'test_value_19', - 'log_neighbour_changes': 'enable', - 'restart_mode': 'none', - 'restart_period': '22', - 'rfc1583_compatible': 'enable', - 'router_id': 'test_value_24', - 'spf_timers': 'test_value_25', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_ospf.fortios_router(input_data, fos_instance) - - expected_data = { - 'abr-type': 'cisco', - 'auto-cost-ref-bandwidth': '4', - 'bfd': 'enable', - 'database-overflow': 'enable', - 'database-overflow-max-lsas': '7', - 'database-overflow-time-to-recover': '8', - 'default-information-metric': '9', - 'default-information-metric-type': '1', - 'default-information-originate': 'enable', - 'default-information-route-map': 'test_value_12', - 'default-metric': '13', - 'distance': '14', - 'distance-external': '15', - 'distance-inter-area': '16', - 'distance-intra-area': '17', - 'distribute-list-in': 'test_value_18', - 'distribute-route-map-in': 'test_value_19', - 'log-neighbour-changes': 'enable', - 'restart-mode': 'none', - 'restart-period': '22', - 'rfc1583-compatible': 'enable', - 'router-id': 'test_value_24', - 'spf-timers': 'test_value_25', - - } - - set_method_mock.assert_called_with('router', 'ospf', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_ospf_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_ospf': { - 'abr_type': 'cisco', - 'auto_cost_ref_bandwidth': '4', - 'bfd': 'enable', - 'database_overflow': 'enable', - 'database_overflow_max_lsas': '7', - 'database_overflow_time_to_recover': '8', - 'default_information_metric': '9', - 'default_information_metric_type': '1', - 'default_information_originate': 'enable', - 'default_information_route_map': 'test_value_12', - 'default_metric': '13', - 'distance': '14', - 'distance_external': '15', - 'distance_inter_area': '16', - 'distance_intra_area': '17', - 'distribute_list_in': 'test_value_18', - 'distribute_route_map_in': 'test_value_19', - 'log_neighbour_changes': 'enable', - 'restart_mode': 'none', - 'restart_period': '22', - 'rfc1583_compatible': 'enable', - 'router_id': 'test_value_24', - 'spf_timers': 'test_value_25', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_ospf.fortios_router(input_data, fos_instance) - - expected_data = { - 'abr-type': 'cisco', - 'auto-cost-ref-bandwidth': '4', - 'bfd': 'enable', - 'database-overflow': 'enable', - 'database-overflow-max-lsas': '7', - 'database-overflow-time-to-recover': '8', - 'default-information-metric': '9', - 'default-information-metric-type': '1', - 'default-information-originate': 'enable', - 'default-information-route-map': 'test_value_12', - 'default-metric': '13', - 'distance': '14', - 'distance-external': '15', - 'distance-inter-area': '16', - 'distance-intra-area': '17', - 'distribute-list-in': 'test_value_18', - 'distribute-route-map-in': 'test_value_19', - 'log-neighbour-changes': 'enable', - 'restart-mode': 'none', - 'restart-period': '22', - 'rfc1583-compatible': 'enable', - 'router-id': 'test_value_24', - 'spf-timers': 'test_value_25', - - } - - set_method_mock.assert_called_with('router', 'ospf', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_router_ospf_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_ospf': { - 'random_attribute_not_valid': 'tag', - 'abr_type': 'cisco', - 'auto_cost_ref_bandwidth': '4', - 'bfd': 'enable', - 'database_overflow': 'enable', - 'database_overflow_max_lsas': '7', - 'database_overflow_time_to_recover': '8', - 'default_information_metric': '9', - 'default_information_metric_type': '1', - 'default_information_originate': 'enable', - 'default_information_route_map': 'test_value_12', - 'default_metric': '13', - 'distance': '14', - 'distance_external': '15', - 'distance_inter_area': '16', - 'distance_intra_area': '17', - 'distribute_list_in': 'test_value_18', - 'distribute_route_map_in': 'test_value_19', - 'log_neighbour_changes': 'enable', - 'restart_mode': 'none', - 'restart_period': '22', - 'rfc1583_compatible': 'enable', - 'router_id': 'test_value_24', - 'spf_timers': 'test_value_25', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_ospf.fortios_router(input_data, fos_instance) - - expected_data = { - 'abr-type': 'cisco', - 'auto-cost-ref-bandwidth': '4', - 'bfd': 'enable', - 'database-overflow': 'enable', - 'database-overflow-max-lsas': '7', - 'database-overflow-time-to-recover': '8', - 'default-information-metric': '9', - 'default-information-metric-type': '1', - 'default-information-originate': 'enable', - 'default-information-route-map': 'test_value_12', - 'default-metric': '13', - 'distance': '14', - 'distance-external': '15', - 'distance-inter-area': '16', - 'distance-intra-area': '17', - 'distribute-list-in': 'test_value_18', - 'distribute-route-map-in': 'test_value_19', - 'log-neighbour-changes': 'enable', - 'restart-mode': 'none', - 'restart-period': '22', - 'rfc1583-compatible': 'enable', - 'router-id': 'test_value_24', - 'spf-timers': 'test_value_25', - - } - - set_method_mock.assert_called_with('router', 'ospf', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_router_ospf6.py b/test/units/modules/network/fortios/test_fortios_router_ospf6.py deleted file mode 100644 index 73151677419..00000000000 --- a/test/units/modules/network/fortios/test_fortios_router_ospf6.py +++ /dev/null @@ -1,239 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_router_ospf6 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_router_ospf6.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_router_ospf6_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_ospf6': { - 'abr_type': 'cisco', - 'auto_cost_ref_bandwidth': '4', - 'bfd': 'enable', - 'default_information_metric': '6', - 'default_information_metric_type': '1', - 'default_information_originate': 'enable', - 'default_information_route_map': 'test_value_9', - 'default_metric': '10', - 'log_neighbour_changes': 'enable', - 'router_id': 'test_value_12', - 'spf_timers': 'test_value_13', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_ospf6.fortios_router(input_data, fos_instance) - - expected_data = { - 'abr-type': 'cisco', - 'auto-cost-ref-bandwidth': '4', - 'bfd': 'enable', - 'default-information-metric': '6', - 'default-information-metric-type': '1', - 'default-information-originate': 'enable', - 'default-information-route-map': 'test_value_9', - 'default-metric': '10', - 'log-neighbour-changes': 'enable', - 'router-id': 'test_value_12', - 'spf-timers': 'test_value_13', - - } - - set_method_mock.assert_called_with('router', 'ospf6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_ospf6_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_ospf6': { - 'abr_type': 'cisco', - 'auto_cost_ref_bandwidth': '4', - 'bfd': 'enable', - 'default_information_metric': '6', - 'default_information_metric_type': '1', - 'default_information_originate': 'enable', - 'default_information_route_map': 'test_value_9', - 'default_metric': '10', - 'log_neighbour_changes': 'enable', - 'router_id': 'test_value_12', - 'spf_timers': 'test_value_13', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_ospf6.fortios_router(input_data, fos_instance) - - expected_data = { - 'abr-type': 'cisco', - 'auto-cost-ref-bandwidth': '4', - 'bfd': 'enable', - 'default-information-metric': '6', - 'default-information-metric-type': '1', - 'default-information-originate': 'enable', - 'default-information-route-map': 'test_value_9', - 'default-metric': '10', - 'log-neighbour-changes': 'enable', - 'router-id': 'test_value_12', - 'spf-timers': 'test_value_13', - - } - - set_method_mock.assert_called_with('router', 'ospf6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_ospf6_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_ospf6': { - 'abr_type': 'cisco', - 'auto_cost_ref_bandwidth': '4', - 'bfd': 'enable', - 'default_information_metric': '6', - 'default_information_metric_type': '1', - 'default_information_originate': 'enable', - 'default_information_route_map': 'test_value_9', - 'default_metric': '10', - 'log_neighbour_changes': 'enable', - 'router_id': 'test_value_12', - 'spf_timers': 'test_value_13', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_ospf6.fortios_router(input_data, fos_instance) - - expected_data = { - 'abr-type': 'cisco', - 'auto-cost-ref-bandwidth': '4', - 'bfd': 'enable', - 'default-information-metric': '6', - 'default-information-metric-type': '1', - 'default-information-originate': 'enable', - 'default-information-route-map': 'test_value_9', - 'default-metric': '10', - 'log-neighbour-changes': 'enable', - 'router-id': 'test_value_12', - 'spf-timers': 'test_value_13', - - } - - set_method_mock.assert_called_with('router', 'ospf6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_router_ospf6_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_ospf6': { - 'random_attribute_not_valid': 'tag', - 'abr_type': 'cisco', - 'auto_cost_ref_bandwidth': '4', - 'bfd': 'enable', - 'default_information_metric': '6', - 'default_information_metric_type': '1', - 'default_information_originate': 'enable', - 'default_information_route_map': 'test_value_9', - 'default_metric': '10', - 'log_neighbour_changes': 'enable', - 'router_id': 'test_value_12', - 'spf_timers': 'test_value_13', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_ospf6.fortios_router(input_data, fos_instance) - - expected_data = { - 'abr-type': 'cisco', - 'auto-cost-ref-bandwidth': '4', - 'bfd': 'enable', - 'default-information-metric': '6', - 'default-information-metric-type': '1', - 'default-information-originate': 'enable', - 'default-information-route-map': 'test_value_9', - 'default-metric': '10', - 'log-neighbour-changes': 'enable', - 'router-id': 'test_value_12', - 'spf-timers': 'test_value_13', - - } - - set_method_mock.assert_called_with('router', 'ospf6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_router_policy.py b/test/units/modules/network/fortios/test_fortios_router_policy.py deleted file mode 100644 index 98d25361302..00000000000 --- a/test/units/modules/network/fortios/test_fortios_router_policy.py +++ /dev/null @@ -1,339 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_router_policy -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_router_policy.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_router_policy_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_policy': { - 'action': 'deny', - 'comments': 'test_value_4', - 'dst_negate': 'enable', - 'end_port': '6', - 'end_source_port': '7', - 'gateway': 'test_value_8', - 'output_device': 'test_value_9', - 'protocol': '10', - 'seq_num': '11', - 'src_negate': 'enable', - 'start_port': '13', - 'start_source_port': '14', - 'status': 'enable', - 'tos': 'test_value_16', - 'tos_mask': 'test_value_17' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_policy.fortios_router(input_data, fos_instance) - - expected_data = { - 'action': 'deny', - 'comments': 'test_value_4', - 'dst-negate': 'enable', - 'end-port': '6', - 'end-source-port': '7', - 'gateway': 'test_value_8', - 'output-device': 'test_value_9', - 'protocol': '10', - 'seq-num': '11', - 'src-negate': 'enable', - 'start-port': '13', - 'start-source-port': '14', - 'status': 'enable', - 'tos': 'test_value_16', - 'tos-mask': 'test_value_17' - } - - set_method_mock.assert_called_with('router', 'policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_policy_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_policy': { - 'action': 'deny', - 'comments': 'test_value_4', - 'dst_negate': 'enable', - 'end_port': '6', - 'end_source_port': '7', - 'gateway': 'test_value_8', - 'output_device': 'test_value_9', - 'protocol': '10', - 'seq_num': '11', - 'src_negate': 'enable', - 'start_port': '13', - 'start_source_port': '14', - 'status': 'enable', - 'tos': 'test_value_16', - 'tos_mask': 'test_value_17' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_policy.fortios_router(input_data, fos_instance) - - expected_data = { - 'action': 'deny', - 'comments': 'test_value_4', - 'dst-negate': 'enable', - 'end-port': '6', - 'end-source-port': '7', - 'gateway': 'test_value_8', - 'output-device': 'test_value_9', - 'protocol': '10', - 'seq-num': '11', - 'src-negate': 'enable', - 'start-port': '13', - 'start-source-port': '14', - 'status': 'enable', - 'tos': 'test_value_16', - 'tos-mask': 'test_value_17' - } - - set_method_mock.assert_called_with('router', 'policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_policy_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'router_policy': { - 'action': 'deny', - 'comments': 'test_value_4', - 'dst_negate': 'enable', - 'end_port': '6', - 'end_source_port': '7', - 'gateway': 'test_value_8', - 'output_device': 'test_value_9', - 'protocol': '10', - 'seq_num': '11', - 'src_negate': 'enable', - 'start_port': '13', - 'start_source_port': '14', - 'status': 'enable', - 'tos': 'test_value_16', - 'tos_mask': 'test_value_17' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_policy.fortios_router(input_data, fos_instance) - - delete_method_mock.assert_called_with('router', 'policy', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_policy_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'router_policy': { - 'action': 'deny', - 'comments': 'test_value_4', - 'dst_negate': 'enable', - 'end_port': '6', - 'end_source_port': '7', - 'gateway': 'test_value_8', - 'output_device': 'test_value_9', - 'protocol': '10', - 'seq_num': '11', - 'src_negate': 'enable', - 'start_port': '13', - 'start_source_port': '14', - 'status': 'enable', - 'tos': 'test_value_16', - 'tos_mask': 'test_value_17' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_policy.fortios_router(input_data, fos_instance) - - delete_method_mock.assert_called_with('router', 'policy', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_policy_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_policy': { - 'action': 'deny', - 'comments': 'test_value_4', - 'dst_negate': 'enable', - 'end_port': '6', - 'end_source_port': '7', - 'gateway': 'test_value_8', - 'output_device': 'test_value_9', - 'protocol': '10', - 'seq_num': '11', - 'src_negate': 'enable', - 'start_port': '13', - 'start_source_port': '14', - 'status': 'enable', - 'tos': 'test_value_16', - 'tos_mask': 'test_value_17' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_policy.fortios_router(input_data, fos_instance) - - expected_data = { - 'action': 'deny', - 'comments': 'test_value_4', - 'dst-negate': 'enable', - 'end-port': '6', - 'end-source-port': '7', - 'gateway': 'test_value_8', - 'output-device': 'test_value_9', - 'protocol': '10', - 'seq-num': '11', - 'src-negate': 'enable', - 'start-port': '13', - 'start-source-port': '14', - 'status': 'enable', - 'tos': 'test_value_16', - 'tos-mask': 'test_value_17' - } - - set_method_mock.assert_called_with('router', 'policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_router_policy_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_policy': { - 'random_attribute_not_valid': 'tag', - 'action': 'deny', - 'comments': 'test_value_4', - 'dst_negate': 'enable', - 'end_port': '6', - 'end_source_port': '7', - 'gateway': 'test_value_8', - 'output_device': 'test_value_9', - 'protocol': '10', - 'seq_num': '11', - 'src_negate': 'enable', - 'start_port': '13', - 'start_source_port': '14', - 'status': 'enable', - 'tos': 'test_value_16', - 'tos_mask': 'test_value_17' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_policy.fortios_router(input_data, fos_instance) - - expected_data = { - 'action': 'deny', - 'comments': 'test_value_4', - 'dst-negate': 'enable', - 'end-port': '6', - 'end-source-port': '7', - 'gateway': 'test_value_8', - 'output-device': 'test_value_9', - 'protocol': '10', - 'seq-num': '11', - 'src-negate': 'enable', - 'start-port': '13', - 'start-source-port': '14', - 'status': 'enable', - 'tos': 'test_value_16', - 'tos-mask': 'test_value_17' - } - - set_method_mock.assert_called_with('router', 'policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_router_policy6.py b/test/units/modules/network/fortios/test_fortios_router_policy6.py deleted file mode 100644 index 44347e833cc..00000000000 --- a/test/units/modules/network/fortios/test_fortios_router_policy6.py +++ /dev/null @@ -1,319 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_router_policy6 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_router_policy6.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_router_policy6_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_policy6': { - 'comments': 'test_value_3', - 'dst': 'test_value_4', - 'end_port': '5', - 'gateway': 'test_value_6', - 'input_device': 'test_value_7', - 'output_device': 'test_value_8', - 'protocol': '9', - 'seq_num': '10', - 'src': 'test_value_11', - 'start_port': '12', - 'status': 'enable', - 'tos': 'test_value_14', - 'tos_mask': 'test_value_15' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_policy6.fortios_router(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'dst': 'test_value_4', - 'end-port': '5', - 'gateway': 'test_value_6', - 'input-device': 'test_value_7', - 'output-device': 'test_value_8', - 'protocol': '9', - 'seq-num': '10', - 'src': 'test_value_11', - 'start-port': '12', - 'status': 'enable', - 'tos': 'test_value_14', - 'tos-mask': 'test_value_15' - } - - set_method_mock.assert_called_with('router', 'policy6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_policy6_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_policy6': { - 'comments': 'test_value_3', - 'dst': 'test_value_4', - 'end_port': '5', - 'gateway': 'test_value_6', - 'input_device': 'test_value_7', - 'output_device': 'test_value_8', - 'protocol': '9', - 'seq_num': '10', - 'src': 'test_value_11', - 'start_port': '12', - 'status': 'enable', - 'tos': 'test_value_14', - 'tos_mask': 'test_value_15' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_policy6.fortios_router(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'dst': 'test_value_4', - 'end-port': '5', - 'gateway': 'test_value_6', - 'input-device': 'test_value_7', - 'output-device': 'test_value_8', - 'protocol': '9', - 'seq-num': '10', - 'src': 'test_value_11', - 'start-port': '12', - 'status': 'enable', - 'tos': 'test_value_14', - 'tos-mask': 'test_value_15' - } - - set_method_mock.assert_called_with('router', 'policy6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_policy6_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'router_policy6': { - 'comments': 'test_value_3', - 'dst': 'test_value_4', - 'end_port': '5', - 'gateway': 'test_value_6', - 'input_device': 'test_value_7', - 'output_device': 'test_value_8', - 'protocol': '9', - 'seq_num': '10', - 'src': 'test_value_11', - 'start_port': '12', - 'status': 'enable', - 'tos': 'test_value_14', - 'tos_mask': 'test_value_15' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_policy6.fortios_router(input_data, fos_instance) - - delete_method_mock.assert_called_with('router', 'policy6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_policy6_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'router_policy6': { - 'comments': 'test_value_3', - 'dst': 'test_value_4', - 'end_port': '5', - 'gateway': 'test_value_6', - 'input_device': 'test_value_7', - 'output_device': 'test_value_8', - 'protocol': '9', - 'seq_num': '10', - 'src': 'test_value_11', - 'start_port': '12', - 'status': 'enable', - 'tos': 'test_value_14', - 'tos_mask': 'test_value_15' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_policy6.fortios_router(input_data, fos_instance) - - delete_method_mock.assert_called_with('router', 'policy6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_policy6_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_policy6': { - 'comments': 'test_value_3', - 'dst': 'test_value_4', - 'end_port': '5', - 'gateway': 'test_value_6', - 'input_device': 'test_value_7', - 'output_device': 'test_value_8', - 'protocol': '9', - 'seq_num': '10', - 'src': 'test_value_11', - 'start_port': '12', - 'status': 'enable', - 'tos': 'test_value_14', - 'tos_mask': 'test_value_15' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_policy6.fortios_router(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'dst': 'test_value_4', - 'end-port': '5', - 'gateway': 'test_value_6', - 'input-device': 'test_value_7', - 'output-device': 'test_value_8', - 'protocol': '9', - 'seq-num': '10', - 'src': 'test_value_11', - 'start-port': '12', - 'status': 'enable', - 'tos': 'test_value_14', - 'tos-mask': 'test_value_15' - } - - set_method_mock.assert_called_with('router', 'policy6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_router_policy6_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_policy6': { - 'random_attribute_not_valid': 'tag', - 'comments': 'test_value_3', - 'dst': 'test_value_4', - 'end_port': '5', - 'gateway': 'test_value_6', - 'input_device': 'test_value_7', - 'output_device': 'test_value_8', - 'protocol': '9', - 'seq_num': '10', - 'src': 'test_value_11', - 'start_port': '12', - 'status': 'enable', - 'tos': 'test_value_14', - 'tos_mask': 'test_value_15' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_policy6.fortios_router(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'dst': 'test_value_4', - 'end-port': '5', - 'gateway': 'test_value_6', - 'input-device': 'test_value_7', - 'output-device': 'test_value_8', - 'protocol': '9', - 'seq-num': '10', - 'src': 'test_value_11', - 'start-port': '12', - 'status': 'enable', - 'tos': 'test_value_14', - 'tos-mask': 'test_value_15' - } - - set_method_mock.assert_called_with('router', 'policy6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_router_prefix_list.py b/test/units/modules/network/fortios/test_fortios_router_prefix_list.py deleted file mode 100644 index 7573c3930e1..00000000000 --- a/test/units/modules/network/fortios/test_fortios_router_prefix_list.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_router_prefix_list -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_router_prefix_list.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_router_prefix_list_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_prefix_list': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_prefix_list.fortios_router(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('router', 'prefix-list', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_prefix_list_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_prefix_list': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_prefix_list.fortios_router(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('router', 'prefix-list', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_prefix_list_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'router_prefix_list': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_prefix_list.fortios_router(input_data, fos_instance) - - delete_method_mock.assert_called_with('router', 'prefix-list', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_prefix_list_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'router_prefix_list': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_prefix_list.fortios_router(input_data, fos_instance) - - delete_method_mock.assert_called_with('router', 'prefix-list', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_prefix_list_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_prefix_list': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_prefix_list.fortios_router(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('router', 'prefix-list', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_router_prefix_list_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_prefix_list': { - 'random_attribute_not_valid': 'tag', - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_prefix_list.fortios_router(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('router', 'prefix-list', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_router_prefix_list6.py b/test/units/modules/network/fortios/test_fortios_router_prefix_list6.py deleted file mode 100644 index 6ed47e49f81..00000000000 --- a/test/units/modules/network/fortios/test_fortios_router_prefix_list6.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_router_prefix_list6 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_router_prefix_list6.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_router_prefix_list6_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_prefix_list6': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_prefix_list6.fortios_router(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('router', 'prefix-list6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_prefix_list6_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_prefix_list6': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_prefix_list6.fortios_router(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('router', 'prefix-list6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_prefix_list6_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'router_prefix_list6': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_prefix_list6.fortios_router(input_data, fos_instance) - - delete_method_mock.assert_called_with('router', 'prefix-list6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_prefix_list6_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'router_prefix_list6': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_prefix_list6.fortios_router(input_data, fos_instance) - - delete_method_mock.assert_called_with('router', 'prefix-list6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_prefix_list6_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_prefix_list6': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_prefix_list6.fortios_router(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('router', 'prefix-list6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_router_prefix_list6_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_prefix_list6': { - 'random_attribute_not_valid': 'tag', - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_prefix_list6.fortios_router(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('router', 'prefix-list6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_router_rip.py b/test/units/modules/network/fortios/test_fortios_router_rip.py deleted file mode 100644 index 995ea75de3b..00000000000 --- a/test/units/modules/network/fortios/test_fortios_router_rip.py +++ /dev/null @@ -1,207 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_router_rip -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_router_rip.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_router_rip_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_rip': { - 'default_information_originate': 'enable', - 'default_metric': '4', - 'garbage_timer': '5', - 'max_out_metric': '6', - 'recv_buffer_size': '7', - 'timeout_timer': '8', - 'update_timer': '9', - 'version': '1' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_rip.fortios_router(input_data, fos_instance) - - expected_data = { - 'default-information-originate': 'enable', - 'default-metric': '4', - 'garbage-timer': '5', - 'max-out-metric': '6', - 'recv-buffer-size': '7', - 'timeout-timer': '8', - 'update-timer': '9', - 'version': '1' - } - - set_method_mock.assert_called_with('router', 'rip', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_rip_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_rip': { - 'default_information_originate': 'enable', - 'default_metric': '4', - 'garbage_timer': '5', - 'max_out_metric': '6', - 'recv_buffer_size': '7', - 'timeout_timer': '8', - 'update_timer': '9', - 'version': '1' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_rip.fortios_router(input_data, fos_instance) - - expected_data = { - 'default-information-originate': 'enable', - 'default-metric': '4', - 'garbage-timer': '5', - 'max-out-metric': '6', - 'recv-buffer-size': '7', - 'timeout-timer': '8', - 'update-timer': '9', - 'version': '1' - } - - set_method_mock.assert_called_with('router', 'rip', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_rip_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_rip': { - 'default_information_originate': 'enable', - 'default_metric': '4', - 'garbage_timer': '5', - 'max_out_metric': '6', - 'recv_buffer_size': '7', - 'timeout_timer': '8', - 'update_timer': '9', - 'version': '1' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_rip.fortios_router(input_data, fos_instance) - - expected_data = { - 'default-information-originate': 'enable', - 'default-metric': '4', - 'garbage-timer': '5', - 'max-out-metric': '6', - 'recv-buffer-size': '7', - 'timeout-timer': '8', - 'update-timer': '9', - 'version': '1' - } - - set_method_mock.assert_called_with('router', 'rip', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_router_rip_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_rip': { - 'random_attribute_not_valid': 'tag', - 'default_information_originate': 'enable', - 'default_metric': '4', - 'garbage_timer': '5', - 'max_out_metric': '6', - 'recv_buffer_size': '7', - 'timeout_timer': '8', - 'update_timer': '9', - 'version': '1' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_rip.fortios_router(input_data, fos_instance) - - expected_data = { - 'default-information-originate': 'enable', - 'default-metric': '4', - 'garbage-timer': '5', - 'max-out-metric': '6', - 'recv-buffer-size': '7', - 'timeout-timer': '8', - 'update-timer': '9', - 'version': '1' - } - - set_method_mock.assert_called_with('router', 'rip', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_router_ripng.py b/test/units/modules/network/fortios/test_fortios_router_ripng.py deleted file mode 100644 index 54e26a7ddba..00000000000 --- a/test/units/modules/network/fortios/test_fortios_router_ripng.py +++ /dev/null @@ -1,183 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_router_ripng -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_router_ripng.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_router_ripng_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_ripng': {'default_information_originate': 'enable', - 'default_metric': '4', - 'garbage_timer': '5', - 'max_out_metric': '6', - 'timeout_timer': '7', - 'update_timer': '8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_ripng.fortios_router(input_data, fos_instance) - - expected_data = {'default-information-originate': 'enable', - 'default-metric': '4', - 'garbage-timer': '5', - 'max-out-metric': '6', - 'timeout-timer': '7', - 'update-timer': '8' - } - - set_method_mock.assert_called_with('router', 'ripng', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_ripng_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_ripng': {'default_information_originate': 'enable', - 'default_metric': '4', - 'garbage_timer': '5', - 'max_out_metric': '6', - 'timeout_timer': '7', - 'update_timer': '8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_ripng.fortios_router(input_data, fos_instance) - - expected_data = {'default-information-originate': 'enable', - 'default-metric': '4', - 'garbage-timer': '5', - 'max-out-metric': '6', - 'timeout-timer': '7', - 'update-timer': '8' - } - - set_method_mock.assert_called_with('router', 'ripng', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_ripng_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_ripng': {'default_information_originate': 'enable', - 'default_metric': '4', - 'garbage_timer': '5', - 'max_out_metric': '6', - 'timeout_timer': '7', - 'update_timer': '8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_ripng.fortios_router(input_data, fos_instance) - - expected_data = {'default-information-originate': 'enable', - 'default-metric': '4', - 'garbage-timer': '5', - 'max-out-metric': '6', - 'timeout-timer': '7', - 'update-timer': '8' - } - - set_method_mock.assert_called_with('router', 'ripng', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_router_ripng_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_ripng': { - 'random_attribute_not_valid': 'tag', 'default_information_originate': 'enable', - 'default_metric': '4', - 'garbage_timer': '5', - 'max_out_metric': '6', - 'timeout_timer': '7', - 'update_timer': '8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_ripng.fortios_router(input_data, fos_instance) - - expected_data = {'default-information-originate': 'enable', - 'default-metric': '4', - 'garbage-timer': '5', - 'max-out-metric': '6', - 'timeout-timer': '7', - 'update-timer': '8' - } - - set_method_mock.assert_called_with('router', 'ripng', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_router_route_map.py b/test/units/modules/network/fortios/test_fortios_router_route_map.py deleted file mode 100644 index 6d135cf44a3..00000000000 --- a/test/units/modules/network/fortios/test_fortios_router_route_map.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_router_route_map -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_router_route_map.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_router_route_map_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_route_map': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_route_map.fortios_router(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('router', 'route-map', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_route_map_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_route_map': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_route_map.fortios_router(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('router', 'route-map', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_route_map_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'router_route_map': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_route_map.fortios_router(input_data, fos_instance) - - delete_method_mock.assert_called_with('router', 'route-map', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_route_map_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'router_route_map': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_route_map.fortios_router(input_data, fos_instance) - - delete_method_mock.assert_called_with('router', 'route-map', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_route_map_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_route_map': { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_route_map.fortios_router(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('router', 'route-map', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_router_route_map_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_route_map': { - 'random_attribute_not_valid': 'tag', - 'comments': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_route_map.fortios_router(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('router', 'route-map', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_router_setting.py b/test/units/modules/network/fortios/test_fortios_router_setting.py deleted file mode 100644 index 1c8be420cbc..00000000000 --- a/test/units/modules/network/fortios/test_fortios_router_setting.py +++ /dev/null @@ -1,159 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_router_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_router_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_router_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_setting': { - 'hostname': 'myhostname3', - 'show_filter': 'test_value_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_setting.fortios_router(input_data, fos_instance) - - expected_data = { - 'hostname': 'myhostname3', - 'show-filter': 'test_value_4' - } - - set_method_mock.assert_called_with('router', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_setting': { - 'hostname': 'myhostname3', - 'show_filter': 'test_value_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_setting.fortios_router(input_data, fos_instance) - - expected_data = { - 'hostname': 'myhostname3', - 'show-filter': 'test_value_4' - } - - set_method_mock.assert_called_with('router', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_setting': { - 'hostname': 'myhostname3', - 'show_filter': 'test_value_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_setting.fortios_router(input_data, fos_instance) - - expected_data = { - 'hostname': 'myhostname3', - 'show-filter': 'test_value_4' - } - - set_method_mock.assert_called_with('router', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_router_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_setting': { - 'random_attribute_not_valid': 'tag', - 'hostname': 'myhostname3', - 'show_filter': 'test_value_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_setting.fortios_router(input_data, fos_instance) - - expected_data = { - 'hostname': 'myhostname3', - 'show-filter': 'test_value_4' - } - - set_method_mock.assert_called_with('router', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_router_static.py b/test/units/modules/network/fortios/test_fortios_router_static.py deleted file mode 100644 index 91805014967..00000000000 --- a/test/units/modules/network/fortios/test_fortios_router_static.py +++ /dev/null @@ -1,379 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_router_static -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_router_static.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_router_static_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_static': { - 'bfd': 'enable', - 'blackhole': 'enable', - 'comment': 'Optional comments.', - 'device': 'test_value_6', - 'distance': '7', - 'dst': 'test_value_8', - 'dstaddr': 'test_value_9', - 'dynamic_gateway': 'enable', - 'gateway': 'test_value_11', - 'internet_service': '12', - 'internet_service_custom': 'test_value_13', - 'link_monitor_exempt': 'enable', - 'priority': '15', - 'seq_num': '16', - 'src': 'test_value_17', - 'status': 'enable', - 'virtual_wan_link': 'enable', - 'vrf': '20', - 'weight': '21' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_static.fortios_router(input_data, fos_instance) - - expected_data = { - 'bfd': 'enable', - 'blackhole': 'enable', - 'comment': 'Optional comments.', - 'device': 'test_value_6', - 'distance': '7', - 'dst': 'test_value_8', - 'dstaddr': 'test_value_9', - 'dynamic-gateway': 'enable', - 'gateway': 'test_value_11', - 'internet-service': '12', - 'internet-service-custom': 'test_value_13', - 'link-monitor-exempt': 'enable', - 'priority': '15', - 'seq-num': '16', - 'src': 'test_value_17', - 'status': 'enable', - 'virtual-wan-link': 'enable', - 'vrf': '20', - 'weight': '21' - } - - set_method_mock.assert_called_with('router', 'static', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_static_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_static': { - 'bfd': 'enable', - 'blackhole': 'enable', - 'comment': 'Optional comments.', - 'device': 'test_value_6', - 'distance': '7', - 'dst': 'test_value_8', - 'dstaddr': 'test_value_9', - 'dynamic_gateway': 'enable', - 'gateway': 'test_value_11', - 'internet_service': '12', - 'internet_service_custom': 'test_value_13', - 'link_monitor_exempt': 'enable', - 'priority': '15', - 'seq_num': '16', - 'src': 'test_value_17', - 'status': 'enable', - 'virtual_wan_link': 'enable', - 'vrf': '20', - 'weight': '21' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_static.fortios_router(input_data, fos_instance) - - expected_data = { - 'bfd': 'enable', - 'blackhole': 'enable', - 'comment': 'Optional comments.', - 'device': 'test_value_6', - 'distance': '7', - 'dst': 'test_value_8', - 'dstaddr': 'test_value_9', - 'dynamic-gateway': 'enable', - 'gateway': 'test_value_11', - 'internet-service': '12', - 'internet-service-custom': 'test_value_13', - 'link-monitor-exempt': 'enable', - 'priority': '15', - 'seq-num': '16', - 'src': 'test_value_17', - 'status': 'enable', - 'virtual-wan-link': 'enable', - 'vrf': '20', - 'weight': '21' - } - - set_method_mock.assert_called_with('router', 'static', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_static_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'router_static': { - 'bfd': 'enable', - 'blackhole': 'enable', - 'comment': 'Optional comments.', - 'device': 'test_value_6', - 'distance': '7', - 'dst': 'test_value_8', - 'dstaddr': 'test_value_9', - 'dynamic_gateway': 'enable', - 'gateway': 'test_value_11', - 'internet_service': '12', - 'internet_service_custom': 'test_value_13', - 'link_monitor_exempt': 'enable', - 'priority': '15', - 'seq_num': '16', - 'src': 'test_value_17', - 'status': 'enable', - 'virtual_wan_link': 'enable', - 'vrf': '20', - 'weight': '21' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_static.fortios_router(input_data, fos_instance) - - delete_method_mock.assert_called_with('router', 'static', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_static_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'router_static': { - 'bfd': 'enable', - 'blackhole': 'enable', - 'comment': 'Optional comments.', - 'device': 'test_value_6', - 'distance': '7', - 'dst': 'test_value_8', - 'dstaddr': 'test_value_9', - 'dynamic_gateway': 'enable', - 'gateway': 'test_value_11', - 'internet_service': '12', - 'internet_service_custom': 'test_value_13', - 'link_monitor_exempt': 'enable', - 'priority': '15', - 'seq_num': '16', - 'src': 'test_value_17', - 'status': 'enable', - 'virtual_wan_link': 'enable', - 'vrf': '20', - 'weight': '21' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_static.fortios_router(input_data, fos_instance) - - delete_method_mock.assert_called_with('router', 'static', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_static_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_static': { - 'bfd': 'enable', - 'blackhole': 'enable', - 'comment': 'Optional comments.', - 'device': 'test_value_6', - 'distance': '7', - 'dst': 'test_value_8', - 'dstaddr': 'test_value_9', - 'dynamic_gateway': 'enable', - 'gateway': 'test_value_11', - 'internet_service': '12', - 'internet_service_custom': 'test_value_13', - 'link_monitor_exempt': 'enable', - 'priority': '15', - 'seq_num': '16', - 'src': 'test_value_17', - 'status': 'enable', - 'virtual_wan_link': 'enable', - 'vrf': '20', - 'weight': '21' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_static.fortios_router(input_data, fos_instance) - - expected_data = { - 'bfd': 'enable', - 'blackhole': 'enable', - 'comment': 'Optional comments.', - 'device': 'test_value_6', - 'distance': '7', - 'dst': 'test_value_8', - 'dstaddr': 'test_value_9', - 'dynamic-gateway': 'enable', - 'gateway': 'test_value_11', - 'internet-service': '12', - 'internet-service-custom': 'test_value_13', - 'link-monitor-exempt': 'enable', - 'priority': '15', - 'seq-num': '16', - 'src': 'test_value_17', - 'status': 'enable', - 'virtual-wan-link': 'enable', - 'vrf': '20', - 'weight': '21' - } - - set_method_mock.assert_called_with('router', 'static', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_router_static_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_static': { - 'random_attribute_not_valid': 'tag', - 'bfd': 'enable', - 'blackhole': 'enable', - 'comment': 'Optional comments.', - 'device': 'test_value_6', - 'distance': '7', - 'dst': 'test_value_8', - 'dstaddr': 'test_value_9', - 'dynamic_gateway': 'enable', - 'gateway': 'test_value_11', - 'internet_service': '12', - 'internet_service_custom': 'test_value_13', - 'link_monitor_exempt': 'enable', - 'priority': '15', - 'seq_num': '16', - 'src': 'test_value_17', - 'status': 'enable', - 'virtual_wan_link': 'enable', - 'vrf': '20', - 'weight': '21' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_static.fortios_router(input_data, fos_instance) - - expected_data = { - 'bfd': 'enable', - 'blackhole': 'enable', - 'comment': 'Optional comments.', - 'device': 'test_value_6', - 'distance': '7', - 'dst': 'test_value_8', - 'dstaddr': 'test_value_9', - 'dynamic-gateway': 'enable', - 'gateway': 'test_value_11', - 'internet-service': '12', - 'internet-service-custom': 'test_value_13', - 'link-monitor-exempt': 'enable', - 'priority': '15', - 'seq-num': '16', - 'src': 'test_value_17', - 'status': 'enable', - 'virtual-wan-link': 'enable', - 'vrf': '20', - 'weight': '21' - } - - set_method_mock.assert_called_with('router', 'static', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_router_static6.py b/test/units/modules/network/fortios/test_fortios_router_static6.py deleted file mode 100644 index e9de3df4215..00000000000 --- a/test/units/modules/network/fortios/test_fortios_router_static6.py +++ /dev/null @@ -1,309 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_router_static6 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_router_static6.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_router_static6_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_static6': { - 'bfd': 'enable', - 'blackhole': 'enable', - 'comment': 'Optional comments.', - 'device': 'test_value_6', - 'devindex': '7', - 'distance': '8', - 'dst': 'test_value_9', - 'gateway': 'test_value_10', - 'priority': '11', - 'seq_num': '12', - 'status': 'enable', - 'virtual_wan_link': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_static6.fortios_router(input_data, fos_instance) - - expected_data = { - 'bfd': 'enable', - 'blackhole': 'enable', - 'comment': 'Optional comments.', - 'device': 'test_value_6', - 'devindex': '7', - 'distance': '8', - 'dst': 'test_value_9', - 'gateway': 'test_value_10', - 'priority': '11', - 'seq-num': '12', - 'status': 'enable', - 'virtual-wan-link': 'enable' - } - - set_method_mock.assert_called_with('router', 'static6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_static6_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_static6': { - 'bfd': 'enable', - 'blackhole': 'enable', - 'comment': 'Optional comments.', - 'device': 'test_value_6', - 'devindex': '7', - 'distance': '8', - 'dst': 'test_value_9', - 'gateway': 'test_value_10', - 'priority': '11', - 'seq_num': '12', - 'status': 'enable', - 'virtual_wan_link': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_static6.fortios_router(input_data, fos_instance) - - expected_data = { - 'bfd': 'enable', - 'blackhole': 'enable', - 'comment': 'Optional comments.', - 'device': 'test_value_6', - 'devindex': '7', - 'distance': '8', - 'dst': 'test_value_9', - 'gateway': 'test_value_10', - 'priority': '11', - 'seq-num': '12', - 'status': 'enable', - 'virtual-wan-link': 'enable' - } - - set_method_mock.assert_called_with('router', 'static6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_static6_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'router_static6': { - 'bfd': 'enable', - 'blackhole': 'enable', - 'comment': 'Optional comments.', - 'device': 'test_value_6', - 'devindex': '7', - 'distance': '8', - 'dst': 'test_value_9', - 'gateway': 'test_value_10', - 'priority': '11', - 'seq_num': '12', - 'status': 'enable', - 'virtual_wan_link': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_static6.fortios_router(input_data, fos_instance) - - delete_method_mock.assert_called_with('router', 'static6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_router_static6_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'router_static6': { - 'bfd': 'enable', - 'blackhole': 'enable', - 'comment': 'Optional comments.', - 'device': 'test_value_6', - 'devindex': '7', - 'distance': '8', - 'dst': 'test_value_9', - 'gateway': 'test_value_10', - 'priority': '11', - 'seq_num': '12', - 'status': 'enable', - 'virtual_wan_link': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_static6.fortios_router(input_data, fos_instance) - - delete_method_mock.assert_called_with('router', 'static6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_router_static6_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_static6': { - 'bfd': 'enable', - 'blackhole': 'enable', - 'comment': 'Optional comments.', - 'device': 'test_value_6', - 'devindex': '7', - 'distance': '8', - 'dst': 'test_value_9', - 'gateway': 'test_value_10', - 'priority': '11', - 'seq_num': '12', - 'status': 'enable', - 'virtual_wan_link': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_static6.fortios_router(input_data, fos_instance) - - expected_data = { - 'bfd': 'enable', - 'blackhole': 'enable', - 'comment': 'Optional comments.', - 'device': 'test_value_6', - 'devindex': '7', - 'distance': '8', - 'dst': 'test_value_9', - 'gateway': 'test_value_10', - 'priority': '11', - 'seq-num': '12', - 'status': 'enable', - 'virtual-wan-link': 'enable' - } - - set_method_mock.assert_called_with('router', 'static6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_router_static6_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'router_static6': { - 'random_attribute_not_valid': 'tag', - 'bfd': 'enable', - 'blackhole': 'enable', - 'comment': 'Optional comments.', - 'device': 'test_value_6', - 'devindex': '7', - 'distance': '8', - 'dst': 'test_value_9', - 'gateway': 'test_value_10', - 'priority': '11', - 'seq_num': '12', - 'status': 'enable', - 'virtual_wan_link': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_router_static6.fortios_router(input_data, fos_instance) - - expected_data = { - 'bfd': 'enable', - 'blackhole': 'enable', - 'comment': 'Optional comments.', - 'device': 'test_value_6', - 'devindex': '7', - 'distance': '8', - 'dst': 'test_value_9', - 'gateway': 'test_value_10', - 'priority': '11', - 'seq-num': '12', - 'status': 'enable', - 'virtual-wan-link': 'enable' - } - - set_method_mock.assert_called_with('router', 'static6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_spamfilter_bwl.py b/test/units/modules/network/fortios/test_fortios_spamfilter_bwl.py deleted file mode 100644 index 34a36b73d21..00000000000 --- a/test/units/modules/network/fortios/test_fortios_spamfilter_bwl.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_spamfilter_bwl -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_spamfilter_bwl.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_spamfilter_bwl_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_bwl': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_bwl.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('spamfilter', 'bwl', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_spamfilter_bwl_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_bwl': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_bwl.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('spamfilter', 'bwl', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_spamfilter_bwl_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'spamfilter_bwl': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_bwl.fortios_spamfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('spamfilter', 'bwl', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_spamfilter_bwl_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'spamfilter_bwl': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_bwl.fortios_spamfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('spamfilter', 'bwl', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_spamfilter_bwl_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_bwl': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_bwl.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('spamfilter', 'bwl', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_spamfilter_bwl_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_bwl': { - 'random_attribute_not_valid': 'tag', - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_bwl.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('spamfilter', 'bwl', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_spamfilter_bword.py b/test/units/modules/network/fortios/test_fortios_spamfilter_bword.py deleted file mode 100644 index 725f901e6ee..00000000000 --- a/test/units/modules/network/fortios/test_fortios_spamfilter_bword.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_spamfilter_bword -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_spamfilter_bword.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_spamfilter_bword_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_bword': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_bword.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('spamfilter', 'bword', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_spamfilter_bword_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_bword': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_bword.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('spamfilter', 'bword', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_spamfilter_bword_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'spamfilter_bword': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_bword.fortios_spamfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('spamfilter', 'bword', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_spamfilter_bword_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'spamfilter_bword': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_bword.fortios_spamfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('spamfilter', 'bword', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_spamfilter_bword_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_bword': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_bword.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('spamfilter', 'bword', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_spamfilter_bword_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_bword': { - 'random_attribute_not_valid': 'tag', - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_bword.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('spamfilter', 'bword', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_spamfilter_dnsbl.py b/test/units/modules/network/fortios/test_fortios_spamfilter_dnsbl.py deleted file mode 100644 index 14dcc78ea35..00000000000 --- a/test/units/modules/network/fortios/test_fortios_spamfilter_dnsbl.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_spamfilter_dnsbl -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_spamfilter_dnsbl.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_spamfilter_dnsbl_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_dnsbl': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_dnsbl.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('spamfilter', 'dnsbl', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_spamfilter_dnsbl_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_dnsbl': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_dnsbl.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('spamfilter', 'dnsbl', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_spamfilter_dnsbl_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'spamfilter_dnsbl': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_dnsbl.fortios_spamfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('spamfilter', 'dnsbl', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_spamfilter_dnsbl_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'spamfilter_dnsbl': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_dnsbl.fortios_spamfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('spamfilter', 'dnsbl', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_spamfilter_dnsbl_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_dnsbl': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_dnsbl.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('spamfilter', 'dnsbl', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_spamfilter_dnsbl_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_dnsbl': { - 'random_attribute_not_valid': 'tag', - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_dnsbl.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('spamfilter', 'dnsbl', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_spamfilter_fortishield.py b/test/units/modules/network/fortios/test_fortios_spamfilter_fortishield.py deleted file mode 100644 index 14947dc3ba9..00000000000 --- a/test/units/modules/network/fortios/test_fortios_spamfilter_fortishield.py +++ /dev/null @@ -1,167 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_spamfilter_fortishield -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_spamfilter_fortishield.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_spamfilter_fortishield_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_fortishield': { - 'spam_submit_force': 'enable', - 'spam_submit_srv': 'test_value_4', - 'spam_submit_txt2htm': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_fortishield.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'spam-submit-force': 'enable', - 'spam-submit-srv': 'test_value_4', - 'spam-submit-txt2htm': 'enable' - } - - set_method_mock.assert_called_with('spamfilter', 'fortishield', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_spamfilter_fortishield_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_fortishield': { - 'spam_submit_force': 'enable', - 'spam_submit_srv': 'test_value_4', - 'spam_submit_txt2htm': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_fortishield.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'spam-submit-force': 'enable', - 'spam-submit-srv': 'test_value_4', - 'spam-submit-txt2htm': 'enable' - } - - set_method_mock.assert_called_with('spamfilter', 'fortishield', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_spamfilter_fortishield_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_fortishield': { - 'spam_submit_force': 'enable', - 'spam_submit_srv': 'test_value_4', - 'spam_submit_txt2htm': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_fortishield.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'spam-submit-force': 'enable', - 'spam-submit-srv': 'test_value_4', - 'spam-submit-txt2htm': 'enable' - } - - set_method_mock.assert_called_with('spamfilter', 'fortishield', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_spamfilter_fortishield_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_fortishield': { - 'random_attribute_not_valid': 'tag', - 'spam_submit_force': 'enable', - 'spam_submit_srv': 'test_value_4', - 'spam_submit_txt2htm': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_fortishield.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'spam-submit-force': 'enable', - 'spam-submit-srv': 'test_value_4', - 'spam-submit-txt2htm': 'enable' - } - - set_method_mock.assert_called_with('spamfilter', 'fortishield', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_spamfilter_iptrust.py b/test/units/modules/network/fortios/test_fortios_spamfilter_iptrust.py deleted file mode 100644 index c729c6030a3..00000000000 --- a/test/units/modules/network/fortios/test_fortios_spamfilter_iptrust.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_spamfilter_iptrust -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_spamfilter_iptrust.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_spamfilter_iptrust_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_iptrust': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_iptrust.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('spamfilter', 'iptrust', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_spamfilter_iptrust_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_iptrust': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_iptrust.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('spamfilter', 'iptrust', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_spamfilter_iptrust_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'spamfilter_iptrust': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_iptrust.fortios_spamfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('spamfilter', 'iptrust', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_spamfilter_iptrust_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'spamfilter_iptrust': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_iptrust.fortios_spamfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('spamfilter', 'iptrust', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_spamfilter_iptrust_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_iptrust': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_iptrust.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('spamfilter', 'iptrust', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_spamfilter_iptrust_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_iptrust': { - 'random_attribute_not_valid': 'tag', - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_iptrust.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('spamfilter', 'iptrust', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_spamfilter_mheader.py b/test/units/modules/network/fortios/test_fortios_spamfilter_mheader.py deleted file mode 100644 index fd2b14128e5..00000000000 --- a/test/units/modules/network/fortios/test_fortios_spamfilter_mheader.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_spamfilter_mheader -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_spamfilter_mheader.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_spamfilter_mheader_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_mheader': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_mheader.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('spamfilter', 'mheader', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_spamfilter_mheader_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_mheader': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_mheader.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('spamfilter', 'mheader', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_spamfilter_mheader_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'spamfilter_mheader': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_mheader.fortios_spamfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('spamfilter', 'mheader', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_spamfilter_mheader_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'spamfilter_mheader': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_mheader.fortios_spamfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('spamfilter', 'mheader', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_spamfilter_mheader_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_mheader': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_mheader.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('spamfilter', 'mheader', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_spamfilter_mheader_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_mheader': { - 'random_attribute_not_valid': 'tag', - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_mheader.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('spamfilter', 'mheader', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_spamfilter_options.py b/test/units/modules/network/fortios/test_fortios_spamfilter_options.py deleted file mode 100644 index 9d2ae4bc545..00000000000 --- a/test/units/modules/network/fortios/test_fortios_spamfilter_options.py +++ /dev/null @@ -1,151 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_spamfilter_options -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_spamfilter_options.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_spamfilter_options_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_options': { - 'dns_timeout': '3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_options.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'dns-timeout': '3' - } - - set_method_mock.assert_called_with('spamfilter', 'options', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_spamfilter_options_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_options': { - 'dns_timeout': '3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_options.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'dns-timeout': '3' - } - - set_method_mock.assert_called_with('spamfilter', 'options', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_spamfilter_options_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_options': { - 'dns_timeout': '3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_options.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'dns-timeout': '3' - } - - set_method_mock.assert_called_with('spamfilter', 'options', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_spamfilter_options_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_options': { - 'random_attribute_not_valid': 'tag', - 'dns_timeout': '3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_options.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'dns-timeout': '3' - } - - set_method_mock.assert_called_with('spamfilter', 'options', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_spamfilter_profile.py b/test/units/modules/network/fortios/test_fortios_spamfilter_profile.py deleted file mode 100644 index 8f5dc599142..00000000000 --- a/test/units/modules/network/fortios/test_fortios_spamfilter_profile.py +++ /dev/null @@ -1,339 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_spamfilter_profile -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_spamfilter_profile.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_spamfilter_profile_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_profile': { - 'comment': 'Comment.', - 'external': 'enable', - 'flow_based': 'enable', - 'name': 'default_name_6', - 'replacemsg_group': 'test_value_7', - 'spam_bwl_table': '8', - 'spam_bword_table': '9', - 'spam_bword_threshold': '10', - 'spam_filtering': 'enable', - 'spam_iptrust_table': '12', - 'spam_log': 'disable', - 'spam_log_fortiguard_response': 'disable', - 'spam_mheader_table': '15', - 'spam_rbl_table': '16', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_profile.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'external': 'enable', - 'flow-based': 'enable', - 'name': 'default_name_6', - 'replacemsg-group': 'test_value_7', - 'spam-bwl-table': '8', - 'spam-bword-table': '9', - 'spam-bword-threshold': '10', - 'spam-filtering': 'enable', - 'spam-iptrust-table': '12', - 'spam-log': 'disable', - 'spam-log-fortiguard-response': 'disable', - 'spam-mheader-table': '15', - 'spam-rbl-table': '16', - - } - - set_method_mock.assert_called_with('spamfilter', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_spamfilter_profile_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_profile': { - 'comment': 'Comment.', - 'external': 'enable', - 'flow_based': 'enable', - 'name': 'default_name_6', - 'replacemsg_group': 'test_value_7', - 'spam_bwl_table': '8', - 'spam_bword_table': '9', - 'spam_bword_threshold': '10', - 'spam_filtering': 'enable', - 'spam_iptrust_table': '12', - 'spam_log': 'disable', - 'spam_log_fortiguard_response': 'disable', - 'spam_mheader_table': '15', - 'spam_rbl_table': '16', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_profile.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'external': 'enable', - 'flow-based': 'enable', - 'name': 'default_name_6', - 'replacemsg-group': 'test_value_7', - 'spam-bwl-table': '8', - 'spam-bword-table': '9', - 'spam-bword-threshold': '10', - 'spam-filtering': 'enable', - 'spam-iptrust-table': '12', - 'spam-log': 'disable', - 'spam-log-fortiguard-response': 'disable', - 'spam-mheader-table': '15', - 'spam-rbl-table': '16', - - } - - set_method_mock.assert_called_with('spamfilter', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_spamfilter_profile_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'spamfilter_profile': { - 'comment': 'Comment.', - 'external': 'enable', - 'flow_based': 'enable', - 'name': 'default_name_6', - 'replacemsg_group': 'test_value_7', - 'spam_bwl_table': '8', - 'spam_bword_table': '9', - 'spam_bword_threshold': '10', - 'spam_filtering': 'enable', - 'spam_iptrust_table': '12', - 'spam_log': 'disable', - 'spam_log_fortiguard_response': 'disable', - 'spam_mheader_table': '15', - 'spam_rbl_table': '16', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_profile.fortios_spamfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('spamfilter', 'profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_spamfilter_profile_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'spamfilter_profile': { - 'comment': 'Comment.', - 'external': 'enable', - 'flow_based': 'enable', - 'name': 'default_name_6', - 'replacemsg_group': 'test_value_7', - 'spam_bwl_table': '8', - 'spam_bword_table': '9', - 'spam_bword_threshold': '10', - 'spam_filtering': 'enable', - 'spam_iptrust_table': '12', - 'spam_log': 'disable', - 'spam_log_fortiguard_response': 'disable', - 'spam_mheader_table': '15', - 'spam_rbl_table': '16', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_profile.fortios_spamfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('spamfilter', 'profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_spamfilter_profile_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_profile': { - 'comment': 'Comment.', - 'external': 'enable', - 'flow_based': 'enable', - 'name': 'default_name_6', - 'replacemsg_group': 'test_value_7', - 'spam_bwl_table': '8', - 'spam_bword_table': '9', - 'spam_bword_threshold': '10', - 'spam_filtering': 'enable', - 'spam_iptrust_table': '12', - 'spam_log': 'disable', - 'spam_log_fortiguard_response': 'disable', - 'spam_mheader_table': '15', - 'spam_rbl_table': '16', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_profile.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'external': 'enable', - 'flow-based': 'enable', - 'name': 'default_name_6', - 'replacemsg-group': 'test_value_7', - 'spam-bwl-table': '8', - 'spam-bword-table': '9', - 'spam-bword-threshold': '10', - 'spam-filtering': 'enable', - 'spam-iptrust-table': '12', - 'spam-log': 'disable', - 'spam-log-fortiguard-response': 'disable', - 'spam-mheader-table': '15', - 'spam-rbl-table': '16', - - } - - set_method_mock.assert_called_with('spamfilter', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_spamfilter_profile_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'spamfilter_profile': { - 'random_attribute_not_valid': 'tag', - 'comment': 'Comment.', - 'external': 'enable', - 'flow_based': 'enable', - 'name': 'default_name_6', - 'replacemsg_group': 'test_value_7', - 'spam_bwl_table': '8', - 'spam_bword_table': '9', - 'spam_bword_threshold': '10', - 'spam_filtering': 'enable', - 'spam_iptrust_table': '12', - 'spam_log': 'disable', - 'spam_log_fortiguard_response': 'disable', - 'spam_mheader_table': '15', - 'spam_rbl_table': '16', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_spamfilter_profile.fortios_spamfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'external': 'enable', - 'flow-based': 'enable', - 'name': 'default_name_6', - 'replacemsg-group': 'test_value_7', - 'spam-bwl-table': '8', - 'spam-bword-table': '9', - 'spam-bword-threshold': '10', - 'spam-filtering': 'enable', - 'spam-iptrust-table': '12', - 'spam-log': 'disable', - 'spam-log-fortiguard-response': 'disable', - 'spam-mheader-table': '15', - 'spam-rbl-table': '16', - - } - - set_method_mock.assert_called_with('spamfilter', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_ssh_filter_profile.py b/test/units/modules/network/fortios/test_fortios_ssh_filter_profile.py deleted file mode 100644 index 80286c1e8cb..00000000000 --- a/test/units/modules/network/fortios/test_fortios_ssh_filter_profile.py +++ /dev/null @@ -1,239 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_ssh_filter_profile -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_ssh_filter_profile.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_ssh_filter_profile_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ssh_filter_profile': { - 'block': 'x11', - 'default_command_log': 'enable', - 'log': 'x11', - 'name': 'default_name_6', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ssh_filter_profile.fortios_ssh_filter(input_data, fos_instance) - - expected_data = { - 'block': 'x11', - 'default-command-log': 'enable', - 'log': 'x11', - 'name': 'default_name_6', - - } - - set_method_mock.assert_called_with('ssh-filter', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_ssh_filter_profile_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ssh_filter_profile': { - 'block': 'x11', - 'default_command_log': 'enable', - 'log': 'x11', - 'name': 'default_name_6', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ssh_filter_profile.fortios_ssh_filter(input_data, fos_instance) - - expected_data = { - 'block': 'x11', - 'default-command-log': 'enable', - 'log': 'x11', - 'name': 'default_name_6', - - } - - set_method_mock.assert_called_with('ssh-filter', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_ssh_filter_profile_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'ssh_filter_profile': { - 'block': 'x11', - 'default_command_log': 'enable', - 'log': 'x11', - 'name': 'default_name_6', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ssh_filter_profile.fortios_ssh_filter(input_data, fos_instance) - - delete_method_mock.assert_called_with('ssh-filter', 'profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_ssh_filter_profile_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'ssh_filter_profile': { - 'block': 'x11', - 'default_command_log': 'enable', - 'log': 'x11', - 'name': 'default_name_6', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ssh_filter_profile.fortios_ssh_filter(input_data, fos_instance) - - delete_method_mock.assert_called_with('ssh-filter', 'profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_ssh_filter_profile_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ssh_filter_profile': { - 'block': 'x11', - 'default_command_log': 'enable', - 'log': 'x11', - 'name': 'default_name_6', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ssh_filter_profile.fortios_ssh_filter(input_data, fos_instance) - - expected_data = { - 'block': 'x11', - 'default-command-log': 'enable', - 'log': 'x11', - 'name': 'default_name_6', - - } - - set_method_mock.assert_called_with('ssh-filter', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_ssh_filter_profile_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'ssh_filter_profile': { - 'random_attribute_not_valid': 'tag', - 'block': 'x11', - 'default_command_log': 'enable', - 'log': 'x11', - 'name': 'default_name_6', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_ssh_filter_profile.fortios_ssh_filter(input_data, fos_instance) - - expected_data = { - 'block': 'x11', - 'default-command-log': 'enable', - 'log': 'x11', - 'name': 'default_name_6', - - } - - set_method_mock.assert_called_with('ssh-filter', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_switch_controller_802_1X_settings.py b/test/units/modules/network/fortios/test_fortios_switch_controller_802_1X_settings.py deleted file mode 100644 index 65c8f891afa..00000000000 --- a/test/units/modules/network/fortios/test_fortios_switch_controller_802_1X_settings.py +++ /dev/null @@ -1,167 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_switch_controller_802_1X_settings -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_switch_controller_802_1X_settings.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_switch_controller_802_1X_settings_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_802_1X_settings': { - 'link_down_auth': 'set-unauth', - 'max_reauth_attempt': '4', - 'reauth_period': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_802_1X_settings.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'link-down-auth': 'set-unauth', - 'max-reauth-attempt': '4', - 'reauth-period': '5' - } - - set_method_mock.assert_called_with('switch-controller', '802-1X-settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_802_1X_settings_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_802_1X_settings': { - 'link_down_auth': 'set-unauth', - 'max_reauth_attempt': '4', - 'reauth_period': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_802_1X_settings.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'link-down-auth': 'set-unauth', - 'max-reauth-attempt': '4', - 'reauth-period': '5' - } - - set_method_mock.assert_called_with('switch-controller', '802-1X-settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_802_1X_settings_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_802_1X_settings': { - 'link_down_auth': 'set-unauth', - 'max_reauth_attempt': '4', - 'reauth_period': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_802_1X_settings.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'link-down-auth': 'set-unauth', - 'max-reauth-attempt': '4', - 'reauth-period': '5' - } - - set_method_mock.assert_called_with('switch-controller', '802-1X-settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_switch_controller_802_1X_settings_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_802_1X_settings': { - 'random_attribute_not_valid': 'tag', - 'link_down_auth': 'set-unauth', - 'max_reauth_attempt': '4', - 'reauth_period': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_802_1X_settings.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'link-down-auth': 'set-unauth', - 'max-reauth-attempt': '4', - 'reauth-period': '5' - } - - set_method_mock.assert_called_with('switch-controller', '802-1X-settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_switch_controller_custom_command.py b/test/units/modules/network/fortios/test_fortios_switch_controller_custom_command.py deleted file mode 100644 index 5876b859f76..00000000000 --- a/test/units/modules/network/fortios/test_fortios_switch_controller_custom_command.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_switch_controller_custom_command -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_switch_controller_custom_command.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_switch_controller_custom_command_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_custom_command': { - 'command': 'test_value_3', - 'command_name': 'test_value_4', - 'description': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_custom_command.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'command': 'test_value_3', - 'command-name': 'test_value_4', - 'description': 'test_value_5' - } - - set_method_mock.assert_called_with('switch-controller', 'custom-command', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_custom_command_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_custom_command': { - 'command': 'test_value_3', - 'command_name': 'test_value_4', - 'description': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_custom_command.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'command': 'test_value_3', - 'command-name': 'test_value_4', - 'description': 'test_value_5' - } - - set_method_mock.assert_called_with('switch-controller', 'custom-command', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_custom_command_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'switch_controller_custom_command': { - 'command': 'test_value_3', - 'command_name': 'test_value_4', - 'description': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_custom_command.fortios_switch_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('switch-controller', 'custom-command', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_custom_command_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'switch_controller_custom_command': { - 'command': 'test_value_3', - 'command_name': 'test_value_4', - 'description': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_custom_command.fortios_switch_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('switch-controller', 'custom-command', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_custom_command_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_custom_command': { - 'command': 'test_value_3', - 'command_name': 'test_value_4', - 'description': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_custom_command.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'command': 'test_value_3', - 'command-name': 'test_value_4', - 'description': 'test_value_5' - } - - set_method_mock.assert_called_with('switch-controller', 'custom-command', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_switch_controller_custom_command_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_custom_command': { - 'random_attribute_not_valid': 'tag', - 'command': 'test_value_3', - 'command_name': 'test_value_4', - 'description': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_custom_command.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'command': 'test_value_3', - 'command-name': 'test_value_4', - 'description': 'test_value_5' - } - - set_method_mock.assert_called_with('switch-controller', 'custom-command', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_switch_controller_global.py b/test/units/modules/network/fortios/test_fortios_switch_controller_global.py deleted file mode 100644 index 50021093e6b..00000000000 --- a/test/units/modules/network/fortios/test_fortios_switch_controller_global.py +++ /dev/null @@ -1,199 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_switch_controller_global -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_switch_controller_global.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_switch_controller_global_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_global': { - 'allow_multiple_interfaces': 'enable', - 'default_virtual_switch_vlan': 'test_value_4', - 'https_image_push': 'enable', - 'log_mac_limit_violations': 'enable', - 'mac_aging_interval': '7', - 'mac_retention_period': '8', - 'mac_violation_timer': '9' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_global.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'allow-multiple-interfaces': 'enable', - 'default-virtual-switch-vlan': 'test_value_4', - 'https-image-push': 'enable', - 'log-mac-limit-violations': 'enable', - 'mac-aging-interval': '7', - 'mac-retention-period': '8', - 'mac-violation-timer': '9' - } - - set_method_mock.assert_called_with('switch-controller', 'global', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_global_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_global': { - 'allow_multiple_interfaces': 'enable', - 'default_virtual_switch_vlan': 'test_value_4', - 'https_image_push': 'enable', - 'log_mac_limit_violations': 'enable', - 'mac_aging_interval': '7', - 'mac_retention_period': '8', - 'mac_violation_timer': '9' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_global.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'allow-multiple-interfaces': 'enable', - 'default-virtual-switch-vlan': 'test_value_4', - 'https-image-push': 'enable', - 'log-mac-limit-violations': 'enable', - 'mac-aging-interval': '7', - 'mac-retention-period': '8', - 'mac-violation-timer': '9' - } - - set_method_mock.assert_called_with('switch-controller', 'global', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_global_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_global': { - 'allow_multiple_interfaces': 'enable', - 'default_virtual_switch_vlan': 'test_value_4', - 'https_image_push': 'enable', - 'log_mac_limit_violations': 'enable', - 'mac_aging_interval': '7', - 'mac_retention_period': '8', - 'mac_violation_timer': '9' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_global.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'allow-multiple-interfaces': 'enable', - 'default-virtual-switch-vlan': 'test_value_4', - 'https-image-push': 'enable', - 'log-mac-limit-violations': 'enable', - 'mac-aging-interval': '7', - 'mac-retention-period': '8', - 'mac-violation-timer': '9' - } - - set_method_mock.assert_called_with('switch-controller', 'global', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_switch_controller_global_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_global': { - 'random_attribute_not_valid': 'tag', - 'allow_multiple_interfaces': 'enable', - 'default_virtual_switch_vlan': 'test_value_4', - 'https_image_push': 'enable', - 'log_mac_limit_violations': 'enable', - 'mac_aging_interval': '7', - 'mac_retention_period': '8', - 'mac_violation_timer': '9' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_global.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'allow-multiple-interfaces': 'enable', - 'default-virtual-switch-vlan': 'test_value_4', - 'https-image-push': 'enable', - 'log-mac-limit-violations': 'enable', - 'mac-aging-interval': '7', - 'mac-retention-period': '8', - 'mac-violation-timer': '9' - } - - set_method_mock.assert_called_with('switch-controller', 'global', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_switch_controller_igmp_snooping.py b/test/units/modules/network/fortios/test_fortios_switch_controller_igmp_snooping.py deleted file mode 100644 index 51986844d4a..00000000000 --- a/test/units/modules/network/fortios/test_fortios_switch_controller_igmp_snooping.py +++ /dev/null @@ -1,159 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_switch_controller_igmp_snooping -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_switch_controller_igmp_snooping.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_switch_controller_igmp_snooping_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_igmp_snooping': { - 'aging_time': '3', - 'flood_unknown_multicast': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_igmp_snooping.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'aging-time': '3', - 'flood-unknown-multicast': 'enable' - } - - set_method_mock.assert_called_with('switch-controller', 'igmp-snooping', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_igmp_snooping_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_igmp_snooping': { - 'aging_time': '3', - 'flood_unknown_multicast': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_igmp_snooping.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'aging-time': '3', - 'flood-unknown-multicast': 'enable' - } - - set_method_mock.assert_called_with('switch-controller', 'igmp-snooping', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_igmp_snooping_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_igmp_snooping': { - 'aging_time': '3', - 'flood_unknown_multicast': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_igmp_snooping.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'aging-time': '3', - 'flood-unknown-multicast': 'enable' - } - - set_method_mock.assert_called_with('switch-controller', 'igmp-snooping', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_switch_controller_igmp_snooping_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_igmp_snooping': { - 'random_attribute_not_valid': 'tag', - 'aging_time': '3', - 'flood_unknown_multicast': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_igmp_snooping.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'aging-time': '3', - 'flood-unknown-multicast': 'enable' - } - - set_method_mock.assert_called_with('switch-controller', 'igmp-snooping', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_switch_controller_lldp_profile.py b/test/units/modules/network/fortios/test_fortios_switch_controller_lldp_profile.py deleted file mode 100644 index 783418d6f42..00000000000 --- a/test/units/modules/network/fortios/test_fortios_switch_controller_lldp_profile.py +++ /dev/null @@ -1,269 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_switch_controller_lldp_profile -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_switch_controller_lldp_profile.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_switch_controller_lldp_profile_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_lldp_profile': { - '802.1_tlvs': 'port-vlan-id', - '802.3_tlvs': 'max-frame-size', - 'auto_isl': 'disable', - 'auto_isl_hello_timer': '6', - 'auto_isl_port_group': '7', - 'auto_isl_receive_timeout': '8', - 'med_tlvs': 'inventory-management', - 'name': 'default_name_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_lldp_profile.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - '802.1-tlvs': 'port-vlan-id', - '802.3-tlvs': 'max-frame-size', - 'auto-isl': 'disable', - 'auto-isl-hello-timer': '6', - 'auto-isl-port-group': '7', - 'auto-isl-receive-timeout': '8', - 'med-tlvs': 'inventory-management', - 'name': 'default_name_10' - } - - set_method_mock.assert_called_with('switch-controller', 'lldp-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_lldp_profile_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_lldp_profile': { - '802.1_tlvs': 'port-vlan-id', - '802.3_tlvs': 'max-frame-size', - 'auto_isl': 'disable', - 'auto_isl_hello_timer': '6', - 'auto_isl_port_group': '7', - 'auto_isl_receive_timeout': '8', - 'med_tlvs': 'inventory-management', - 'name': 'default_name_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_lldp_profile.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - '802.1-tlvs': 'port-vlan-id', - '802.3-tlvs': 'max-frame-size', - 'auto-isl': 'disable', - 'auto-isl-hello-timer': '6', - 'auto-isl-port-group': '7', - 'auto-isl-receive-timeout': '8', - 'med-tlvs': 'inventory-management', - 'name': 'default_name_10' - } - - set_method_mock.assert_called_with('switch-controller', 'lldp-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_lldp_profile_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'switch_controller_lldp_profile': { - '802.1_tlvs': 'port-vlan-id', - '802.3_tlvs': 'max-frame-size', - 'auto_isl': 'disable', - 'auto_isl_hello_timer': '6', - 'auto_isl_port_group': '7', - 'auto_isl_receive_timeout': '8', - 'med_tlvs': 'inventory-management', - 'name': 'default_name_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_lldp_profile.fortios_switch_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('switch-controller', 'lldp-profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_lldp_profile_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'switch_controller_lldp_profile': { - '802.1_tlvs': 'port-vlan-id', - '802.3_tlvs': 'max-frame-size', - 'auto_isl': 'disable', - 'auto_isl_hello_timer': '6', - 'auto_isl_port_group': '7', - 'auto_isl_receive_timeout': '8', - 'med_tlvs': 'inventory-management', - 'name': 'default_name_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_lldp_profile.fortios_switch_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('switch-controller', 'lldp-profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_lldp_profile_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_lldp_profile': { - '802.1_tlvs': 'port-vlan-id', - '802.3_tlvs': 'max-frame-size', - 'auto_isl': 'disable', - 'auto_isl_hello_timer': '6', - 'auto_isl_port_group': '7', - 'auto_isl_receive_timeout': '8', - 'med_tlvs': 'inventory-management', - 'name': 'default_name_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_lldp_profile.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - '802.1-tlvs': 'port-vlan-id', - '802.3-tlvs': 'max-frame-size', - 'auto-isl': 'disable', - 'auto-isl-hello-timer': '6', - 'auto-isl-port-group': '7', - 'auto-isl-receive-timeout': '8', - 'med-tlvs': 'inventory-management', - 'name': 'default_name_10' - } - - set_method_mock.assert_called_with('switch-controller', 'lldp-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_switch_controller_lldp_profile_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_lldp_profile': { - 'random_attribute_not_valid': 'tag', - '802.1_tlvs': 'port-vlan-id', - '802.3_tlvs': 'max-frame-size', - 'auto_isl': 'disable', - 'auto_isl_hello_timer': '6', - 'auto_isl_port_group': '7', - 'auto_isl_receive_timeout': '8', - 'med_tlvs': 'inventory-management', - 'name': 'default_name_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_lldp_profile.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - '802.1-tlvs': 'port-vlan-id', - '802.3-tlvs': 'max-frame-size', - 'auto-isl': 'disable', - 'auto-isl-hello-timer': '6', - 'auto-isl-port-group': '7', - 'auto-isl-receive-timeout': '8', - 'med-tlvs': 'inventory-management', - 'name': 'default_name_10' - } - - set_method_mock.assert_called_with('switch-controller', 'lldp-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_switch_controller_lldp_settings.py b/test/units/modules/network/fortios/test_fortios_switch_controller_lldp_settings.py deleted file mode 100644 index c8e9e8c94c0..00000000000 --- a/test/units/modules/network/fortios/test_fortios_switch_controller_lldp_settings.py +++ /dev/null @@ -1,183 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_switch_controller_lldp_settings -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_switch_controller_lldp_settings.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_switch_controller_lldp_settings_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_lldp_settings': { - 'fast_start_interval': '3', - 'management_interface': 'internal', - 'status': 'enable', - 'tx_hold': '6', - 'tx_interval': '7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_lldp_settings.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'fast-start-interval': '3', - 'management-interface': 'internal', - 'status': 'enable', - 'tx-hold': '6', - 'tx-interval': '7' - } - - set_method_mock.assert_called_with('switch-controller', 'lldp-settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_lldp_settings_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_lldp_settings': { - 'fast_start_interval': '3', - 'management_interface': 'internal', - 'status': 'enable', - 'tx_hold': '6', - 'tx_interval': '7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_lldp_settings.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'fast-start-interval': '3', - 'management-interface': 'internal', - 'status': 'enable', - 'tx-hold': '6', - 'tx-interval': '7' - } - - set_method_mock.assert_called_with('switch-controller', 'lldp-settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_lldp_settings_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_lldp_settings': { - 'fast_start_interval': '3', - 'management_interface': 'internal', - 'status': 'enable', - 'tx_hold': '6', - 'tx_interval': '7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_lldp_settings.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'fast-start-interval': '3', - 'management-interface': 'internal', - 'status': 'enable', - 'tx-hold': '6', - 'tx-interval': '7' - } - - set_method_mock.assert_called_with('switch-controller', 'lldp-settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_switch_controller_lldp_settings_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_lldp_settings': { - 'random_attribute_not_valid': 'tag', - 'fast_start_interval': '3', - 'management_interface': 'internal', - 'status': 'enable', - 'tx_hold': '6', - 'tx_interval': '7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_lldp_settings.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'fast-start-interval': '3', - 'management-interface': 'internal', - 'status': 'enable', - 'tx-hold': '6', - 'tx-interval': '7' - } - - set_method_mock.assert_called_with('switch-controller', 'lldp-settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_switch_controller_mac_sync_settings.py b/test/units/modules/network/fortios/test_fortios_switch_controller_mac_sync_settings.py deleted file mode 100644 index 8a41be2c86c..00000000000 --- a/test/units/modules/network/fortios/test_fortios_switch_controller_mac_sync_settings.py +++ /dev/null @@ -1,151 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_switch_controller_mac_sync_settings -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_switch_controller_mac_sync_settings.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_switch_controller_mac_sync_settings_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_mac_sync_settings': { - 'mac_sync_interval': '3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_mac_sync_settings.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'mac-sync-interval': '3' - } - - set_method_mock.assert_called_with('switch-controller', 'mac-sync-settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_mac_sync_settings_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_mac_sync_settings': { - 'mac_sync_interval': '3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_mac_sync_settings.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'mac-sync-interval': '3' - } - - set_method_mock.assert_called_with('switch-controller', 'mac-sync-settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_mac_sync_settings_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_mac_sync_settings': { - 'mac_sync_interval': '3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_mac_sync_settings.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'mac-sync-interval': '3' - } - - set_method_mock.assert_called_with('switch-controller', 'mac-sync-settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_switch_controller_mac_sync_settings_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_mac_sync_settings': { - 'random_attribute_not_valid': 'tag', - 'mac_sync_interval': '3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_mac_sync_settings.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'mac-sync-interval': '3' - } - - set_method_mock.assert_called_with('switch-controller', 'mac-sync-settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_switch_controller_managed_switch.py b/test/units/modules/network/fortios/test_fortios_switch_controller_managed_switch.py deleted file mode 100644 index 16703470645..00000000000 --- a/test/units/modules/network/fortios/test_fortios_switch_controller_managed_switch.py +++ /dev/null @@ -1,389 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_switch_controller_managed_switch -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_switch_controller_managed_switch.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_switch_controller_managed_switch_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_managed_switch': {'delayed_restart_trigger': '3', - 'description': 'test_value_4', - 'directly_connected': '5', - 'dynamic_capability': '6', - 'dynamically_discovered': '7', - 'fsw_wan1_admin': 'discovered', - 'fsw_wan1_peer': 'test_value_9', - 'fsw_wan2_admin': 'discovered', - 'fsw_wan2_peer': 'test_value_11', - 'max_allowed_trunk_members': '12', - 'name': 'default_name_13', - 'owner_vdom': 'test_value_14', - 'poe_detection_type': '15', - 'poe_pre_standard_detection': 'enable', - 'pre_provisioned': '17', - 'staged_image_version': 'test_value_18', - 'switch_device_tag': 'test_value_19', - 'switch_id': 'test_value_20', - 'switch_profile': 'test_value_21', - 'type': 'virtual', - 'version': '23' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_managed_switch.fortios_switch_controller(input_data, fos_instance) - - expected_data = {'delayed-restart-trigger': '3', - 'description': 'test_value_4', - 'directly-connected': '5', - 'dynamic-capability': '6', - 'dynamically-discovered': '7', - 'fsw-wan1-admin': 'discovered', - 'fsw-wan1-peer': 'test_value_9', - 'fsw-wan2-admin': 'discovered', - 'fsw-wan2-peer': 'test_value_11', - 'max-allowed-trunk-members': '12', - 'name': 'default_name_13', - 'owner-vdom': 'test_value_14', - 'poe-detection-type': '15', - 'poe-pre-standard-detection': 'enable', - 'pre-provisioned': '17', - 'staged-image-version': 'test_value_18', - 'switch-device-tag': 'test_value_19', - 'switch-id': 'test_value_20', - 'switch-profile': 'test_value_21', - 'type': 'virtual', - 'version': '23' - } - - set_method_mock.assert_called_with('switch-controller', 'managed-switch', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_managed_switch_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_managed_switch': {'delayed_restart_trigger': '3', - 'description': 'test_value_4', - 'directly_connected': '5', - 'dynamic_capability': '6', - 'dynamically_discovered': '7', - 'fsw_wan1_admin': 'discovered', - 'fsw_wan1_peer': 'test_value_9', - 'fsw_wan2_admin': 'discovered', - 'fsw_wan2_peer': 'test_value_11', - 'max_allowed_trunk_members': '12', - 'name': 'default_name_13', - 'owner_vdom': 'test_value_14', - 'poe_detection_type': '15', - 'poe_pre_standard_detection': 'enable', - 'pre_provisioned': '17', - 'staged_image_version': 'test_value_18', - 'switch_device_tag': 'test_value_19', - 'switch_id': 'test_value_20', - 'switch_profile': 'test_value_21', - 'type': 'virtual', - 'version': '23' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_managed_switch.fortios_switch_controller(input_data, fos_instance) - - expected_data = {'delayed-restart-trigger': '3', - 'description': 'test_value_4', - 'directly-connected': '5', - 'dynamic-capability': '6', - 'dynamically-discovered': '7', - 'fsw-wan1-admin': 'discovered', - 'fsw-wan1-peer': 'test_value_9', - 'fsw-wan2-admin': 'discovered', - 'fsw-wan2-peer': 'test_value_11', - 'max-allowed-trunk-members': '12', - 'name': 'default_name_13', - 'owner-vdom': 'test_value_14', - 'poe-detection-type': '15', - 'poe-pre-standard-detection': 'enable', - 'pre-provisioned': '17', - 'staged-image-version': 'test_value_18', - 'switch-device-tag': 'test_value_19', - 'switch-id': 'test_value_20', - 'switch-profile': 'test_value_21', - 'type': 'virtual', - 'version': '23' - } - - set_method_mock.assert_called_with('switch-controller', 'managed-switch', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_managed_switch_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'switch_controller_managed_switch': {'delayed_restart_trigger': '3', - 'description': 'test_value_4', - 'directly_connected': '5', - 'dynamic_capability': '6', - 'dynamically_discovered': '7', - 'fsw_wan1_admin': 'discovered', - 'fsw_wan1_peer': 'test_value_9', - 'fsw_wan2_admin': 'discovered', - 'fsw_wan2_peer': 'test_value_11', - 'max_allowed_trunk_members': '12', - 'name': 'default_name_13', - 'owner_vdom': 'test_value_14', - 'poe_detection_type': '15', - 'poe_pre_standard_detection': 'enable', - 'pre_provisioned': '17', - 'staged_image_version': 'test_value_18', - 'switch_device_tag': 'test_value_19', - 'switch_id': 'test_value_20', - 'switch_profile': 'test_value_21', - 'type': 'virtual', - 'version': '23' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_managed_switch.fortios_switch_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('switch-controller', 'managed-switch', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_managed_switch_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'switch_controller_managed_switch': {'delayed_restart_trigger': '3', - 'description': 'test_value_4', - 'directly_connected': '5', - 'dynamic_capability': '6', - 'dynamically_discovered': '7', - 'fsw_wan1_admin': 'discovered', - 'fsw_wan1_peer': 'test_value_9', - 'fsw_wan2_admin': 'discovered', - 'fsw_wan2_peer': 'test_value_11', - 'max_allowed_trunk_members': '12', - 'name': 'default_name_13', - 'owner_vdom': 'test_value_14', - 'poe_detection_type': '15', - 'poe_pre_standard_detection': 'enable', - 'pre_provisioned': '17', - 'staged_image_version': 'test_value_18', - 'switch_device_tag': 'test_value_19', - 'switch_id': 'test_value_20', - 'switch_profile': 'test_value_21', - 'type': 'virtual', - 'version': '23' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_managed_switch.fortios_switch_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('switch-controller', 'managed-switch', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_managed_switch_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_managed_switch': {'delayed_restart_trigger': '3', - 'description': 'test_value_4', - 'directly_connected': '5', - 'dynamic_capability': '6', - 'dynamically_discovered': '7', - 'fsw_wan1_admin': 'discovered', - 'fsw_wan1_peer': 'test_value_9', - 'fsw_wan2_admin': 'discovered', - 'fsw_wan2_peer': 'test_value_11', - 'max_allowed_trunk_members': '12', - 'name': 'default_name_13', - 'owner_vdom': 'test_value_14', - 'poe_detection_type': '15', - 'poe_pre_standard_detection': 'enable', - 'pre_provisioned': '17', - 'staged_image_version': 'test_value_18', - 'switch_device_tag': 'test_value_19', - 'switch_id': 'test_value_20', - 'switch_profile': 'test_value_21', - 'type': 'virtual', - 'version': '23' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_managed_switch.fortios_switch_controller(input_data, fos_instance) - - expected_data = {'delayed-restart-trigger': '3', - 'description': 'test_value_4', - 'directly-connected': '5', - 'dynamic-capability': '6', - 'dynamically-discovered': '7', - 'fsw-wan1-admin': 'discovered', - 'fsw-wan1-peer': 'test_value_9', - 'fsw-wan2-admin': 'discovered', - 'fsw-wan2-peer': 'test_value_11', - 'max-allowed-trunk-members': '12', - 'name': 'default_name_13', - 'owner-vdom': 'test_value_14', - 'poe-detection-type': '15', - 'poe-pre-standard-detection': 'enable', - 'pre-provisioned': '17', - 'staged-image-version': 'test_value_18', - 'switch-device-tag': 'test_value_19', - 'switch-id': 'test_value_20', - 'switch-profile': 'test_value_21', - 'type': 'virtual', - 'version': '23' - } - - set_method_mock.assert_called_with('switch-controller', 'managed-switch', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_switch_controller_managed_switch_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_managed_switch': { - 'random_attribute_not_valid': 'tag', 'delayed_restart_trigger': '3', - 'description': 'test_value_4', - 'directly_connected': '5', - 'dynamic_capability': '6', - 'dynamically_discovered': '7', - 'fsw_wan1_admin': 'discovered', - 'fsw_wan1_peer': 'test_value_9', - 'fsw_wan2_admin': 'discovered', - 'fsw_wan2_peer': 'test_value_11', - 'max_allowed_trunk_members': '12', - 'name': 'default_name_13', - 'owner_vdom': 'test_value_14', - 'poe_detection_type': '15', - 'poe_pre_standard_detection': 'enable', - 'pre_provisioned': '17', - 'staged_image_version': 'test_value_18', - 'switch_device_tag': 'test_value_19', - 'switch_id': 'test_value_20', - 'switch_profile': 'test_value_21', - 'type': 'virtual', - 'version': '23' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_managed_switch.fortios_switch_controller(input_data, fos_instance) - - expected_data = {'delayed-restart-trigger': '3', - 'description': 'test_value_4', - 'directly-connected': '5', - 'dynamic-capability': '6', - 'dynamically-discovered': '7', - 'fsw-wan1-admin': 'discovered', - 'fsw-wan1-peer': 'test_value_9', - 'fsw-wan2-admin': 'discovered', - 'fsw-wan2-peer': 'test_value_11', - 'max-allowed-trunk-members': '12', - 'name': 'default_name_13', - 'owner-vdom': 'test_value_14', - 'poe-detection-type': '15', - 'poe-pre-standard-detection': 'enable', - 'pre-provisioned': '17', - 'staged-image-version': 'test_value_18', - 'switch-device-tag': 'test_value_19', - 'switch-id': 'test_value_20', - 'switch-profile': 'test_value_21', - 'type': 'virtual', - 'version': '23' - } - - set_method_mock.assert_called_with('switch-controller', 'managed-switch', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_switch_controller_network_monitor_settings.py b/test/units/modules/network/fortios/test_fortios_switch_controller_network_monitor_settings.py deleted file mode 100644 index 50255f41c60..00000000000 --- a/test/units/modules/network/fortios/test_fortios_switch_controller_network_monitor_settings.py +++ /dev/null @@ -1,151 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_switch_controller_network_monitor_settings -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_switch_controller_network_monitor_settings.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_switch_controller_network_monitor_settings_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_network_monitor_settings': { - 'network_monitoring': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_network_monitor_settings.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'network-monitoring': 'enable' - } - - set_method_mock.assert_called_with('switch-controller', 'network-monitor-settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_network_monitor_settings_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_network_monitor_settings': { - 'network_monitoring': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_network_monitor_settings.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'network-monitoring': 'enable' - } - - set_method_mock.assert_called_with('switch-controller', 'network-monitor-settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_network_monitor_settings_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_network_monitor_settings': { - 'network_monitoring': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_network_monitor_settings.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'network-monitoring': 'enable' - } - - set_method_mock.assert_called_with('switch-controller', 'network-monitor-settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_switch_controller_network_monitor_settings_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_network_monitor_settings': { - 'random_attribute_not_valid': 'tag', - 'network_monitoring': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_network_monitor_settings.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'network-monitoring': 'enable' - } - - set_method_mock.assert_called_with('switch-controller', 'network-monitor-settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_switch_controller_qos_dot1p_map.py b/test/units/modules/network/fortios/test_fortios_switch_controller_qos_dot1p_map.py deleted file mode 100644 index 2af320b601b..00000000000 --- a/test/units/modules/network/fortios/test_fortios_switch_controller_qos_dot1p_map.py +++ /dev/null @@ -1,289 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_switch_controller_qos_dot1p_map -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_switch_controller_qos_dot1p_map.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_switch_controller_qos_dot1p_map_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_qos_dot1p_map': { - 'description': 'test_value_3', - 'name': 'default_name_4', - 'priority_0': 'queue-0', - 'priority_1': 'queue-0', - 'priority_2': 'queue-0', - 'priority_3': 'queue-0', - 'priority_4': 'queue-0', - 'priority_5': 'queue-0', - 'priority_6': 'queue-0', - 'priority_7': 'queue-0' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_qos_dot1p_map.fortios_switch_controller_qos(input_data, fos_instance) - - expected_data = { - 'description': 'test_value_3', - 'name': 'default_name_4', - 'priority-0': 'queue-0', - 'priority-1': 'queue-0', - 'priority-2': 'queue-0', - 'priority-3': 'queue-0', - 'priority-4': 'queue-0', - 'priority-5': 'queue-0', - 'priority-6': 'queue-0', - 'priority-7': 'queue-0' - } - - set_method_mock.assert_called_with('switch-controller.qos', 'dot1p-map', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_qos_dot1p_map_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_qos_dot1p_map': { - 'description': 'test_value_3', - 'name': 'default_name_4', - 'priority_0': 'queue-0', - 'priority_1': 'queue-0', - 'priority_2': 'queue-0', - 'priority_3': 'queue-0', - 'priority_4': 'queue-0', - 'priority_5': 'queue-0', - 'priority_6': 'queue-0', - 'priority_7': 'queue-0' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_qos_dot1p_map.fortios_switch_controller_qos(input_data, fos_instance) - - expected_data = { - 'description': 'test_value_3', - 'name': 'default_name_4', - 'priority-0': 'queue-0', - 'priority-1': 'queue-0', - 'priority-2': 'queue-0', - 'priority-3': 'queue-0', - 'priority-4': 'queue-0', - 'priority-5': 'queue-0', - 'priority-6': 'queue-0', - 'priority-7': 'queue-0' - } - - set_method_mock.assert_called_with('switch-controller.qos', 'dot1p-map', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_qos_dot1p_map_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'switch_controller_qos_dot1p_map': { - 'description': 'test_value_3', - 'name': 'default_name_4', - 'priority_0': 'queue-0', - 'priority_1': 'queue-0', - 'priority_2': 'queue-0', - 'priority_3': 'queue-0', - 'priority_4': 'queue-0', - 'priority_5': 'queue-0', - 'priority_6': 'queue-0', - 'priority_7': 'queue-0' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_qos_dot1p_map.fortios_switch_controller_qos(input_data, fos_instance) - - delete_method_mock.assert_called_with('switch-controller.qos', 'dot1p-map', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_qos_dot1p_map_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'switch_controller_qos_dot1p_map': { - 'description': 'test_value_3', - 'name': 'default_name_4', - 'priority_0': 'queue-0', - 'priority_1': 'queue-0', - 'priority_2': 'queue-0', - 'priority_3': 'queue-0', - 'priority_4': 'queue-0', - 'priority_5': 'queue-0', - 'priority_6': 'queue-0', - 'priority_7': 'queue-0' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_qos_dot1p_map.fortios_switch_controller_qos(input_data, fos_instance) - - delete_method_mock.assert_called_with('switch-controller.qos', 'dot1p-map', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_qos_dot1p_map_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_qos_dot1p_map': { - 'description': 'test_value_3', - 'name': 'default_name_4', - 'priority_0': 'queue-0', - 'priority_1': 'queue-0', - 'priority_2': 'queue-0', - 'priority_3': 'queue-0', - 'priority_4': 'queue-0', - 'priority_5': 'queue-0', - 'priority_6': 'queue-0', - 'priority_7': 'queue-0' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_qos_dot1p_map.fortios_switch_controller_qos(input_data, fos_instance) - - expected_data = { - 'description': 'test_value_3', - 'name': 'default_name_4', - 'priority-0': 'queue-0', - 'priority-1': 'queue-0', - 'priority-2': 'queue-0', - 'priority-3': 'queue-0', - 'priority-4': 'queue-0', - 'priority-5': 'queue-0', - 'priority-6': 'queue-0', - 'priority-7': 'queue-0' - } - - set_method_mock.assert_called_with('switch-controller.qos', 'dot1p-map', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_switch_controller_qos_dot1p_map_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_qos_dot1p_map': { - 'random_attribute_not_valid': 'tag', - 'description': 'test_value_3', - 'name': 'default_name_4', - 'priority_0': 'queue-0', - 'priority_1': 'queue-0', - 'priority_2': 'queue-0', - 'priority_3': 'queue-0', - 'priority_4': 'queue-0', - 'priority_5': 'queue-0', - 'priority_6': 'queue-0', - 'priority_7': 'queue-0' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_qos_dot1p_map.fortios_switch_controller_qos(input_data, fos_instance) - - expected_data = { - 'description': 'test_value_3', - 'name': 'default_name_4', - 'priority-0': 'queue-0', - 'priority-1': 'queue-0', - 'priority-2': 'queue-0', - 'priority-3': 'queue-0', - 'priority-4': 'queue-0', - 'priority-5': 'queue-0', - 'priority-6': 'queue-0', - 'priority-7': 'queue-0' - } - - set_method_mock.assert_called_with('switch-controller.qos', 'dot1p-map', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_switch_controller_qos_ip_dscp_map.py b/test/units/modules/network/fortios/test_fortios_switch_controller_qos_ip_dscp_map.py deleted file mode 100644 index cf703cfb7f0..00000000000 --- a/test/units/modules/network/fortios/test_fortios_switch_controller_qos_ip_dscp_map.py +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_switch_controller_qos_ip_dscp_map -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_switch_controller_qos_ip_dscp_map.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_switch_controller_qos_ip_dscp_map_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_qos_ip_dscp_map': { - 'description': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_qos_ip_dscp_map.fortios_switch_controller_qos(input_data, fos_instance) - - expected_data = { - 'description': 'test_value_3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('switch-controller.qos', 'ip-dscp-map', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_qos_ip_dscp_map_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_qos_ip_dscp_map': { - 'description': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_qos_ip_dscp_map.fortios_switch_controller_qos(input_data, fos_instance) - - expected_data = { - 'description': 'test_value_3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('switch-controller.qos', 'ip-dscp-map', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_qos_ip_dscp_map_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'switch_controller_qos_ip_dscp_map': { - 'description': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_qos_ip_dscp_map.fortios_switch_controller_qos(input_data, fos_instance) - - delete_method_mock.assert_called_with('switch-controller.qos', 'ip-dscp-map', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_qos_ip_dscp_map_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'switch_controller_qos_ip_dscp_map': { - 'description': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_qos_ip_dscp_map.fortios_switch_controller_qos(input_data, fos_instance) - - delete_method_mock.assert_called_with('switch-controller.qos', 'ip-dscp-map', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_qos_ip_dscp_map_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_qos_ip_dscp_map': { - 'description': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_qos_ip_dscp_map.fortios_switch_controller_qos(input_data, fos_instance) - - expected_data = { - 'description': 'test_value_3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('switch-controller.qos', 'ip-dscp-map', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_switch_controller_qos_ip_dscp_map_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_qos_ip_dscp_map': { - 'random_attribute_not_valid': 'tag', - 'description': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_qos_ip_dscp_map.fortios_switch_controller_qos(input_data, fos_instance) - - expected_data = { - 'description': 'test_value_3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('switch-controller.qos', 'ip-dscp-map', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_switch_controller_qos_qos_policy.py b/test/units/modules/network/fortios/test_fortios_switch_controller_qos_qos_policy.py deleted file mode 100644 index 9dd17f28472..00000000000 --- a/test/units/modules/network/fortios/test_fortios_switch_controller_qos_qos_policy.py +++ /dev/null @@ -1,239 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_switch_controller_qos_qos_policy -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_switch_controller_qos_qos_policy.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_switch_controller_qos_qos_policy_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_qos_qos_policy': { - 'default_cos': '3', - 'name': 'default_name_4', - 'queue_policy': 'test_value_5', - 'trust_dot1p_map': 'test_value_6', - 'trust_ip_dscp_map': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_qos_qos_policy.fortios_switch_controller_qos(input_data, fos_instance) - - expected_data = { - 'default-cos': '3', - 'name': 'default_name_4', - 'queue-policy': 'test_value_5', - 'trust-dot1p-map': 'test_value_6', - 'trust-ip-dscp-map': 'test_value_7' - } - - set_method_mock.assert_called_with('switch-controller.qos', 'qos-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_qos_qos_policy_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_qos_qos_policy': { - 'default_cos': '3', - 'name': 'default_name_4', - 'queue_policy': 'test_value_5', - 'trust_dot1p_map': 'test_value_6', - 'trust_ip_dscp_map': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_qos_qos_policy.fortios_switch_controller_qos(input_data, fos_instance) - - expected_data = { - 'default-cos': '3', - 'name': 'default_name_4', - 'queue-policy': 'test_value_5', - 'trust-dot1p-map': 'test_value_6', - 'trust-ip-dscp-map': 'test_value_7' - } - - set_method_mock.assert_called_with('switch-controller.qos', 'qos-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_qos_qos_policy_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'switch_controller_qos_qos_policy': { - 'default_cos': '3', - 'name': 'default_name_4', - 'queue_policy': 'test_value_5', - 'trust_dot1p_map': 'test_value_6', - 'trust_ip_dscp_map': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_qos_qos_policy.fortios_switch_controller_qos(input_data, fos_instance) - - delete_method_mock.assert_called_with('switch-controller.qos', 'qos-policy', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_qos_qos_policy_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'switch_controller_qos_qos_policy': { - 'default_cos': '3', - 'name': 'default_name_4', - 'queue_policy': 'test_value_5', - 'trust_dot1p_map': 'test_value_6', - 'trust_ip_dscp_map': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_qos_qos_policy.fortios_switch_controller_qos(input_data, fos_instance) - - delete_method_mock.assert_called_with('switch-controller.qos', 'qos-policy', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_qos_qos_policy_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_qos_qos_policy': { - 'default_cos': '3', - 'name': 'default_name_4', - 'queue_policy': 'test_value_5', - 'trust_dot1p_map': 'test_value_6', - 'trust_ip_dscp_map': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_qos_qos_policy.fortios_switch_controller_qos(input_data, fos_instance) - - expected_data = { - 'default-cos': '3', - 'name': 'default_name_4', - 'queue-policy': 'test_value_5', - 'trust-dot1p-map': 'test_value_6', - 'trust-ip-dscp-map': 'test_value_7' - } - - set_method_mock.assert_called_with('switch-controller.qos', 'qos-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_switch_controller_qos_qos_policy_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_qos_qos_policy': { - 'random_attribute_not_valid': 'tag', - 'default_cos': '3', - 'name': 'default_name_4', - 'queue_policy': 'test_value_5', - 'trust_dot1p_map': 'test_value_6', - 'trust_ip_dscp_map': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_qos_qos_policy.fortios_switch_controller_qos(input_data, fos_instance) - - expected_data = { - 'default-cos': '3', - 'name': 'default_name_4', - 'queue-policy': 'test_value_5', - 'trust-dot1p-map': 'test_value_6', - 'trust-ip-dscp-map': 'test_value_7' - } - - set_method_mock.assert_called_with('switch-controller.qos', 'qos-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_switch_controller_qos_queue_policy.py b/test/units/modules/network/fortios/test_fortios_switch_controller_qos_queue_policy.py deleted file mode 100644 index 4d202396449..00000000000 --- a/test/units/modules/network/fortios/test_fortios_switch_controller_qos_queue_policy.py +++ /dev/null @@ -1,199 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_switch_controller_qos_queue_policy -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_switch_controller_qos_queue_policy.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_switch_controller_qos_queue_policy_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_qos_queue_policy': {'name': 'default_name_3', - 'schedule': 'strict' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_qos_queue_policy.fortios_switch_controller_qos(input_data, fos_instance) - - expected_data = {'name': 'default_name_3', - 'schedule': 'strict' - } - - set_method_mock.assert_called_with('switch-controller.qos', 'queue-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_qos_queue_policy_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_qos_queue_policy': {'name': 'default_name_3', - 'schedule': 'strict' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_qos_queue_policy.fortios_switch_controller_qos(input_data, fos_instance) - - expected_data = {'name': 'default_name_3', - 'schedule': 'strict' - } - - set_method_mock.assert_called_with('switch-controller.qos', 'queue-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_qos_queue_policy_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'switch_controller_qos_queue_policy': {'name': 'default_name_3', - 'schedule': 'strict' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_qos_queue_policy.fortios_switch_controller_qos(input_data, fos_instance) - - delete_method_mock.assert_called_with('switch-controller.qos', 'queue-policy', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_qos_queue_policy_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'switch_controller_qos_queue_policy': {'name': 'default_name_3', - 'schedule': 'strict' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_qos_queue_policy.fortios_switch_controller_qos(input_data, fos_instance) - - delete_method_mock.assert_called_with('switch-controller.qos', 'queue-policy', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_qos_queue_policy_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_qos_queue_policy': {'name': 'default_name_3', - 'schedule': 'strict' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_qos_queue_policy.fortios_switch_controller_qos(input_data, fos_instance) - - expected_data = {'name': 'default_name_3', - 'schedule': 'strict' - } - - set_method_mock.assert_called_with('switch-controller.qos', 'queue-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_switch_controller_qos_queue_policy_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_qos_queue_policy': { - 'random_attribute_not_valid': 'tag', 'name': 'default_name_3', - 'schedule': 'strict' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_qos_queue_policy.fortios_switch_controller_qos(input_data, fos_instance) - - expected_data = {'name': 'default_name_3', - 'schedule': 'strict' - } - - set_method_mock.assert_called_with('switch-controller.qos', 'queue-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_switch_controller_quarantine.py b/test/units/modules/network/fortios/test_fortios_switch_controller_quarantine.py deleted file mode 100644 index c40bcec36c9..00000000000 --- a/test/units/modules/network/fortios/test_fortios_switch_controller_quarantine.py +++ /dev/null @@ -1,159 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_switch_controller_quarantine -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_switch_controller_quarantine.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_switch_controller_quarantine_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_quarantine': { - 'quarantine': 'enable', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_quarantine.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'quarantine': 'enable', - - } - - set_method_mock.assert_called_with('switch-controller', 'quarantine', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_quarantine_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_quarantine': { - 'quarantine': 'enable', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_quarantine.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'quarantine': 'enable', - - } - - set_method_mock.assert_called_with('switch-controller', 'quarantine', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_quarantine_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_quarantine': { - 'quarantine': 'enable', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_quarantine.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'quarantine': 'enable', - - } - - set_method_mock.assert_called_with('switch-controller', 'quarantine', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_switch_controller_quarantine_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_quarantine': { - 'random_attribute_not_valid': 'tag', - 'quarantine': 'enable', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_quarantine.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'quarantine': 'enable', - - } - - set_method_mock.assert_called_with('switch-controller', 'quarantine', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_switch_controller_security_policy_802_1X.py b/test/units/modules/network/fortios/test_fortios_switch_controller_security_policy_802_1X.py deleted file mode 100644 index a2c91c49c47..00000000000 --- a/test/units/modules/network/fortios/test_fortios_switch_controller_security_policy_802_1X.py +++ /dev/null @@ -1,339 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_switch_controller_security_policy_802_1X -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_switch_controller_security_policy_802_1X.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_switch_controller_security_policy_802_1X_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_security_policy_802_1X': { - 'auth_fail_vlan': 'disable', - 'auth_fail_vlan_id': 'test_value_4', - 'auth_fail_vlanid': '5', - 'eap_passthru': 'disable', - 'guest_auth_delay': '7', - 'guest_vlan': 'disable', - 'guest_vlan_id': 'test_value_9', - 'guest_vlanid': '10', - 'mac_auth_bypass': 'disable', - 'name': 'default_name_12', - 'open_auth': 'disable', - 'policy_type': '802.1X', - 'radius_timeout_overwrite': 'disable', - 'security_mode': '802.1X', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_security_policy_802_1X.fortios_switch_controller_security_policy(input_data, fos_instance) - - expected_data = { - 'auth-fail-vlan': 'disable', - 'auth-fail-vlan-id': 'test_value_4', - 'auth-fail-vlanid': '5', - 'eap-passthru': 'disable', - 'guest-auth-delay': '7', - 'guest-vlan': 'disable', - 'guest-vlan-id': 'test_value_9', - 'guest-vlanid': '10', - 'mac-auth-bypass': 'disable', - 'name': 'default_name_12', - 'open-auth': 'disable', - 'policy-type': '802.1X', - 'radius-timeout-overwrite': 'disable', - 'security-mode': '802.1X', - - } - - set_method_mock.assert_called_with('switch-controller.security-policy', '802-1X', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_security_policy_802_1X_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_security_policy_802_1X': { - 'auth_fail_vlan': 'disable', - 'auth_fail_vlan_id': 'test_value_4', - 'auth_fail_vlanid': '5', - 'eap_passthru': 'disable', - 'guest_auth_delay': '7', - 'guest_vlan': 'disable', - 'guest_vlan_id': 'test_value_9', - 'guest_vlanid': '10', - 'mac_auth_bypass': 'disable', - 'name': 'default_name_12', - 'open_auth': 'disable', - 'policy_type': '802.1X', - 'radius_timeout_overwrite': 'disable', - 'security_mode': '802.1X', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_security_policy_802_1X.fortios_switch_controller_security_policy(input_data, fos_instance) - - expected_data = { - 'auth-fail-vlan': 'disable', - 'auth-fail-vlan-id': 'test_value_4', - 'auth-fail-vlanid': '5', - 'eap-passthru': 'disable', - 'guest-auth-delay': '7', - 'guest-vlan': 'disable', - 'guest-vlan-id': 'test_value_9', - 'guest-vlanid': '10', - 'mac-auth-bypass': 'disable', - 'name': 'default_name_12', - 'open-auth': 'disable', - 'policy-type': '802.1X', - 'radius-timeout-overwrite': 'disable', - 'security-mode': '802.1X', - - } - - set_method_mock.assert_called_with('switch-controller.security-policy', '802-1X', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_security_policy_802_1X_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'switch_controller_security_policy_802_1X': { - 'auth_fail_vlan': 'disable', - 'auth_fail_vlan_id': 'test_value_4', - 'auth_fail_vlanid': '5', - 'eap_passthru': 'disable', - 'guest_auth_delay': '7', - 'guest_vlan': 'disable', - 'guest_vlan_id': 'test_value_9', - 'guest_vlanid': '10', - 'mac_auth_bypass': 'disable', - 'name': 'default_name_12', - 'open_auth': 'disable', - 'policy_type': '802.1X', - 'radius_timeout_overwrite': 'disable', - 'security_mode': '802.1X', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_security_policy_802_1X.fortios_switch_controller_security_policy(input_data, fos_instance) - - delete_method_mock.assert_called_with('switch-controller.security-policy', '802-1X', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_security_policy_802_1X_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'switch_controller_security_policy_802_1X': { - 'auth_fail_vlan': 'disable', - 'auth_fail_vlan_id': 'test_value_4', - 'auth_fail_vlanid': '5', - 'eap_passthru': 'disable', - 'guest_auth_delay': '7', - 'guest_vlan': 'disable', - 'guest_vlan_id': 'test_value_9', - 'guest_vlanid': '10', - 'mac_auth_bypass': 'disable', - 'name': 'default_name_12', - 'open_auth': 'disable', - 'policy_type': '802.1X', - 'radius_timeout_overwrite': 'disable', - 'security_mode': '802.1X', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_security_policy_802_1X.fortios_switch_controller_security_policy(input_data, fos_instance) - - delete_method_mock.assert_called_with('switch-controller.security-policy', '802-1X', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_security_policy_802_1X_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_security_policy_802_1X': { - 'auth_fail_vlan': 'disable', - 'auth_fail_vlan_id': 'test_value_4', - 'auth_fail_vlanid': '5', - 'eap_passthru': 'disable', - 'guest_auth_delay': '7', - 'guest_vlan': 'disable', - 'guest_vlan_id': 'test_value_9', - 'guest_vlanid': '10', - 'mac_auth_bypass': 'disable', - 'name': 'default_name_12', - 'open_auth': 'disable', - 'policy_type': '802.1X', - 'radius_timeout_overwrite': 'disable', - 'security_mode': '802.1X', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_security_policy_802_1X.fortios_switch_controller_security_policy(input_data, fos_instance) - - expected_data = { - 'auth-fail-vlan': 'disable', - 'auth-fail-vlan-id': 'test_value_4', - 'auth-fail-vlanid': '5', - 'eap-passthru': 'disable', - 'guest-auth-delay': '7', - 'guest-vlan': 'disable', - 'guest-vlan-id': 'test_value_9', - 'guest-vlanid': '10', - 'mac-auth-bypass': 'disable', - 'name': 'default_name_12', - 'open-auth': 'disable', - 'policy-type': '802.1X', - 'radius-timeout-overwrite': 'disable', - 'security-mode': '802.1X', - - } - - set_method_mock.assert_called_with('switch-controller.security-policy', '802-1X', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_switch_controller_security_policy_802_1X_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_security_policy_802_1X': { - 'random_attribute_not_valid': 'tag', - 'auth_fail_vlan': 'disable', - 'auth_fail_vlan_id': 'test_value_4', - 'auth_fail_vlanid': '5', - 'eap_passthru': 'disable', - 'guest_auth_delay': '7', - 'guest_vlan': 'disable', - 'guest_vlan_id': 'test_value_9', - 'guest_vlanid': '10', - 'mac_auth_bypass': 'disable', - 'name': 'default_name_12', - 'open_auth': 'disable', - 'policy_type': '802.1X', - 'radius_timeout_overwrite': 'disable', - 'security_mode': '802.1X', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_security_policy_802_1X.fortios_switch_controller_security_policy(input_data, fos_instance) - - expected_data = { - 'auth-fail-vlan': 'disable', - 'auth-fail-vlan-id': 'test_value_4', - 'auth-fail-vlanid': '5', - 'eap-passthru': 'disable', - 'guest-auth-delay': '7', - 'guest-vlan': 'disable', - 'guest-vlan-id': 'test_value_9', - 'guest-vlanid': '10', - 'mac-auth-bypass': 'disable', - 'name': 'default_name_12', - 'open-auth': 'disable', - 'policy-type': '802.1X', - 'radius-timeout-overwrite': 'disable', - 'security-mode': '802.1X', - - } - - set_method_mock.assert_called_with('switch-controller.security-policy', '802-1X', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_switch_controller_security_policy_captive_portal.py b/test/units/modules/network/fortios/test_fortios_switch_controller_security_policy_captive_portal.py deleted file mode 100644 index e1ff4606247..00000000000 --- a/test/units/modules/network/fortios/test_fortios_switch_controller_security_policy_captive_portal.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_switch_controller_security_policy_captive_portal -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_switch_controller_security_policy_captive_portal.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_switch_controller_security_policy_captive_portal_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_security_policy_captive_portal': { - 'name': 'default_name_3', - 'policy_type': 'captive-portal', - 'vlan': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_security_policy_captive_portal.fortios_switch_controller_security_policy(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'policy-type': 'captive-portal', - 'vlan': 'test_value_5' - } - - set_method_mock.assert_called_with('switch-controller.security-policy', 'captive-portal', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_security_policy_captive_portal_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_security_policy_captive_portal': { - 'name': 'default_name_3', - 'policy_type': 'captive-portal', - 'vlan': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_security_policy_captive_portal.fortios_switch_controller_security_policy(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'policy-type': 'captive-portal', - 'vlan': 'test_value_5' - } - - set_method_mock.assert_called_with('switch-controller.security-policy', 'captive-portal', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_security_policy_captive_portal_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'switch_controller_security_policy_captive_portal': { - 'name': 'default_name_3', - 'policy_type': 'captive-portal', - 'vlan': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_security_policy_captive_portal.fortios_switch_controller_security_policy(input_data, fos_instance) - - delete_method_mock.assert_called_with('switch-controller.security-policy', 'captive-portal', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_security_policy_captive_portal_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'switch_controller_security_policy_captive_portal': { - 'name': 'default_name_3', - 'policy_type': 'captive-portal', - 'vlan': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_security_policy_captive_portal.fortios_switch_controller_security_policy(input_data, fos_instance) - - delete_method_mock.assert_called_with('switch-controller.security-policy', 'captive-portal', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_security_policy_captive_portal_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_security_policy_captive_portal': { - 'name': 'default_name_3', - 'policy_type': 'captive-portal', - 'vlan': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_security_policy_captive_portal.fortios_switch_controller_security_policy(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'policy-type': 'captive-portal', - 'vlan': 'test_value_5' - } - - set_method_mock.assert_called_with('switch-controller.security-policy', 'captive-portal', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_switch_controller_security_policy_captive_portal_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_security_policy_captive_portal': { - 'random_attribute_not_valid': 'tag', - 'name': 'default_name_3', - 'policy_type': 'captive-portal', - 'vlan': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_security_policy_captive_portal.fortios_switch_controller_security_policy(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'policy-type': 'captive-portal', - 'vlan': 'test_value_5' - } - - set_method_mock.assert_called_with('switch-controller.security-policy', 'captive-portal', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_switch_controller_sflow.py b/test/units/modules/network/fortios/test_fortios_switch_controller_sflow.py deleted file mode 100644 index 85b1edb4c8b..00000000000 --- a/test/units/modules/network/fortios/test_fortios_switch_controller_sflow.py +++ /dev/null @@ -1,159 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_switch_controller_sflow -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_switch_controller_sflow.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_switch_controller_sflow_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_sflow': { - 'collector_ip': 'test_value_3', - 'collector_port': '4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_sflow.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'collector-ip': 'test_value_3', - 'collector-port': '4' - } - - set_method_mock.assert_called_with('switch-controller', 'sflow', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_sflow_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_sflow': { - 'collector_ip': 'test_value_3', - 'collector_port': '4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_sflow.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'collector-ip': 'test_value_3', - 'collector-port': '4' - } - - set_method_mock.assert_called_with('switch-controller', 'sflow', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_sflow_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_sflow': { - 'collector_ip': 'test_value_3', - 'collector_port': '4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_sflow.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'collector-ip': 'test_value_3', - 'collector-port': '4' - } - - set_method_mock.assert_called_with('switch-controller', 'sflow', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_switch_controller_sflow_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_sflow': { - 'random_attribute_not_valid': 'tag', - 'collector_ip': 'test_value_3', - 'collector_port': '4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_sflow.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'collector-ip': 'test_value_3', - 'collector-port': '4' - } - - set_method_mock.assert_called_with('switch-controller', 'sflow', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_switch_controller_storm_control.py b/test/units/modules/network/fortios/test_fortios_switch_controller_storm_control.py deleted file mode 100644 index 76d92c9dcb0..00000000000 --- a/test/units/modules/network/fortios/test_fortios_switch_controller_storm_control.py +++ /dev/null @@ -1,175 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_switch_controller_storm_control -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_switch_controller_storm_control.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_switch_controller_storm_control_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_storm_control': { - 'broadcast': 'enable', - 'rate': '4', - 'unknown_multicast': 'enable', - 'unknown_unicast': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_storm_control.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'broadcast': 'enable', - 'rate': '4', - 'unknown-multicast': 'enable', - 'unknown-unicast': 'enable' - } - - set_method_mock.assert_called_with('switch-controller', 'storm-control', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_storm_control_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_storm_control': { - 'broadcast': 'enable', - 'rate': '4', - 'unknown_multicast': 'enable', - 'unknown_unicast': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_storm_control.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'broadcast': 'enable', - 'rate': '4', - 'unknown-multicast': 'enable', - 'unknown-unicast': 'enable' - } - - set_method_mock.assert_called_with('switch-controller', 'storm-control', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_storm_control_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_storm_control': { - 'broadcast': 'enable', - 'rate': '4', - 'unknown_multicast': 'enable', - 'unknown_unicast': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_storm_control.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'broadcast': 'enable', - 'rate': '4', - 'unknown-multicast': 'enable', - 'unknown-unicast': 'enable' - } - - set_method_mock.assert_called_with('switch-controller', 'storm-control', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_switch_controller_storm_control_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_storm_control': { - 'random_attribute_not_valid': 'tag', - 'broadcast': 'enable', - 'rate': '4', - 'unknown_multicast': 'enable', - 'unknown_unicast': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_storm_control.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'broadcast': 'enable', - 'rate': '4', - 'unknown-multicast': 'enable', - 'unknown-unicast': 'enable' - } - - set_method_mock.assert_called_with('switch-controller', 'storm-control', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_switch_controller_stp_settings.py b/test/units/modules/network/fortios/test_fortios_switch_controller_stp_settings.py deleted file mode 100644 index 9b2a28c609e..00000000000 --- a/test/units/modules/network/fortios/test_fortios_switch_controller_stp_settings.py +++ /dev/null @@ -1,207 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_switch_controller_stp_settings -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_switch_controller_stp_settings.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_switch_controller_stp_settings_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_stp_settings': { - 'forward_time': '3', - 'hello_time': '4', - 'max_age': '5', - 'max_hops': '6', - 'name': 'default_name_7', - 'pending_timer': '8', - 'revision': '9', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_stp_settings.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'forward-time': '3', - 'hello-time': '4', - 'max-age': '5', - 'max-hops': '6', - 'name': 'default_name_7', - 'pending-timer': '8', - 'revision': '9', - 'status': 'enable' - } - - set_method_mock.assert_called_with('switch-controller', 'stp-settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_stp_settings_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_stp_settings': { - 'forward_time': '3', - 'hello_time': '4', - 'max_age': '5', - 'max_hops': '6', - 'name': 'default_name_7', - 'pending_timer': '8', - 'revision': '9', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_stp_settings.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'forward-time': '3', - 'hello-time': '4', - 'max-age': '5', - 'max-hops': '6', - 'name': 'default_name_7', - 'pending-timer': '8', - 'revision': '9', - 'status': 'enable' - } - - set_method_mock.assert_called_with('switch-controller', 'stp-settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_stp_settings_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_stp_settings': { - 'forward_time': '3', - 'hello_time': '4', - 'max_age': '5', - 'max_hops': '6', - 'name': 'default_name_7', - 'pending_timer': '8', - 'revision': '9', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_stp_settings.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'forward-time': '3', - 'hello-time': '4', - 'max-age': '5', - 'max-hops': '6', - 'name': 'default_name_7', - 'pending-timer': '8', - 'revision': '9', - 'status': 'enable' - } - - set_method_mock.assert_called_with('switch-controller', 'stp-settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_switch_controller_stp_settings_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_stp_settings': { - 'random_attribute_not_valid': 'tag', - 'forward_time': '3', - 'hello_time': '4', - 'max_age': '5', - 'max_hops': '6', - 'name': 'default_name_7', - 'pending_timer': '8', - 'revision': '9', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_stp_settings.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'forward-time': '3', - 'hello-time': '4', - 'max-age': '5', - 'max-hops': '6', - 'name': 'default_name_7', - 'pending-timer': '8', - 'revision': '9', - 'status': 'enable' - } - - set_method_mock.assert_called_with('switch-controller', 'stp-settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_switch_controller_switch_group.py b/test/units/modules/network/fortios/test_fortios_switch_controller_switch_group.py deleted file mode 100644 index 226d71cefa0..00000000000 --- a/test/units/modules/network/fortios/test_fortios_switch_controller_switch_group.py +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_switch_controller_switch_group -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_switch_controller_switch_group.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_switch_controller_switch_group_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_switch_group': { - 'description': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_switch_group.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'description': 'test_value_3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('switch-controller', 'switch-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_switch_group_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_switch_group': { - 'description': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_switch_group.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'description': 'test_value_3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('switch-controller', 'switch-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_switch_group_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'switch_controller_switch_group': { - 'description': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_switch_group.fortios_switch_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('switch-controller', 'switch-group', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_switch_group_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'switch_controller_switch_group': { - 'description': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_switch_group.fortios_switch_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('switch-controller', 'switch-group', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_switch_group_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_switch_group': { - 'description': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_switch_group.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'description': 'test_value_3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('switch-controller', 'switch-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_switch_controller_switch_group_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_switch_group': { - 'random_attribute_not_valid': 'tag', - 'description': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_switch_group.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'description': 'test_value_3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('switch-controller', 'switch-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_switch_controller_switch_interface_tag.py b/test/units/modules/network/fortios/test_fortios_switch_controller_switch_interface_tag.py deleted file mode 100644 index 1a234ad9a04..00000000000 --- a/test/units/modules/network/fortios/test_fortios_switch_controller_switch_interface_tag.py +++ /dev/null @@ -1,199 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_switch_controller_switch_interface_tag -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_switch_controller_switch_interface_tag.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_switch_controller_switch_interface_tag_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_switch_interface_tag': { - 'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_switch_interface_tag.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3' - } - - set_method_mock.assert_called_with('switch-controller', 'switch-interface-tag', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_switch_interface_tag_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_switch_interface_tag': { - 'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_switch_interface_tag.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3' - } - - set_method_mock.assert_called_with('switch-controller', 'switch-interface-tag', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_switch_interface_tag_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'switch_controller_switch_interface_tag': { - 'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_switch_interface_tag.fortios_switch_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('switch-controller', 'switch-interface-tag', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_switch_interface_tag_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'switch_controller_switch_interface_tag': { - 'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_switch_interface_tag.fortios_switch_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('switch-controller', 'switch-interface-tag', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_switch_interface_tag_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_switch_interface_tag': { - 'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_switch_interface_tag.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3' - } - - set_method_mock.assert_called_with('switch-controller', 'switch-interface-tag', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_switch_controller_switch_interface_tag_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_switch_interface_tag': { - 'random_attribute_not_valid': 'tag', - 'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_switch_interface_tag.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3' - } - - set_method_mock.assert_called_with('switch-controller', 'switch-interface-tag', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_switch_controller_switch_log.py b/test/units/modules/network/fortios/test_fortios_switch_controller_switch_log.py deleted file mode 100644 index 543fa0a9d7e..00000000000 --- a/test/units/modules/network/fortios/test_fortios_switch_controller_switch_log.py +++ /dev/null @@ -1,159 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_switch_controller_switch_log -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_switch_controller_switch_log.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_switch_controller_switch_log_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_switch_log': { - 'severity': 'emergency', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_switch_log.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'severity': 'emergency', - 'status': 'enable' - } - - set_method_mock.assert_called_with('switch-controller', 'switch-log', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_switch_log_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_switch_log': { - 'severity': 'emergency', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_switch_log.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'severity': 'emergency', - 'status': 'enable' - } - - set_method_mock.assert_called_with('switch-controller', 'switch-log', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_switch_log_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_switch_log': { - 'severity': 'emergency', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_switch_log.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'severity': 'emergency', - 'status': 'enable' - } - - set_method_mock.assert_called_with('switch-controller', 'switch-log', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_switch_controller_switch_log_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_switch_log': { - 'random_attribute_not_valid': 'tag', - 'severity': 'emergency', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_switch_log.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'severity': 'emergency', - 'status': 'enable' - } - - set_method_mock.assert_called_with('switch-controller', 'switch-log', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_switch_controller_switch_profile.py b/test/units/modules/network/fortios/test_fortios_switch_controller_switch_profile.py deleted file mode 100644 index 5704b55d66c..00000000000 --- a/test/units/modules/network/fortios/test_fortios_switch_controller_switch_profile.py +++ /dev/null @@ -1,217 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_switch_controller_switch_profile -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_switch_controller_switch_profile.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_switch_controller_switch_profile_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_switch_profile': { - 'login_passwd': 'test_value_3', - 'login_passwd_override': 'enable', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_switch_profile.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'login-passwd': 'test_value_3', - 'login-passwd-override': 'enable', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('switch-controller', 'switch-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_switch_profile_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_switch_profile': { - 'login_passwd': 'test_value_3', - 'login_passwd_override': 'enable', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_switch_profile.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'login-passwd': 'test_value_3', - 'login-passwd-override': 'enable', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('switch-controller', 'switch-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_switch_profile_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'switch_controller_switch_profile': { - 'login_passwd': 'test_value_3', - 'login_passwd_override': 'enable', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_switch_profile.fortios_switch_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('switch-controller', 'switch-profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_switch_profile_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'switch_controller_switch_profile': { - 'login_passwd': 'test_value_3', - 'login_passwd_override': 'enable', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_switch_profile.fortios_switch_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('switch-controller', 'switch-profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_switch_profile_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_switch_profile': { - 'login_passwd': 'test_value_3', - 'login_passwd_override': 'enable', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_switch_profile.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'login-passwd': 'test_value_3', - 'login-passwd-override': 'enable', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('switch-controller', 'switch-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_switch_controller_switch_profile_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_switch_profile': { - 'random_attribute_not_valid': 'tag', - 'login_passwd': 'test_value_3', - 'login_passwd_override': 'enable', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_switch_profile.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'login-passwd': 'test_value_3', - 'login-passwd-override': 'enable', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('switch-controller', 'switch-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_switch_controller_system.py b/test/units/modules/network/fortios/test_fortios_switch_controller_system.py deleted file mode 100644 index 2f14a259f52..00000000000 --- a/test/units/modules/network/fortios/test_fortios_switch_controller_system.py +++ /dev/null @@ -1,159 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_switch_controller_system -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_switch_controller_system.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_switch_controller_system_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_system': { - 'parallel_process': '3', - 'parallel_process_override': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_system.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'parallel-process': '3', - 'parallel-process-override': 'disable' - } - - set_method_mock.assert_called_with('switch-controller', 'system', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_system_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_system': { - 'parallel_process': '3', - 'parallel_process_override': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_system.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'parallel-process': '3', - 'parallel-process-override': 'disable' - } - - set_method_mock.assert_called_with('switch-controller', 'system', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_system_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_system': { - 'parallel_process': '3', - 'parallel_process_override': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_system.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'parallel-process': '3', - 'parallel-process-override': 'disable' - } - - set_method_mock.assert_called_with('switch-controller', 'system', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_switch_controller_system_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_system': { - 'random_attribute_not_valid': 'tag', - 'parallel_process': '3', - 'parallel_process_override': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_system.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'parallel-process': '3', - 'parallel-process-override': 'disable' - } - - set_method_mock.assert_called_with('switch-controller', 'system', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_switch_controller_virtual_port_pool.py b/test/units/modules/network/fortios/test_fortios_switch_controller_virtual_port_pool.py deleted file mode 100644 index 175c27aa180..00000000000 --- a/test/units/modules/network/fortios/test_fortios_switch_controller_virtual_port_pool.py +++ /dev/null @@ -1,207 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_switch_controller_virtual_port_pool -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_switch_controller_virtual_port_pool.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_switch_controller_virtual_port_pool_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_virtual_port_pool': { - 'description': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_virtual_port_pool.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'description': 'test_value_3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('switch-controller', 'virtual-port-pool', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_virtual_port_pool_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_virtual_port_pool': { - 'description': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_virtual_port_pool.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'description': 'test_value_3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('switch-controller', 'virtual-port-pool', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_virtual_port_pool_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'switch_controller_virtual_port_pool': { - 'description': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_virtual_port_pool.fortios_switch_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('switch-controller', 'virtual-port-pool', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_virtual_port_pool_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'switch_controller_virtual_port_pool': { - 'description': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_virtual_port_pool.fortios_switch_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('switch-controller', 'virtual-port-pool', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_virtual_port_pool_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_virtual_port_pool': { - 'description': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_virtual_port_pool.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'description': 'test_value_3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('switch-controller', 'virtual-port-pool', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_switch_controller_virtual_port_pool_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_virtual_port_pool': { - 'random_attribute_not_valid': 'tag', - 'description': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_virtual_port_pool.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'description': 'test_value_3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('switch-controller', 'virtual-port-pool', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_switch_controller_vlan.py b/test/units/modules/network/fortios/test_fortios_switch_controller_vlan.py deleted file mode 100644 index 695e15a1010..00000000000 --- a/test/units/modules/network/fortios/test_fortios_switch_controller_vlan.py +++ /dev/null @@ -1,287 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_switch_controller_vlan -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_switch_controller_vlan.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_switch_controller_vlan_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_vlan': { - 'auth': 'radius', - 'color': '4', - 'comments': 'test_value_5', - 'name': 'default_name_6', - 'portal_message_override_group': 'test_value_7', - 'radius_server': 'test_value_8', - 'security': 'open', - 'usergroup': 'test_value_10', - 'vdom': 'test_value_11', - 'vlanid': '12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_vlan.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'auth': 'radius', - 'color': '4', - 'comments': 'test_value_5', - 'name': 'default_name_6', - 'portal-message-override-group': 'test_value_7', - 'radius-server': 'test_value_8', - 'security': 'open', - 'usergroup': 'test_value_10', - 'vdom': 'test_value_11', - 'vlanid': '12' - } - - set_method_mock.assert_called_with('switch-controller', 'vlan', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_vlan_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_vlan': { - 'auth': 'radius', - 'color': '4', - 'comments': 'test_value_5', - 'name': 'default_name_6', - 'portal_message_override_group': 'test_value_7', - 'radius_server': 'test_value_8', - 'security': 'open', - 'usergroup': 'test_value_10', - 'vdom': 'test_value_11', - 'vlanid': '12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_vlan.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'auth': 'radius', - 'color': '4', - 'comments': 'test_value_5', - 'name': 'default_name_6', - 'portal-message-override-group': 'test_value_7', - 'radius-server': 'test_value_8', - 'security': 'open', - 'usergroup': 'test_value_10', - 'vdom': 'test_value_11', - 'vlanid': '12' - } - - set_method_mock.assert_called_with('switch-controller', 'vlan', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_vlan_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'switch_controller_vlan': { - 'auth': 'radius', - 'color': '4', - 'comments': 'test_value_5', - 'name': 'default_name_6', - 'portal_message_override_group': 'test_value_7', - 'radius_server': 'test_value_8', - 'security': 'open', - 'usergroup': 'test_value_10', - 'vdom': 'test_value_11', - 'vlanid': '12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_vlan.fortios_switch_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('switch-controller', 'vlan', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_switch_controller_vlan_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'switch_controller_vlan': { - 'auth': 'radius', - 'color': '4', - 'comments': 'test_value_5', - 'name': 'default_name_6', - 'portal_message_override_group': 'test_value_7', - 'radius_server': 'test_value_8', - 'security': 'open', - 'usergroup': 'test_value_10', - 'vdom': 'test_value_11', - 'vlanid': '12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_vlan.fortios_switch_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('switch-controller', 'vlan', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_switch_controller_vlan_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_vlan': { - 'auth': 'radius', - 'color': '4', - 'comments': 'test_value_5', - 'name': 'default_name_6', - 'portal_message_override_group': 'test_value_7', - 'radius_server': 'test_value_8', - 'security': 'open', - 'usergroup': 'test_value_10', - 'vdom': 'test_value_11', - 'vlanid': '12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_vlan.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'auth': 'radius', - 'color': '4', - 'comments': 'test_value_5', - 'name': 'default_name_6', - 'portal-message-override-group': 'test_value_7', - 'radius-server': 'test_value_8', - 'security': 'open', - 'usergroup': 'test_value_10', - 'vdom': 'test_value_11', - 'vlanid': '12' - } - - set_method_mock.assert_called_with('switch-controller', 'vlan', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_switch_controller_vlan_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'switch_controller_vlan': { - 'random_attribute_not_valid': 'tag', - 'auth': 'radius', - 'color': '4', - 'comments': 'test_value_5', - 'name': 'default_name_6', - 'portal_message_override_group': 'test_value_7', - 'radius_server': 'test_value_8', - 'security': 'open', - 'usergroup': 'test_value_10', - 'vdom': 'test_value_11', - 'vlanid': '12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_switch_controller_vlan.fortios_switch_controller(input_data, fos_instance) - - expected_data = { - 'auth': 'radius', - 'color': '4', - 'comments': 'test_value_5', - 'name': 'default_name_6', - 'portal-message-override-group': 'test_value_7', - 'radius-server': 'test_value_8', - 'security': 'open', - 'usergroup': 'test_value_10', - 'vdom': 'test_value_11', - 'vlanid': '12' - } - - set_method_mock.assert_called_with('switch-controller', 'vlan', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_accprofile.py b/test/units/modules/network/fortios/test_fortios_system_accprofile.py deleted file mode 100644 index c0479fc6146..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_accprofile.py +++ /dev/null @@ -1,349 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_accprofile -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_accprofile.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_accprofile_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_accprofile': { - 'admintimeout': '3', - 'admintimeout_override': 'enable', - 'authgrp': 'none', - 'comments': 'test_value_6', - 'ftviewgrp': 'none', - 'fwgrp': 'none', - 'loggrp': 'none', - 'name': 'default_name_10', - 'netgrp': 'none', - 'scope': 'vdom', - 'secfabgrp': 'none', - 'sysgrp': 'none', - 'utmgrp': 'none', - 'vpngrp': 'none', - 'wanoptgrp': 'none', - 'wifi': 'none' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_accprofile.fortios_system(input_data, fos_instance) - - expected_data = { - 'admintimeout': '3', - 'admintimeout-override': 'enable', - 'authgrp': 'none', - 'comments': 'test_value_6', - 'ftviewgrp': 'none', - 'fwgrp': 'none', - 'loggrp': 'none', - 'name': 'default_name_10', - 'netgrp': 'none', - 'scope': 'vdom', - 'secfabgrp': 'none', - 'sysgrp': 'none', - 'utmgrp': 'none', - 'vpngrp': 'none', - 'wanoptgrp': 'none', - 'wifi': 'none' - } - - set_method_mock.assert_called_with('system', 'accprofile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_accprofile_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_accprofile': { - 'admintimeout': '3', - 'admintimeout_override': 'enable', - 'authgrp': 'none', - 'comments': 'test_value_6', - 'ftviewgrp': 'none', - 'fwgrp': 'none', - 'loggrp': 'none', - 'name': 'default_name_10', - 'netgrp': 'none', - 'scope': 'vdom', - 'secfabgrp': 'none', - 'sysgrp': 'none', - 'utmgrp': 'none', - 'vpngrp': 'none', - 'wanoptgrp': 'none', - 'wifi': 'none' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_accprofile.fortios_system(input_data, fos_instance) - - expected_data = { - 'admintimeout': '3', - 'admintimeout-override': 'enable', - 'authgrp': 'none', - 'comments': 'test_value_6', - 'ftviewgrp': 'none', - 'fwgrp': 'none', - 'loggrp': 'none', - 'name': 'default_name_10', - 'netgrp': 'none', - 'scope': 'vdom', - 'secfabgrp': 'none', - 'sysgrp': 'none', - 'utmgrp': 'none', - 'vpngrp': 'none', - 'wanoptgrp': 'none', - 'wifi': 'none' - } - - set_method_mock.assert_called_with('system', 'accprofile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_accprofile_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_accprofile': { - 'admintimeout': '3', - 'admintimeout_override': 'enable', - 'authgrp': 'none', - 'comments': 'test_value_6', - 'ftviewgrp': 'none', - 'fwgrp': 'none', - 'loggrp': 'none', - 'name': 'default_name_10', - 'netgrp': 'none', - 'scope': 'vdom', - 'secfabgrp': 'none', - 'sysgrp': 'none', - 'utmgrp': 'none', - 'vpngrp': 'none', - 'wanoptgrp': 'none', - 'wifi': 'none' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_accprofile.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'accprofile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_accprofile_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_accprofile': { - 'admintimeout': '3', - 'admintimeout_override': 'enable', - 'authgrp': 'none', - 'comments': 'test_value_6', - 'ftviewgrp': 'none', - 'fwgrp': 'none', - 'loggrp': 'none', - 'name': 'default_name_10', - 'netgrp': 'none', - 'scope': 'vdom', - 'secfabgrp': 'none', - 'sysgrp': 'none', - 'utmgrp': 'none', - 'vpngrp': 'none', - 'wanoptgrp': 'none', - 'wifi': 'none' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_accprofile.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'accprofile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_accprofile_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_accprofile': { - 'admintimeout': '3', - 'admintimeout_override': 'enable', - 'authgrp': 'none', - 'comments': 'test_value_6', - 'ftviewgrp': 'none', - 'fwgrp': 'none', - 'loggrp': 'none', - 'name': 'default_name_10', - 'netgrp': 'none', - 'scope': 'vdom', - 'secfabgrp': 'none', - 'sysgrp': 'none', - 'utmgrp': 'none', - 'vpngrp': 'none', - 'wanoptgrp': 'none', - 'wifi': 'none' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_accprofile.fortios_system(input_data, fos_instance) - - expected_data = { - 'admintimeout': '3', - 'admintimeout-override': 'enable', - 'authgrp': 'none', - 'comments': 'test_value_6', - 'ftviewgrp': 'none', - 'fwgrp': 'none', - 'loggrp': 'none', - 'name': 'default_name_10', - 'netgrp': 'none', - 'scope': 'vdom', - 'secfabgrp': 'none', - 'sysgrp': 'none', - 'utmgrp': 'none', - 'vpngrp': 'none', - 'wanoptgrp': 'none', - 'wifi': 'none' - } - - set_method_mock.assert_called_with('system', 'accprofile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_accprofile_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_accprofile': { - 'random_attribute_not_valid': 'tag', - 'admintimeout': '3', - 'admintimeout_override': 'enable', - 'authgrp': 'none', - 'comments': 'test_value_6', - 'ftviewgrp': 'none', - 'fwgrp': 'none', - 'loggrp': 'none', - 'name': 'default_name_10', - 'netgrp': 'none', - 'scope': 'vdom', - 'secfabgrp': 'none', - 'sysgrp': 'none', - 'utmgrp': 'none', - 'vpngrp': 'none', - 'wanoptgrp': 'none', - 'wifi': 'none' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_accprofile.fortios_system(input_data, fos_instance) - - expected_data = { - 'admintimeout': '3', - 'admintimeout-override': 'enable', - 'authgrp': 'none', - 'comments': 'test_value_6', - 'ftviewgrp': 'none', - 'fwgrp': 'none', - 'loggrp': 'none', - 'name': 'default_name_10', - 'netgrp': 'none', - 'scope': 'vdom', - 'secfabgrp': 'none', - 'sysgrp': 'none', - 'utmgrp': 'none', - 'vpngrp': 'none', - 'wanoptgrp': 'none', - 'wifi': 'none' - } - - set_method_mock.assert_called_with('system', 'accprofile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_admin.py b/test/units/modules/network/fortios/test_fortios_system_admin.py deleted file mode 100644 index bf5445dcf54..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_admin.py +++ /dev/null @@ -1,689 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_admin -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_admin.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_admin_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_admin': { - 'accprofile': 'test_value_3', - 'accprofile_override': 'enable', - 'allow_remove_admin_session': 'enable', - 'comments': 'test_value_6', - 'email_to': 'test_value_7', - 'force_password_change': 'enable', - 'fortitoken': 'test_value_9', - 'guest_auth': 'disable', - 'guest_lang': 'test_value_11', - 'hidden': '12', - 'history0': 'test_value_13', - 'history1': 'test_value_14', - 'ip6_trusthost1': 'test_value_15', - 'ip6_trusthost10': 'test_value_16', - 'ip6_trusthost2': 'test_value_17', - 'ip6_trusthost3': 'test_value_18', - 'ip6_trusthost4': 'test_value_19', - 'ip6_trusthost5': 'test_value_20', - 'ip6_trusthost6': 'test_value_21', - 'ip6_trusthost7': 'test_value_22', - 'ip6_trusthost8': 'test_value_23', - 'ip6_trusthost9': 'test_value_24', - 'name': 'default_name_25', - 'password': 'test_value_26', - 'password_expire': 'test_value_27', - 'peer_auth': 'enable', - 'peer_group': 'test_value_29', - 'radius_vdom_override': 'enable', - 'remote_auth': 'enable', - 'remote_group': 'test_value_32', - 'schedule': 'test_value_33', - 'sms_custom_server': 'test_value_34', - 'sms_phone': 'test_value_35', - 'sms_server': 'fortiguard', - 'ssh_certificate': 'test_value_37', - 'ssh_public_key1': 'test_value_38', - 'ssh_public_key2': 'test_value_39', - 'ssh_public_key3': 'test_value_40', - 'trusthost1': 'test_value_41', - 'trusthost10': 'test_value_42', - 'trusthost2': 'test_value_43', - 'trusthost3': 'test_value_44', - 'trusthost4': 'test_value_45', - 'trusthost5': 'test_value_46', - 'trusthost6': 'test_value_47', - 'trusthost7': 'test_value_48', - 'trusthost8': 'test_value_49', - 'trusthost9': 'test_value_50', - 'two_factor': 'disable', - 'wildcard': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_admin.fortios_system(input_data, fos_instance) - - expected_data = { - 'accprofile': 'test_value_3', - 'accprofile-override': 'enable', - 'allow-remove-admin-session': 'enable', - 'comments': 'test_value_6', - 'email-to': 'test_value_7', - 'force-password-change': 'enable', - 'fortitoken': 'test_value_9', - 'guest-auth': 'disable', - 'guest-lang': 'test_value_11', - 'hidden': '12', - 'history0': 'test_value_13', - 'history1': 'test_value_14', - 'ip6-trusthost1': 'test_value_15', - 'ip6-trusthost10': 'test_value_16', - 'ip6-trusthost2': 'test_value_17', - 'ip6-trusthost3': 'test_value_18', - 'ip6-trusthost4': 'test_value_19', - 'ip6-trusthost5': 'test_value_20', - 'ip6-trusthost6': 'test_value_21', - 'ip6-trusthost7': 'test_value_22', - 'ip6-trusthost8': 'test_value_23', - 'ip6-trusthost9': 'test_value_24', - 'name': 'default_name_25', - 'password': 'test_value_26', - 'password-expire': 'test_value_27', - 'peer-auth': 'enable', - 'peer-group': 'test_value_29', - 'radius-vdom-override': 'enable', - 'remote-auth': 'enable', - 'remote-group': 'test_value_32', - 'schedule': 'test_value_33', - 'sms-custom-server': 'test_value_34', - 'sms-phone': 'test_value_35', - 'sms-server': 'fortiguard', - 'ssh-certificate': 'test_value_37', - 'ssh-public-key1': 'test_value_38', - 'ssh-public-key2': 'test_value_39', - 'ssh-public-key3': 'test_value_40', - 'trusthost1': 'test_value_41', - 'trusthost10': 'test_value_42', - 'trusthost2': 'test_value_43', - 'trusthost3': 'test_value_44', - 'trusthost4': 'test_value_45', - 'trusthost5': 'test_value_46', - 'trusthost6': 'test_value_47', - 'trusthost7': 'test_value_48', - 'trusthost8': 'test_value_49', - 'trusthost9': 'test_value_50', - 'two-factor': 'disable', - 'wildcard': 'enable' - } - - set_method_mock.assert_called_with('system', 'admin', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_admin_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_admin': { - 'accprofile': 'test_value_3', - 'accprofile_override': 'enable', - 'allow_remove_admin_session': 'enable', - 'comments': 'test_value_6', - 'email_to': 'test_value_7', - 'force_password_change': 'enable', - 'fortitoken': 'test_value_9', - 'guest_auth': 'disable', - 'guest_lang': 'test_value_11', - 'hidden': '12', - 'history0': 'test_value_13', - 'history1': 'test_value_14', - 'ip6_trusthost1': 'test_value_15', - 'ip6_trusthost10': 'test_value_16', - 'ip6_trusthost2': 'test_value_17', - 'ip6_trusthost3': 'test_value_18', - 'ip6_trusthost4': 'test_value_19', - 'ip6_trusthost5': 'test_value_20', - 'ip6_trusthost6': 'test_value_21', - 'ip6_trusthost7': 'test_value_22', - 'ip6_trusthost8': 'test_value_23', - 'ip6_trusthost9': 'test_value_24', - 'name': 'default_name_25', - 'password': 'test_value_26', - 'password_expire': 'test_value_27', - 'peer_auth': 'enable', - 'peer_group': 'test_value_29', - 'radius_vdom_override': 'enable', - 'remote_auth': 'enable', - 'remote_group': 'test_value_32', - 'schedule': 'test_value_33', - 'sms_custom_server': 'test_value_34', - 'sms_phone': 'test_value_35', - 'sms_server': 'fortiguard', - 'ssh_certificate': 'test_value_37', - 'ssh_public_key1': 'test_value_38', - 'ssh_public_key2': 'test_value_39', - 'ssh_public_key3': 'test_value_40', - 'trusthost1': 'test_value_41', - 'trusthost10': 'test_value_42', - 'trusthost2': 'test_value_43', - 'trusthost3': 'test_value_44', - 'trusthost4': 'test_value_45', - 'trusthost5': 'test_value_46', - 'trusthost6': 'test_value_47', - 'trusthost7': 'test_value_48', - 'trusthost8': 'test_value_49', - 'trusthost9': 'test_value_50', - 'two_factor': 'disable', - 'wildcard': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_admin.fortios_system(input_data, fos_instance) - - expected_data = { - 'accprofile': 'test_value_3', - 'accprofile-override': 'enable', - 'allow-remove-admin-session': 'enable', - 'comments': 'test_value_6', - 'email-to': 'test_value_7', - 'force-password-change': 'enable', - 'fortitoken': 'test_value_9', - 'guest-auth': 'disable', - 'guest-lang': 'test_value_11', - 'hidden': '12', - 'history0': 'test_value_13', - 'history1': 'test_value_14', - 'ip6-trusthost1': 'test_value_15', - 'ip6-trusthost10': 'test_value_16', - 'ip6-trusthost2': 'test_value_17', - 'ip6-trusthost3': 'test_value_18', - 'ip6-trusthost4': 'test_value_19', - 'ip6-trusthost5': 'test_value_20', - 'ip6-trusthost6': 'test_value_21', - 'ip6-trusthost7': 'test_value_22', - 'ip6-trusthost8': 'test_value_23', - 'ip6-trusthost9': 'test_value_24', - 'name': 'default_name_25', - 'password': 'test_value_26', - 'password-expire': 'test_value_27', - 'peer-auth': 'enable', - 'peer-group': 'test_value_29', - 'radius-vdom-override': 'enable', - 'remote-auth': 'enable', - 'remote-group': 'test_value_32', - 'schedule': 'test_value_33', - 'sms-custom-server': 'test_value_34', - 'sms-phone': 'test_value_35', - 'sms-server': 'fortiguard', - 'ssh-certificate': 'test_value_37', - 'ssh-public-key1': 'test_value_38', - 'ssh-public-key2': 'test_value_39', - 'ssh-public-key3': 'test_value_40', - 'trusthost1': 'test_value_41', - 'trusthost10': 'test_value_42', - 'trusthost2': 'test_value_43', - 'trusthost3': 'test_value_44', - 'trusthost4': 'test_value_45', - 'trusthost5': 'test_value_46', - 'trusthost6': 'test_value_47', - 'trusthost7': 'test_value_48', - 'trusthost8': 'test_value_49', - 'trusthost9': 'test_value_50', - 'two-factor': 'disable', - 'wildcard': 'enable' - } - - set_method_mock.assert_called_with('system', 'admin', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_admin_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_admin': { - 'accprofile': 'test_value_3', - 'accprofile_override': 'enable', - 'allow_remove_admin_session': 'enable', - 'comments': 'test_value_6', - 'email_to': 'test_value_7', - 'force_password_change': 'enable', - 'fortitoken': 'test_value_9', - 'guest_auth': 'disable', - 'guest_lang': 'test_value_11', - 'hidden': '12', - 'history0': 'test_value_13', - 'history1': 'test_value_14', - 'ip6_trusthost1': 'test_value_15', - 'ip6_trusthost10': 'test_value_16', - 'ip6_trusthost2': 'test_value_17', - 'ip6_trusthost3': 'test_value_18', - 'ip6_trusthost4': 'test_value_19', - 'ip6_trusthost5': 'test_value_20', - 'ip6_trusthost6': 'test_value_21', - 'ip6_trusthost7': 'test_value_22', - 'ip6_trusthost8': 'test_value_23', - 'ip6_trusthost9': 'test_value_24', - 'name': 'default_name_25', - 'password': 'test_value_26', - 'password_expire': 'test_value_27', - 'peer_auth': 'enable', - 'peer_group': 'test_value_29', - 'radius_vdom_override': 'enable', - 'remote_auth': 'enable', - 'remote_group': 'test_value_32', - 'schedule': 'test_value_33', - 'sms_custom_server': 'test_value_34', - 'sms_phone': 'test_value_35', - 'sms_server': 'fortiguard', - 'ssh_certificate': 'test_value_37', - 'ssh_public_key1': 'test_value_38', - 'ssh_public_key2': 'test_value_39', - 'ssh_public_key3': 'test_value_40', - 'trusthost1': 'test_value_41', - 'trusthost10': 'test_value_42', - 'trusthost2': 'test_value_43', - 'trusthost3': 'test_value_44', - 'trusthost4': 'test_value_45', - 'trusthost5': 'test_value_46', - 'trusthost6': 'test_value_47', - 'trusthost7': 'test_value_48', - 'trusthost8': 'test_value_49', - 'trusthost9': 'test_value_50', - 'two_factor': 'disable', - 'wildcard': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_admin.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'admin', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_admin_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_admin': { - 'accprofile': 'test_value_3', - 'accprofile_override': 'enable', - 'allow_remove_admin_session': 'enable', - 'comments': 'test_value_6', - 'email_to': 'test_value_7', - 'force_password_change': 'enable', - 'fortitoken': 'test_value_9', - 'guest_auth': 'disable', - 'guest_lang': 'test_value_11', - 'hidden': '12', - 'history0': 'test_value_13', - 'history1': 'test_value_14', - 'ip6_trusthost1': 'test_value_15', - 'ip6_trusthost10': 'test_value_16', - 'ip6_trusthost2': 'test_value_17', - 'ip6_trusthost3': 'test_value_18', - 'ip6_trusthost4': 'test_value_19', - 'ip6_trusthost5': 'test_value_20', - 'ip6_trusthost6': 'test_value_21', - 'ip6_trusthost7': 'test_value_22', - 'ip6_trusthost8': 'test_value_23', - 'ip6_trusthost9': 'test_value_24', - 'name': 'default_name_25', - 'password': 'test_value_26', - 'password_expire': 'test_value_27', - 'peer_auth': 'enable', - 'peer_group': 'test_value_29', - 'radius_vdom_override': 'enable', - 'remote_auth': 'enable', - 'remote_group': 'test_value_32', - 'schedule': 'test_value_33', - 'sms_custom_server': 'test_value_34', - 'sms_phone': 'test_value_35', - 'sms_server': 'fortiguard', - 'ssh_certificate': 'test_value_37', - 'ssh_public_key1': 'test_value_38', - 'ssh_public_key2': 'test_value_39', - 'ssh_public_key3': 'test_value_40', - 'trusthost1': 'test_value_41', - 'trusthost10': 'test_value_42', - 'trusthost2': 'test_value_43', - 'trusthost3': 'test_value_44', - 'trusthost4': 'test_value_45', - 'trusthost5': 'test_value_46', - 'trusthost6': 'test_value_47', - 'trusthost7': 'test_value_48', - 'trusthost8': 'test_value_49', - 'trusthost9': 'test_value_50', - 'two_factor': 'disable', - 'wildcard': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_admin.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'admin', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_admin_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_admin': { - 'accprofile': 'test_value_3', - 'accprofile_override': 'enable', - 'allow_remove_admin_session': 'enable', - 'comments': 'test_value_6', - 'email_to': 'test_value_7', - 'force_password_change': 'enable', - 'fortitoken': 'test_value_9', - 'guest_auth': 'disable', - 'guest_lang': 'test_value_11', - 'hidden': '12', - 'history0': 'test_value_13', - 'history1': 'test_value_14', - 'ip6_trusthost1': 'test_value_15', - 'ip6_trusthost10': 'test_value_16', - 'ip6_trusthost2': 'test_value_17', - 'ip6_trusthost3': 'test_value_18', - 'ip6_trusthost4': 'test_value_19', - 'ip6_trusthost5': 'test_value_20', - 'ip6_trusthost6': 'test_value_21', - 'ip6_trusthost7': 'test_value_22', - 'ip6_trusthost8': 'test_value_23', - 'ip6_trusthost9': 'test_value_24', - 'name': 'default_name_25', - 'password': 'test_value_26', - 'password_expire': 'test_value_27', - 'peer_auth': 'enable', - 'peer_group': 'test_value_29', - 'radius_vdom_override': 'enable', - 'remote_auth': 'enable', - 'remote_group': 'test_value_32', - 'schedule': 'test_value_33', - 'sms_custom_server': 'test_value_34', - 'sms_phone': 'test_value_35', - 'sms_server': 'fortiguard', - 'ssh_certificate': 'test_value_37', - 'ssh_public_key1': 'test_value_38', - 'ssh_public_key2': 'test_value_39', - 'ssh_public_key3': 'test_value_40', - 'trusthost1': 'test_value_41', - 'trusthost10': 'test_value_42', - 'trusthost2': 'test_value_43', - 'trusthost3': 'test_value_44', - 'trusthost4': 'test_value_45', - 'trusthost5': 'test_value_46', - 'trusthost6': 'test_value_47', - 'trusthost7': 'test_value_48', - 'trusthost8': 'test_value_49', - 'trusthost9': 'test_value_50', - 'two_factor': 'disable', - 'wildcard': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_admin.fortios_system(input_data, fos_instance) - - expected_data = { - 'accprofile': 'test_value_3', - 'accprofile-override': 'enable', - 'allow-remove-admin-session': 'enable', - 'comments': 'test_value_6', - 'email-to': 'test_value_7', - 'force-password-change': 'enable', - 'fortitoken': 'test_value_9', - 'guest-auth': 'disable', - 'guest-lang': 'test_value_11', - 'hidden': '12', - 'history0': 'test_value_13', - 'history1': 'test_value_14', - 'ip6-trusthost1': 'test_value_15', - 'ip6-trusthost10': 'test_value_16', - 'ip6-trusthost2': 'test_value_17', - 'ip6-trusthost3': 'test_value_18', - 'ip6-trusthost4': 'test_value_19', - 'ip6-trusthost5': 'test_value_20', - 'ip6-trusthost6': 'test_value_21', - 'ip6-trusthost7': 'test_value_22', - 'ip6-trusthost8': 'test_value_23', - 'ip6-trusthost9': 'test_value_24', - 'name': 'default_name_25', - 'password': 'test_value_26', - 'password-expire': 'test_value_27', - 'peer-auth': 'enable', - 'peer-group': 'test_value_29', - 'radius-vdom-override': 'enable', - 'remote-auth': 'enable', - 'remote-group': 'test_value_32', - 'schedule': 'test_value_33', - 'sms-custom-server': 'test_value_34', - 'sms-phone': 'test_value_35', - 'sms-server': 'fortiguard', - 'ssh-certificate': 'test_value_37', - 'ssh-public-key1': 'test_value_38', - 'ssh-public-key2': 'test_value_39', - 'ssh-public-key3': 'test_value_40', - 'trusthost1': 'test_value_41', - 'trusthost10': 'test_value_42', - 'trusthost2': 'test_value_43', - 'trusthost3': 'test_value_44', - 'trusthost4': 'test_value_45', - 'trusthost5': 'test_value_46', - 'trusthost6': 'test_value_47', - 'trusthost7': 'test_value_48', - 'trusthost8': 'test_value_49', - 'trusthost9': 'test_value_50', - 'two-factor': 'disable', - 'wildcard': 'enable' - } - - set_method_mock.assert_called_with('system', 'admin', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_admin_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_admin': { - 'random_attribute_not_valid': 'tag', - 'accprofile': 'test_value_3', - 'accprofile_override': 'enable', - 'allow_remove_admin_session': 'enable', - 'comments': 'test_value_6', - 'email_to': 'test_value_7', - 'force_password_change': 'enable', - 'fortitoken': 'test_value_9', - 'guest_auth': 'disable', - 'guest_lang': 'test_value_11', - 'hidden': '12', - 'history0': 'test_value_13', - 'history1': 'test_value_14', - 'ip6_trusthost1': 'test_value_15', - 'ip6_trusthost10': 'test_value_16', - 'ip6_trusthost2': 'test_value_17', - 'ip6_trusthost3': 'test_value_18', - 'ip6_trusthost4': 'test_value_19', - 'ip6_trusthost5': 'test_value_20', - 'ip6_trusthost6': 'test_value_21', - 'ip6_trusthost7': 'test_value_22', - 'ip6_trusthost8': 'test_value_23', - 'ip6_trusthost9': 'test_value_24', - 'name': 'default_name_25', - 'password': 'test_value_26', - 'password_expire': 'test_value_27', - 'peer_auth': 'enable', - 'peer_group': 'test_value_29', - 'radius_vdom_override': 'enable', - 'remote_auth': 'enable', - 'remote_group': 'test_value_32', - 'schedule': 'test_value_33', - 'sms_custom_server': 'test_value_34', - 'sms_phone': 'test_value_35', - 'sms_server': 'fortiguard', - 'ssh_certificate': 'test_value_37', - 'ssh_public_key1': 'test_value_38', - 'ssh_public_key2': 'test_value_39', - 'ssh_public_key3': 'test_value_40', - 'trusthost1': 'test_value_41', - 'trusthost10': 'test_value_42', - 'trusthost2': 'test_value_43', - 'trusthost3': 'test_value_44', - 'trusthost4': 'test_value_45', - 'trusthost5': 'test_value_46', - 'trusthost6': 'test_value_47', - 'trusthost7': 'test_value_48', - 'trusthost8': 'test_value_49', - 'trusthost9': 'test_value_50', - 'two_factor': 'disable', - 'wildcard': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_admin.fortios_system(input_data, fos_instance) - - expected_data = { - 'accprofile': 'test_value_3', - 'accprofile-override': 'enable', - 'allow-remove-admin-session': 'enable', - 'comments': 'test_value_6', - 'email-to': 'test_value_7', - 'force-password-change': 'enable', - 'fortitoken': 'test_value_9', - 'guest-auth': 'disable', - 'guest-lang': 'test_value_11', - 'hidden': '12', - 'history0': 'test_value_13', - 'history1': 'test_value_14', - 'ip6-trusthost1': 'test_value_15', - 'ip6-trusthost10': 'test_value_16', - 'ip6-trusthost2': 'test_value_17', - 'ip6-trusthost3': 'test_value_18', - 'ip6-trusthost4': 'test_value_19', - 'ip6-trusthost5': 'test_value_20', - 'ip6-trusthost6': 'test_value_21', - 'ip6-trusthost7': 'test_value_22', - 'ip6-trusthost8': 'test_value_23', - 'ip6-trusthost9': 'test_value_24', - 'name': 'default_name_25', - 'password': 'test_value_26', - 'password-expire': 'test_value_27', - 'peer-auth': 'enable', - 'peer-group': 'test_value_29', - 'radius-vdom-override': 'enable', - 'remote-auth': 'enable', - 'remote-group': 'test_value_32', - 'schedule': 'test_value_33', - 'sms-custom-server': 'test_value_34', - 'sms-phone': 'test_value_35', - 'sms-server': 'fortiguard', - 'ssh-certificate': 'test_value_37', - 'ssh-public-key1': 'test_value_38', - 'ssh-public-key2': 'test_value_39', - 'ssh-public-key3': 'test_value_40', - 'trusthost1': 'test_value_41', - 'trusthost10': 'test_value_42', - 'trusthost2': 'test_value_43', - 'trusthost3': 'test_value_44', - 'trusthost4': 'test_value_45', - 'trusthost5': 'test_value_46', - 'trusthost6': 'test_value_47', - 'trusthost7': 'test_value_48', - 'trusthost8': 'test_value_49', - 'trusthost9': 'test_value_50', - 'two-factor': 'disable', - 'wildcard': 'enable' - } - - set_method_mock.assert_called_with('system', 'admin', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_affinity_interrupt.py b/test/units/modules/network/fortios/test_fortios_system_affinity_interrupt.py deleted file mode 100644 index fcc44861b09..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_affinity_interrupt.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_affinity_interrupt -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_affinity_interrupt.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_affinity_interrupt_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_affinity_interrupt': { - 'affinity_cpumask': 'test_value_3', - 'id': '4', - 'interrupt': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_affinity_interrupt.fortios_system(input_data, fos_instance) - - expected_data = { - 'affinity-cpumask': 'test_value_3', - 'id': '4', - 'interrupt': 'test_value_5' - } - - set_method_mock.assert_called_with('system', 'affinity-interrupt', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_affinity_interrupt_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_affinity_interrupt': { - 'affinity_cpumask': 'test_value_3', - 'id': '4', - 'interrupt': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_affinity_interrupt.fortios_system(input_data, fos_instance) - - expected_data = { - 'affinity-cpumask': 'test_value_3', - 'id': '4', - 'interrupt': 'test_value_5' - } - - set_method_mock.assert_called_with('system', 'affinity-interrupt', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_affinity_interrupt_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_affinity_interrupt': { - 'affinity_cpumask': 'test_value_3', - 'id': '4', - 'interrupt': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_affinity_interrupt.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'affinity-interrupt', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_affinity_interrupt_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_affinity_interrupt': { - 'affinity_cpumask': 'test_value_3', - 'id': '4', - 'interrupt': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_affinity_interrupt.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'affinity-interrupt', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_affinity_interrupt_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_affinity_interrupt': { - 'affinity_cpumask': 'test_value_3', - 'id': '4', - 'interrupt': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_affinity_interrupt.fortios_system(input_data, fos_instance) - - expected_data = { - 'affinity-cpumask': 'test_value_3', - 'id': '4', - 'interrupt': 'test_value_5' - } - - set_method_mock.assert_called_with('system', 'affinity-interrupt', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_affinity_interrupt_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_affinity_interrupt': { - 'random_attribute_not_valid': 'tag', - 'affinity_cpumask': 'test_value_3', - 'id': '4', - 'interrupt': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_affinity_interrupt.fortios_system(input_data, fos_instance) - - expected_data = { - 'affinity-cpumask': 'test_value_3', - 'id': '4', - 'interrupt': 'test_value_5' - } - - set_method_mock.assert_called_with('system', 'affinity-interrupt', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_affinity_packet_redistribution.py b/test/units/modules/network/fortios/test_fortios_system_affinity_packet_redistribution.py deleted file mode 100644 index b84547fd0d4..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_affinity_packet_redistribution.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_affinity_packet_redistribution -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_affinity_packet_redistribution.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_affinity_packet_redistribution_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_affinity_packet_redistribution': { - 'affinity_cpumask': 'test_value_3', - 'id': '4', - 'interface': 'test_value_5', - 'rxqid': '6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_affinity_packet_redistribution.fortios_system(input_data, fos_instance) - - expected_data = { - 'affinity-cpumask': 'test_value_3', - 'id': '4', - 'interface': 'test_value_5', - 'rxqid': '6' - } - - set_method_mock.assert_called_with('system', 'affinity-packet-redistribution', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_affinity_packet_redistribution_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_affinity_packet_redistribution': { - 'affinity_cpumask': 'test_value_3', - 'id': '4', - 'interface': 'test_value_5', - 'rxqid': '6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_affinity_packet_redistribution.fortios_system(input_data, fos_instance) - - expected_data = { - 'affinity-cpumask': 'test_value_3', - 'id': '4', - 'interface': 'test_value_5', - 'rxqid': '6' - } - - set_method_mock.assert_called_with('system', 'affinity-packet-redistribution', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_affinity_packet_redistribution_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_affinity_packet_redistribution': { - 'affinity_cpumask': 'test_value_3', - 'id': '4', - 'interface': 'test_value_5', - 'rxqid': '6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_affinity_packet_redistribution.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'affinity-packet-redistribution', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_affinity_packet_redistribution_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_affinity_packet_redistribution': { - 'affinity_cpumask': 'test_value_3', - 'id': '4', - 'interface': 'test_value_5', - 'rxqid': '6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_affinity_packet_redistribution.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'affinity-packet-redistribution', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_affinity_packet_redistribution_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_affinity_packet_redistribution': { - 'affinity_cpumask': 'test_value_3', - 'id': '4', - 'interface': 'test_value_5', - 'rxqid': '6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_affinity_packet_redistribution.fortios_system(input_data, fos_instance) - - expected_data = { - 'affinity-cpumask': 'test_value_3', - 'id': '4', - 'interface': 'test_value_5', - 'rxqid': '6' - } - - set_method_mock.assert_called_with('system', 'affinity-packet-redistribution', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_affinity_packet_redistribution_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_affinity_packet_redistribution': { - 'random_attribute_not_valid': 'tag', - 'affinity_cpumask': 'test_value_3', - 'id': '4', - 'interface': 'test_value_5', - 'rxqid': '6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_affinity_packet_redistribution.fortios_system(input_data, fos_instance) - - expected_data = { - 'affinity-cpumask': 'test_value_3', - 'id': '4', - 'interface': 'test_value_5', - 'rxqid': '6' - } - - set_method_mock.assert_called_with('system', 'affinity-packet-redistribution', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_alarm.py b/test/units/modules/network/fortios/test_fortios_system_alarm.py deleted file mode 100644 index e77dd752a0d..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_alarm.py +++ /dev/null @@ -1,159 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_alarm -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_alarm.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_alarm_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_alarm': { - 'audible': 'enable', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_alarm.fortios_system(input_data, fos_instance) - - expected_data = { - 'audible': 'enable', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'alarm', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_alarm_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_alarm': { - 'audible': 'enable', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_alarm.fortios_system(input_data, fos_instance) - - expected_data = { - 'audible': 'enable', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'alarm', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_alarm_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_alarm': { - 'audible': 'enable', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_alarm.fortios_system(input_data, fos_instance) - - expected_data = { - 'audible': 'enable', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'alarm', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_alarm_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_alarm': { - 'random_attribute_not_valid': 'tag', - 'audible': 'enable', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_alarm.fortios_system(input_data, fos_instance) - - expected_data = { - 'audible': 'enable', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'alarm', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_alias.py b/test/units/modules/network/fortios/test_fortios_system_alias.py deleted file mode 100644 index 62978455015..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_alias.py +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_alias -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_alias.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_alias_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_alias': { - 'command': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_alias.fortios_system(input_data, fos_instance) - - expected_data = { - 'command': 'test_value_3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('system', 'alias', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_alias_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_alias': { - 'command': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_alias.fortios_system(input_data, fos_instance) - - expected_data = { - 'command': 'test_value_3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('system', 'alias', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_alias_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_alias': { - 'command': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_alias.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'alias', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_alias_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_alias': { - 'command': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_alias.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'alias', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_alias_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_alias': { - 'command': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_alias.fortios_system(input_data, fos_instance) - - expected_data = { - 'command': 'test_value_3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('system', 'alias', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_alias_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_alias': { - 'random_attribute_not_valid': 'tag', - 'command': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_alias.fortios_system(input_data, fos_instance) - - expected_data = { - 'command': 'test_value_3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('system', 'alias', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_api_user.py b/test/units/modules/network/fortios/test_fortios_system_api_user.py deleted file mode 100644 index c127c9c465f..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_api_user.py +++ /dev/null @@ -1,279 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_api_user -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_api_user.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_api_user_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_api_user': { - 'accprofile': 'test_value_3', - 'api_key': 'test_value_4', - 'comments': 'test_value_5', - 'cors_allow_origin': 'test_value_6', - 'name': 'default_name_7', - 'peer_auth': 'enable', - 'peer_group': 'test_value_9', - 'schedule': 'test_value_10', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_api_user.fortios_system(input_data, fos_instance) - - expected_data = { - 'accprofile': 'test_value_3', - 'api-key': 'test_value_4', - 'comments': 'test_value_5', - 'cors-allow-origin': 'test_value_6', - 'name': 'default_name_7', - 'peer-auth': 'enable', - 'peer-group': 'test_value_9', - 'schedule': 'test_value_10', - - } - - set_method_mock.assert_called_with('system', 'api-user', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_api_user_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_api_user': { - 'accprofile': 'test_value_3', - 'api_key': 'test_value_4', - 'comments': 'test_value_5', - 'cors_allow_origin': 'test_value_6', - 'name': 'default_name_7', - 'peer_auth': 'enable', - 'peer_group': 'test_value_9', - 'schedule': 'test_value_10', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_api_user.fortios_system(input_data, fos_instance) - - expected_data = { - 'accprofile': 'test_value_3', - 'api-key': 'test_value_4', - 'comments': 'test_value_5', - 'cors-allow-origin': 'test_value_6', - 'name': 'default_name_7', - 'peer-auth': 'enable', - 'peer-group': 'test_value_9', - 'schedule': 'test_value_10', - - } - - set_method_mock.assert_called_with('system', 'api-user', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_api_user_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_api_user': { - 'accprofile': 'test_value_3', - 'api_key': 'test_value_4', - 'comments': 'test_value_5', - 'cors_allow_origin': 'test_value_6', - 'name': 'default_name_7', - 'peer_auth': 'enable', - 'peer_group': 'test_value_9', - 'schedule': 'test_value_10', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_api_user.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'api-user', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_api_user_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_api_user': { - 'accprofile': 'test_value_3', - 'api_key': 'test_value_4', - 'comments': 'test_value_5', - 'cors_allow_origin': 'test_value_6', - 'name': 'default_name_7', - 'peer_auth': 'enable', - 'peer_group': 'test_value_9', - 'schedule': 'test_value_10', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_api_user.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'api-user', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_api_user_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_api_user': { - 'accprofile': 'test_value_3', - 'api_key': 'test_value_4', - 'comments': 'test_value_5', - 'cors_allow_origin': 'test_value_6', - 'name': 'default_name_7', - 'peer_auth': 'enable', - 'peer_group': 'test_value_9', - 'schedule': 'test_value_10', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_api_user.fortios_system(input_data, fos_instance) - - expected_data = { - 'accprofile': 'test_value_3', - 'api-key': 'test_value_4', - 'comments': 'test_value_5', - 'cors-allow-origin': 'test_value_6', - 'name': 'default_name_7', - 'peer-auth': 'enable', - 'peer-group': 'test_value_9', - 'schedule': 'test_value_10', - - } - - set_method_mock.assert_called_with('system', 'api-user', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_api_user_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_api_user': { - 'random_attribute_not_valid': 'tag', - 'accprofile': 'test_value_3', - 'api_key': 'test_value_4', - 'comments': 'test_value_5', - 'cors_allow_origin': 'test_value_6', - 'name': 'default_name_7', - 'peer_auth': 'enable', - 'peer_group': 'test_value_9', - 'schedule': 'test_value_10', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_api_user.fortios_system(input_data, fos_instance) - - expected_data = { - 'accprofile': 'test_value_3', - 'api-key': 'test_value_4', - 'comments': 'test_value_5', - 'cors-allow-origin': 'test_value_6', - 'name': 'default_name_7', - 'peer-auth': 'enable', - 'peer-group': 'test_value_9', - 'schedule': 'test_value_10', - - } - - set_method_mock.assert_called_with('system', 'api-user', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_arp_table.py b/test/units/modules/network/fortios/test_fortios_system_arp_table.py deleted file mode 100644 index ffd6acfdc97..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_arp_table.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_arp_table -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_arp_table.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_arp_table_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_arp_table': { - 'id': '3', - 'interface': 'test_value_4', - 'ip': 'test_value_5', - 'mac': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_arp_table.fortios_system(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'interface': 'test_value_4', - 'ip': 'test_value_5', - 'mac': 'test_value_6' - } - - set_method_mock.assert_called_with('system', 'arp-table', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_arp_table_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_arp_table': { - 'id': '3', - 'interface': 'test_value_4', - 'ip': 'test_value_5', - 'mac': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_arp_table.fortios_system(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'interface': 'test_value_4', - 'ip': 'test_value_5', - 'mac': 'test_value_6' - } - - set_method_mock.assert_called_with('system', 'arp-table', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_arp_table_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_arp_table': { - 'id': '3', - 'interface': 'test_value_4', - 'ip': 'test_value_5', - 'mac': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_arp_table.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'arp-table', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_arp_table_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_arp_table': { - 'id': '3', - 'interface': 'test_value_4', - 'ip': 'test_value_5', - 'mac': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_arp_table.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'arp-table', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_arp_table_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_arp_table': { - 'id': '3', - 'interface': 'test_value_4', - 'ip': 'test_value_5', - 'mac': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_arp_table.fortios_system(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'interface': 'test_value_4', - 'ip': 'test_value_5', - 'mac': 'test_value_6' - } - - set_method_mock.assert_called_with('system', 'arp-table', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_arp_table_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_arp_table': { - 'random_attribute_not_valid': 'tag', - 'id': '3', - 'interface': 'test_value_4', - 'ip': 'test_value_5', - 'mac': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_arp_table.fortios_system(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'interface': 'test_value_4', - 'ip': 'test_value_5', - 'mac': 'test_value_6' - } - - set_method_mock.assert_called_with('system', 'arp-table', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_auto_install.py b/test/units/modules/network/fortios/test_fortios_system_auto_install.py deleted file mode 100644 index d4549e72792..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_auto_install.py +++ /dev/null @@ -1,175 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_auto_install -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_auto_install.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_auto_install_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_auto_install': { - 'auto_install_config': 'enable', - 'auto_install_image': 'enable', - 'default_config_file': 'test_value_5', - 'default_image_file': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_auto_install.fortios_system(input_data, fos_instance) - - expected_data = { - 'auto-install-config': 'enable', - 'auto-install-image': 'enable', - 'default-config-file': 'test_value_5', - 'default-image-file': 'test_value_6' - } - - set_method_mock.assert_called_with('system', 'auto-install', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_auto_install_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_auto_install': { - 'auto_install_config': 'enable', - 'auto_install_image': 'enable', - 'default_config_file': 'test_value_5', - 'default_image_file': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_auto_install.fortios_system(input_data, fos_instance) - - expected_data = { - 'auto-install-config': 'enable', - 'auto-install-image': 'enable', - 'default-config-file': 'test_value_5', - 'default-image-file': 'test_value_6' - } - - set_method_mock.assert_called_with('system', 'auto-install', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_auto_install_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_auto_install': { - 'auto_install_config': 'enable', - 'auto_install_image': 'enable', - 'default_config_file': 'test_value_5', - 'default_image_file': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_auto_install.fortios_system(input_data, fos_instance) - - expected_data = { - 'auto-install-config': 'enable', - 'auto-install-image': 'enable', - 'default-config-file': 'test_value_5', - 'default-image-file': 'test_value_6' - } - - set_method_mock.assert_called_with('system', 'auto-install', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_auto_install_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_auto_install': { - 'random_attribute_not_valid': 'tag', - 'auto_install_config': 'enable', - 'auto_install_image': 'enable', - 'default_config_file': 'test_value_5', - 'default_image_file': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_auto_install.fortios_system(input_data, fos_instance) - - expected_data = { - 'auto-install-config': 'enable', - 'auto-install-image': 'enable', - 'default-config-file': 'test_value_5', - 'default-image-file': 'test_value_6' - } - - set_method_mock.assert_called_with('system', 'auto-install', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_auto_script.py b/test/units/modules/network/fortios/test_fortios_system_auto_script.py deleted file mode 100644 index aa49d260756..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_auto_script.py +++ /dev/null @@ -1,249 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_auto_script -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_auto_script.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_auto_script_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_auto_script': { - 'interval': '3', - 'name': 'default_name_4', - 'output_size': '5', - 'repeat': '6', - 'script': 'test_value_7', - 'start': 'manual' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_auto_script.fortios_system(input_data, fos_instance) - - expected_data = { - 'interval': '3', - 'name': 'default_name_4', - 'output-size': '5', - 'repeat': '6', - 'script': 'test_value_7', - 'start': 'manual' - } - - set_method_mock.assert_called_with('system', 'auto-script', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_auto_script_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_auto_script': { - 'interval': '3', - 'name': 'default_name_4', - 'output_size': '5', - 'repeat': '6', - 'script': 'test_value_7', - 'start': 'manual' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_auto_script.fortios_system(input_data, fos_instance) - - expected_data = { - 'interval': '3', - 'name': 'default_name_4', - 'output-size': '5', - 'repeat': '6', - 'script': 'test_value_7', - 'start': 'manual' - } - - set_method_mock.assert_called_with('system', 'auto-script', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_auto_script_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_auto_script': { - 'interval': '3', - 'name': 'default_name_4', - 'output_size': '5', - 'repeat': '6', - 'script': 'test_value_7', - 'start': 'manual' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_auto_script.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'auto-script', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_auto_script_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_auto_script': { - 'interval': '3', - 'name': 'default_name_4', - 'output_size': '5', - 'repeat': '6', - 'script': 'test_value_7', - 'start': 'manual' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_auto_script.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'auto-script', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_auto_script_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_auto_script': { - 'interval': '3', - 'name': 'default_name_4', - 'output_size': '5', - 'repeat': '6', - 'script': 'test_value_7', - 'start': 'manual' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_auto_script.fortios_system(input_data, fos_instance) - - expected_data = { - 'interval': '3', - 'name': 'default_name_4', - 'output-size': '5', - 'repeat': '6', - 'script': 'test_value_7', - 'start': 'manual' - } - - set_method_mock.assert_called_with('system', 'auto-script', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_auto_script_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_auto_script': { - 'random_attribute_not_valid': 'tag', - 'interval': '3', - 'name': 'default_name_4', - 'output_size': '5', - 'repeat': '6', - 'script': 'test_value_7', - 'start': 'manual' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_auto_script.fortios_system(input_data, fos_instance) - - expected_data = { - 'interval': '3', - 'name': 'default_name_4', - 'output-size': '5', - 'repeat': '6', - 'script': 'test_value_7', - 'start': 'manual' - } - - set_method_mock.assert_called_with('system', 'auto-script', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_automation_action.py b/test/units/modules/network/fortios/test_fortios_system_automation_action.py deleted file mode 100644 index 3edb76f7178..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_automation_action.py +++ /dev/null @@ -1,359 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_automation_action -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_automation_action.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_automation_action_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_automation_action': { - 'action_type': 'email', - 'aws_api_id': 'test_value_4', - 'aws_api_key': 'test_value_5', - 'aws_api_path': 'test_value_6', - 'aws_api_stage': 'test_value_7', - 'aws_domain': 'test_value_8', - 'aws_region': 'test_value_9', - 'delay': '10', - 'email_subject': 'test_value_11', - 'http_body': 'test_value_12', - 'method': 'post', - 'minimum_interval': '14', - 'name': 'default_name_15', - 'port': '16', - 'protocol': 'http', - 'required': 'enable', - 'uri': 'test_value_19' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_automation_action.fortios_system(input_data, fos_instance) - - expected_data = { - 'action-type': 'email', - 'aws-api-id': 'test_value_4', - 'aws-api-key': 'test_value_5', - 'aws-api-path': 'test_value_6', - 'aws-api-stage': 'test_value_7', - 'aws-domain': 'test_value_8', - 'aws-region': 'test_value_9', - 'delay': '10', - 'email-subject': 'test_value_11', - 'http-body': 'test_value_12', - 'method': 'post', - 'minimum-interval': '14', - 'name': 'default_name_15', - 'port': '16', - 'protocol': 'http', - 'required': 'enable', - 'uri': 'test_value_19' - } - - set_method_mock.assert_called_with('system', 'automation-action', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_automation_action_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_automation_action': { - 'action_type': 'email', - 'aws_api_id': 'test_value_4', - 'aws_api_key': 'test_value_5', - 'aws_api_path': 'test_value_6', - 'aws_api_stage': 'test_value_7', - 'aws_domain': 'test_value_8', - 'aws_region': 'test_value_9', - 'delay': '10', - 'email_subject': 'test_value_11', - 'http_body': 'test_value_12', - 'method': 'post', - 'minimum_interval': '14', - 'name': 'default_name_15', - 'port': '16', - 'protocol': 'http', - 'required': 'enable', - 'uri': 'test_value_19' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_automation_action.fortios_system(input_data, fos_instance) - - expected_data = { - 'action-type': 'email', - 'aws-api-id': 'test_value_4', - 'aws-api-key': 'test_value_5', - 'aws-api-path': 'test_value_6', - 'aws-api-stage': 'test_value_7', - 'aws-domain': 'test_value_8', - 'aws-region': 'test_value_9', - 'delay': '10', - 'email-subject': 'test_value_11', - 'http-body': 'test_value_12', - 'method': 'post', - 'minimum-interval': '14', - 'name': 'default_name_15', - 'port': '16', - 'protocol': 'http', - 'required': 'enable', - 'uri': 'test_value_19' - } - - set_method_mock.assert_called_with('system', 'automation-action', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_automation_action_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_automation_action': { - 'action_type': 'email', - 'aws_api_id': 'test_value_4', - 'aws_api_key': 'test_value_5', - 'aws_api_path': 'test_value_6', - 'aws_api_stage': 'test_value_7', - 'aws_domain': 'test_value_8', - 'aws_region': 'test_value_9', - 'delay': '10', - 'email_subject': 'test_value_11', - 'http_body': 'test_value_12', - 'method': 'post', - 'minimum_interval': '14', - 'name': 'default_name_15', - 'port': '16', - 'protocol': 'http', - 'required': 'enable', - 'uri': 'test_value_19' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_automation_action.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'automation-action', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_automation_action_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_automation_action': { - 'action_type': 'email', - 'aws_api_id': 'test_value_4', - 'aws_api_key': 'test_value_5', - 'aws_api_path': 'test_value_6', - 'aws_api_stage': 'test_value_7', - 'aws_domain': 'test_value_8', - 'aws_region': 'test_value_9', - 'delay': '10', - 'email_subject': 'test_value_11', - 'http_body': 'test_value_12', - 'method': 'post', - 'minimum_interval': '14', - 'name': 'default_name_15', - 'port': '16', - 'protocol': 'http', - 'required': 'enable', - 'uri': 'test_value_19' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_automation_action.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'automation-action', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_automation_action_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_automation_action': { - 'action_type': 'email', - 'aws_api_id': 'test_value_4', - 'aws_api_key': 'test_value_5', - 'aws_api_path': 'test_value_6', - 'aws_api_stage': 'test_value_7', - 'aws_domain': 'test_value_8', - 'aws_region': 'test_value_9', - 'delay': '10', - 'email_subject': 'test_value_11', - 'http_body': 'test_value_12', - 'method': 'post', - 'minimum_interval': '14', - 'name': 'default_name_15', - 'port': '16', - 'protocol': 'http', - 'required': 'enable', - 'uri': 'test_value_19' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_automation_action.fortios_system(input_data, fos_instance) - - expected_data = { - 'action-type': 'email', - 'aws-api-id': 'test_value_4', - 'aws-api-key': 'test_value_5', - 'aws-api-path': 'test_value_6', - 'aws-api-stage': 'test_value_7', - 'aws-domain': 'test_value_8', - 'aws-region': 'test_value_9', - 'delay': '10', - 'email-subject': 'test_value_11', - 'http-body': 'test_value_12', - 'method': 'post', - 'minimum-interval': '14', - 'name': 'default_name_15', - 'port': '16', - 'protocol': 'http', - 'required': 'enable', - 'uri': 'test_value_19' - } - - set_method_mock.assert_called_with('system', 'automation-action', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_automation_action_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_automation_action': { - 'random_attribute_not_valid': 'tag', - 'action_type': 'email', - 'aws_api_id': 'test_value_4', - 'aws_api_key': 'test_value_5', - 'aws_api_path': 'test_value_6', - 'aws_api_stage': 'test_value_7', - 'aws_domain': 'test_value_8', - 'aws_region': 'test_value_9', - 'delay': '10', - 'email_subject': 'test_value_11', - 'http_body': 'test_value_12', - 'method': 'post', - 'minimum_interval': '14', - 'name': 'default_name_15', - 'port': '16', - 'protocol': 'http', - 'required': 'enable', - 'uri': 'test_value_19' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_automation_action.fortios_system(input_data, fos_instance) - - expected_data = { - 'action-type': 'email', - 'aws-api-id': 'test_value_4', - 'aws-api-key': 'test_value_5', - 'aws-api-path': 'test_value_6', - 'aws-api-stage': 'test_value_7', - 'aws-domain': 'test_value_8', - 'aws-region': 'test_value_9', - 'delay': '10', - 'email-subject': 'test_value_11', - 'http-body': 'test_value_12', - 'method': 'post', - 'minimum-interval': '14', - 'name': 'default_name_15', - 'port': '16', - 'protocol': 'http', - 'required': 'enable', - 'uri': 'test_value_19' - } - - set_method_mock.assert_called_with('system', 'automation-action', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_automation_destination.py b/test/units/modules/network/fortios/test_fortios_system_automation_destination.py deleted file mode 100644 index 77277d71c7f..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_automation_destination.py +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_automation_destination -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_automation_destination.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_automation_destination_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_automation_destination': {'ha_group_id': '3', - 'name': 'default_name_4', - 'type': 'fortigate' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_automation_destination.fortios_system(input_data, fos_instance) - - expected_data = {'ha-group-id': '3', - 'name': 'default_name_4', - 'type': 'fortigate' - } - - set_method_mock.assert_called_with('system', 'automation-destination', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_automation_destination_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_automation_destination': {'ha_group_id': '3', - 'name': 'default_name_4', - 'type': 'fortigate' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_automation_destination.fortios_system(input_data, fos_instance) - - expected_data = {'ha-group-id': '3', - 'name': 'default_name_4', - 'type': 'fortigate' - } - - set_method_mock.assert_called_with('system', 'automation-destination', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_automation_destination_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_automation_destination': {'ha_group_id': '3', - 'name': 'default_name_4', - 'type': 'fortigate' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_automation_destination.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'automation-destination', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_automation_destination_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_automation_destination': {'ha_group_id': '3', - 'name': 'default_name_4', - 'type': 'fortigate' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_automation_destination.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'automation-destination', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_automation_destination_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_automation_destination': {'ha_group_id': '3', - 'name': 'default_name_4', - 'type': 'fortigate' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_automation_destination.fortios_system(input_data, fos_instance) - - expected_data = {'ha-group-id': '3', - 'name': 'default_name_4', - 'type': 'fortigate' - } - - set_method_mock.assert_called_with('system', 'automation-destination', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_automation_destination_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_automation_destination': { - 'random_attribute_not_valid': 'tag', 'ha_group_id': '3', - 'name': 'default_name_4', - 'type': 'fortigate' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_automation_destination.fortios_system(input_data, fos_instance) - - expected_data = {'ha-group-id': '3', - 'name': 'default_name_4', - 'type': 'fortigate' - } - - set_method_mock.assert_called_with('system', 'automation-destination', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_automation_stitch.py b/test/units/modules/network/fortios/test_fortios_system_automation_stitch.py deleted file mode 100644 index 9de0e563eae..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_automation_stitch.py +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_automation_stitch -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_automation_stitch.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_automation_stitch_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_automation_stitch': {'name': 'default_name_3', - 'status': 'enable', - 'trigger': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_automation_stitch.fortios_system(input_data, fos_instance) - - expected_data = {'name': 'default_name_3', - 'status': 'enable', - 'trigger': 'test_value_5' - } - - set_method_mock.assert_called_with('system', 'automation-stitch', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_automation_stitch_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_automation_stitch': {'name': 'default_name_3', - 'status': 'enable', - 'trigger': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_automation_stitch.fortios_system(input_data, fos_instance) - - expected_data = {'name': 'default_name_3', - 'status': 'enable', - 'trigger': 'test_value_5' - } - - set_method_mock.assert_called_with('system', 'automation-stitch', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_automation_stitch_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_automation_stitch': {'name': 'default_name_3', - 'status': 'enable', - 'trigger': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_automation_stitch.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'automation-stitch', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_automation_stitch_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_automation_stitch': {'name': 'default_name_3', - 'status': 'enable', - 'trigger': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_automation_stitch.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'automation-stitch', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_automation_stitch_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_automation_stitch': {'name': 'default_name_3', - 'status': 'enable', - 'trigger': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_automation_stitch.fortios_system(input_data, fos_instance) - - expected_data = {'name': 'default_name_3', - 'status': 'enable', - 'trigger': 'test_value_5' - } - - set_method_mock.assert_called_with('system', 'automation-stitch', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_automation_stitch_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_automation_stitch': { - 'random_attribute_not_valid': 'tag', 'name': 'default_name_3', - 'status': 'enable', - 'trigger': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_automation_stitch.fortios_system(input_data, fos_instance) - - expected_data = {'name': 'default_name_3', - 'status': 'enable', - 'trigger': 'test_value_5' - } - - set_method_mock.assert_called_with('system', 'automation-stitch', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_automation_trigger.py b/test/units/modules/network/fortios/test_fortios_system_automation_trigger.py deleted file mode 100644 index 18e3c6f0510..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_automation_trigger.py +++ /dev/null @@ -1,299 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_automation_trigger -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_automation_trigger.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_automation_trigger_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_automation_trigger': { - 'event_type': 'ioc', - 'ioc_level': 'medium', - 'license_type': 'forticare-support', - 'logid': '6', - 'name': 'default_name_7', - 'trigger_day': '8', - 'trigger_frequency': 'hourly', - 'trigger_hour': '10', - 'trigger_minute': '11', - 'trigger_type': 'event-based', - 'trigger_weekday': 'sunday' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_automation_trigger.fortios_system(input_data, fos_instance) - - expected_data = { - 'event-type': 'ioc', - 'ioc-level': 'medium', - 'license-type': 'forticare-support', - 'logid': '6', - 'name': 'default_name_7', - 'trigger-day': '8', - 'trigger-frequency': 'hourly', - 'trigger-hour': '10', - 'trigger-minute': '11', - 'trigger-type': 'event-based', - 'trigger-weekday': 'sunday' - } - - set_method_mock.assert_called_with('system', 'automation-trigger', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_automation_trigger_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_automation_trigger': { - 'event_type': 'ioc', - 'ioc_level': 'medium', - 'license_type': 'forticare-support', - 'logid': '6', - 'name': 'default_name_7', - 'trigger_day': '8', - 'trigger_frequency': 'hourly', - 'trigger_hour': '10', - 'trigger_minute': '11', - 'trigger_type': 'event-based', - 'trigger_weekday': 'sunday' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_automation_trigger.fortios_system(input_data, fos_instance) - - expected_data = { - 'event-type': 'ioc', - 'ioc-level': 'medium', - 'license-type': 'forticare-support', - 'logid': '6', - 'name': 'default_name_7', - 'trigger-day': '8', - 'trigger-frequency': 'hourly', - 'trigger-hour': '10', - 'trigger-minute': '11', - 'trigger-type': 'event-based', - 'trigger-weekday': 'sunday' - } - - set_method_mock.assert_called_with('system', 'automation-trigger', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_automation_trigger_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_automation_trigger': { - 'event_type': 'ioc', - 'ioc_level': 'medium', - 'license_type': 'forticare-support', - 'logid': '6', - 'name': 'default_name_7', - 'trigger_day': '8', - 'trigger_frequency': 'hourly', - 'trigger_hour': '10', - 'trigger_minute': '11', - 'trigger_type': 'event-based', - 'trigger_weekday': 'sunday' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_automation_trigger.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'automation-trigger', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_automation_trigger_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_automation_trigger': { - 'event_type': 'ioc', - 'ioc_level': 'medium', - 'license_type': 'forticare-support', - 'logid': '6', - 'name': 'default_name_7', - 'trigger_day': '8', - 'trigger_frequency': 'hourly', - 'trigger_hour': '10', - 'trigger_minute': '11', - 'trigger_type': 'event-based', - 'trigger_weekday': 'sunday' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_automation_trigger.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'automation-trigger', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_automation_trigger_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_automation_trigger': { - 'event_type': 'ioc', - 'ioc_level': 'medium', - 'license_type': 'forticare-support', - 'logid': '6', - 'name': 'default_name_7', - 'trigger_day': '8', - 'trigger_frequency': 'hourly', - 'trigger_hour': '10', - 'trigger_minute': '11', - 'trigger_type': 'event-based', - 'trigger_weekday': 'sunday' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_automation_trigger.fortios_system(input_data, fos_instance) - - expected_data = { - 'event-type': 'ioc', - 'ioc-level': 'medium', - 'license-type': 'forticare-support', - 'logid': '6', - 'name': 'default_name_7', - 'trigger-day': '8', - 'trigger-frequency': 'hourly', - 'trigger-hour': '10', - 'trigger-minute': '11', - 'trigger-type': 'event-based', - 'trigger-weekday': 'sunday' - } - - set_method_mock.assert_called_with('system', 'automation-trigger', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_automation_trigger_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_automation_trigger': { - 'random_attribute_not_valid': 'tag', - 'event_type': 'ioc', - 'ioc_level': 'medium', - 'license_type': 'forticare-support', - 'logid': '6', - 'name': 'default_name_7', - 'trigger_day': '8', - 'trigger_frequency': 'hourly', - 'trigger_hour': '10', - 'trigger_minute': '11', - 'trigger_type': 'event-based', - 'trigger_weekday': 'sunday' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_automation_trigger.fortios_system(input_data, fos_instance) - - expected_data = { - 'event-type': 'ioc', - 'ioc-level': 'medium', - 'license-type': 'forticare-support', - 'logid': '6', - 'name': 'default_name_7', - 'trigger-day': '8', - 'trigger-frequency': 'hourly', - 'trigger-hour': '10', - 'trigger-minute': '11', - 'trigger-type': 'event-based', - 'trigger-weekday': 'sunday' - } - - set_method_mock.assert_called_with('system', 'automation-trigger', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_autoupdate_push_update.py b/test/units/modules/network/fortios/test_fortios_system_autoupdate_push_update.py deleted file mode 100644 index 8ba937751cb..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_autoupdate_push_update.py +++ /dev/null @@ -1,175 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_autoupdate_push_update -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_autoupdate_push_update.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_autoupdate_push_update_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_autoupdate_push_update': { - 'address': 'test_value_3', - 'override': 'enable', - 'port': '5', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_autoupdate_push_update.fortios_system_autoupdate(input_data, fos_instance) - - expected_data = { - 'address': 'test_value_3', - 'override': 'enable', - 'port': '5', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system.autoupdate', 'push-update', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_autoupdate_push_update_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_autoupdate_push_update': { - 'address': 'test_value_3', - 'override': 'enable', - 'port': '5', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_autoupdate_push_update.fortios_system_autoupdate(input_data, fos_instance) - - expected_data = { - 'address': 'test_value_3', - 'override': 'enable', - 'port': '5', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system.autoupdate', 'push-update', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_autoupdate_push_update_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_autoupdate_push_update': { - 'address': 'test_value_3', - 'override': 'enable', - 'port': '5', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_autoupdate_push_update.fortios_system_autoupdate(input_data, fos_instance) - - expected_data = { - 'address': 'test_value_3', - 'override': 'enable', - 'port': '5', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system.autoupdate', 'push-update', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_autoupdate_push_update_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_autoupdate_push_update': { - 'random_attribute_not_valid': 'tag', - 'address': 'test_value_3', - 'override': 'enable', - 'port': '5', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_autoupdate_push_update.fortios_system_autoupdate(input_data, fos_instance) - - expected_data = { - 'address': 'test_value_3', - 'override': 'enable', - 'port': '5', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system.autoupdate', 'push-update', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_autoupdate_schedule.py b/test/units/modules/network/fortios/test_fortios_system_autoupdate_schedule.py deleted file mode 100644 index c15e17c61c5..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_autoupdate_schedule.py +++ /dev/null @@ -1,175 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_autoupdate_schedule -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_autoupdate_schedule.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_autoupdate_schedule_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_autoupdate_schedule': { - 'day': 'Sunday', - 'frequency': 'every', - 'status': 'enable', - 'time': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_autoupdate_schedule.fortios_system_autoupdate(input_data, fos_instance) - - expected_data = { - 'day': 'Sunday', - 'frequency': 'every', - 'status': 'enable', - 'time': 'test_value_6' - } - - set_method_mock.assert_called_with('system.autoupdate', 'schedule', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_autoupdate_schedule_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_autoupdate_schedule': { - 'day': 'Sunday', - 'frequency': 'every', - 'status': 'enable', - 'time': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_autoupdate_schedule.fortios_system_autoupdate(input_data, fos_instance) - - expected_data = { - 'day': 'Sunday', - 'frequency': 'every', - 'status': 'enable', - 'time': 'test_value_6' - } - - set_method_mock.assert_called_with('system.autoupdate', 'schedule', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_autoupdate_schedule_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_autoupdate_schedule': { - 'day': 'Sunday', - 'frequency': 'every', - 'status': 'enable', - 'time': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_autoupdate_schedule.fortios_system_autoupdate(input_data, fos_instance) - - expected_data = { - 'day': 'Sunday', - 'frequency': 'every', - 'status': 'enable', - 'time': 'test_value_6' - } - - set_method_mock.assert_called_with('system.autoupdate', 'schedule', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_autoupdate_schedule_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_autoupdate_schedule': { - 'random_attribute_not_valid': 'tag', - 'day': 'Sunday', - 'frequency': 'every', - 'status': 'enable', - 'time': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_autoupdate_schedule.fortios_system_autoupdate(input_data, fos_instance) - - expected_data = { - 'day': 'Sunday', - 'frequency': 'every', - 'status': 'enable', - 'time': 'test_value_6' - } - - set_method_mock.assert_called_with('system.autoupdate', 'schedule', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_autoupdate_tunneling.py b/test/units/modules/network/fortios/test_fortios_system_autoupdate_tunneling.py deleted file mode 100644 index 442f3061f5c..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_autoupdate_tunneling.py +++ /dev/null @@ -1,183 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_autoupdate_tunneling -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_autoupdate_tunneling.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_autoupdate_tunneling_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_autoupdate_tunneling': { - 'address': 'test_value_3', - 'password': 'test_value_4', - 'port': '5', - 'status': 'enable', - 'username': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_autoupdate_tunneling.fortios_system_autoupdate(input_data, fos_instance) - - expected_data = { - 'address': 'test_value_3', - 'password': 'test_value_4', - 'port': '5', - 'status': 'enable', - 'username': 'test_value_7' - } - - set_method_mock.assert_called_with('system.autoupdate', 'tunneling', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_autoupdate_tunneling_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_autoupdate_tunneling': { - 'address': 'test_value_3', - 'password': 'test_value_4', - 'port': '5', - 'status': 'enable', - 'username': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_autoupdate_tunneling.fortios_system_autoupdate(input_data, fos_instance) - - expected_data = { - 'address': 'test_value_3', - 'password': 'test_value_4', - 'port': '5', - 'status': 'enable', - 'username': 'test_value_7' - } - - set_method_mock.assert_called_with('system.autoupdate', 'tunneling', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_autoupdate_tunneling_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_autoupdate_tunneling': { - 'address': 'test_value_3', - 'password': 'test_value_4', - 'port': '5', - 'status': 'enable', - 'username': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_autoupdate_tunneling.fortios_system_autoupdate(input_data, fos_instance) - - expected_data = { - 'address': 'test_value_3', - 'password': 'test_value_4', - 'port': '5', - 'status': 'enable', - 'username': 'test_value_7' - } - - set_method_mock.assert_called_with('system.autoupdate', 'tunneling', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_autoupdate_tunneling_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_autoupdate_tunneling': { - 'random_attribute_not_valid': 'tag', - 'address': 'test_value_3', - 'password': 'test_value_4', - 'port': '5', - 'status': 'enable', - 'username': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_autoupdate_tunneling.fortios_system_autoupdate(input_data, fos_instance) - - expected_data = { - 'address': 'test_value_3', - 'password': 'test_value_4', - 'port': '5', - 'status': 'enable', - 'username': 'test_value_7' - } - - set_method_mock.assert_called_with('system.autoupdate', 'tunneling', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_central_management.py b/test/units/modules/network/fortios/test_fortios_system_central_management.py deleted file mode 100644 index 149effdc6d9..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_central_management.py +++ /dev/null @@ -1,263 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_central_management -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_central_management.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_central_management_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_central_management': { - 'allow_monitor': 'enable', - 'allow_push_configuration': 'enable', - 'allow_push_firmware': 'enable', - 'allow_remote_firmware_upgrade': 'enable', - 'enc_algorithm': 'default', - 'fmg': 'test_value_8', - 'fmg_source_ip': 'test_value_9', - 'fmg_source_ip6': 'test_value_10', - 'include_default_servers': 'enable', - 'mode': 'normal', - 'schedule_config_restore': 'enable', - 'schedule_script_restore': 'enable', - 'serial_number': 'test_value_15', - 'type': 'fortimanager', - 'vdom': 'test_value_17' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_central_management.fortios_system(input_data, fos_instance) - - expected_data = { - 'allow-monitor': 'enable', - 'allow-push-configuration': 'enable', - 'allow-push-firmware': 'enable', - 'allow-remote-firmware-upgrade': 'enable', - 'enc-algorithm': 'default', - 'fmg': 'test_value_8', - 'fmg-source-ip': 'test_value_9', - 'fmg-source-ip6': 'test_value_10', - 'include-default-servers': 'enable', - 'mode': 'normal', - 'schedule-config-restore': 'enable', - 'schedule-script-restore': 'enable', - 'serial-number': 'test_value_15', - 'type': 'fortimanager', - 'vdom': 'test_value_17' - } - - set_method_mock.assert_called_with('system', 'central-management', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_central_management_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_central_management': { - 'allow_monitor': 'enable', - 'allow_push_configuration': 'enable', - 'allow_push_firmware': 'enable', - 'allow_remote_firmware_upgrade': 'enable', - 'enc_algorithm': 'default', - 'fmg': 'test_value_8', - 'fmg_source_ip': 'test_value_9', - 'fmg_source_ip6': 'test_value_10', - 'include_default_servers': 'enable', - 'mode': 'normal', - 'schedule_config_restore': 'enable', - 'schedule_script_restore': 'enable', - 'serial_number': 'test_value_15', - 'type': 'fortimanager', - 'vdom': 'test_value_17' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_central_management.fortios_system(input_data, fos_instance) - - expected_data = { - 'allow-monitor': 'enable', - 'allow-push-configuration': 'enable', - 'allow-push-firmware': 'enable', - 'allow-remote-firmware-upgrade': 'enable', - 'enc-algorithm': 'default', - 'fmg': 'test_value_8', - 'fmg-source-ip': 'test_value_9', - 'fmg-source-ip6': 'test_value_10', - 'include-default-servers': 'enable', - 'mode': 'normal', - 'schedule-config-restore': 'enable', - 'schedule-script-restore': 'enable', - 'serial-number': 'test_value_15', - 'type': 'fortimanager', - 'vdom': 'test_value_17' - } - - set_method_mock.assert_called_with('system', 'central-management', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_central_management_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_central_management': { - 'allow_monitor': 'enable', - 'allow_push_configuration': 'enable', - 'allow_push_firmware': 'enable', - 'allow_remote_firmware_upgrade': 'enable', - 'enc_algorithm': 'default', - 'fmg': 'test_value_8', - 'fmg_source_ip': 'test_value_9', - 'fmg_source_ip6': 'test_value_10', - 'include_default_servers': 'enable', - 'mode': 'normal', - 'schedule_config_restore': 'enable', - 'schedule_script_restore': 'enable', - 'serial_number': 'test_value_15', - 'type': 'fortimanager', - 'vdom': 'test_value_17' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_central_management.fortios_system(input_data, fos_instance) - - expected_data = { - 'allow-monitor': 'enable', - 'allow-push-configuration': 'enable', - 'allow-push-firmware': 'enable', - 'allow-remote-firmware-upgrade': 'enable', - 'enc-algorithm': 'default', - 'fmg': 'test_value_8', - 'fmg-source-ip': 'test_value_9', - 'fmg-source-ip6': 'test_value_10', - 'include-default-servers': 'enable', - 'mode': 'normal', - 'schedule-config-restore': 'enable', - 'schedule-script-restore': 'enable', - 'serial-number': 'test_value_15', - 'type': 'fortimanager', - 'vdom': 'test_value_17' - } - - set_method_mock.assert_called_with('system', 'central-management', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_central_management_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_central_management': { - 'random_attribute_not_valid': 'tag', - 'allow_monitor': 'enable', - 'allow_push_configuration': 'enable', - 'allow_push_firmware': 'enable', - 'allow_remote_firmware_upgrade': 'enable', - 'enc_algorithm': 'default', - 'fmg': 'test_value_8', - 'fmg_source_ip': 'test_value_9', - 'fmg_source_ip6': 'test_value_10', - 'include_default_servers': 'enable', - 'mode': 'normal', - 'schedule_config_restore': 'enable', - 'schedule_script_restore': 'enable', - 'serial_number': 'test_value_15', - 'type': 'fortimanager', - 'vdom': 'test_value_17' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_central_management.fortios_system(input_data, fos_instance) - - expected_data = { - 'allow-monitor': 'enable', - 'allow-push-configuration': 'enable', - 'allow-push-firmware': 'enable', - 'allow-remote-firmware-upgrade': 'enable', - 'enc-algorithm': 'default', - 'fmg': 'test_value_8', - 'fmg-source-ip': 'test_value_9', - 'fmg-source-ip6': 'test_value_10', - 'include-default-servers': 'enable', - 'mode': 'normal', - 'schedule-config-restore': 'enable', - 'schedule-script-restore': 'enable', - 'serial-number': 'test_value_15', - 'type': 'fortimanager', - 'vdom': 'test_value_17' - } - - set_method_mock.assert_called_with('system', 'central-management', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_cluster_sync.py b/test/units/modules/network/fortios/test_fortios_system_cluster_sync.py deleted file mode 100644 index 346626d60a8..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_cluster_sync.py +++ /dev/null @@ -1,249 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_cluster_sync -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_cluster_sync.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_cluster_sync_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_cluster_sync': {'hb_interval': '3', - 'hb_lost_threshold': '4', - 'peerip': 'test_value_5', - 'peervd': 'test_value_6', - 'slave_add_ike_routes': 'enable', - 'sync_id': '8', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_cluster_sync.fortios_system(input_data, fos_instance) - - expected_data = {'hb-interval': '3', - 'hb-lost-threshold': '4', - 'peerip': 'test_value_5', - 'peervd': 'test_value_6', - 'slave-add-ike-routes': 'enable', - 'sync-id': '8', - - } - - set_method_mock.assert_called_with('system', 'cluster-sync', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_cluster_sync_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_cluster_sync': {'hb_interval': '3', - 'hb_lost_threshold': '4', - 'peerip': 'test_value_5', - 'peervd': 'test_value_6', - 'slave_add_ike_routes': 'enable', - 'sync_id': '8', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_cluster_sync.fortios_system(input_data, fos_instance) - - expected_data = {'hb-interval': '3', - 'hb-lost-threshold': '4', - 'peerip': 'test_value_5', - 'peervd': 'test_value_6', - 'slave-add-ike-routes': 'enable', - 'sync-id': '8', - - } - - set_method_mock.assert_called_with('system', 'cluster-sync', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_cluster_sync_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_cluster_sync': {'hb_interval': '3', - 'hb_lost_threshold': '4', - 'peerip': 'test_value_5', - 'peervd': 'test_value_6', - 'slave_add_ike_routes': 'enable', - 'sync_id': '8', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_cluster_sync.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'cluster-sync', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_cluster_sync_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_cluster_sync': {'hb_interval': '3', - 'hb_lost_threshold': '4', - 'peerip': 'test_value_5', - 'peervd': 'test_value_6', - 'slave_add_ike_routes': 'enable', - 'sync_id': '8', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_cluster_sync.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'cluster-sync', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_cluster_sync_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_cluster_sync': {'hb_interval': '3', - 'hb_lost_threshold': '4', - 'peerip': 'test_value_5', - 'peervd': 'test_value_6', - 'slave_add_ike_routes': 'enable', - 'sync_id': '8', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_cluster_sync.fortios_system(input_data, fos_instance) - - expected_data = {'hb-interval': '3', - 'hb-lost-threshold': '4', - 'peerip': 'test_value_5', - 'peervd': 'test_value_6', - 'slave-add-ike-routes': 'enable', - 'sync-id': '8', - - } - - set_method_mock.assert_called_with('system', 'cluster-sync', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_cluster_sync_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_cluster_sync': { - 'random_attribute_not_valid': 'tag', 'hb_interval': '3', - 'hb_lost_threshold': '4', - 'peerip': 'test_value_5', - 'peervd': 'test_value_6', - 'slave_add_ike_routes': 'enable', - 'sync_id': '8', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_cluster_sync.fortios_system(input_data, fos_instance) - - expected_data = {'hb-interval': '3', - 'hb-lost-threshold': '4', - 'peerip': 'test_value_5', - 'peervd': 'test_value_6', - 'slave-add-ike-routes': 'enable', - 'sync-id': '8', - - } - - set_method_mock.assert_called_with('system', 'cluster-sync', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_console.py b/test/units/modules/network/fortios/test_fortios_system_console.py deleted file mode 100644 index 01aa49e6700..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_console.py +++ /dev/null @@ -1,175 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_console -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_console.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_console_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_console': { - 'baudrate': '9600', - 'login': 'enable', - 'mode': 'batch', - 'output': 'standard' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_console.fortios_system(input_data, fos_instance) - - expected_data = { - 'baudrate': '9600', - 'login': 'enable', - 'mode': 'batch', - 'output': 'standard' - } - - set_method_mock.assert_called_with('system', 'console', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_console_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_console': { - 'baudrate': '9600', - 'login': 'enable', - 'mode': 'batch', - 'output': 'standard' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_console.fortios_system(input_data, fos_instance) - - expected_data = { - 'baudrate': '9600', - 'login': 'enable', - 'mode': 'batch', - 'output': 'standard' - } - - set_method_mock.assert_called_with('system', 'console', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_console_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_console': { - 'baudrate': '9600', - 'login': 'enable', - 'mode': 'batch', - 'output': 'standard' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_console.fortios_system(input_data, fos_instance) - - expected_data = { - 'baudrate': '9600', - 'login': 'enable', - 'mode': 'batch', - 'output': 'standard' - } - - set_method_mock.assert_called_with('system', 'console', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_console_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_console': { - 'random_attribute_not_valid': 'tag', - 'baudrate': '9600', - 'login': 'enable', - 'mode': 'batch', - 'output': 'standard' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_console.fortios_system(input_data, fos_instance) - - expected_data = { - 'baudrate': '9600', - 'login': 'enable', - 'mode': 'batch', - 'output': 'standard' - } - - set_method_mock.assert_called_with('system', 'console', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_csf.py b/test/units/modules/network/fortios/test_fortios_system_csf.py deleted file mode 100644 index 00529667585..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_csf.py +++ /dev/null @@ -1,215 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_csf -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_csf.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_csf_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_csf': { - 'configuration_sync': 'default', - 'fixed_key': 'test_value_4', - 'group_name': 'test_value_5', - 'group_password': 'test_value_6', - 'management_ip': 'test_value_7', - 'management_port': '8', - 'status': 'enable', - 'upstream_ip': 'test_value_10', - 'upstream_port': '11' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_csf.fortios_system(input_data, fos_instance) - - expected_data = { - 'configuration-sync': 'default', - 'fixed-key': 'test_value_4', - 'group-name': 'test_value_5', - 'group-password': 'test_value_6', - 'management-ip': 'test_value_7', - 'management-port': '8', - 'status': 'enable', - 'upstream-ip': 'test_value_10', - 'upstream-port': '11' - } - - set_method_mock.assert_called_with('system', 'csf', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_csf_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_csf': { - 'configuration_sync': 'default', - 'fixed_key': 'test_value_4', - 'group_name': 'test_value_5', - 'group_password': 'test_value_6', - 'management_ip': 'test_value_7', - 'management_port': '8', - 'status': 'enable', - 'upstream_ip': 'test_value_10', - 'upstream_port': '11' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_csf.fortios_system(input_data, fos_instance) - - expected_data = { - 'configuration-sync': 'default', - 'fixed-key': 'test_value_4', - 'group-name': 'test_value_5', - 'group-password': 'test_value_6', - 'management-ip': 'test_value_7', - 'management-port': '8', - 'status': 'enable', - 'upstream-ip': 'test_value_10', - 'upstream-port': '11' - } - - set_method_mock.assert_called_with('system', 'csf', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_csf_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_csf': { - 'configuration_sync': 'default', - 'fixed_key': 'test_value_4', - 'group_name': 'test_value_5', - 'group_password': 'test_value_6', - 'management_ip': 'test_value_7', - 'management_port': '8', - 'status': 'enable', - 'upstream_ip': 'test_value_10', - 'upstream_port': '11' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_csf.fortios_system(input_data, fos_instance) - - expected_data = { - 'configuration-sync': 'default', - 'fixed-key': 'test_value_4', - 'group-name': 'test_value_5', - 'group-password': 'test_value_6', - 'management-ip': 'test_value_7', - 'management-port': '8', - 'status': 'enable', - 'upstream-ip': 'test_value_10', - 'upstream-port': '11' - } - - set_method_mock.assert_called_with('system', 'csf', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_csf_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_csf': { - 'random_attribute_not_valid': 'tag', - 'configuration_sync': 'default', - 'fixed_key': 'test_value_4', - 'group_name': 'test_value_5', - 'group_password': 'test_value_6', - 'management_ip': 'test_value_7', - 'management_port': '8', - 'status': 'enable', - 'upstream_ip': 'test_value_10', - 'upstream_port': '11' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_csf.fortios_system(input_data, fos_instance) - - expected_data = { - 'configuration-sync': 'default', - 'fixed-key': 'test_value_4', - 'group-name': 'test_value_5', - 'group-password': 'test_value_6', - 'management-ip': 'test_value_7', - 'management-port': '8', - 'status': 'enable', - 'upstream-ip': 'test_value_10', - 'upstream-port': '11' - } - - set_method_mock.assert_called_with('system', 'csf', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_custom_language.py b/test/units/modules/network/fortios/test_fortios_system_custom_language.py deleted file mode 100644 index b28d841b1cd..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_custom_language.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_custom_language -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_custom_language.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_custom_language_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_custom_language': { - 'comments': 'test_value_3', - 'filename': 'test_value_4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_custom_language.fortios_system(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'filename': 'test_value_4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('system', 'custom-language', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_custom_language_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_custom_language': { - 'comments': 'test_value_3', - 'filename': 'test_value_4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_custom_language.fortios_system(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'filename': 'test_value_4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('system', 'custom-language', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_custom_language_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_custom_language': { - 'comments': 'test_value_3', - 'filename': 'test_value_4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_custom_language.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'custom-language', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_custom_language_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_custom_language': { - 'comments': 'test_value_3', - 'filename': 'test_value_4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_custom_language.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'custom-language', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_custom_language_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_custom_language': { - 'comments': 'test_value_3', - 'filename': 'test_value_4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_custom_language.fortios_system(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'filename': 'test_value_4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('system', 'custom-language', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_custom_language_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_custom_language': { - 'random_attribute_not_valid': 'tag', - 'comments': 'test_value_3', - 'filename': 'test_value_4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_custom_language.fortios_system(input_data, fos_instance) - - expected_data = { - 'comments': 'test_value_3', - 'filename': 'test_value_4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('system', 'custom-language', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_ddns.py b/test/units/modules/network/fortios/test_fortios_system_ddns.py deleted file mode 100644 index de36ef9af39..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_ddns.py +++ /dev/null @@ -1,359 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_ddns -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_ddns.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_ddns_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ddns': { - 'bound_ip': 'test_value_3', - 'clear_text': 'disable', - 'ddns_auth': 'disable', - 'ddns_domain': 'test_value_6', - 'ddns_key': 'test_value_7', - 'ddns_keyname': 'test_value_8', - 'ddns_password': 'test_value_9', - 'ddns_server': 'dyndns.org', - 'ddns_server_ip': 'test_value_11', - 'ddns_sn': 'test_value_12', - 'ddns_ttl': '13', - 'ddns_username': 'test_value_14', - 'ddns_zone': 'test_value_15', - 'ddnsid': '16', - 'ssl_certificate': 'test_value_17', - 'update_interval': '18', - 'use_public_ip': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ddns.fortios_system(input_data, fos_instance) - - expected_data = { - 'bound-ip': 'test_value_3', - 'clear-text': 'disable', - 'ddns-auth': 'disable', - 'ddns-domain': 'test_value_6', - 'ddns-key': 'test_value_7', - 'ddns-keyname': 'test_value_8', - 'ddns-password': 'test_value_9', - 'ddns-server': 'dyndns.org', - 'ddns-server-ip': 'test_value_11', - 'ddns-sn': 'test_value_12', - 'ddns-ttl': '13', - 'ddns-username': 'test_value_14', - 'ddns-zone': 'test_value_15', - 'ddnsid': '16', - 'ssl-certificate': 'test_value_17', - 'update-interval': '18', - 'use-public-ip': 'disable' - } - - set_method_mock.assert_called_with('system', 'ddns', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_ddns_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ddns': { - 'bound_ip': 'test_value_3', - 'clear_text': 'disable', - 'ddns_auth': 'disable', - 'ddns_domain': 'test_value_6', - 'ddns_key': 'test_value_7', - 'ddns_keyname': 'test_value_8', - 'ddns_password': 'test_value_9', - 'ddns_server': 'dyndns.org', - 'ddns_server_ip': 'test_value_11', - 'ddns_sn': 'test_value_12', - 'ddns_ttl': '13', - 'ddns_username': 'test_value_14', - 'ddns_zone': 'test_value_15', - 'ddnsid': '16', - 'ssl_certificate': 'test_value_17', - 'update_interval': '18', - 'use_public_ip': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ddns.fortios_system(input_data, fos_instance) - - expected_data = { - 'bound-ip': 'test_value_3', - 'clear-text': 'disable', - 'ddns-auth': 'disable', - 'ddns-domain': 'test_value_6', - 'ddns-key': 'test_value_7', - 'ddns-keyname': 'test_value_8', - 'ddns-password': 'test_value_9', - 'ddns-server': 'dyndns.org', - 'ddns-server-ip': 'test_value_11', - 'ddns-sn': 'test_value_12', - 'ddns-ttl': '13', - 'ddns-username': 'test_value_14', - 'ddns-zone': 'test_value_15', - 'ddnsid': '16', - 'ssl-certificate': 'test_value_17', - 'update-interval': '18', - 'use-public-ip': 'disable' - } - - set_method_mock.assert_called_with('system', 'ddns', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_ddns_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_ddns': { - 'bound_ip': 'test_value_3', - 'clear_text': 'disable', - 'ddns_auth': 'disable', - 'ddns_domain': 'test_value_6', - 'ddns_key': 'test_value_7', - 'ddns_keyname': 'test_value_8', - 'ddns_password': 'test_value_9', - 'ddns_server': 'dyndns.org', - 'ddns_server_ip': 'test_value_11', - 'ddns_sn': 'test_value_12', - 'ddns_ttl': '13', - 'ddns_username': 'test_value_14', - 'ddns_zone': 'test_value_15', - 'ddnsid': '16', - 'ssl_certificate': 'test_value_17', - 'update_interval': '18', - 'use_public_ip': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ddns.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'ddns', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_ddns_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_ddns': { - 'bound_ip': 'test_value_3', - 'clear_text': 'disable', - 'ddns_auth': 'disable', - 'ddns_domain': 'test_value_6', - 'ddns_key': 'test_value_7', - 'ddns_keyname': 'test_value_8', - 'ddns_password': 'test_value_9', - 'ddns_server': 'dyndns.org', - 'ddns_server_ip': 'test_value_11', - 'ddns_sn': 'test_value_12', - 'ddns_ttl': '13', - 'ddns_username': 'test_value_14', - 'ddns_zone': 'test_value_15', - 'ddnsid': '16', - 'ssl_certificate': 'test_value_17', - 'update_interval': '18', - 'use_public_ip': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ddns.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'ddns', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_ddns_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ddns': { - 'bound_ip': 'test_value_3', - 'clear_text': 'disable', - 'ddns_auth': 'disable', - 'ddns_domain': 'test_value_6', - 'ddns_key': 'test_value_7', - 'ddns_keyname': 'test_value_8', - 'ddns_password': 'test_value_9', - 'ddns_server': 'dyndns.org', - 'ddns_server_ip': 'test_value_11', - 'ddns_sn': 'test_value_12', - 'ddns_ttl': '13', - 'ddns_username': 'test_value_14', - 'ddns_zone': 'test_value_15', - 'ddnsid': '16', - 'ssl_certificate': 'test_value_17', - 'update_interval': '18', - 'use_public_ip': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ddns.fortios_system(input_data, fos_instance) - - expected_data = { - 'bound-ip': 'test_value_3', - 'clear-text': 'disable', - 'ddns-auth': 'disable', - 'ddns-domain': 'test_value_6', - 'ddns-key': 'test_value_7', - 'ddns-keyname': 'test_value_8', - 'ddns-password': 'test_value_9', - 'ddns-server': 'dyndns.org', - 'ddns-server-ip': 'test_value_11', - 'ddns-sn': 'test_value_12', - 'ddns-ttl': '13', - 'ddns-username': 'test_value_14', - 'ddns-zone': 'test_value_15', - 'ddnsid': '16', - 'ssl-certificate': 'test_value_17', - 'update-interval': '18', - 'use-public-ip': 'disable' - } - - set_method_mock.assert_called_with('system', 'ddns', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_ddns_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ddns': { - 'random_attribute_not_valid': 'tag', - 'bound_ip': 'test_value_3', - 'clear_text': 'disable', - 'ddns_auth': 'disable', - 'ddns_domain': 'test_value_6', - 'ddns_key': 'test_value_7', - 'ddns_keyname': 'test_value_8', - 'ddns_password': 'test_value_9', - 'ddns_server': 'dyndns.org', - 'ddns_server_ip': 'test_value_11', - 'ddns_sn': 'test_value_12', - 'ddns_ttl': '13', - 'ddns_username': 'test_value_14', - 'ddns_zone': 'test_value_15', - 'ddnsid': '16', - 'ssl_certificate': 'test_value_17', - 'update_interval': '18', - 'use_public_ip': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ddns.fortios_system(input_data, fos_instance) - - expected_data = { - 'bound-ip': 'test_value_3', - 'clear-text': 'disable', - 'ddns-auth': 'disable', - 'ddns-domain': 'test_value_6', - 'ddns-key': 'test_value_7', - 'ddns-keyname': 'test_value_8', - 'ddns-password': 'test_value_9', - 'ddns-server': 'dyndns.org', - 'ddns-server-ip': 'test_value_11', - 'ddns-sn': 'test_value_12', - 'ddns-ttl': '13', - 'ddns-username': 'test_value_14', - 'ddns-zone': 'test_value_15', - 'ddnsid': '16', - 'ssl-certificate': 'test_value_17', - 'update-interval': '18', - 'use-public-ip': 'disable' - } - - set_method_mock.assert_called_with('system', 'ddns', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_dedicated_mgmt.py b/test/units/modules/network/fortios/test_fortios_system_dedicated_mgmt.py deleted file mode 100644 index 59a1b1c9a3f..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_dedicated_mgmt.py +++ /dev/null @@ -1,199 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_dedicated_mgmt -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_dedicated_mgmt.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_dedicated_mgmt_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_dedicated_mgmt': { - 'default_gateway': 'test_value_3', - 'dhcp_end_ip': 'test_value_4', - 'dhcp_netmask': 'test_value_5', - 'dhcp_server': 'enable', - 'dhcp_start_ip': 'test_value_7', - 'interface': 'test_value_8', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dedicated_mgmt.fortios_system(input_data, fos_instance) - - expected_data = { - 'default-gateway': 'test_value_3', - 'dhcp-end-ip': 'test_value_4', - 'dhcp-netmask': 'test_value_5', - 'dhcp-server': 'enable', - 'dhcp-start-ip': 'test_value_7', - 'interface': 'test_value_8', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'dedicated-mgmt', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_dedicated_mgmt_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_dedicated_mgmt': { - 'default_gateway': 'test_value_3', - 'dhcp_end_ip': 'test_value_4', - 'dhcp_netmask': 'test_value_5', - 'dhcp_server': 'enable', - 'dhcp_start_ip': 'test_value_7', - 'interface': 'test_value_8', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dedicated_mgmt.fortios_system(input_data, fos_instance) - - expected_data = { - 'default-gateway': 'test_value_3', - 'dhcp-end-ip': 'test_value_4', - 'dhcp-netmask': 'test_value_5', - 'dhcp-server': 'enable', - 'dhcp-start-ip': 'test_value_7', - 'interface': 'test_value_8', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'dedicated-mgmt', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_dedicated_mgmt_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_dedicated_mgmt': { - 'default_gateway': 'test_value_3', - 'dhcp_end_ip': 'test_value_4', - 'dhcp_netmask': 'test_value_5', - 'dhcp_server': 'enable', - 'dhcp_start_ip': 'test_value_7', - 'interface': 'test_value_8', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dedicated_mgmt.fortios_system(input_data, fos_instance) - - expected_data = { - 'default-gateway': 'test_value_3', - 'dhcp-end-ip': 'test_value_4', - 'dhcp-netmask': 'test_value_5', - 'dhcp-server': 'enable', - 'dhcp-start-ip': 'test_value_7', - 'interface': 'test_value_8', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'dedicated-mgmt', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_dedicated_mgmt_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_dedicated_mgmt': { - 'random_attribute_not_valid': 'tag', - 'default_gateway': 'test_value_3', - 'dhcp_end_ip': 'test_value_4', - 'dhcp_netmask': 'test_value_5', - 'dhcp_server': 'enable', - 'dhcp_start_ip': 'test_value_7', - 'interface': 'test_value_8', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dedicated_mgmt.fortios_system(input_data, fos_instance) - - expected_data = { - 'default-gateway': 'test_value_3', - 'dhcp-end-ip': 'test_value_4', - 'dhcp-netmask': 'test_value_5', - 'dhcp-server': 'enable', - 'dhcp-start-ip': 'test_value_7', - 'interface': 'test_value_8', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'dedicated-mgmt', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_dhcp6_server.py b/test/units/modules/network/fortios/test_fortios_system_dhcp6_server.py deleted file mode 100644 index 3ce46e1ccd1..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_dhcp6_server.py +++ /dev/null @@ -1,359 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_dhcp6_server -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_dhcp6_server.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_dhcp6_server_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_dhcp6_server': { - 'dns_search_list': 'delegated', - 'dns_server1': 'test_value_4', - 'dns_server2': 'test_value_5', - 'dns_server3': 'test_value_6', - 'dns_service': 'delegated', - 'domain': 'test_value_8', - 'id': '9', - 'interface': 'test_value_10', - 'ip_mode': 'range', - 'lease_time': '12', - 'option1': 'test_value_13', - 'option2': 'test_value_14', - 'option3': 'test_value_15', - 'rapid_commit': 'disable', - 'status': 'disable', - 'subnet': 'test_value_18', - 'upstream_interface': 'test_value_19' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dhcp6_server.fortios_system_dhcp6(input_data, fos_instance) - - expected_data = { - 'dns-search-list': 'delegated', - 'dns-server1': 'test_value_4', - 'dns-server2': 'test_value_5', - 'dns-server3': 'test_value_6', - 'dns-service': 'delegated', - 'domain': 'test_value_8', - 'id': '9', - 'interface': 'test_value_10', - 'ip-mode': 'range', - 'lease-time': '12', - 'option1': 'test_value_13', - 'option2': 'test_value_14', - 'option3': 'test_value_15', - 'rapid-commit': 'disable', - 'status': 'disable', - 'subnet': 'test_value_18', - 'upstream-interface': 'test_value_19' - } - - set_method_mock.assert_called_with('system.dhcp6', 'server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_dhcp6_server_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_dhcp6_server': { - 'dns_search_list': 'delegated', - 'dns_server1': 'test_value_4', - 'dns_server2': 'test_value_5', - 'dns_server3': 'test_value_6', - 'dns_service': 'delegated', - 'domain': 'test_value_8', - 'id': '9', - 'interface': 'test_value_10', - 'ip_mode': 'range', - 'lease_time': '12', - 'option1': 'test_value_13', - 'option2': 'test_value_14', - 'option3': 'test_value_15', - 'rapid_commit': 'disable', - 'status': 'disable', - 'subnet': 'test_value_18', - 'upstream_interface': 'test_value_19' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dhcp6_server.fortios_system_dhcp6(input_data, fos_instance) - - expected_data = { - 'dns-search-list': 'delegated', - 'dns-server1': 'test_value_4', - 'dns-server2': 'test_value_5', - 'dns-server3': 'test_value_6', - 'dns-service': 'delegated', - 'domain': 'test_value_8', - 'id': '9', - 'interface': 'test_value_10', - 'ip-mode': 'range', - 'lease-time': '12', - 'option1': 'test_value_13', - 'option2': 'test_value_14', - 'option3': 'test_value_15', - 'rapid-commit': 'disable', - 'status': 'disable', - 'subnet': 'test_value_18', - 'upstream-interface': 'test_value_19' - } - - set_method_mock.assert_called_with('system.dhcp6', 'server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_dhcp6_server_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_dhcp6_server': { - 'dns_search_list': 'delegated', - 'dns_server1': 'test_value_4', - 'dns_server2': 'test_value_5', - 'dns_server3': 'test_value_6', - 'dns_service': 'delegated', - 'domain': 'test_value_8', - 'id': '9', - 'interface': 'test_value_10', - 'ip_mode': 'range', - 'lease_time': '12', - 'option1': 'test_value_13', - 'option2': 'test_value_14', - 'option3': 'test_value_15', - 'rapid_commit': 'disable', - 'status': 'disable', - 'subnet': 'test_value_18', - 'upstream_interface': 'test_value_19' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dhcp6_server.fortios_system_dhcp6(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.dhcp6', 'server', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_dhcp6_server_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_dhcp6_server': { - 'dns_search_list': 'delegated', - 'dns_server1': 'test_value_4', - 'dns_server2': 'test_value_5', - 'dns_server3': 'test_value_6', - 'dns_service': 'delegated', - 'domain': 'test_value_8', - 'id': '9', - 'interface': 'test_value_10', - 'ip_mode': 'range', - 'lease_time': '12', - 'option1': 'test_value_13', - 'option2': 'test_value_14', - 'option3': 'test_value_15', - 'rapid_commit': 'disable', - 'status': 'disable', - 'subnet': 'test_value_18', - 'upstream_interface': 'test_value_19' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dhcp6_server.fortios_system_dhcp6(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.dhcp6', 'server', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_dhcp6_server_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_dhcp6_server': { - 'dns_search_list': 'delegated', - 'dns_server1': 'test_value_4', - 'dns_server2': 'test_value_5', - 'dns_server3': 'test_value_6', - 'dns_service': 'delegated', - 'domain': 'test_value_8', - 'id': '9', - 'interface': 'test_value_10', - 'ip_mode': 'range', - 'lease_time': '12', - 'option1': 'test_value_13', - 'option2': 'test_value_14', - 'option3': 'test_value_15', - 'rapid_commit': 'disable', - 'status': 'disable', - 'subnet': 'test_value_18', - 'upstream_interface': 'test_value_19' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dhcp6_server.fortios_system_dhcp6(input_data, fos_instance) - - expected_data = { - 'dns-search-list': 'delegated', - 'dns-server1': 'test_value_4', - 'dns-server2': 'test_value_5', - 'dns-server3': 'test_value_6', - 'dns-service': 'delegated', - 'domain': 'test_value_8', - 'id': '9', - 'interface': 'test_value_10', - 'ip-mode': 'range', - 'lease-time': '12', - 'option1': 'test_value_13', - 'option2': 'test_value_14', - 'option3': 'test_value_15', - 'rapid-commit': 'disable', - 'status': 'disable', - 'subnet': 'test_value_18', - 'upstream-interface': 'test_value_19' - } - - set_method_mock.assert_called_with('system.dhcp6', 'server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_dhcp6_server_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_dhcp6_server': { - 'random_attribute_not_valid': 'tag', - 'dns_search_list': 'delegated', - 'dns_server1': 'test_value_4', - 'dns_server2': 'test_value_5', - 'dns_server3': 'test_value_6', - 'dns_service': 'delegated', - 'domain': 'test_value_8', - 'id': '9', - 'interface': 'test_value_10', - 'ip_mode': 'range', - 'lease_time': '12', - 'option1': 'test_value_13', - 'option2': 'test_value_14', - 'option3': 'test_value_15', - 'rapid_commit': 'disable', - 'status': 'disable', - 'subnet': 'test_value_18', - 'upstream_interface': 'test_value_19' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dhcp6_server.fortios_system_dhcp6(input_data, fos_instance) - - expected_data = { - 'dns-search-list': 'delegated', - 'dns-server1': 'test_value_4', - 'dns-server2': 'test_value_5', - 'dns-server3': 'test_value_6', - 'dns-service': 'delegated', - 'domain': 'test_value_8', - 'id': '9', - 'interface': 'test_value_10', - 'ip-mode': 'range', - 'lease-time': '12', - 'option1': 'test_value_13', - 'option2': 'test_value_14', - 'option3': 'test_value_15', - 'rapid-commit': 'disable', - 'status': 'disable', - 'subnet': 'test_value_18', - 'upstream-interface': 'test_value_19' - } - - set_method_mock.assert_called_with('system.dhcp6', 'server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_dhcp_server.py b/test/units/modules/network/fortios/test_fortios_system_dhcp_server.py deleted file mode 100644 index 8c97fcdfe79..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_dhcp_server.py +++ /dev/null @@ -1,589 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_dhcp_server -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_dhcp_server.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_dhcp_server_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_dhcp_server': { - 'auto_configuration': 'disable', - 'conflicted_ip_timeout': '4', - 'ddns_auth': 'disable', - 'ddns_key': 'test_value_6', - 'ddns_keyname': 'test_value_7', - 'ddns_server_ip': 'test_value_8', - 'ddns_ttl': '9', - 'ddns_update': 'disable', - 'ddns_update_override': 'disable', - 'ddns_zone': 'test_value_12', - 'default_gateway': 'test_value_13', - 'dns_server1': 'test_value_14', - 'dns_server2': 'test_value_15', - 'dns_server3': 'test_value_16', - 'dns_service': 'local', - 'domain': 'test_value_18', - 'filename': 'test_value_19', - 'forticlient_on_net_status': 'disable', - 'id': '21', - 'interface': 'test_value_22', - 'ip_mode': 'range', - 'ipsec_lease_hold': '24', - 'lease_time': '25', - 'mac_acl_default_action': 'assign', - 'netmask': 'test_value_27', - 'next_server': 'test_value_28', - 'ntp_server1': 'test_value_29', - 'ntp_server2': 'test_value_30', - 'ntp_server3': 'test_value_31', - 'ntp_service': 'local', - 'server_type': 'regular', - 'status': 'disable', - 'timezone': '01', - 'timezone_option': 'disable', - 'vci_match': 'disable', - 'wifi_ac1': 'test_value_38', - 'wifi_ac2': 'test_value_39', - 'wifi_ac3': 'test_value_40', - 'wins_server1': 'test_value_41', - 'wins_server2': 'test_value_42' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dhcp_server.fortios_system_dhcp(input_data, fos_instance) - - expected_data = { - 'auto-configuration': 'disable', - 'conflicted-ip-timeout': '4', - 'ddns-auth': 'disable', - 'ddns-key': 'test_value_6', - 'ddns-keyname': 'test_value_7', - 'ddns-server-ip': 'test_value_8', - 'ddns-ttl': '9', - 'ddns-update': 'disable', - 'ddns-update-override': 'disable', - 'ddns-zone': 'test_value_12', - 'default-gateway': 'test_value_13', - 'dns-server1': 'test_value_14', - 'dns-server2': 'test_value_15', - 'dns-server3': 'test_value_16', - 'dns-service': 'local', - 'domain': 'test_value_18', - 'filename': 'test_value_19', - 'forticlient-on-net-status': 'disable', - 'id': '21', - 'interface': 'test_value_22', - 'ip-mode': 'range', - 'ipsec-lease-hold': '24', - 'lease-time': '25', - 'mac-acl-default-action': 'assign', - 'netmask': 'test_value_27', - 'next-server': 'test_value_28', - 'ntp-server1': 'test_value_29', - 'ntp-server2': 'test_value_30', - 'ntp-server3': 'test_value_31', - 'ntp-service': 'local', - 'server-type': 'regular', - 'status': 'disable', - 'timezone': '01', - 'timezone-option': 'disable', - 'vci-match': 'disable', - 'wifi-ac1': 'test_value_38', - 'wifi-ac2': 'test_value_39', - 'wifi-ac3': 'test_value_40', - 'wins-server1': 'test_value_41', - 'wins-server2': 'test_value_42' - } - - set_method_mock.assert_called_with('system.dhcp', 'server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_dhcp_server_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_dhcp_server': { - 'auto_configuration': 'disable', - 'conflicted_ip_timeout': '4', - 'ddns_auth': 'disable', - 'ddns_key': 'test_value_6', - 'ddns_keyname': 'test_value_7', - 'ddns_server_ip': 'test_value_8', - 'ddns_ttl': '9', - 'ddns_update': 'disable', - 'ddns_update_override': 'disable', - 'ddns_zone': 'test_value_12', - 'default_gateway': 'test_value_13', - 'dns_server1': 'test_value_14', - 'dns_server2': 'test_value_15', - 'dns_server3': 'test_value_16', - 'dns_service': 'local', - 'domain': 'test_value_18', - 'filename': 'test_value_19', - 'forticlient_on_net_status': 'disable', - 'id': '21', - 'interface': 'test_value_22', - 'ip_mode': 'range', - 'ipsec_lease_hold': '24', - 'lease_time': '25', - 'mac_acl_default_action': 'assign', - 'netmask': 'test_value_27', - 'next_server': 'test_value_28', - 'ntp_server1': 'test_value_29', - 'ntp_server2': 'test_value_30', - 'ntp_server3': 'test_value_31', - 'ntp_service': 'local', - 'server_type': 'regular', - 'status': 'disable', - 'timezone': '01', - 'timezone_option': 'disable', - 'vci_match': 'disable', - 'wifi_ac1': 'test_value_38', - 'wifi_ac2': 'test_value_39', - 'wifi_ac3': 'test_value_40', - 'wins_server1': 'test_value_41', - 'wins_server2': 'test_value_42' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dhcp_server.fortios_system_dhcp(input_data, fos_instance) - - expected_data = { - 'auto-configuration': 'disable', - 'conflicted-ip-timeout': '4', - 'ddns-auth': 'disable', - 'ddns-key': 'test_value_6', - 'ddns-keyname': 'test_value_7', - 'ddns-server-ip': 'test_value_8', - 'ddns-ttl': '9', - 'ddns-update': 'disable', - 'ddns-update-override': 'disable', - 'ddns-zone': 'test_value_12', - 'default-gateway': 'test_value_13', - 'dns-server1': 'test_value_14', - 'dns-server2': 'test_value_15', - 'dns-server3': 'test_value_16', - 'dns-service': 'local', - 'domain': 'test_value_18', - 'filename': 'test_value_19', - 'forticlient-on-net-status': 'disable', - 'id': '21', - 'interface': 'test_value_22', - 'ip-mode': 'range', - 'ipsec-lease-hold': '24', - 'lease-time': '25', - 'mac-acl-default-action': 'assign', - 'netmask': 'test_value_27', - 'next-server': 'test_value_28', - 'ntp-server1': 'test_value_29', - 'ntp-server2': 'test_value_30', - 'ntp-server3': 'test_value_31', - 'ntp-service': 'local', - 'server-type': 'regular', - 'status': 'disable', - 'timezone': '01', - 'timezone-option': 'disable', - 'vci-match': 'disable', - 'wifi-ac1': 'test_value_38', - 'wifi-ac2': 'test_value_39', - 'wifi-ac3': 'test_value_40', - 'wins-server1': 'test_value_41', - 'wins-server2': 'test_value_42' - } - - set_method_mock.assert_called_with('system.dhcp', 'server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_dhcp_server_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_dhcp_server': { - 'auto_configuration': 'disable', - 'conflicted_ip_timeout': '4', - 'ddns_auth': 'disable', - 'ddns_key': 'test_value_6', - 'ddns_keyname': 'test_value_7', - 'ddns_server_ip': 'test_value_8', - 'ddns_ttl': '9', - 'ddns_update': 'disable', - 'ddns_update_override': 'disable', - 'ddns_zone': 'test_value_12', - 'default_gateway': 'test_value_13', - 'dns_server1': 'test_value_14', - 'dns_server2': 'test_value_15', - 'dns_server3': 'test_value_16', - 'dns_service': 'local', - 'domain': 'test_value_18', - 'filename': 'test_value_19', - 'forticlient_on_net_status': 'disable', - 'id': '21', - 'interface': 'test_value_22', - 'ip_mode': 'range', - 'ipsec_lease_hold': '24', - 'lease_time': '25', - 'mac_acl_default_action': 'assign', - 'netmask': 'test_value_27', - 'next_server': 'test_value_28', - 'ntp_server1': 'test_value_29', - 'ntp_server2': 'test_value_30', - 'ntp_server3': 'test_value_31', - 'ntp_service': 'local', - 'server_type': 'regular', - 'status': 'disable', - 'timezone': '01', - 'timezone_option': 'disable', - 'vci_match': 'disable', - 'wifi_ac1': 'test_value_38', - 'wifi_ac2': 'test_value_39', - 'wifi_ac3': 'test_value_40', - 'wins_server1': 'test_value_41', - 'wins_server2': 'test_value_42' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dhcp_server.fortios_system_dhcp(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.dhcp', 'server', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_dhcp_server_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_dhcp_server': { - 'auto_configuration': 'disable', - 'conflicted_ip_timeout': '4', - 'ddns_auth': 'disable', - 'ddns_key': 'test_value_6', - 'ddns_keyname': 'test_value_7', - 'ddns_server_ip': 'test_value_8', - 'ddns_ttl': '9', - 'ddns_update': 'disable', - 'ddns_update_override': 'disable', - 'ddns_zone': 'test_value_12', - 'default_gateway': 'test_value_13', - 'dns_server1': 'test_value_14', - 'dns_server2': 'test_value_15', - 'dns_server3': 'test_value_16', - 'dns_service': 'local', - 'domain': 'test_value_18', - 'filename': 'test_value_19', - 'forticlient_on_net_status': 'disable', - 'id': '21', - 'interface': 'test_value_22', - 'ip_mode': 'range', - 'ipsec_lease_hold': '24', - 'lease_time': '25', - 'mac_acl_default_action': 'assign', - 'netmask': 'test_value_27', - 'next_server': 'test_value_28', - 'ntp_server1': 'test_value_29', - 'ntp_server2': 'test_value_30', - 'ntp_server3': 'test_value_31', - 'ntp_service': 'local', - 'server_type': 'regular', - 'status': 'disable', - 'timezone': '01', - 'timezone_option': 'disable', - 'vci_match': 'disable', - 'wifi_ac1': 'test_value_38', - 'wifi_ac2': 'test_value_39', - 'wifi_ac3': 'test_value_40', - 'wins_server1': 'test_value_41', - 'wins_server2': 'test_value_42' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dhcp_server.fortios_system_dhcp(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.dhcp', 'server', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_dhcp_server_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_dhcp_server': { - 'auto_configuration': 'disable', - 'conflicted_ip_timeout': '4', - 'ddns_auth': 'disable', - 'ddns_key': 'test_value_6', - 'ddns_keyname': 'test_value_7', - 'ddns_server_ip': 'test_value_8', - 'ddns_ttl': '9', - 'ddns_update': 'disable', - 'ddns_update_override': 'disable', - 'ddns_zone': 'test_value_12', - 'default_gateway': 'test_value_13', - 'dns_server1': 'test_value_14', - 'dns_server2': 'test_value_15', - 'dns_server3': 'test_value_16', - 'dns_service': 'local', - 'domain': 'test_value_18', - 'filename': 'test_value_19', - 'forticlient_on_net_status': 'disable', - 'id': '21', - 'interface': 'test_value_22', - 'ip_mode': 'range', - 'ipsec_lease_hold': '24', - 'lease_time': '25', - 'mac_acl_default_action': 'assign', - 'netmask': 'test_value_27', - 'next_server': 'test_value_28', - 'ntp_server1': 'test_value_29', - 'ntp_server2': 'test_value_30', - 'ntp_server3': 'test_value_31', - 'ntp_service': 'local', - 'server_type': 'regular', - 'status': 'disable', - 'timezone': '01', - 'timezone_option': 'disable', - 'vci_match': 'disable', - 'wifi_ac1': 'test_value_38', - 'wifi_ac2': 'test_value_39', - 'wifi_ac3': 'test_value_40', - 'wins_server1': 'test_value_41', - 'wins_server2': 'test_value_42' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dhcp_server.fortios_system_dhcp(input_data, fos_instance) - - expected_data = { - 'auto-configuration': 'disable', - 'conflicted-ip-timeout': '4', - 'ddns-auth': 'disable', - 'ddns-key': 'test_value_6', - 'ddns-keyname': 'test_value_7', - 'ddns-server-ip': 'test_value_8', - 'ddns-ttl': '9', - 'ddns-update': 'disable', - 'ddns-update-override': 'disable', - 'ddns-zone': 'test_value_12', - 'default-gateway': 'test_value_13', - 'dns-server1': 'test_value_14', - 'dns-server2': 'test_value_15', - 'dns-server3': 'test_value_16', - 'dns-service': 'local', - 'domain': 'test_value_18', - 'filename': 'test_value_19', - 'forticlient-on-net-status': 'disable', - 'id': '21', - 'interface': 'test_value_22', - 'ip-mode': 'range', - 'ipsec-lease-hold': '24', - 'lease-time': '25', - 'mac-acl-default-action': 'assign', - 'netmask': 'test_value_27', - 'next-server': 'test_value_28', - 'ntp-server1': 'test_value_29', - 'ntp-server2': 'test_value_30', - 'ntp-server3': 'test_value_31', - 'ntp-service': 'local', - 'server-type': 'regular', - 'status': 'disable', - 'timezone': '01', - 'timezone-option': 'disable', - 'vci-match': 'disable', - 'wifi-ac1': 'test_value_38', - 'wifi-ac2': 'test_value_39', - 'wifi-ac3': 'test_value_40', - 'wins-server1': 'test_value_41', - 'wins-server2': 'test_value_42' - } - - set_method_mock.assert_called_with('system.dhcp', 'server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_dhcp_server_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_dhcp_server': { - 'random_attribute_not_valid': 'tag', - 'auto_configuration': 'disable', - 'conflicted_ip_timeout': '4', - 'ddns_auth': 'disable', - 'ddns_key': 'test_value_6', - 'ddns_keyname': 'test_value_7', - 'ddns_server_ip': 'test_value_8', - 'ddns_ttl': '9', - 'ddns_update': 'disable', - 'ddns_update_override': 'disable', - 'ddns_zone': 'test_value_12', - 'default_gateway': 'test_value_13', - 'dns_server1': 'test_value_14', - 'dns_server2': 'test_value_15', - 'dns_server3': 'test_value_16', - 'dns_service': 'local', - 'domain': 'test_value_18', - 'filename': 'test_value_19', - 'forticlient_on_net_status': 'disable', - 'id': '21', - 'interface': 'test_value_22', - 'ip_mode': 'range', - 'ipsec_lease_hold': '24', - 'lease_time': '25', - 'mac_acl_default_action': 'assign', - 'netmask': 'test_value_27', - 'next_server': 'test_value_28', - 'ntp_server1': 'test_value_29', - 'ntp_server2': 'test_value_30', - 'ntp_server3': 'test_value_31', - 'ntp_service': 'local', - 'server_type': 'regular', - 'status': 'disable', - 'timezone': '01', - 'timezone_option': 'disable', - 'vci_match': 'disable', - 'wifi_ac1': 'test_value_38', - 'wifi_ac2': 'test_value_39', - 'wifi_ac3': 'test_value_40', - 'wins_server1': 'test_value_41', - 'wins_server2': 'test_value_42' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dhcp_server.fortios_system_dhcp(input_data, fos_instance) - - expected_data = { - 'auto-configuration': 'disable', - 'conflicted-ip-timeout': '4', - 'ddns-auth': 'disable', - 'ddns-key': 'test_value_6', - 'ddns-keyname': 'test_value_7', - 'ddns-server-ip': 'test_value_8', - 'ddns-ttl': '9', - 'ddns-update': 'disable', - 'ddns-update-override': 'disable', - 'ddns-zone': 'test_value_12', - 'default-gateway': 'test_value_13', - 'dns-server1': 'test_value_14', - 'dns-server2': 'test_value_15', - 'dns-server3': 'test_value_16', - 'dns-service': 'local', - 'domain': 'test_value_18', - 'filename': 'test_value_19', - 'forticlient-on-net-status': 'disable', - 'id': '21', - 'interface': 'test_value_22', - 'ip-mode': 'range', - 'ipsec-lease-hold': '24', - 'lease-time': '25', - 'mac-acl-default-action': 'assign', - 'netmask': 'test_value_27', - 'next-server': 'test_value_28', - 'ntp-server1': 'test_value_29', - 'ntp-server2': 'test_value_30', - 'ntp-server3': 'test_value_31', - 'ntp-service': 'local', - 'server-type': 'regular', - 'status': 'disable', - 'timezone': '01', - 'timezone-option': 'disable', - 'vci-match': 'disable', - 'wifi-ac1': 'test_value_38', - 'wifi-ac2': 'test_value_39', - 'wifi-ac3': 'test_value_40', - 'wins-server1': 'test_value_41', - 'wins-server2': 'test_value_42' - } - - set_method_mock.assert_called_with('system.dhcp', 'server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_dns.py b/test/units/modules/network/fortios/test_fortios_system_dns.py deleted file mode 100644 index 0cede4e2837..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_dns.py +++ /dev/null @@ -1,223 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_dns -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_dns.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_dns_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_dns': { - 'cache_notfound_responses': 'disable', - 'dns_cache_limit': '4', - 'dns_cache_ttl': '5', - 'ip6_primary': 'test_value_6', - 'ip6_secondary': 'test_value_7', - 'primary': 'test_value_8', - 'retry': '9', - 'secondary': 'test_value_10', - 'source_ip': '84.230.14.11', - 'timeout': '12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dns.fortios_system(input_data, fos_instance) - - expected_data = { - 'cache-notfound-responses': 'disable', - 'dns-cache-limit': '4', - 'dns-cache-ttl': '5', - 'ip6-primary': 'test_value_6', - 'ip6-secondary': 'test_value_7', - 'primary': 'test_value_8', - 'retry': '9', - 'secondary': 'test_value_10', - 'source-ip': '84.230.14.11', - 'timeout': '12' - } - - set_method_mock.assert_called_with('system', 'dns', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_dns_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_dns': { - 'cache_notfound_responses': 'disable', - 'dns_cache_limit': '4', - 'dns_cache_ttl': '5', - 'ip6_primary': 'test_value_6', - 'ip6_secondary': 'test_value_7', - 'primary': 'test_value_8', - 'retry': '9', - 'secondary': 'test_value_10', - 'source_ip': '84.230.14.11', - 'timeout': '12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dns.fortios_system(input_data, fos_instance) - - expected_data = { - 'cache-notfound-responses': 'disable', - 'dns-cache-limit': '4', - 'dns-cache-ttl': '5', - 'ip6-primary': 'test_value_6', - 'ip6-secondary': 'test_value_7', - 'primary': 'test_value_8', - 'retry': '9', - 'secondary': 'test_value_10', - 'source-ip': '84.230.14.11', - 'timeout': '12' - } - - set_method_mock.assert_called_with('system', 'dns', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_dns_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_dns': { - 'cache_notfound_responses': 'disable', - 'dns_cache_limit': '4', - 'dns_cache_ttl': '5', - 'ip6_primary': 'test_value_6', - 'ip6_secondary': 'test_value_7', - 'primary': 'test_value_8', - 'retry': '9', - 'secondary': 'test_value_10', - 'source_ip': '84.230.14.11', - 'timeout': '12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dns.fortios_system(input_data, fos_instance) - - expected_data = { - 'cache-notfound-responses': 'disable', - 'dns-cache-limit': '4', - 'dns-cache-ttl': '5', - 'ip6-primary': 'test_value_6', - 'ip6-secondary': 'test_value_7', - 'primary': 'test_value_8', - 'retry': '9', - 'secondary': 'test_value_10', - 'source-ip': '84.230.14.11', - 'timeout': '12' - } - - set_method_mock.assert_called_with('system', 'dns', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_dns_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_dns': { - 'random_attribute_not_valid': 'tag', - 'cache_notfound_responses': 'disable', - 'dns_cache_limit': '4', - 'dns_cache_ttl': '5', - 'ip6_primary': 'test_value_6', - 'ip6_secondary': 'test_value_7', - 'primary': 'test_value_8', - 'retry': '9', - 'secondary': 'test_value_10', - 'source_ip': '84.230.14.11', - 'timeout': '12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dns.fortios_system(input_data, fos_instance) - - expected_data = { - 'cache-notfound-responses': 'disable', - 'dns-cache-limit': '4', - 'dns-cache-ttl': '5', - 'ip6-primary': 'test_value_6', - 'ip6-secondary': 'test_value_7', - 'primary': 'test_value_8', - 'retry': '9', - 'secondary': 'test_value_10', - 'source-ip': '84.230.14.11', - 'timeout': '12' - } - - set_method_mock.assert_called_with('system', 'dns', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_dns_database.py b/test/units/modules/network/fortios/test_fortios_system_dns_database.py deleted file mode 100644 index fca03aa782a..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_dns_database.py +++ /dev/null @@ -1,319 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_dns_database -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_dns_database.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_dns_database_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_dns_database': { - 'allow_transfer': 'test_value_3', - 'authoritative': 'enable', - 'contact': 'test_value_5', - 'domain': 'test_value_6', - 'forwarder': 'test_value_7', - 'ip_master': 'test_value_8', - 'name': 'default_name_9', - 'primary_name': 'test_value_10', - 'source_ip': '84.230.14.11', - 'status': 'enable', - 'ttl': '13', - 'type': 'master', - 'view': 'shadow' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dns_database.fortios_system(input_data, fos_instance) - - expected_data = { - 'allow-transfer': 'test_value_3', - 'authoritative': 'enable', - 'contact': 'test_value_5', - 'domain': 'test_value_6', - 'forwarder': 'test_value_7', - 'ip-master': 'test_value_8', - 'name': 'default_name_9', - 'primary-name': 'test_value_10', - 'source-ip': '84.230.14.11', - 'status': 'enable', - 'ttl': '13', - 'type': 'master', - 'view': 'shadow' - } - - set_method_mock.assert_called_with('system', 'dns-database', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_dns_database_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_dns_database': { - 'allow_transfer': 'test_value_3', - 'authoritative': 'enable', - 'contact': 'test_value_5', - 'domain': 'test_value_6', - 'forwarder': 'test_value_7', - 'ip_master': 'test_value_8', - 'name': 'default_name_9', - 'primary_name': 'test_value_10', - 'source_ip': '84.230.14.11', - 'status': 'enable', - 'ttl': '13', - 'type': 'master', - 'view': 'shadow' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dns_database.fortios_system(input_data, fos_instance) - - expected_data = { - 'allow-transfer': 'test_value_3', - 'authoritative': 'enable', - 'contact': 'test_value_5', - 'domain': 'test_value_6', - 'forwarder': 'test_value_7', - 'ip-master': 'test_value_8', - 'name': 'default_name_9', - 'primary-name': 'test_value_10', - 'source-ip': '84.230.14.11', - 'status': 'enable', - 'ttl': '13', - 'type': 'master', - 'view': 'shadow' - } - - set_method_mock.assert_called_with('system', 'dns-database', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_dns_database_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_dns_database': { - 'allow_transfer': 'test_value_3', - 'authoritative': 'enable', - 'contact': 'test_value_5', - 'domain': 'test_value_6', - 'forwarder': 'test_value_7', - 'ip_master': 'test_value_8', - 'name': 'default_name_9', - 'primary_name': 'test_value_10', - 'source_ip': '84.230.14.11', - 'status': 'enable', - 'ttl': '13', - 'type': 'master', - 'view': 'shadow' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dns_database.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'dns-database', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_dns_database_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_dns_database': { - 'allow_transfer': 'test_value_3', - 'authoritative': 'enable', - 'contact': 'test_value_5', - 'domain': 'test_value_6', - 'forwarder': 'test_value_7', - 'ip_master': 'test_value_8', - 'name': 'default_name_9', - 'primary_name': 'test_value_10', - 'source_ip': '84.230.14.11', - 'status': 'enable', - 'ttl': '13', - 'type': 'master', - 'view': 'shadow' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dns_database.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'dns-database', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_dns_database_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_dns_database': { - 'allow_transfer': 'test_value_3', - 'authoritative': 'enable', - 'contact': 'test_value_5', - 'domain': 'test_value_6', - 'forwarder': 'test_value_7', - 'ip_master': 'test_value_8', - 'name': 'default_name_9', - 'primary_name': 'test_value_10', - 'source_ip': '84.230.14.11', - 'status': 'enable', - 'ttl': '13', - 'type': 'master', - 'view': 'shadow' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dns_database.fortios_system(input_data, fos_instance) - - expected_data = { - 'allow-transfer': 'test_value_3', - 'authoritative': 'enable', - 'contact': 'test_value_5', - 'domain': 'test_value_6', - 'forwarder': 'test_value_7', - 'ip-master': 'test_value_8', - 'name': 'default_name_9', - 'primary-name': 'test_value_10', - 'source-ip': '84.230.14.11', - 'status': 'enable', - 'ttl': '13', - 'type': 'master', - 'view': 'shadow' - } - - set_method_mock.assert_called_with('system', 'dns-database', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_dns_database_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_dns_database': { - 'random_attribute_not_valid': 'tag', - 'allow_transfer': 'test_value_3', - 'authoritative': 'enable', - 'contact': 'test_value_5', - 'domain': 'test_value_6', - 'forwarder': 'test_value_7', - 'ip_master': 'test_value_8', - 'name': 'default_name_9', - 'primary_name': 'test_value_10', - 'source_ip': '84.230.14.11', - 'status': 'enable', - 'ttl': '13', - 'type': 'master', - 'view': 'shadow' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dns_database.fortios_system(input_data, fos_instance) - - expected_data = { - 'allow-transfer': 'test_value_3', - 'authoritative': 'enable', - 'contact': 'test_value_5', - 'domain': 'test_value_6', - 'forwarder': 'test_value_7', - 'ip-master': 'test_value_8', - 'name': 'default_name_9', - 'primary-name': 'test_value_10', - 'source-ip': '84.230.14.11', - 'status': 'enable', - 'ttl': '13', - 'type': 'master', - 'view': 'shadow' - } - - set_method_mock.assert_called_with('system', 'dns-database', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_dns_server.py b/test/units/modules/network/fortios/test_fortios_system_dns_server.py deleted file mode 100644 index d497c1d4f0f..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_dns_server.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_dns_server -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_dns_server.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_dns_server_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_dns_server': { - 'dnsfilter_profile': 'test_value_3', - 'mode': 'recursive', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dns_server.fortios_system(input_data, fos_instance) - - expected_data = { - 'dnsfilter-profile': 'test_value_3', - 'mode': 'recursive', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('system', 'dns-server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_dns_server_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_dns_server': { - 'dnsfilter_profile': 'test_value_3', - 'mode': 'recursive', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dns_server.fortios_system(input_data, fos_instance) - - expected_data = { - 'dnsfilter-profile': 'test_value_3', - 'mode': 'recursive', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('system', 'dns-server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_dns_server_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_dns_server': { - 'dnsfilter_profile': 'test_value_3', - 'mode': 'recursive', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dns_server.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'dns-server', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_dns_server_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_dns_server': { - 'dnsfilter_profile': 'test_value_3', - 'mode': 'recursive', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dns_server.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'dns-server', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_dns_server_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_dns_server': { - 'dnsfilter_profile': 'test_value_3', - 'mode': 'recursive', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dns_server.fortios_system(input_data, fos_instance) - - expected_data = { - 'dnsfilter-profile': 'test_value_3', - 'mode': 'recursive', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('system', 'dns-server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_dns_server_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_dns_server': { - 'random_attribute_not_valid': 'tag', - 'dnsfilter_profile': 'test_value_3', - 'mode': 'recursive', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dns_server.fortios_system(input_data, fos_instance) - - expected_data = { - 'dnsfilter-profile': 'test_value_3', - 'mode': 'recursive', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('system', 'dns-server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_dscp_based_priority.py b/test/units/modules/network/fortios/test_fortios_system_dscp_based_priority.py deleted file mode 100644 index f52cb59ad3e..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_dscp_based_priority.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_dscp_based_priority -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_dscp_based_priority.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_dscp_based_priority_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_dscp_based_priority': { - 'ds': '3', - 'id': '4', - 'priority': 'low' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dscp_based_priority.fortios_system(input_data, fos_instance) - - expected_data = { - 'ds': '3', - 'id': '4', - 'priority': 'low' - } - - set_method_mock.assert_called_with('system', 'dscp-based-priority', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_dscp_based_priority_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_dscp_based_priority': { - 'ds': '3', - 'id': '4', - 'priority': 'low' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dscp_based_priority.fortios_system(input_data, fos_instance) - - expected_data = { - 'ds': '3', - 'id': '4', - 'priority': 'low' - } - - set_method_mock.assert_called_with('system', 'dscp-based-priority', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_dscp_based_priority_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_dscp_based_priority': { - 'ds': '3', - 'id': '4', - 'priority': 'low' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dscp_based_priority.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'dscp-based-priority', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_dscp_based_priority_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_dscp_based_priority': { - 'ds': '3', - 'id': '4', - 'priority': 'low' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dscp_based_priority.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'dscp-based-priority', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_dscp_based_priority_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_dscp_based_priority': { - 'ds': '3', - 'id': '4', - 'priority': 'low' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dscp_based_priority.fortios_system(input_data, fos_instance) - - expected_data = { - 'ds': '3', - 'id': '4', - 'priority': 'low' - } - - set_method_mock.assert_called_with('system', 'dscp-based-priority', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_dscp_based_priority_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_dscp_based_priority': { - 'random_attribute_not_valid': 'tag', - 'ds': '3', - 'id': '4', - 'priority': 'low' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_dscp_based_priority.fortios_system(input_data, fos_instance) - - expected_data = { - 'ds': '3', - 'id': '4', - 'priority': 'low' - } - - set_method_mock.assert_called_with('system', 'dscp-based-priority', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_email_server.py b/test/units/modules/network/fortios/test_fortios_system_email_server.py deleted file mode 100644 index c191d264fd8..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_email_server.py +++ /dev/null @@ -1,239 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_email_server -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_email_server.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_email_server_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_email_server': { - 'authenticate': 'enable', - 'password': 'test_value_4', - 'port': '5', - 'reply_to': 'test_value_6', - 'security': 'none', - 'server': '192.168.100.8', - 'source_ip': '84.230.14.9', - 'source_ip6': 'test_value_10', - 'ssl_min_proto_version': 'default', - 'type': 'custom', - 'username': 'test_value_13', - 'validate_server': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_email_server.fortios_system(input_data, fos_instance) - - expected_data = { - 'authenticate': 'enable', - 'password': 'test_value_4', - 'port': '5', - 'reply-to': 'test_value_6', - 'security': 'none', - 'server': '192.168.100.8', - 'source-ip': '84.230.14.9', - 'source-ip6': 'test_value_10', - 'ssl-min-proto-version': 'default', - 'type': 'custom', - 'username': 'test_value_13', - 'validate-server': 'enable' - } - - set_method_mock.assert_called_with('system', 'email-server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_email_server_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_email_server': { - 'authenticate': 'enable', - 'password': 'test_value_4', - 'port': '5', - 'reply_to': 'test_value_6', - 'security': 'none', - 'server': '192.168.100.8', - 'source_ip': '84.230.14.9', - 'source_ip6': 'test_value_10', - 'ssl_min_proto_version': 'default', - 'type': 'custom', - 'username': 'test_value_13', - 'validate_server': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_email_server.fortios_system(input_data, fos_instance) - - expected_data = { - 'authenticate': 'enable', - 'password': 'test_value_4', - 'port': '5', - 'reply-to': 'test_value_6', - 'security': 'none', - 'server': '192.168.100.8', - 'source-ip': '84.230.14.9', - 'source-ip6': 'test_value_10', - 'ssl-min-proto-version': 'default', - 'type': 'custom', - 'username': 'test_value_13', - 'validate-server': 'enable' - } - - set_method_mock.assert_called_with('system', 'email-server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_email_server_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_email_server': { - 'authenticate': 'enable', - 'password': 'test_value_4', - 'port': '5', - 'reply_to': 'test_value_6', - 'security': 'none', - 'server': '192.168.100.8', - 'source_ip': '84.230.14.9', - 'source_ip6': 'test_value_10', - 'ssl_min_proto_version': 'default', - 'type': 'custom', - 'username': 'test_value_13', - 'validate_server': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_email_server.fortios_system(input_data, fos_instance) - - expected_data = { - 'authenticate': 'enable', - 'password': 'test_value_4', - 'port': '5', - 'reply-to': 'test_value_6', - 'security': 'none', - 'server': '192.168.100.8', - 'source-ip': '84.230.14.9', - 'source-ip6': 'test_value_10', - 'ssl-min-proto-version': 'default', - 'type': 'custom', - 'username': 'test_value_13', - 'validate-server': 'enable' - } - - set_method_mock.assert_called_with('system', 'email-server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_email_server_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_email_server': { - 'random_attribute_not_valid': 'tag', - 'authenticate': 'enable', - 'password': 'test_value_4', - 'port': '5', - 'reply_to': 'test_value_6', - 'security': 'none', - 'server': '192.168.100.8', - 'source_ip': '84.230.14.9', - 'source_ip6': 'test_value_10', - 'ssl_min_proto_version': 'default', - 'type': 'custom', - 'username': 'test_value_13', - 'validate_server': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_email_server.fortios_system(input_data, fos_instance) - - expected_data = { - 'authenticate': 'enable', - 'password': 'test_value_4', - 'port': '5', - 'reply-to': 'test_value_6', - 'security': 'none', - 'server': '192.168.100.8', - 'source-ip': '84.230.14.9', - 'source-ip6': 'test_value_10', - 'ssl-min-proto-version': 'default', - 'type': 'custom', - 'username': 'test_value_13', - 'validate-server': 'enable' - } - - set_method_mock.assert_called_with('system', 'email-server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_external_resource.py b/test/units/modules/network/fortios/test_fortios_system_external_resource.py deleted file mode 100644 index 2d6c5f1db94..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_external_resource.py +++ /dev/null @@ -1,259 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_external_resource -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_external_resource.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_external_resource_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_external_resource': { - 'category': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'refresh_rate': '6', - 'resource': 'test_value_7', - 'status': 'enable', - 'type': 'category' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_external_resource.fortios_system(input_data, fos_instance) - - expected_data = { - 'category': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'refresh-rate': '6', - 'resource': 'test_value_7', - 'status': 'enable', - 'type': 'category' - } - - set_method_mock.assert_called_with('system', 'external-resource', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_external_resource_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_external_resource': { - 'category': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'refresh_rate': '6', - 'resource': 'test_value_7', - 'status': 'enable', - 'type': 'category' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_external_resource.fortios_system(input_data, fos_instance) - - expected_data = { - 'category': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'refresh-rate': '6', - 'resource': 'test_value_7', - 'status': 'enable', - 'type': 'category' - } - - set_method_mock.assert_called_with('system', 'external-resource', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_external_resource_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_external_resource': { - 'category': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'refresh_rate': '6', - 'resource': 'test_value_7', - 'status': 'enable', - 'type': 'category' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_external_resource.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'external-resource', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_external_resource_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_external_resource': { - 'category': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'refresh_rate': '6', - 'resource': 'test_value_7', - 'status': 'enable', - 'type': 'category' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_external_resource.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'external-resource', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_external_resource_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_external_resource': { - 'category': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'refresh_rate': '6', - 'resource': 'test_value_7', - 'status': 'enable', - 'type': 'category' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_external_resource.fortios_system(input_data, fos_instance) - - expected_data = { - 'category': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'refresh-rate': '6', - 'resource': 'test_value_7', - 'status': 'enable', - 'type': 'category' - } - - set_method_mock.assert_called_with('system', 'external-resource', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_external_resource_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_external_resource': { - 'random_attribute_not_valid': 'tag', - 'category': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'refresh_rate': '6', - 'resource': 'test_value_7', - 'status': 'enable', - 'type': 'category' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_external_resource.fortios_system(input_data, fos_instance) - - expected_data = { - 'category': '3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'refresh-rate': '6', - 'resource': 'test_value_7', - 'status': 'enable', - 'type': 'category' - } - - set_method_mock.assert_called_with('system', 'external-resource', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_fips_cc.py b/test/units/modules/network/fortios/test_fortios_system_fips_cc.py deleted file mode 100644 index 5fdda3650db..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_fips_cc.py +++ /dev/null @@ -1,167 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_fips_cc -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_fips_cc.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_fips_cc_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_fips_cc': { - 'entropy_token': 'enable', - 'key_generation_self_test': 'enable', - 'self_test_period': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_fips_cc.fortios_system(input_data, fos_instance) - - expected_data = { - 'entropy-token': 'enable', - 'key-generation-self-test': 'enable', - 'self-test-period': '5' - } - - set_method_mock.assert_called_with('system', 'fips-cc', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_fips_cc_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_fips_cc': { - 'entropy_token': 'enable', - 'key_generation_self_test': 'enable', - 'self_test_period': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_fips_cc.fortios_system(input_data, fos_instance) - - expected_data = { - 'entropy-token': 'enable', - 'key-generation-self-test': 'enable', - 'self-test-period': '5' - } - - set_method_mock.assert_called_with('system', 'fips-cc', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_fips_cc_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_fips_cc': { - 'entropy_token': 'enable', - 'key_generation_self_test': 'enable', - 'self_test_period': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_fips_cc.fortios_system(input_data, fos_instance) - - expected_data = { - 'entropy-token': 'enable', - 'key-generation-self-test': 'enable', - 'self-test-period': '5' - } - - set_method_mock.assert_called_with('system', 'fips-cc', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_fips_cc_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_fips_cc': { - 'random_attribute_not_valid': 'tag', - 'entropy_token': 'enable', - 'key_generation_self_test': 'enable', - 'self_test_period': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_fips_cc.fortios_system(input_data, fos_instance) - - expected_data = { - 'entropy-token': 'enable', - 'key-generation-self-test': 'enable', - 'self-test-period': '5' - } - - set_method_mock.assert_called_with('system', 'fips-cc', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_firmware_upgrade.py b/test/units/modules/network/fortios/test_fortios_system_firmware_upgrade.py deleted file mode 100644 index 58558fd8816..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_firmware_upgrade.py +++ /dev/null @@ -1,68 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_firmware_upgrade -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_firmware_upgrade.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_firmware_upgrade_execute(mocker): - execute_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - execute_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.execute', return_value=execute_method_result) - - input_data = { - 'username': 'admin', - 'system_firmware': { - 'file_content': 'test_value_3', - 'filename': 'test_value_4', - 'format_partition': 'test_value_5', - 'source': 'upload' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_firmware_upgrade.fortios_system(input_data, fos_instance) - - expected_data = { - 'file-content': 'test_value_3', - 'filename': 'test_value_4', - 'format-partition': 'test_value_5', - 'source': 'upload' - } - - execute_method_mock.assert_called_with('system', 'firmware/upgrade', data=ANY, vdom='root') - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_fm.py b/test/units/modules/network/fortios/test_fortios_system_fm.py deleted file mode 100644 index 0ef08f75643..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_fm.py +++ /dev/null @@ -1,199 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_fm -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_fm.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_fm_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_fm': { - 'auto_backup': 'enable', - 'id': '4', - 'ip': 'test_value_5', - 'ipsec': 'enable', - 'scheduled_config_restore': 'enable', - 'status': 'enable', - 'vdom': 'test_value_9' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_fm.fortios_system(input_data, fos_instance) - - expected_data = { - 'auto-backup': 'enable', - 'id': '4', - 'ip': 'test_value_5', - 'ipsec': 'enable', - 'scheduled-config-restore': 'enable', - 'status': 'enable', - 'vdom': 'test_value_9' - } - - set_method_mock.assert_called_with('system', 'fm', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_fm_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_fm': { - 'auto_backup': 'enable', - 'id': '4', - 'ip': 'test_value_5', - 'ipsec': 'enable', - 'scheduled_config_restore': 'enable', - 'status': 'enable', - 'vdom': 'test_value_9' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_fm.fortios_system(input_data, fos_instance) - - expected_data = { - 'auto-backup': 'enable', - 'id': '4', - 'ip': 'test_value_5', - 'ipsec': 'enable', - 'scheduled-config-restore': 'enable', - 'status': 'enable', - 'vdom': 'test_value_9' - } - - set_method_mock.assert_called_with('system', 'fm', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_fm_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_fm': { - 'auto_backup': 'enable', - 'id': '4', - 'ip': 'test_value_5', - 'ipsec': 'enable', - 'scheduled_config_restore': 'enable', - 'status': 'enable', - 'vdom': 'test_value_9' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_fm.fortios_system(input_data, fos_instance) - - expected_data = { - 'auto-backup': 'enable', - 'id': '4', - 'ip': 'test_value_5', - 'ipsec': 'enable', - 'scheduled-config-restore': 'enable', - 'status': 'enable', - 'vdom': 'test_value_9' - } - - set_method_mock.assert_called_with('system', 'fm', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_fm_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_fm': { - 'random_attribute_not_valid': 'tag', - 'auto_backup': 'enable', - 'id': '4', - 'ip': 'test_value_5', - 'ipsec': 'enable', - 'scheduled_config_restore': 'enable', - 'status': 'enable', - 'vdom': 'test_value_9' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_fm.fortios_system(input_data, fos_instance) - - expected_data = { - 'auto-backup': 'enable', - 'id': '4', - 'ip': 'test_value_5', - 'ipsec': 'enable', - 'scheduled-config-restore': 'enable', - 'status': 'enable', - 'vdom': 'test_value_9' - } - - set_method_mock.assert_called_with('system', 'fm', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_fortiguard.py b/test/units/modules/network/fortios/test_fortios_system_fortiguard.py deleted file mode 100644 index 6b60c943319..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_fortiguard.py +++ /dev/null @@ -1,391 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_fortiguard -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_fortiguard.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_fortiguard_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_fortiguard': { - 'antispam_cache': 'enable', - 'antispam_cache_mpercent': '4', - 'antispam_cache_ttl': '5', - 'antispam_expiration': '6', - 'antispam_force_off': 'enable', - 'antispam_license': '8', - 'antispam_timeout': '9', - 'auto_join_forticloud': 'enable', - 'ddns_server_ip': 'test_value_11', - 'ddns_server_port': '12', - 'load_balance_servers': '13', - 'outbreak_prevention_cache': 'enable', - 'outbreak_prevention_cache_mpercent': '15', - 'outbreak_prevention_cache_ttl': '16', - 'outbreak_prevention_expiration': '17', - 'outbreak_prevention_force_off': 'enable', - 'outbreak_prevention_license': '19', - 'outbreak_prevention_timeout': '20', - 'port': '53', - 'sdns_server_ip': 'test_value_22', - 'sdns_server_port': '23', - 'service_account_id': 'test_value_24', - 'source_ip': '84.230.14.25', - 'source_ip6': 'test_value_26', - 'update_server_location': 'usa', - 'webfilter_cache': 'enable', - 'webfilter_cache_ttl': '29', - 'webfilter_expiration': '30', - 'webfilter_force_off': 'enable', - 'webfilter_license': '32', - 'webfilter_timeout': '33' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_fortiguard.fortios_system(input_data, fos_instance) - - expected_data = { - 'antispam-cache': 'enable', - 'antispam-cache-mpercent': '4', - 'antispam-cache-ttl': '5', - 'antispam-expiration': '6', - 'antispam-force-off': 'enable', - 'antispam-license': '8', - 'antispam-timeout': '9', - 'auto-join-forticloud': 'enable', - 'ddns-server-ip': 'test_value_11', - 'ddns-server-port': '12', - 'load-balance-servers': '13', - 'outbreak-prevention-cache': 'enable', - 'outbreak-prevention-cache-mpercent': '15', - 'outbreak-prevention-cache-ttl': '16', - 'outbreak-prevention-expiration': '17', - 'outbreak-prevention-force-off': 'enable', - 'outbreak-prevention-license': '19', - 'outbreak-prevention-timeout': '20', - 'port': '53', - 'sdns-server-ip': 'test_value_22', - 'sdns-server-port': '23', - 'service-account-id': 'test_value_24', - 'source-ip': '84.230.14.25', - 'source-ip6': 'test_value_26', - 'update-server-location': 'usa', - 'webfilter-cache': 'enable', - 'webfilter-cache-ttl': '29', - 'webfilter-expiration': '30', - 'webfilter-force-off': 'enable', - 'webfilter-license': '32', - 'webfilter-timeout': '33' - } - - set_method_mock.assert_called_with('system', 'fortiguard', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_fortiguard_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_fortiguard': { - 'antispam_cache': 'enable', - 'antispam_cache_mpercent': '4', - 'antispam_cache_ttl': '5', - 'antispam_expiration': '6', - 'antispam_force_off': 'enable', - 'antispam_license': '8', - 'antispam_timeout': '9', - 'auto_join_forticloud': 'enable', - 'ddns_server_ip': 'test_value_11', - 'ddns_server_port': '12', - 'load_balance_servers': '13', - 'outbreak_prevention_cache': 'enable', - 'outbreak_prevention_cache_mpercent': '15', - 'outbreak_prevention_cache_ttl': '16', - 'outbreak_prevention_expiration': '17', - 'outbreak_prevention_force_off': 'enable', - 'outbreak_prevention_license': '19', - 'outbreak_prevention_timeout': '20', - 'port': '53', - 'sdns_server_ip': 'test_value_22', - 'sdns_server_port': '23', - 'service_account_id': 'test_value_24', - 'source_ip': '84.230.14.25', - 'source_ip6': 'test_value_26', - 'update_server_location': 'usa', - 'webfilter_cache': 'enable', - 'webfilter_cache_ttl': '29', - 'webfilter_expiration': '30', - 'webfilter_force_off': 'enable', - 'webfilter_license': '32', - 'webfilter_timeout': '33' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_fortiguard.fortios_system(input_data, fos_instance) - - expected_data = { - 'antispam-cache': 'enable', - 'antispam-cache-mpercent': '4', - 'antispam-cache-ttl': '5', - 'antispam-expiration': '6', - 'antispam-force-off': 'enable', - 'antispam-license': '8', - 'antispam-timeout': '9', - 'auto-join-forticloud': 'enable', - 'ddns-server-ip': 'test_value_11', - 'ddns-server-port': '12', - 'load-balance-servers': '13', - 'outbreak-prevention-cache': 'enable', - 'outbreak-prevention-cache-mpercent': '15', - 'outbreak-prevention-cache-ttl': '16', - 'outbreak-prevention-expiration': '17', - 'outbreak-prevention-force-off': 'enable', - 'outbreak-prevention-license': '19', - 'outbreak-prevention-timeout': '20', - 'port': '53', - 'sdns-server-ip': 'test_value_22', - 'sdns-server-port': '23', - 'service-account-id': 'test_value_24', - 'source-ip': '84.230.14.25', - 'source-ip6': 'test_value_26', - 'update-server-location': 'usa', - 'webfilter-cache': 'enable', - 'webfilter-cache-ttl': '29', - 'webfilter-expiration': '30', - 'webfilter-force-off': 'enable', - 'webfilter-license': '32', - 'webfilter-timeout': '33' - } - - set_method_mock.assert_called_with('system', 'fortiguard', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_fortiguard_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_fortiguard': { - 'antispam_cache': 'enable', - 'antispam_cache_mpercent': '4', - 'antispam_cache_ttl': '5', - 'antispam_expiration': '6', - 'antispam_force_off': 'enable', - 'antispam_license': '8', - 'antispam_timeout': '9', - 'auto_join_forticloud': 'enable', - 'ddns_server_ip': 'test_value_11', - 'ddns_server_port': '12', - 'load_balance_servers': '13', - 'outbreak_prevention_cache': 'enable', - 'outbreak_prevention_cache_mpercent': '15', - 'outbreak_prevention_cache_ttl': '16', - 'outbreak_prevention_expiration': '17', - 'outbreak_prevention_force_off': 'enable', - 'outbreak_prevention_license': '19', - 'outbreak_prevention_timeout': '20', - 'port': '53', - 'sdns_server_ip': 'test_value_22', - 'sdns_server_port': '23', - 'service_account_id': 'test_value_24', - 'source_ip': '84.230.14.25', - 'source_ip6': 'test_value_26', - 'update_server_location': 'usa', - 'webfilter_cache': 'enable', - 'webfilter_cache_ttl': '29', - 'webfilter_expiration': '30', - 'webfilter_force_off': 'enable', - 'webfilter_license': '32', - 'webfilter_timeout': '33' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_fortiguard.fortios_system(input_data, fos_instance) - - expected_data = { - 'antispam-cache': 'enable', - 'antispam-cache-mpercent': '4', - 'antispam-cache-ttl': '5', - 'antispam-expiration': '6', - 'antispam-force-off': 'enable', - 'antispam-license': '8', - 'antispam-timeout': '9', - 'auto-join-forticloud': 'enable', - 'ddns-server-ip': 'test_value_11', - 'ddns-server-port': '12', - 'load-balance-servers': '13', - 'outbreak-prevention-cache': 'enable', - 'outbreak-prevention-cache-mpercent': '15', - 'outbreak-prevention-cache-ttl': '16', - 'outbreak-prevention-expiration': '17', - 'outbreak-prevention-force-off': 'enable', - 'outbreak-prevention-license': '19', - 'outbreak-prevention-timeout': '20', - 'port': '53', - 'sdns-server-ip': 'test_value_22', - 'sdns-server-port': '23', - 'service-account-id': 'test_value_24', - 'source-ip': '84.230.14.25', - 'source-ip6': 'test_value_26', - 'update-server-location': 'usa', - 'webfilter-cache': 'enable', - 'webfilter-cache-ttl': '29', - 'webfilter-expiration': '30', - 'webfilter-force-off': 'enable', - 'webfilter-license': '32', - 'webfilter-timeout': '33' - } - - set_method_mock.assert_called_with('system', 'fortiguard', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_fortiguard_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_fortiguard': { - 'random_attribute_not_valid': 'tag', - 'antispam_cache': 'enable', - 'antispam_cache_mpercent': '4', - 'antispam_cache_ttl': '5', - 'antispam_expiration': '6', - 'antispam_force_off': 'enable', - 'antispam_license': '8', - 'antispam_timeout': '9', - 'auto_join_forticloud': 'enable', - 'ddns_server_ip': 'test_value_11', - 'ddns_server_port': '12', - 'load_balance_servers': '13', - 'outbreak_prevention_cache': 'enable', - 'outbreak_prevention_cache_mpercent': '15', - 'outbreak_prevention_cache_ttl': '16', - 'outbreak_prevention_expiration': '17', - 'outbreak_prevention_force_off': 'enable', - 'outbreak_prevention_license': '19', - 'outbreak_prevention_timeout': '20', - 'port': '53', - 'sdns_server_ip': 'test_value_22', - 'sdns_server_port': '23', - 'service_account_id': 'test_value_24', - 'source_ip': '84.230.14.25', - 'source_ip6': 'test_value_26', - 'update_server_location': 'usa', - 'webfilter_cache': 'enable', - 'webfilter_cache_ttl': '29', - 'webfilter_expiration': '30', - 'webfilter_force_off': 'enable', - 'webfilter_license': '32', - 'webfilter_timeout': '33' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_fortiguard.fortios_system(input_data, fos_instance) - - expected_data = { - 'antispam-cache': 'enable', - 'antispam-cache-mpercent': '4', - 'antispam-cache-ttl': '5', - 'antispam-expiration': '6', - 'antispam-force-off': 'enable', - 'antispam-license': '8', - 'antispam-timeout': '9', - 'auto-join-forticloud': 'enable', - 'ddns-server-ip': 'test_value_11', - 'ddns-server-port': '12', - 'load-balance-servers': '13', - 'outbreak-prevention-cache': 'enable', - 'outbreak-prevention-cache-mpercent': '15', - 'outbreak-prevention-cache-ttl': '16', - 'outbreak-prevention-expiration': '17', - 'outbreak-prevention-force-off': 'enable', - 'outbreak-prevention-license': '19', - 'outbreak-prevention-timeout': '20', - 'port': '53', - 'sdns-server-ip': 'test_value_22', - 'sdns-server-port': '23', - 'service-account-id': 'test_value_24', - 'source-ip': '84.230.14.25', - 'source-ip6': 'test_value_26', - 'update-server-location': 'usa', - 'webfilter-cache': 'enable', - 'webfilter-cache-ttl': '29', - 'webfilter-expiration': '30', - 'webfilter-force-off': 'enable', - 'webfilter-license': '32', - 'webfilter-timeout': '33' - } - - set_method_mock.assert_called_with('system', 'fortiguard', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_fortimanager.py b/test/units/modules/network/fortios/test_fortios_system_fortimanager.py deleted file mode 100644 index a4ec27e4215..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_fortimanager.py +++ /dev/null @@ -1,199 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_fortimanager -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_fortimanager.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_fortimanager_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_fortimanager': { - 'central_management': 'enable', - 'central_mgmt_auto_backup': 'enable', - 'central_mgmt_schedule_config_restore': 'enable', - 'central_mgmt_schedule_script_restore': 'enable', - 'ip': 'test_value_7', - 'ipsec': 'enable', - 'vdom': 'test_value_9' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_fortimanager.fortios_system(input_data, fos_instance) - - expected_data = { - 'central-management': 'enable', - 'central-mgmt-auto-backup': 'enable', - 'central-mgmt-schedule-config-restore': 'enable', - 'central-mgmt-schedule-script-restore': 'enable', - 'ip': 'test_value_7', - 'ipsec': 'enable', - 'vdom': 'test_value_9' - } - - set_method_mock.assert_called_with('system', 'fortimanager', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_fortimanager_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_fortimanager': { - 'central_management': 'enable', - 'central_mgmt_auto_backup': 'enable', - 'central_mgmt_schedule_config_restore': 'enable', - 'central_mgmt_schedule_script_restore': 'enable', - 'ip': 'test_value_7', - 'ipsec': 'enable', - 'vdom': 'test_value_9' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_fortimanager.fortios_system(input_data, fos_instance) - - expected_data = { - 'central-management': 'enable', - 'central-mgmt-auto-backup': 'enable', - 'central-mgmt-schedule-config-restore': 'enable', - 'central-mgmt-schedule-script-restore': 'enable', - 'ip': 'test_value_7', - 'ipsec': 'enable', - 'vdom': 'test_value_9' - } - - set_method_mock.assert_called_with('system', 'fortimanager', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_fortimanager_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_fortimanager': { - 'central_management': 'enable', - 'central_mgmt_auto_backup': 'enable', - 'central_mgmt_schedule_config_restore': 'enable', - 'central_mgmt_schedule_script_restore': 'enable', - 'ip': 'test_value_7', - 'ipsec': 'enable', - 'vdom': 'test_value_9' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_fortimanager.fortios_system(input_data, fos_instance) - - expected_data = { - 'central-management': 'enable', - 'central-mgmt-auto-backup': 'enable', - 'central-mgmt-schedule-config-restore': 'enable', - 'central-mgmt-schedule-script-restore': 'enable', - 'ip': 'test_value_7', - 'ipsec': 'enable', - 'vdom': 'test_value_9' - } - - set_method_mock.assert_called_with('system', 'fortimanager', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_fortimanager_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_fortimanager': { - 'random_attribute_not_valid': 'tag', - 'central_management': 'enable', - 'central_mgmt_auto_backup': 'enable', - 'central_mgmt_schedule_config_restore': 'enable', - 'central_mgmt_schedule_script_restore': 'enable', - 'ip': 'test_value_7', - 'ipsec': 'enable', - 'vdom': 'test_value_9' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_fortimanager.fortios_system(input_data, fos_instance) - - expected_data = { - 'central-management': 'enable', - 'central-mgmt-auto-backup': 'enable', - 'central-mgmt-schedule-config-restore': 'enable', - 'central-mgmt-schedule-script-restore': 'enable', - 'ip': 'test_value_7', - 'ipsec': 'enable', - 'vdom': 'test_value_9' - } - - set_method_mock.assert_called_with('system', 'fortimanager', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_fortisandbox.py b/test/units/modules/network/fortios/test_fortios_system_fortisandbox.py deleted file mode 100644 index a4ff2ad4b04..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_fortisandbox.py +++ /dev/null @@ -1,191 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_fortisandbox -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_fortisandbox.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_fortisandbox_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_fortisandbox': { - 'email': 'test_value_3', - 'enc_algorithm': 'default', - 'server': '192.168.100.5', - 'source_ip': '84.230.14.6', - 'ssl_min_proto_version': 'default', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_fortisandbox.fortios_system(input_data, fos_instance) - - expected_data = { - 'email': 'test_value_3', - 'enc-algorithm': 'default', - 'server': '192.168.100.5', - 'source-ip': '84.230.14.6', - 'ssl-min-proto-version': 'default', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'fortisandbox', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_fortisandbox_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_fortisandbox': { - 'email': 'test_value_3', - 'enc_algorithm': 'default', - 'server': '192.168.100.5', - 'source_ip': '84.230.14.6', - 'ssl_min_proto_version': 'default', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_fortisandbox.fortios_system(input_data, fos_instance) - - expected_data = { - 'email': 'test_value_3', - 'enc-algorithm': 'default', - 'server': '192.168.100.5', - 'source-ip': '84.230.14.6', - 'ssl-min-proto-version': 'default', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'fortisandbox', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_fortisandbox_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_fortisandbox': { - 'email': 'test_value_3', - 'enc_algorithm': 'default', - 'server': '192.168.100.5', - 'source_ip': '84.230.14.6', - 'ssl_min_proto_version': 'default', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_fortisandbox.fortios_system(input_data, fos_instance) - - expected_data = { - 'email': 'test_value_3', - 'enc-algorithm': 'default', - 'server': '192.168.100.5', - 'source-ip': '84.230.14.6', - 'ssl-min-proto-version': 'default', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'fortisandbox', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_fortisandbox_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_fortisandbox': { - 'random_attribute_not_valid': 'tag', - 'email': 'test_value_3', - 'enc_algorithm': 'default', - 'server': '192.168.100.5', - 'source_ip': '84.230.14.6', - 'ssl_min_proto_version': 'default', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_fortisandbox.fortios_system(input_data, fos_instance) - - expected_data = { - 'email': 'test_value_3', - 'enc-algorithm': 'default', - 'server': '192.168.100.5', - 'source-ip': '84.230.14.6', - 'ssl-min-proto-version': 'default', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'fortisandbox', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_fsso_polling.py b/test/units/modules/network/fortios/test_fortios_system_fsso_polling.py deleted file mode 100644 index a7fb490ff01..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_fsso_polling.py +++ /dev/null @@ -1,175 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_fsso_polling -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_fsso_polling.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_fsso_polling_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_fsso_polling': { - 'auth_password': 'test_value_3', - 'authentication': 'enable', - 'listening_port': '5', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_fsso_polling.fortios_system(input_data, fos_instance) - - expected_data = { - 'auth-password': 'test_value_3', - 'authentication': 'enable', - 'listening-port': '5', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'fsso-polling', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_fsso_polling_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_fsso_polling': { - 'auth_password': 'test_value_3', - 'authentication': 'enable', - 'listening_port': '5', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_fsso_polling.fortios_system(input_data, fos_instance) - - expected_data = { - 'auth-password': 'test_value_3', - 'authentication': 'enable', - 'listening-port': '5', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'fsso-polling', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_fsso_polling_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_fsso_polling': { - 'auth_password': 'test_value_3', - 'authentication': 'enable', - 'listening_port': '5', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_fsso_polling.fortios_system(input_data, fos_instance) - - expected_data = { - 'auth-password': 'test_value_3', - 'authentication': 'enable', - 'listening-port': '5', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'fsso-polling', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_fsso_polling_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_fsso_polling': { - 'random_attribute_not_valid': 'tag', - 'auth_password': 'test_value_3', - 'authentication': 'enable', - 'listening_port': '5', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_fsso_polling.fortios_system(input_data, fos_instance) - - expected_data = { - 'auth-password': 'test_value_3', - 'authentication': 'enable', - 'listening-port': '5', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'fsso-polling', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_ftm_push.py b/test/units/modules/network/fortios/test_fortios_system_ftm_push.py deleted file mode 100644 index 811dc9f015a..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_ftm_push.py +++ /dev/null @@ -1,167 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_ftm_push -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_ftm_push.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_ftm_push_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ftm_push': { - 'server_ip': 'test_value_3', - 'server_port': '4', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ftm_push.fortios_system(input_data, fos_instance) - - expected_data = { - 'server-ip': 'test_value_3', - 'server-port': '4', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'ftm-push', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_ftm_push_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ftm_push': { - 'server_ip': 'test_value_3', - 'server_port': '4', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ftm_push.fortios_system(input_data, fos_instance) - - expected_data = { - 'server-ip': 'test_value_3', - 'server-port': '4', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'ftm-push', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_ftm_push_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ftm_push': { - 'server_ip': 'test_value_3', - 'server_port': '4', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ftm_push.fortios_system(input_data, fos_instance) - - expected_data = { - 'server-ip': 'test_value_3', - 'server-port': '4', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'ftm-push', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_ftm_push_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ftm_push': { - 'random_attribute_not_valid': 'tag', - 'server_ip': 'test_value_3', - 'server_port': '4', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ftm_push.fortios_system(input_data, fos_instance) - - expected_data = { - 'server-ip': 'test_value_3', - 'server-port': '4', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'ftm-push', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_geoip_override.py b/test/units/modules/network/fortios/test_fortios_system_geoip_override.py deleted file mode 100644 index 2187552f585..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_geoip_override.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_geoip_override -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_geoip_override.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_geoip_override_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_geoip_override': { - 'country_id': 'test_value_3', - 'description': 'test_value_4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_geoip_override.fortios_system(input_data, fos_instance) - - expected_data = { - 'country-id': 'test_value_3', - 'description': 'test_value_4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('system', 'geoip-override', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_geoip_override_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_geoip_override': { - 'country_id': 'test_value_3', - 'description': 'test_value_4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_geoip_override.fortios_system(input_data, fos_instance) - - expected_data = { - 'country-id': 'test_value_3', - 'description': 'test_value_4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('system', 'geoip-override', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_geoip_override_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_geoip_override': { - 'country_id': 'test_value_3', - 'description': 'test_value_4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_geoip_override.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'geoip-override', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_geoip_override_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_geoip_override': { - 'country_id': 'test_value_3', - 'description': 'test_value_4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_geoip_override.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'geoip-override', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_geoip_override_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_geoip_override': { - 'country_id': 'test_value_3', - 'description': 'test_value_4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_geoip_override.fortios_system(input_data, fos_instance) - - expected_data = { - 'country-id': 'test_value_3', - 'description': 'test_value_4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('system', 'geoip-override', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_geoip_override_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_geoip_override': { - 'random_attribute_not_valid': 'tag', - 'country_id': 'test_value_3', - 'description': 'test_value_4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_geoip_override.fortios_system(input_data, fos_instance) - - expected_data = { - 'country-id': 'test_value_3', - 'description': 'test_value_4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('system', 'geoip-override', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_global.py b/test/units/modules/network/fortios/test_fortios_system_global.py deleted file mode 100644 index f266463ffa1..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_global.py +++ /dev/null @@ -1,1567 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_global -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_global.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_global_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_global': { - 'admin_concurrent': 'enable', - 'admin_console_timeout': '4', - 'admin_hsts_max_age': '5', - 'admin_https_pki_required': 'enable', - 'admin_https_redirect': 'enable', - 'admin_lockout_duration': '8', - 'admin_lockout_threshold': '9', - 'admin_login_max': '10', - 'admin_maintainer': 'enable', - 'admin_port': '12', - 'admin_restrict_local': 'enable', - 'admin_scp': 'enable', - 'admin_server_cert': 'test_value_15', - 'admin_sport': '16', - 'admin_ssh_grace_time': '17', - 'admin_ssh_password': 'enable', - 'admin_ssh_port': '19', - 'admin_ssh_v1': 'enable', - 'admin_telnet_port': '21', - 'admintimeout': '22', - 'alias': 'test_value_23', - 'allow_traffic_redirect': 'enable', - 'anti_replay': 'disable', - 'arp_max_entry': '26', - 'asymroute': 'enable', - 'auth_cert': 'test_value_28', - 'auth_http_port': '29', - 'auth_https_port': '30', - 'auth_keepalive': 'enable', - 'auth_session_limit': 'block-new', - 'auto_auth_extension_device': 'enable', - 'av_affinity': 'test_value_34', - 'av_failopen': 'pass', - 'av_failopen_session': 'enable', - 'batch_cmdb': 'enable', - 'block_session_timer': '38', - 'br_fdb_max_entry': '39', - 'cert_chain_max': '40', - 'cfg_revert_timeout': '41', - 'cfg_save': 'automatic', - 'check_protocol_header': 'loose', - 'check_reset_range': 'strict', - 'cli_audit_log': 'enable', - 'clt_cert_req': 'enable', - 'compliance_check': 'enable', - 'compliance_check_time': 'test_value_48', - 'cpu_use_threshold': '49', - 'csr_ca_attribute': 'enable', - 'daily_restart': 'enable', - 'device_identification_active_scan_delay': '52', - 'device_idle_timeout': '53', - 'dh_params': '1024', - 'dnsproxy_worker_count': '55', - 'dst': 'enable', - 'endpoint_control_fds_access': 'enable', - 'endpoint_control_portal_port': '58', - 'failtime': '59', - 'fds_statistics': 'enable', - 'fds_statistics_period': '61', - 'fortiextender': 'enable', - 'fortiextender_data_port': '63', - 'fortiextender_vlan_mode': 'enable', - 'fortiservice_port': '65', - 'gui_certificates': 'enable', - 'gui_custom_language': 'enable', - 'gui_date_format': 'yyyy/MM/dd', - 'gui_device_latitude': 'test_value_69', - 'gui_device_longitude': 'test_value_70', - 'gui_display_hostname': 'enable', - 'gui_ipv6': 'enable', - 'gui_lines_per_page': '73', - 'gui_theme': 'green', - 'gui_wireless_opensecurity': 'enable', - 'honor_df': 'enable', - 'hostname': 'myhostname77', - 'igmp_state_limit': '78', - 'interval': '79', - 'ip_src_port_range': 'test_value_80', - 'ips_affinity': 'test_value_81', - 'ipsec_asic_offload': 'enable', - 'ipsec_hmac_offload': 'enable', - 'ipsec_soft_dec_async': 'enable', - 'ipv6_accept_dad': '85', - 'ipv6_allow_anycast_probe': 'enable', - 'language': 'english', - 'ldapconntimeout': '88', - 'lldp_transmission': 'enable', - 'log_ssl_connection': 'enable', - 'log_uuid': 'disable', - 'login_timestamp': 'enable', - 'long_vdom_name': 'enable', - 'management_vdom': 'test_value_94', - 'max_dlpstat_memory': '95', - 'max_route_cache_size': '96', - 'mc_ttl_notchange': 'enable', - 'memory_use_threshold_extreme': '98', - 'memory_use_threshold_green': '99', - 'memory_use_threshold_red': '100', - 'miglog_affinity': 'test_value_101', - 'miglogd_children': '102', - 'multi_factor_authentication': 'optional', - 'multicast_forward': 'enable', - 'ndp_max_entry': '105', - 'per_user_bwl': 'enable', - 'policy_auth_concurrent': '107', - 'post_login_banner': 'disable', - 'pre_login_banner': 'enable', - 'private_data_encryption': 'disable', - 'proxy_auth_lifetime': 'enable', - 'proxy_auth_lifetime_timeout': '112', - 'proxy_auth_timeout': '113', - 'proxy_cipher_hardware_acceleration': 'disable', - 'proxy_kxp_hardware_acceleration': 'disable', - 'proxy_re_authentication_mode': 'session', - 'proxy_worker_count': '117', - 'radius_port': '118', - 'reboot_upon_config_restore': 'enable', - 'refresh': '120', - 'remoteauthtimeout': '121', - 'reset_sessionless_tcp': 'enable', - 'restart_time': 'test_value_123', - 'revision_backup_on_logout': 'enable', - 'revision_image_auto_backup': 'enable', - 'scanunit_count': '126', - 'security_rating_result_submission': 'enable', - 'security_rating_run_on_schedule': 'enable', - 'send_pmtu_icmp': 'enable', - 'snat_route_change': 'enable', - 'special_file_23_support': 'disable', - 'ssd_trim_date': '132', - 'ssd_trim_freq': 'never', - 'ssd_trim_hour': '134', - 'ssd_trim_min': '135', - 'ssd_trim_weekday': 'sunday', - 'ssh_cbc_cipher': 'enable', - 'ssh_hmac_md5': 'enable', - 'ssh_kex_sha1': 'enable', - 'ssl_min_proto_version': 'SSLv3', - 'ssl_static_key_ciphers': 'enable', - 'sslvpn_cipher_hardware_acceleration': 'enable', - 'sslvpn_kxp_hardware_acceleration': 'enable', - 'sslvpn_max_worker_count': '144', - 'sslvpn_plugin_version_check': 'enable', - 'strict_dirty_session_check': 'enable', - 'strong_crypto': 'enable', - 'switch_controller': 'disable', - 'switch_controller_reserved_network': 'test_value_149', - 'sys_perf_log_interval': '150', - 'tcp_halfclose_timer': '151', - 'tcp_halfopen_timer': '152', - 'tcp_option': 'enable', - 'tcp_timewait_timer': '154', - 'tftp': 'enable', - 'timezone': '01', - 'tp_mc_skip_policy': 'enable', - 'traffic_priority': 'tos', - 'traffic_priority_level': 'low', - 'two_factor_email_expiry': '160', - 'two_factor_fac_expiry': '161', - 'two_factor_ftk_expiry': '162', - 'two_factor_ftm_expiry': '163', - 'two_factor_sms_expiry': '164', - 'udp_idle_timer': '165', - 'user_server_cert': 'test_value_166', - 'vdom_admin': 'enable', - 'vip_arp_range': 'unlimited', - 'virtual_server_count': '169', - 'virtual_server_hardware_acceleration': 'disable', - 'wad_affinity': 'test_value_171', - 'wad_csvc_cs_count': '172', - 'wad_csvc_db_count': '173', - 'wad_source_affinity': 'disable', - 'wad_worker_count': '175', - 'wifi_ca_certificate': 'test_value_176', - 'wifi_certificate': 'test_value_177', - 'wimax_4g_usb': 'enable', - 'wireless_controller': 'enable', - 'wireless_controller_port': '180' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_global.fortios_system(input_data, fos_instance) - - expected_data = { - 'admin-concurrent': 'enable', - 'admin-console-timeout': '4', - 'admin-hsts-max-age': '5', - 'admin-https-pki-required': 'enable', - 'admin-https-redirect': 'enable', - 'admin-lockout-duration': '8', - 'admin-lockout-threshold': '9', - 'admin-login-max': '10', - 'admin-maintainer': 'enable', - 'admin-port': '12', - 'admin-restrict-local': 'enable', - 'admin-scp': 'enable', - 'admin-server-cert': 'test_value_15', - 'admin-sport': '16', - 'admin-ssh-grace-time': '17', - 'admin-ssh-password': 'enable', - 'admin-ssh-port': '19', - 'admin-ssh-v1': 'enable', - 'admin-telnet-port': '21', - 'admintimeout': '22', - 'alias': 'test_value_23', - 'allow-traffic-redirect': 'enable', - 'anti-replay': 'disable', - 'arp-max-entry': '26', - 'asymroute': 'enable', - 'auth-cert': 'test_value_28', - 'auth-http-port': '29', - 'auth-https-port': '30', - 'auth-keepalive': 'enable', - 'auth-session-limit': 'block-new', - 'auto-auth-extension-device': 'enable', - 'av-affinity': 'test_value_34', - 'av-failopen': 'pass', - 'av-failopen-session': 'enable', - 'batch-cmdb': 'enable', - 'block-session-timer': '38', - 'br-fdb-max-entry': '39', - 'cert-chain-max': '40', - 'cfg-revert-timeout': '41', - 'cfg-save': 'automatic', - 'check-protocol-header': 'loose', - 'check-reset-range': 'strict', - 'cli-audit-log': 'enable', - 'clt-cert-req': 'enable', - 'compliance-check': 'enable', - 'compliance-check-time': 'test_value_48', - 'cpu-use-threshold': '49', - 'csr-ca-attribute': 'enable', - 'daily-restart': 'enable', - 'device-identification-active-scan-delay': '52', - 'device-idle-timeout': '53', - 'dh-params': '1024', - 'dnsproxy-worker-count': '55', - 'dst': 'enable', - 'endpoint-control-fds-access': 'enable', - 'endpoint-control-portal-port': '58', - 'failtime': '59', - 'fds-statistics': 'enable', - 'fds-statistics-period': '61', - 'fortiextender': 'enable', - 'fortiextender-data-port': '63', - 'fortiextender-vlan-mode': 'enable', - 'fortiservice-port': '65', - 'gui-certificates': 'enable', - 'gui-custom-language': 'enable', - 'gui-date-format': 'yyyy/MM/dd', - 'gui-device-latitude': 'test_value_69', - 'gui-device-longitude': 'test_value_70', - 'gui-display-hostname': 'enable', - 'gui-ipv6': 'enable', - 'gui-lines-per-page': '73', - 'gui-theme': 'green', - 'gui-wireless-opensecurity': 'enable', - 'honor-df': 'enable', - 'hostname': 'myhostname77', - 'igmp-state-limit': '78', - 'interval': '79', - 'ip-src-port-range': 'test_value_80', - 'ips-affinity': 'test_value_81', - 'ipsec-asic-offload': 'enable', - 'ipsec-hmac-offload': 'enable', - 'ipsec-soft-dec-async': 'enable', - 'ipv6-accept-dad': '85', - 'ipv6-allow-anycast-probe': 'enable', - 'language': 'english', - 'ldapconntimeout': '88', - 'lldp-transmission': 'enable', - 'log-ssl-connection': 'enable', - 'log-uuid': 'disable', - 'login-timestamp': 'enable', - 'long-vdom-name': 'enable', - 'management-vdom': 'test_value_94', - 'max-dlpstat-memory': '95', - 'max-route-cache-size': '96', - 'mc-ttl-notchange': 'enable', - 'memory-use-threshold-extreme': '98', - 'memory-use-threshold-green': '99', - 'memory-use-threshold-red': '100', - 'miglog-affinity': 'test_value_101', - 'miglogd-children': '102', - 'multi-factor-authentication': 'optional', - 'multicast-forward': 'enable', - 'ndp-max-entry': '105', - 'per-user-bwl': 'enable', - 'policy-auth-concurrent': '107', - 'post-login-banner': 'disable', - 'pre-login-banner': 'enable', - 'private-data-encryption': 'disable', - 'proxy-auth-lifetime': 'enable', - 'proxy-auth-lifetime-timeout': '112', - 'proxy-auth-timeout': '113', - 'proxy-cipher-hardware-acceleration': 'disable', - 'proxy-kxp-hardware-acceleration': 'disable', - 'proxy-re-authentication-mode': 'session', - 'proxy-worker-count': '117', - 'radius-port': '118', - 'reboot-upon-config-restore': 'enable', - 'refresh': '120', - 'remoteauthtimeout': '121', - 'reset-sessionless-tcp': 'enable', - 'restart-time': 'test_value_123', - 'revision-backup-on-logout': 'enable', - 'revision-image-auto-backup': 'enable', - 'scanunit-count': '126', - 'security-rating-result-submission': 'enable', - 'security-rating-run-on-schedule': 'enable', - 'send-pmtu-icmp': 'enable', - 'snat-route-change': 'enable', - 'special-file-23-support': 'disable', - 'ssd-trim-date': '132', - 'ssd-trim-freq': 'never', - 'ssd-trim-hour': '134', - 'ssd-trim-min': '135', - 'ssd-trim-weekday': 'sunday', - 'ssh-cbc-cipher': 'enable', - 'ssh-hmac-md5': 'enable', - 'ssh-kex-sha1': 'enable', - 'ssl-min-proto-version': 'SSLv3', - 'ssl-static-key-ciphers': 'enable', - 'sslvpn-cipher-hardware-acceleration': 'enable', - 'sslvpn-kxp-hardware-acceleration': 'enable', - 'sslvpn-max-worker-count': '144', - 'sslvpn-plugin-version-check': 'enable', - 'strict-dirty-session-check': 'enable', - 'strong-crypto': 'enable', - 'switch-controller': 'disable', - 'switch-controller-reserved-network': 'test_value_149', - 'sys-perf-log-interval': '150', - 'tcp-halfclose-timer': '151', - 'tcp-halfopen-timer': '152', - 'tcp-option': 'enable', - 'tcp-timewait-timer': '154', - 'tftp': 'enable', - 'timezone': '01', - 'tp-mc-skip-policy': 'enable', - 'traffic-priority': 'tos', - 'traffic-priority-level': 'low', - 'two-factor-email-expiry': '160', - 'two-factor-fac-expiry': '161', - 'two-factor-ftk-expiry': '162', - 'two-factor-ftm-expiry': '163', - 'two-factor-sms-expiry': '164', - 'udp-idle-timer': '165', - 'user-server-cert': 'test_value_166', - 'vdom-admin': 'enable', - 'vip-arp-range': 'unlimited', - 'virtual-server-count': '169', - 'virtual-server-hardware-acceleration': 'disable', - 'wad-affinity': 'test_value_171', - 'wad-csvc-cs-count': '172', - 'wad-csvc-db-count': '173', - 'wad-source-affinity': 'disable', - 'wad-worker-count': '175', - 'wifi-ca-certificate': 'test_value_176', - 'wifi-certificate': 'test_value_177', - 'wimax-4g-usb': 'enable', - 'wireless-controller': 'enable', - 'wireless-controller-port': '180' - } - - set_method_mock.assert_called_with('system', 'global', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_global_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_global': { - 'admin_concurrent': 'enable', - 'admin_console_timeout': '4', - 'admin_hsts_max_age': '5', - 'admin_https_pki_required': 'enable', - 'admin_https_redirect': 'enable', - 'admin_lockout_duration': '8', - 'admin_lockout_threshold': '9', - 'admin_login_max': '10', - 'admin_maintainer': 'enable', - 'admin_port': '12', - 'admin_restrict_local': 'enable', - 'admin_scp': 'enable', - 'admin_server_cert': 'test_value_15', - 'admin_sport': '16', - 'admin_ssh_grace_time': '17', - 'admin_ssh_password': 'enable', - 'admin_ssh_port': '19', - 'admin_ssh_v1': 'enable', - 'admin_telnet_port': '21', - 'admintimeout': '22', - 'alias': 'test_value_23', - 'allow_traffic_redirect': 'enable', - 'anti_replay': 'disable', - 'arp_max_entry': '26', - 'asymroute': 'enable', - 'auth_cert': 'test_value_28', - 'auth_http_port': '29', - 'auth_https_port': '30', - 'auth_keepalive': 'enable', - 'auth_session_limit': 'block-new', - 'auto_auth_extension_device': 'enable', - 'av_affinity': 'test_value_34', - 'av_failopen': 'pass', - 'av_failopen_session': 'enable', - 'batch_cmdb': 'enable', - 'block_session_timer': '38', - 'br_fdb_max_entry': '39', - 'cert_chain_max': '40', - 'cfg_revert_timeout': '41', - 'cfg_save': 'automatic', - 'check_protocol_header': 'loose', - 'check_reset_range': 'strict', - 'cli_audit_log': 'enable', - 'clt_cert_req': 'enable', - 'compliance_check': 'enable', - 'compliance_check_time': 'test_value_48', - 'cpu_use_threshold': '49', - 'csr_ca_attribute': 'enable', - 'daily_restart': 'enable', - 'device_identification_active_scan_delay': '52', - 'device_idle_timeout': '53', - 'dh_params': '1024', - 'dnsproxy_worker_count': '55', - 'dst': 'enable', - 'endpoint_control_fds_access': 'enable', - 'endpoint_control_portal_port': '58', - 'failtime': '59', - 'fds_statistics': 'enable', - 'fds_statistics_period': '61', - 'fortiextender': 'enable', - 'fortiextender_data_port': '63', - 'fortiextender_vlan_mode': 'enable', - 'fortiservice_port': '65', - 'gui_certificates': 'enable', - 'gui_custom_language': 'enable', - 'gui_date_format': 'yyyy/MM/dd', - 'gui_device_latitude': 'test_value_69', - 'gui_device_longitude': 'test_value_70', - 'gui_display_hostname': 'enable', - 'gui_ipv6': 'enable', - 'gui_lines_per_page': '73', - 'gui_theme': 'green', - 'gui_wireless_opensecurity': 'enable', - 'honor_df': 'enable', - 'hostname': 'myhostname77', - 'igmp_state_limit': '78', - 'interval': '79', - 'ip_src_port_range': 'test_value_80', - 'ips_affinity': 'test_value_81', - 'ipsec_asic_offload': 'enable', - 'ipsec_hmac_offload': 'enable', - 'ipsec_soft_dec_async': 'enable', - 'ipv6_accept_dad': '85', - 'ipv6_allow_anycast_probe': 'enable', - 'language': 'english', - 'ldapconntimeout': '88', - 'lldp_transmission': 'enable', - 'log_ssl_connection': 'enable', - 'log_uuid': 'disable', - 'login_timestamp': 'enable', - 'long_vdom_name': 'enable', - 'management_vdom': 'test_value_94', - 'max_dlpstat_memory': '95', - 'max_route_cache_size': '96', - 'mc_ttl_notchange': 'enable', - 'memory_use_threshold_extreme': '98', - 'memory_use_threshold_green': '99', - 'memory_use_threshold_red': '100', - 'miglog_affinity': 'test_value_101', - 'miglogd_children': '102', - 'multi_factor_authentication': 'optional', - 'multicast_forward': 'enable', - 'ndp_max_entry': '105', - 'per_user_bwl': 'enable', - 'policy_auth_concurrent': '107', - 'post_login_banner': 'disable', - 'pre_login_banner': 'enable', - 'private_data_encryption': 'disable', - 'proxy_auth_lifetime': 'enable', - 'proxy_auth_lifetime_timeout': '112', - 'proxy_auth_timeout': '113', - 'proxy_cipher_hardware_acceleration': 'disable', - 'proxy_kxp_hardware_acceleration': 'disable', - 'proxy_re_authentication_mode': 'session', - 'proxy_worker_count': '117', - 'radius_port': '118', - 'reboot_upon_config_restore': 'enable', - 'refresh': '120', - 'remoteauthtimeout': '121', - 'reset_sessionless_tcp': 'enable', - 'restart_time': 'test_value_123', - 'revision_backup_on_logout': 'enable', - 'revision_image_auto_backup': 'enable', - 'scanunit_count': '126', - 'security_rating_result_submission': 'enable', - 'security_rating_run_on_schedule': 'enable', - 'send_pmtu_icmp': 'enable', - 'snat_route_change': 'enable', - 'special_file_23_support': 'disable', - 'ssd_trim_date': '132', - 'ssd_trim_freq': 'never', - 'ssd_trim_hour': '134', - 'ssd_trim_min': '135', - 'ssd_trim_weekday': 'sunday', - 'ssh_cbc_cipher': 'enable', - 'ssh_hmac_md5': 'enable', - 'ssh_kex_sha1': 'enable', - 'ssl_min_proto_version': 'SSLv3', - 'ssl_static_key_ciphers': 'enable', - 'sslvpn_cipher_hardware_acceleration': 'enable', - 'sslvpn_kxp_hardware_acceleration': 'enable', - 'sslvpn_max_worker_count': '144', - 'sslvpn_plugin_version_check': 'enable', - 'strict_dirty_session_check': 'enable', - 'strong_crypto': 'enable', - 'switch_controller': 'disable', - 'switch_controller_reserved_network': 'test_value_149', - 'sys_perf_log_interval': '150', - 'tcp_halfclose_timer': '151', - 'tcp_halfopen_timer': '152', - 'tcp_option': 'enable', - 'tcp_timewait_timer': '154', - 'tftp': 'enable', - 'timezone': '01', - 'tp_mc_skip_policy': 'enable', - 'traffic_priority': 'tos', - 'traffic_priority_level': 'low', - 'two_factor_email_expiry': '160', - 'two_factor_fac_expiry': '161', - 'two_factor_ftk_expiry': '162', - 'two_factor_ftm_expiry': '163', - 'two_factor_sms_expiry': '164', - 'udp_idle_timer': '165', - 'user_server_cert': 'test_value_166', - 'vdom_admin': 'enable', - 'vip_arp_range': 'unlimited', - 'virtual_server_count': '169', - 'virtual_server_hardware_acceleration': 'disable', - 'wad_affinity': 'test_value_171', - 'wad_csvc_cs_count': '172', - 'wad_csvc_db_count': '173', - 'wad_source_affinity': 'disable', - 'wad_worker_count': '175', - 'wifi_ca_certificate': 'test_value_176', - 'wifi_certificate': 'test_value_177', - 'wimax_4g_usb': 'enable', - 'wireless_controller': 'enable', - 'wireless_controller_port': '180' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_global.fortios_system(input_data, fos_instance) - - expected_data = { - 'admin-concurrent': 'enable', - 'admin-console-timeout': '4', - 'admin-hsts-max-age': '5', - 'admin-https-pki-required': 'enable', - 'admin-https-redirect': 'enable', - 'admin-lockout-duration': '8', - 'admin-lockout-threshold': '9', - 'admin-login-max': '10', - 'admin-maintainer': 'enable', - 'admin-port': '12', - 'admin-restrict-local': 'enable', - 'admin-scp': 'enable', - 'admin-server-cert': 'test_value_15', - 'admin-sport': '16', - 'admin-ssh-grace-time': '17', - 'admin-ssh-password': 'enable', - 'admin-ssh-port': '19', - 'admin-ssh-v1': 'enable', - 'admin-telnet-port': '21', - 'admintimeout': '22', - 'alias': 'test_value_23', - 'allow-traffic-redirect': 'enable', - 'anti-replay': 'disable', - 'arp-max-entry': '26', - 'asymroute': 'enable', - 'auth-cert': 'test_value_28', - 'auth-http-port': '29', - 'auth-https-port': '30', - 'auth-keepalive': 'enable', - 'auth-session-limit': 'block-new', - 'auto-auth-extension-device': 'enable', - 'av-affinity': 'test_value_34', - 'av-failopen': 'pass', - 'av-failopen-session': 'enable', - 'batch-cmdb': 'enable', - 'block-session-timer': '38', - 'br-fdb-max-entry': '39', - 'cert-chain-max': '40', - 'cfg-revert-timeout': '41', - 'cfg-save': 'automatic', - 'check-protocol-header': 'loose', - 'check-reset-range': 'strict', - 'cli-audit-log': 'enable', - 'clt-cert-req': 'enable', - 'compliance-check': 'enable', - 'compliance-check-time': 'test_value_48', - 'cpu-use-threshold': '49', - 'csr-ca-attribute': 'enable', - 'daily-restart': 'enable', - 'device-identification-active-scan-delay': '52', - 'device-idle-timeout': '53', - 'dh-params': '1024', - 'dnsproxy-worker-count': '55', - 'dst': 'enable', - 'endpoint-control-fds-access': 'enable', - 'endpoint-control-portal-port': '58', - 'failtime': '59', - 'fds-statistics': 'enable', - 'fds-statistics-period': '61', - 'fortiextender': 'enable', - 'fortiextender-data-port': '63', - 'fortiextender-vlan-mode': 'enable', - 'fortiservice-port': '65', - 'gui-certificates': 'enable', - 'gui-custom-language': 'enable', - 'gui-date-format': 'yyyy/MM/dd', - 'gui-device-latitude': 'test_value_69', - 'gui-device-longitude': 'test_value_70', - 'gui-display-hostname': 'enable', - 'gui-ipv6': 'enable', - 'gui-lines-per-page': '73', - 'gui-theme': 'green', - 'gui-wireless-opensecurity': 'enable', - 'honor-df': 'enable', - 'hostname': 'myhostname77', - 'igmp-state-limit': '78', - 'interval': '79', - 'ip-src-port-range': 'test_value_80', - 'ips-affinity': 'test_value_81', - 'ipsec-asic-offload': 'enable', - 'ipsec-hmac-offload': 'enable', - 'ipsec-soft-dec-async': 'enable', - 'ipv6-accept-dad': '85', - 'ipv6-allow-anycast-probe': 'enable', - 'language': 'english', - 'ldapconntimeout': '88', - 'lldp-transmission': 'enable', - 'log-ssl-connection': 'enable', - 'log-uuid': 'disable', - 'login-timestamp': 'enable', - 'long-vdom-name': 'enable', - 'management-vdom': 'test_value_94', - 'max-dlpstat-memory': '95', - 'max-route-cache-size': '96', - 'mc-ttl-notchange': 'enable', - 'memory-use-threshold-extreme': '98', - 'memory-use-threshold-green': '99', - 'memory-use-threshold-red': '100', - 'miglog-affinity': 'test_value_101', - 'miglogd-children': '102', - 'multi-factor-authentication': 'optional', - 'multicast-forward': 'enable', - 'ndp-max-entry': '105', - 'per-user-bwl': 'enable', - 'policy-auth-concurrent': '107', - 'post-login-banner': 'disable', - 'pre-login-banner': 'enable', - 'private-data-encryption': 'disable', - 'proxy-auth-lifetime': 'enable', - 'proxy-auth-lifetime-timeout': '112', - 'proxy-auth-timeout': '113', - 'proxy-cipher-hardware-acceleration': 'disable', - 'proxy-kxp-hardware-acceleration': 'disable', - 'proxy-re-authentication-mode': 'session', - 'proxy-worker-count': '117', - 'radius-port': '118', - 'reboot-upon-config-restore': 'enable', - 'refresh': '120', - 'remoteauthtimeout': '121', - 'reset-sessionless-tcp': 'enable', - 'restart-time': 'test_value_123', - 'revision-backup-on-logout': 'enable', - 'revision-image-auto-backup': 'enable', - 'scanunit-count': '126', - 'security-rating-result-submission': 'enable', - 'security-rating-run-on-schedule': 'enable', - 'send-pmtu-icmp': 'enable', - 'snat-route-change': 'enable', - 'special-file-23-support': 'disable', - 'ssd-trim-date': '132', - 'ssd-trim-freq': 'never', - 'ssd-trim-hour': '134', - 'ssd-trim-min': '135', - 'ssd-trim-weekday': 'sunday', - 'ssh-cbc-cipher': 'enable', - 'ssh-hmac-md5': 'enable', - 'ssh-kex-sha1': 'enable', - 'ssl-min-proto-version': 'SSLv3', - 'ssl-static-key-ciphers': 'enable', - 'sslvpn-cipher-hardware-acceleration': 'enable', - 'sslvpn-kxp-hardware-acceleration': 'enable', - 'sslvpn-max-worker-count': '144', - 'sslvpn-plugin-version-check': 'enable', - 'strict-dirty-session-check': 'enable', - 'strong-crypto': 'enable', - 'switch-controller': 'disable', - 'switch-controller-reserved-network': 'test_value_149', - 'sys-perf-log-interval': '150', - 'tcp-halfclose-timer': '151', - 'tcp-halfopen-timer': '152', - 'tcp-option': 'enable', - 'tcp-timewait-timer': '154', - 'tftp': 'enable', - 'timezone': '01', - 'tp-mc-skip-policy': 'enable', - 'traffic-priority': 'tos', - 'traffic-priority-level': 'low', - 'two-factor-email-expiry': '160', - 'two-factor-fac-expiry': '161', - 'two-factor-ftk-expiry': '162', - 'two-factor-ftm-expiry': '163', - 'two-factor-sms-expiry': '164', - 'udp-idle-timer': '165', - 'user-server-cert': 'test_value_166', - 'vdom-admin': 'enable', - 'vip-arp-range': 'unlimited', - 'virtual-server-count': '169', - 'virtual-server-hardware-acceleration': 'disable', - 'wad-affinity': 'test_value_171', - 'wad-csvc-cs-count': '172', - 'wad-csvc-db-count': '173', - 'wad-source-affinity': 'disable', - 'wad-worker-count': '175', - 'wifi-ca-certificate': 'test_value_176', - 'wifi-certificate': 'test_value_177', - 'wimax-4g-usb': 'enable', - 'wireless-controller': 'enable', - 'wireless-controller-port': '180' - } - - set_method_mock.assert_called_with('system', 'global', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_global_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_global': { - 'admin_concurrent': 'enable', - 'admin_console_timeout': '4', - 'admin_hsts_max_age': '5', - 'admin_https_pki_required': 'enable', - 'admin_https_redirect': 'enable', - 'admin_lockout_duration': '8', - 'admin_lockout_threshold': '9', - 'admin_login_max': '10', - 'admin_maintainer': 'enable', - 'admin_port': '12', - 'admin_restrict_local': 'enable', - 'admin_scp': 'enable', - 'admin_server_cert': 'test_value_15', - 'admin_sport': '16', - 'admin_ssh_grace_time': '17', - 'admin_ssh_password': 'enable', - 'admin_ssh_port': '19', - 'admin_ssh_v1': 'enable', - 'admin_telnet_port': '21', - 'admintimeout': '22', - 'alias': 'test_value_23', - 'allow_traffic_redirect': 'enable', - 'anti_replay': 'disable', - 'arp_max_entry': '26', - 'asymroute': 'enable', - 'auth_cert': 'test_value_28', - 'auth_http_port': '29', - 'auth_https_port': '30', - 'auth_keepalive': 'enable', - 'auth_session_limit': 'block-new', - 'auto_auth_extension_device': 'enable', - 'av_affinity': 'test_value_34', - 'av_failopen': 'pass', - 'av_failopen_session': 'enable', - 'batch_cmdb': 'enable', - 'block_session_timer': '38', - 'br_fdb_max_entry': '39', - 'cert_chain_max': '40', - 'cfg_revert_timeout': '41', - 'cfg_save': 'automatic', - 'check_protocol_header': 'loose', - 'check_reset_range': 'strict', - 'cli_audit_log': 'enable', - 'clt_cert_req': 'enable', - 'compliance_check': 'enable', - 'compliance_check_time': 'test_value_48', - 'cpu_use_threshold': '49', - 'csr_ca_attribute': 'enable', - 'daily_restart': 'enable', - 'device_identification_active_scan_delay': '52', - 'device_idle_timeout': '53', - 'dh_params': '1024', - 'dnsproxy_worker_count': '55', - 'dst': 'enable', - 'endpoint_control_fds_access': 'enable', - 'endpoint_control_portal_port': '58', - 'failtime': '59', - 'fds_statistics': 'enable', - 'fds_statistics_period': '61', - 'fortiextender': 'enable', - 'fortiextender_data_port': '63', - 'fortiextender_vlan_mode': 'enable', - 'fortiservice_port': '65', - 'gui_certificates': 'enable', - 'gui_custom_language': 'enable', - 'gui_date_format': 'yyyy/MM/dd', - 'gui_device_latitude': 'test_value_69', - 'gui_device_longitude': 'test_value_70', - 'gui_display_hostname': 'enable', - 'gui_ipv6': 'enable', - 'gui_lines_per_page': '73', - 'gui_theme': 'green', - 'gui_wireless_opensecurity': 'enable', - 'honor_df': 'enable', - 'hostname': 'myhostname77', - 'igmp_state_limit': '78', - 'interval': '79', - 'ip_src_port_range': 'test_value_80', - 'ips_affinity': 'test_value_81', - 'ipsec_asic_offload': 'enable', - 'ipsec_hmac_offload': 'enable', - 'ipsec_soft_dec_async': 'enable', - 'ipv6_accept_dad': '85', - 'ipv6_allow_anycast_probe': 'enable', - 'language': 'english', - 'ldapconntimeout': '88', - 'lldp_transmission': 'enable', - 'log_ssl_connection': 'enable', - 'log_uuid': 'disable', - 'login_timestamp': 'enable', - 'long_vdom_name': 'enable', - 'management_vdom': 'test_value_94', - 'max_dlpstat_memory': '95', - 'max_route_cache_size': '96', - 'mc_ttl_notchange': 'enable', - 'memory_use_threshold_extreme': '98', - 'memory_use_threshold_green': '99', - 'memory_use_threshold_red': '100', - 'miglog_affinity': 'test_value_101', - 'miglogd_children': '102', - 'multi_factor_authentication': 'optional', - 'multicast_forward': 'enable', - 'ndp_max_entry': '105', - 'per_user_bwl': 'enable', - 'policy_auth_concurrent': '107', - 'post_login_banner': 'disable', - 'pre_login_banner': 'enable', - 'private_data_encryption': 'disable', - 'proxy_auth_lifetime': 'enable', - 'proxy_auth_lifetime_timeout': '112', - 'proxy_auth_timeout': '113', - 'proxy_cipher_hardware_acceleration': 'disable', - 'proxy_kxp_hardware_acceleration': 'disable', - 'proxy_re_authentication_mode': 'session', - 'proxy_worker_count': '117', - 'radius_port': '118', - 'reboot_upon_config_restore': 'enable', - 'refresh': '120', - 'remoteauthtimeout': '121', - 'reset_sessionless_tcp': 'enable', - 'restart_time': 'test_value_123', - 'revision_backup_on_logout': 'enable', - 'revision_image_auto_backup': 'enable', - 'scanunit_count': '126', - 'security_rating_result_submission': 'enable', - 'security_rating_run_on_schedule': 'enable', - 'send_pmtu_icmp': 'enable', - 'snat_route_change': 'enable', - 'special_file_23_support': 'disable', - 'ssd_trim_date': '132', - 'ssd_trim_freq': 'never', - 'ssd_trim_hour': '134', - 'ssd_trim_min': '135', - 'ssd_trim_weekday': 'sunday', - 'ssh_cbc_cipher': 'enable', - 'ssh_hmac_md5': 'enable', - 'ssh_kex_sha1': 'enable', - 'ssl_min_proto_version': 'SSLv3', - 'ssl_static_key_ciphers': 'enable', - 'sslvpn_cipher_hardware_acceleration': 'enable', - 'sslvpn_kxp_hardware_acceleration': 'enable', - 'sslvpn_max_worker_count': '144', - 'sslvpn_plugin_version_check': 'enable', - 'strict_dirty_session_check': 'enable', - 'strong_crypto': 'enable', - 'switch_controller': 'disable', - 'switch_controller_reserved_network': 'test_value_149', - 'sys_perf_log_interval': '150', - 'tcp_halfclose_timer': '151', - 'tcp_halfopen_timer': '152', - 'tcp_option': 'enable', - 'tcp_timewait_timer': '154', - 'tftp': 'enable', - 'timezone': '01', - 'tp_mc_skip_policy': 'enable', - 'traffic_priority': 'tos', - 'traffic_priority_level': 'low', - 'two_factor_email_expiry': '160', - 'two_factor_fac_expiry': '161', - 'two_factor_ftk_expiry': '162', - 'two_factor_ftm_expiry': '163', - 'two_factor_sms_expiry': '164', - 'udp_idle_timer': '165', - 'user_server_cert': 'test_value_166', - 'vdom_admin': 'enable', - 'vip_arp_range': 'unlimited', - 'virtual_server_count': '169', - 'virtual_server_hardware_acceleration': 'disable', - 'wad_affinity': 'test_value_171', - 'wad_csvc_cs_count': '172', - 'wad_csvc_db_count': '173', - 'wad_source_affinity': 'disable', - 'wad_worker_count': '175', - 'wifi_ca_certificate': 'test_value_176', - 'wifi_certificate': 'test_value_177', - 'wimax_4g_usb': 'enable', - 'wireless_controller': 'enable', - 'wireless_controller_port': '180' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_global.fortios_system(input_data, fos_instance) - - expected_data = { - 'admin-concurrent': 'enable', - 'admin-console-timeout': '4', - 'admin-hsts-max-age': '5', - 'admin-https-pki-required': 'enable', - 'admin-https-redirect': 'enable', - 'admin-lockout-duration': '8', - 'admin-lockout-threshold': '9', - 'admin-login-max': '10', - 'admin-maintainer': 'enable', - 'admin-port': '12', - 'admin-restrict-local': 'enable', - 'admin-scp': 'enable', - 'admin-server-cert': 'test_value_15', - 'admin-sport': '16', - 'admin-ssh-grace-time': '17', - 'admin-ssh-password': 'enable', - 'admin-ssh-port': '19', - 'admin-ssh-v1': 'enable', - 'admin-telnet-port': '21', - 'admintimeout': '22', - 'alias': 'test_value_23', - 'allow-traffic-redirect': 'enable', - 'anti-replay': 'disable', - 'arp-max-entry': '26', - 'asymroute': 'enable', - 'auth-cert': 'test_value_28', - 'auth-http-port': '29', - 'auth-https-port': '30', - 'auth-keepalive': 'enable', - 'auth-session-limit': 'block-new', - 'auto-auth-extension-device': 'enable', - 'av-affinity': 'test_value_34', - 'av-failopen': 'pass', - 'av-failopen-session': 'enable', - 'batch-cmdb': 'enable', - 'block-session-timer': '38', - 'br-fdb-max-entry': '39', - 'cert-chain-max': '40', - 'cfg-revert-timeout': '41', - 'cfg-save': 'automatic', - 'check-protocol-header': 'loose', - 'check-reset-range': 'strict', - 'cli-audit-log': 'enable', - 'clt-cert-req': 'enable', - 'compliance-check': 'enable', - 'compliance-check-time': 'test_value_48', - 'cpu-use-threshold': '49', - 'csr-ca-attribute': 'enable', - 'daily-restart': 'enable', - 'device-identification-active-scan-delay': '52', - 'device-idle-timeout': '53', - 'dh-params': '1024', - 'dnsproxy-worker-count': '55', - 'dst': 'enable', - 'endpoint-control-fds-access': 'enable', - 'endpoint-control-portal-port': '58', - 'failtime': '59', - 'fds-statistics': 'enable', - 'fds-statistics-period': '61', - 'fortiextender': 'enable', - 'fortiextender-data-port': '63', - 'fortiextender-vlan-mode': 'enable', - 'fortiservice-port': '65', - 'gui-certificates': 'enable', - 'gui-custom-language': 'enable', - 'gui-date-format': 'yyyy/MM/dd', - 'gui-device-latitude': 'test_value_69', - 'gui-device-longitude': 'test_value_70', - 'gui-display-hostname': 'enable', - 'gui-ipv6': 'enable', - 'gui-lines-per-page': '73', - 'gui-theme': 'green', - 'gui-wireless-opensecurity': 'enable', - 'honor-df': 'enable', - 'hostname': 'myhostname77', - 'igmp-state-limit': '78', - 'interval': '79', - 'ip-src-port-range': 'test_value_80', - 'ips-affinity': 'test_value_81', - 'ipsec-asic-offload': 'enable', - 'ipsec-hmac-offload': 'enable', - 'ipsec-soft-dec-async': 'enable', - 'ipv6-accept-dad': '85', - 'ipv6-allow-anycast-probe': 'enable', - 'language': 'english', - 'ldapconntimeout': '88', - 'lldp-transmission': 'enable', - 'log-ssl-connection': 'enable', - 'log-uuid': 'disable', - 'login-timestamp': 'enable', - 'long-vdom-name': 'enable', - 'management-vdom': 'test_value_94', - 'max-dlpstat-memory': '95', - 'max-route-cache-size': '96', - 'mc-ttl-notchange': 'enable', - 'memory-use-threshold-extreme': '98', - 'memory-use-threshold-green': '99', - 'memory-use-threshold-red': '100', - 'miglog-affinity': 'test_value_101', - 'miglogd-children': '102', - 'multi-factor-authentication': 'optional', - 'multicast-forward': 'enable', - 'ndp-max-entry': '105', - 'per-user-bwl': 'enable', - 'policy-auth-concurrent': '107', - 'post-login-banner': 'disable', - 'pre-login-banner': 'enable', - 'private-data-encryption': 'disable', - 'proxy-auth-lifetime': 'enable', - 'proxy-auth-lifetime-timeout': '112', - 'proxy-auth-timeout': '113', - 'proxy-cipher-hardware-acceleration': 'disable', - 'proxy-kxp-hardware-acceleration': 'disable', - 'proxy-re-authentication-mode': 'session', - 'proxy-worker-count': '117', - 'radius-port': '118', - 'reboot-upon-config-restore': 'enable', - 'refresh': '120', - 'remoteauthtimeout': '121', - 'reset-sessionless-tcp': 'enable', - 'restart-time': 'test_value_123', - 'revision-backup-on-logout': 'enable', - 'revision-image-auto-backup': 'enable', - 'scanunit-count': '126', - 'security-rating-result-submission': 'enable', - 'security-rating-run-on-schedule': 'enable', - 'send-pmtu-icmp': 'enable', - 'snat-route-change': 'enable', - 'special-file-23-support': 'disable', - 'ssd-trim-date': '132', - 'ssd-trim-freq': 'never', - 'ssd-trim-hour': '134', - 'ssd-trim-min': '135', - 'ssd-trim-weekday': 'sunday', - 'ssh-cbc-cipher': 'enable', - 'ssh-hmac-md5': 'enable', - 'ssh-kex-sha1': 'enable', - 'ssl-min-proto-version': 'SSLv3', - 'ssl-static-key-ciphers': 'enable', - 'sslvpn-cipher-hardware-acceleration': 'enable', - 'sslvpn-kxp-hardware-acceleration': 'enable', - 'sslvpn-max-worker-count': '144', - 'sslvpn-plugin-version-check': 'enable', - 'strict-dirty-session-check': 'enable', - 'strong-crypto': 'enable', - 'switch-controller': 'disable', - 'switch-controller-reserved-network': 'test_value_149', - 'sys-perf-log-interval': '150', - 'tcp-halfclose-timer': '151', - 'tcp-halfopen-timer': '152', - 'tcp-option': 'enable', - 'tcp-timewait-timer': '154', - 'tftp': 'enable', - 'timezone': '01', - 'tp-mc-skip-policy': 'enable', - 'traffic-priority': 'tos', - 'traffic-priority-level': 'low', - 'two-factor-email-expiry': '160', - 'two-factor-fac-expiry': '161', - 'two-factor-ftk-expiry': '162', - 'two-factor-ftm-expiry': '163', - 'two-factor-sms-expiry': '164', - 'udp-idle-timer': '165', - 'user-server-cert': 'test_value_166', - 'vdom-admin': 'enable', - 'vip-arp-range': 'unlimited', - 'virtual-server-count': '169', - 'virtual-server-hardware-acceleration': 'disable', - 'wad-affinity': 'test_value_171', - 'wad-csvc-cs-count': '172', - 'wad-csvc-db-count': '173', - 'wad-source-affinity': 'disable', - 'wad-worker-count': '175', - 'wifi-ca-certificate': 'test_value_176', - 'wifi-certificate': 'test_value_177', - 'wimax-4g-usb': 'enable', - 'wireless-controller': 'enable', - 'wireless-controller-port': '180' - } - - set_method_mock.assert_called_with('system', 'global', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_global_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_global': { - 'random_attribute_not_valid': 'tag', - 'admin_concurrent': 'enable', - 'admin_console_timeout': '4', - 'admin_hsts_max_age': '5', - 'admin_https_pki_required': 'enable', - 'admin_https_redirect': 'enable', - 'admin_lockout_duration': '8', - 'admin_lockout_threshold': '9', - 'admin_login_max': '10', - 'admin_maintainer': 'enable', - 'admin_port': '12', - 'admin_restrict_local': 'enable', - 'admin_scp': 'enable', - 'admin_server_cert': 'test_value_15', - 'admin_sport': '16', - 'admin_ssh_grace_time': '17', - 'admin_ssh_password': 'enable', - 'admin_ssh_port': '19', - 'admin_ssh_v1': 'enable', - 'admin_telnet_port': '21', - 'admintimeout': '22', - 'alias': 'test_value_23', - 'allow_traffic_redirect': 'enable', - 'anti_replay': 'disable', - 'arp_max_entry': '26', - 'asymroute': 'enable', - 'auth_cert': 'test_value_28', - 'auth_http_port': '29', - 'auth_https_port': '30', - 'auth_keepalive': 'enable', - 'auth_session_limit': 'block-new', - 'auto_auth_extension_device': 'enable', - 'av_affinity': 'test_value_34', - 'av_failopen': 'pass', - 'av_failopen_session': 'enable', - 'batch_cmdb': 'enable', - 'block_session_timer': '38', - 'br_fdb_max_entry': '39', - 'cert_chain_max': '40', - 'cfg_revert_timeout': '41', - 'cfg_save': 'automatic', - 'check_protocol_header': 'loose', - 'check_reset_range': 'strict', - 'cli_audit_log': 'enable', - 'clt_cert_req': 'enable', - 'compliance_check': 'enable', - 'compliance_check_time': 'test_value_48', - 'cpu_use_threshold': '49', - 'csr_ca_attribute': 'enable', - 'daily_restart': 'enable', - 'device_identification_active_scan_delay': '52', - 'device_idle_timeout': '53', - 'dh_params': '1024', - 'dnsproxy_worker_count': '55', - 'dst': 'enable', - 'endpoint_control_fds_access': 'enable', - 'endpoint_control_portal_port': '58', - 'failtime': '59', - 'fds_statistics': 'enable', - 'fds_statistics_period': '61', - 'fortiextender': 'enable', - 'fortiextender_data_port': '63', - 'fortiextender_vlan_mode': 'enable', - 'fortiservice_port': '65', - 'gui_certificates': 'enable', - 'gui_custom_language': 'enable', - 'gui_date_format': 'yyyy/MM/dd', - 'gui_device_latitude': 'test_value_69', - 'gui_device_longitude': 'test_value_70', - 'gui_display_hostname': 'enable', - 'gui_ipv6': 'enable', - 'gui_lines_per_page': '73', - 'gui_theme': 'green', - 'gui_wireless_opensecurity': 'enable', - 'honor_df': 'enable', - 'hostname': 'myhostname77', - 'igmp_state_limit': '78', - 'interval': '79', - 'ip_src_port_range': 'test_value_80', - 'ips_affinity': 'test_value_81', - 'ipsec_asic_offload': 'enable', - 'ipsec_hmac_offload': 'enable', - 'ipsec_soft_dec_async': 'enable', - 'ipv6_accept_dad': '85', - 'ipv6_allow_anycast_probe': 'enable', - 'language': 'english', - 'ldapconntimeout': '88', - 'lldp_transmission': 'enable', - 'log_ssl_connection': 'enable', - 'log_uuid': 'disable', - 'login_timestamp': 'enable', - 'long_vdom_name': 'enable', - 'management_vdom': 'test_value_94', - 'max_dlpstat_memory': '95', - 'max_route_cache_size': '96', - 'mc_ttl_notchange': 'enable', - 'memory_use_threshold_extreme': '98', - 'memory_use_threshold_green': '99', - 'memory_use_threshold_red': '100', - 'miglog_affinity': 'test_value_101', - 'miglogd_children': '102', - 'multi_factor_authentication': 'optional', - 'multicast_forward': 'enable', - 'ndp_max_entry': '105', - 'per_user_bwl': 'enable', - 'policy_auth_concurrent': '107', - 'post_login_banner': 'disable', - 'pre_login_banner': 'enable', - 'private_data_encryption': 'disable', - 'proxy_auth_lifetime': 'enable', - 'proxy_auth_lifetime_timeout': '112', - 'proxy_auth_timeout': '113', - 'proxy_cipher_hardware_acceleration': 'disable', - 'proxy_kxp_hardware_acceleration': 'disable', - 'proxy_re_authentication_mode': 'session', - 'proxy_worker_count': '117', - 'radius_port': '118', - 'reboot_upon_config_restore': 'enable', - 'refresh': '120', - 'remoteauthtimeout': '121', - 'reset_sessionless_tcp': 'enable', - 'restart_time': 'test_value_123', - 'revision_backup_on_logout': 'enable', - 'revision_image_auto_backup': 'enable', - 'scanunit_count': '126', - 'security_rating_result_submission': 'enable', - 'security_rating_run_on_schedule': 'enable', - 'send_pmtu_icmp': 'enable', - 'snat_route_change': 'enable', - 'special_file_23_support': 'disable', - 'ssd_trim_date': '132', - 'ssd_trim_freq': 'never', - 'ssd_trim_hour': '134', - 'ssd_trim_min': '135', - 'ssd_trim_weekday': 'sunday', - 'ssh_cbc_cipher': 'enable', - 'ssh_hmac_md5': 'enable', - 'ssh_kex_sha1': 'enable', - 'ssl_min_proto_version': 'SSLv3', - 'ssl_static_key_ciphers': 'enable', - 'sslvpn_cipher_hardware_acceleration': 'enable', - 'sslvpn_kxp_hardware_acceleration': 'enable', - 'sslvpn_max_worker_count': '144', - 'sslvpn_plugin_version_check': 'enable', - 'strict_dirty_session_check': 'enable', - 'strong_crypto': 'enable', - 'switch_controller': 'disable', - 'switch_controller_reserved_network': 'test_value_149', - 'sys_perf_log_interval': '150', - 'tcp_halfclose_timer': '151', - 'tcp_halfopen_timer': '152', - 'tcp_option': 'enable', - 'tcp_timewait_timer': '154', - 'tftp': 'enable', - 'timezone': '01', - 'tp_mc_skip_policy': 'enable', - 'traffic_priority': 'tos', - 'traffic_priority_level': 'low', - 'two_factor_email_expiry': '160', - 'two_factor_fac_expiry': '161', - 'two_factor_ftk_expiry': '162', - 'two_factor_ftm_expiry': '163', - 'two_factor_sms_expiry': '164', - 'udp_idle_timer': '165', - 'user_server_cert': 'test_value_166', - 'vdom_admin': 'enable', - 'vip_arp_range': 'unlimited', - 'virtual_server_count': '169', - 'virtual_server_hardware_acceleration': 'disable', - 'wad_affinity': 'test_value_171', - 'wad_csvc_cs_count': '172', - 'wad_csvc_db_count': '173', - 'wad_source_affinity': 'disable', - 'wad_worker_count': '175', - 'wifi_ca_certificate': 'test_value_176', - 'wifi_certificate': 'test_value_177', - 'wimax_4g_usb': 'enable', - 'wireless_controller': 'enable', - 'wireless_controller_port': '180' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_global.fortios_system(input_data, fos_instance) - - expected_data = { - 'admin-concurrent': 'enable', - 'admin-console-timeout': '4', - 'admin-hsts-max-age': '5', - 'admin-https-pki-required': 'enable', - 'admin-https-redirect': 'enable', - 'admin-lockout-duration': '8', - 'admin-lockout-threshold': '9', - 'admin-login-max': '10', - 'admin-maintainer': 'enable', - 'admin-port': '12', - 'admin-restrict-local': 'enable', - 'admin-scp': 'enable', - 'admin-server-cert': 'test_value_15', - 'admin-sport': '16', - 'admin-ssh-grace-time': '17', - 'admin-ssh-password': 'enable', - 'admin-ssh-port': '19', - 'admin-ssh-v1': 'enable', - 'admin-telnet-port': '21', - 'admintimeout': '22', - 'alias': 'test_value_23', - 'allow-traffic-redirect': 'enable', - 'anti-replay': 'disable', - 'arp-max-entry': '26', - 'asymroute': 'enable', - 'auth-cert': 'test_value_28', - 'auth-http-port': '29', - 'auth-https-port': '30', - 'auth-keepalive': 'enable', - 'auth-session-limit': 'block-new', - 'auto-auth-extension-device': 'enable', - 'av-affinity': 'test_value_34', - 'av-failopen': 'pass', - 'av-failopen-session': 'enable', - 'batch-cmdb': 'enable', - 'block-session-timer': '38', - 'br-fdb-max-entry': '39', - 'cert-chain-max': '40', - 'cfg-revert-timeout': '41', - 'cfg-save': 'automatic', - 'check-protocol-header': 'loose', - 'check-reset-range': 'strict', - 'cli-audit-log': 'enable', - 'clt-cert-req': 'enable', - 'compliance-check': 'enable', - 'compliance-check-time': 'test_value_48', - 'cpu-use-threshold': '49', - 'csr-ca-attribute': 'enable', - 'daily-restart': 'enable', - 'device-identification-active-scan-delay': '52', - 'device-idle-timeout': '53', - 'dh-params': '1024', - 'dnsproxy-worker-count': '55', - 'dst': 'enable', - 'endpoint-control-fds-access': 'enable', - 'endpoint-control-portal-port': '58', - 'failtime': '59', - 'fds-statistics': 'enable', - 'fds-statistics-period': '61', - 'fortiextender': 'enable', - 'fortiextender-data-port': '63', - 'fortiextender-vlan-mode': 'enable', - 'fortiservice-port': '65', - 'gui-certificates': 'enable', - 'gui-custom-language': 'enable', - 'gui-date-format': 'yyyy/MM/dd', - 'gui-device-latitude': 'test_value_69', - 'gui-device-longitude': 'test_value_70', - 'gui-display-hostname': 'enable', - 'gui-ipv6': 'enable', - 'gui-lines-per-page': '73', - 'gui-theme': 'green', - 'gui-wireless-opensecurity': 'enable', - 'honor-df': 'enable', - 'hostname': 'myhostname77', - 'igmp-state-limit': '78', - 'interval': '79', - 'ip-src-port-range': 'test_value_80', - 'ips-affinity': 'test_value_81', - 'ipsec-asic-offload': 'enable', - 'ipsec-hmac-offload': 'enable', - 'ipsec-soft-dec-async': 'enable', - 'ipv6-accept-dad': '85', - 'ipv6-allow-anycast-probe': 'enable', - 'language': 'english', - 'ldapconntimeout': '88', - 'lldp-transmission': 'enable', - 'log-ssl-connection': 'enable', - 'log-uuid': 'disable', - 'login-timestamp': 'enable', - 'long-vdom-name': 'enable', - 'management-vdom': 'test_value_94', - 'max-dlpstat-memory': '95', - 'max-route-cache-size': '96', - 'mc-ttl-notchange': 'enable', - 'memory-use-threshold-extreme': '98', - 'memory-use-threshold-green': '99', - 'memory-use-threshold-red': '100', - 'miglog-affinity': 'test_value_101', - 'miglogd-children': '102', - 'multi-factor-authentication': 'optional', - 'multicast-forward': 'enable', - 'ndp-max-entry': '105', - 'per-user-bwl': 'enable', - 'policy-auth-concurrent': '107', - 'post-login-banner': 'disable', - 'pre-login-banner': 'enable', - 'private-data-encryption': 'disable', - 'proxy-auth-lifetime': 'enable', - 'proxy-auth-lifetime-timeout': '112', - 'proxy-auth-timeout': '113', - 'proxy-cipher-hardware-acceleration': 'disable', - 'proxy-kxp-hardware-acceleration': 'disable', - 'proxy-re-authentication-mode': 'session', - 'proxy-worker-count': '117', - 'radius-port': '118', - 'reboot-upon-config-restore': 'enable', - 'refresh': '120', - 'remoteauthtimeout': '121', - 'reset-sessionless-tcp': 'enable', - 'restart-time': 'test_value_123', - 'revision-backup-on-logout': 'enable', - 'revision-image-auto-backup': 'enable', - 'scanunit-count': '126', - 'security-rating-result-submission': 'enable', - 'security-rating-run-on-schedule': 'enable', - 'send-pmtu-icmp': 'enable', - 'snat-route-change': 'enable', - 'special-file-23-support': 'disable', - 'ssd-trim-date': '132', - 'ssd-trim-freq': 'never', - 'ssd-trim-hour': '134', - 'ssd-trim-min': '135', - 'ssd-trim-weekday': 'sunday', - 'ssh-cbc-cipher': 'enable', - 'ssh-hmac-md5': 'enable', - 'ssh-kex-sha1': 'enable', - 'ssl-min-proto-version': 'SSLv3', - 'ssl-static-key-ciphers': 'enable', - 'sslvpn-cipher-hardware-acceleration': 'enable', - 'sslvpn-kxp-hardware-acceleration': 'enable', - 'sslvpn-max-worker-count': '144', - 'sslvpn-plugin-version-check': 'enable', - 'strict-dirty-session-check': 'enable', - 'strong-crypto': 'enable', - 'switch-controller': 'disable', - 'switch-controller-reserved-network': 'test_value_149', - 'sys-perf-log-interval': '150', - 'tcp-halfclose-timer': '151', - 'tcp-halfopen-timer': '152', - 'tcp-option': 'enable', - 'tcp-timewait-timer': '154', - 'tftp': 'enable', - 'timezone': '01', - 'tp-mc-skip-policy': 'enable', - 'traffic-priority': 'tos', - 'traffic-priority-level': 'low', - 'two-factor-email-expiry': '160', - 'two-factor-fac-expiry': '161', - 'two-factor-ftk-expiry': '162', - 'two-factor-ftm-expiry': '163', - 'two-factor-sms-expiry': '164', - 'udp-idle-timer': '165', - 'user-server-cert': 'test_value_166', - 'vdom-admin': 'enable', - 'vip-arp-range': 'unlimited', - 'virtual-server-count': '169', - 'virtual-server-hardware-acceleration': 'disable', - 'wad-affinity': 'test_value_171', - 'wad-csvc-cs-count': '172', - 'wad-csvc-db-count': '173', - 'wad-source-affinity': 'disable', - 'wad-worker-count': '175', - 'wifi-ca-certificate': 'test_value_176', - 'wifi-certificate': 'test_value_177', - 'wimax-4g-usb': 'enable', - 'wireless-controller': 'enable', - 'wireless-controller-port': '180' - } - - set_method_mock.assert_called_with('system', 'global', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_gre_tunnel.py b/test/units/modules/network/fortios/test_fortios_system_gre_tunnel.py deleted file mode 100644 index eb00a47e0ff..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_gre_tunnel.py +++ /dev/null @@ -1,349 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_gre_tunnel -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_gre_tunnel.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_gre_tunnel_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_gre_tunnel': { - 'checksum_reception': 'disable', - 'checksum_transmission': 'disable', - 'dscp_copying': 'disable', - 'interface': 'test_value_6', - 'ip_version': '4', - 'keepalive_failtimes': '8', - 'keepalive_interval': '9', - 'key_inbound': '10', - 'key_outbound': '11', - 'local_gw': 'test_value_12', - 'local_gw6': 'test_value_13', - 'name': 'default_name_14', - 'remote_gw': 'test_value_15', - 'remote_gw6': 'test_value_16', - 'sequence_number_reception': 'disable', - 'sequence_number_transmission': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_gre_tunnel.fortios_system(input_data, fos_instance) - - expected_data = { - 'checksum-reception': 'disable', - 'checksum-transmission': 'disable', - 'dscp-copying': 'disable', - 'interface': 'test_value_6', - 'ip-version': '4', - 'keepalive-failtimes': '8', - 'keepalive-interval': '9', - 'key-inbound': '10', - 'key-outbound': '11', - 'local-gw': 'test_value_12', - 'local-gw6': 'test_value_13', - 'name': 'default_name_14', - 'remote-gw': 'test_value_15', - 'remote-gw6': 'test_value_16', - 'sequence-number-reception': 'disable', - 'sequence-number-transmission': 'disable' - } - - set_method_mock.assert_called_with('system', 'gre-tunnel', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_gre_tunnel_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_gre_tunnel': { - 'checksum_reception': 'disable', - 'checksum_transmission': 'disable', - 'dscp_copying': 'disable', - 'interface': 'test_value_6', - 'ip_version': '4', - 'keepalive_failtimes': '8', - 'keepalive_interval': '9', - 'key_inbound': '10', - 'key_outbound': '11', - 'local_gw': 'test_value_12', - 'local_gw6': 'test_value_13', - 'name': 'default_name_14', - 'remote_gw': 'test_value_15', - 'remote_gw6': 'test_value_16', - 'sequence_number_reception': 'disable', - 'sequence_number_transmission': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_gre_tunnel.fortios_system(input_data, fos_instance) - - expected_data = { - 'checksum-reception': 'disable', - 'checksum-transmission': 'disable', - 'dscp-copying': 'disable', - 'interface': 'test_value_6', - 'ip-version': '4', - 'keepalive-failtimes': '8', - 'keepalive-interval': '9', - 'key-inbound': '10', - 'key-outbound': '11', - 'local-gw': 'test_value_12', - 'local-gw6': 'test_value_13', - 'name': 'default_name_14', - 'remote-gw': 'test_value_15', - 'remote-gw6': 'test_value_16', - 'sequence-number-reception': 'disable', - 'sequence-number-transmission': 'disable' - } - - set_method_mock.assert_called_with('system', 'gre-tunnel', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_gre_tunnel_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_gre_tunnel': { - 'checksum_reception': 'disable', - 'checksum_transmission': 'disable', - 'dscp_copying': 'disable', - 'interface': 'test_value_6', - 'ip_version': '4', - 'keepalive_failtimes': '8', - 'keepalive_interval': '9', - 'key_inbound': '10', - 'key_outbound': '11', - 'local_gw': 'test_value_12', - 'local_gw6': 'test_value_13', - 'name': 'default_name_14', - 'remote_gw': 'test_value_15', - 'remote_gw6': 'test_value_16', - 'sequence_number_reception': 'disable', - 'sequence_number_transmission': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_gre_tunnel.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'gre-tunnel', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_gre_tunnel_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_gre_tunnel': { - 'checksum_reception': 'disable', - 'checksum_transmission': 'disable', - 'dscp_copying': 'disable', - 'interface': 'test_value_6', - 'ip_version': '4', - 'keepalive_failtimes': '8', - 'keepalive_interval': '9', - 'key_inbound': '10', - 'key_outbound': '11', - 'local_gw': 'test_value_12', - 'local_gw6': 'test_value_13', - 'name': 'default_name_14', - 'remote_gw': 'test_value_15', - 'remote_gw6': 'test_value_16', - 'sequence_number_reception': 'disable', - 'sequence_number_transmission': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_gre_tunnel.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'gre-tunnel', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_gre_tunnel_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_gre_tunnel': { - 'checksum_reception': 'disable', - 'checksum_transmission': 'disable', - 'dscp_copying': 'disable', - 'interface': 'test_value_6', - 'ip_version': '4', - 'keepalive_failtimes': '8', - 'keepalive_interval': '9', - 'key_inbound': '10', - 'key_outbound': '11', - 'local_gw': 'test_value_12', - 'local_gw6': 'test_value_13', - 'name': 'default_name_14', - 'remote_gw': 'test_value_15', - 'remote_gw6': 'test_value_16', - 'sequence_number_reception': 'disable', - 'sequence_number_transmission': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_gre_tunnel.fortios_system(input_data, fos_instance) - - expected_data = { - 'checksum-reception': 'disable', - 'checksum-transmission': 'disable', - 'dscp-copying': 'disable', - 'interface': 'test_value_6', - 'ip-version': '4', - 'keepalive-failtimes': '8', - 'keepalive-interval': '9', - 'key-inbound': '10', - 'key-outbound': '11', - 'local-gw': 'test_value_12', - 'local-gw6': 'test_value_13', - 'name': 'default_name_14', - 'remote-gw': 'test_value_15', - 'remote-gw6': 'test_value_16', - 'sequence-number-reception': 'disable', - 'sequence-number-transmission': 'disable' - } - - set_method_mock.assert_called_with('system', 'gre-tunnel', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_gre_tunnel_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_gre_tunnel': { - 'random_attribute_not_valid': 'tag', - 'checksum_reception': 'disable', - 'checksum_transmission': 'disable', - 'dscp_copying': 'disable', - 'interface': 'test_value_6', - 'ip_version': '4', - 'keepalive_failtimes': '8', - 'keepalive_interval': '9', - 'key_inbound': '10', - 'key_outbound': '11', - 'local_gw': 'test_value_12', - 'local_gw6': 'test_value_13', - 'name': 'default_name_14', - 'remote_gw': 'test_value_15', - 'remote_gw6': 'test_value_16', - 'sequence_number_reception': 'disable', - 'sequence_number_transmission': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_gre_tunnel.fortios_system(input_data, fos_instance) - - expected_data = { - 'checksum-reception': 'disable', - 'checksum-transmission': 'disable', - 'dscp-copying': 'disable', - 'interface': 'test_value_6', - 'ip-version': '4', - 'keepalive-failtimes': '8', - 'keepalive-interval': '9', - 'key-inbound': '10', - 'key-outbound': '11', - 'local-gw': 'test_value_12', - 'local-gw6': 'test_value_13', - 'name': 'default_name_14', - 'remote-gw': 'test_value_15', - 'remote-gw6': 'test_value_16', - 'sequence-number-reception': 'disable', - 'sequence-number-transmission': 'disable' - } - - set_method_mock.assert_called_with('system', 'gre-tunnel', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_ha.py b/test/units/modules/network/fortios/test_fortios_system_ha.py deleted file mode 100644 index dc2fdfbfb1b..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_ha.py +++ /dev/null @@ -1,647 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_ha -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_ha.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_ha_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ha': { - 'arps': '3', - 'arps_interval': '4', - 'authentication': 'enable', - 'cpu_threshold': 'test_value_6', - 'encryption': 'enable', - 'ftp_proxy_threshold': 'test_value_8', - 'gratuitous_arps': 'enable', - 'group_id': '10', - 'group_name': 'test_value_11', - 'ha_direct': 'enable', - 'ha_eth_type': 'test_value_13', - 'ha_mgmt_status': 'enable', - 'ha_uptime_diff_margin': '15', - 'hb_interval': '16', - 'hb_lost_threshold': '17', - 'hbdev': 'test_value_18', - 'hc_eth_type': 'test_value_19', - 'hello_holddown': '20', - 'http_proxy_threshold': 'test_value_21', - 'imap_proxy_threshold': 'test_value_22', - 'inter_cluster_session_sync': 'enable', - 'key': 'test_value_24', - 'l2ep_eth_type': 'test_value_25', - 'link_failed_signal': 'enable', - 'load_balance_all': 'enable', - 'memory_compatible_mode': 'enable', - 'memory_threshold': 'test_value_29', - 'mode': 'standalone', - 'monitor': 'test_value_31', - 'multicast_ttl': '32', - 'nntp_proxy_threshold': 'test_value_33', - 'override': 'enable', - 'override_wait_time': '35', - 'password': 'test_value_36', - 'pingserver_failover_threshold': '37', - 'pingserver_flip_timeout': '38', - 'pingserver_monitor_interface': 'test_value_39', - 'pingserver_slave_force_reset': 'enable', - 'pop3_proxy_threshold': 'test_value_41', - 'priority': '42', - 'route_hold': '43', - 'route_ttl': '44', - 'route_wait': '45', - 'schedule': 'none', - 'session_pickup': 'enable', - 'session_pickup_connectionless': 'enable', - 'session_pickup_delay': 'enable', - 'session_pickup_expectation': 'enable', - 'session_pickup_nat': 'enable', - 'session_sync_dev': 'test_value_52', - 'smtp_proxy_threshold': 'test_value_53', - 'standalone_config_sync': 'enable', - 'standalone_mgmt_vdom': 'enable', - 'sync_config': 'enable', - 'sync_packet_balance': 'enable', - 'unicast_hb': 'enable', - 'unicast_hb_netmask': 'test_value_59', - 'unicast_hb_peerip': 'test_value_60', - 'uninterruptible_upgrade': 'enable', - 'vcluster_id': '62', - 'vcluster2': 'enable', - 'vdom': 'test_value_64', - 'weight': 'test_value_65' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ha.fortios_system(input_data, fos_instance) - - expected_data = { - 'arps': '3', - 'arps-interval': '4', - 'authentication': 'enable', - 'cpu-threshold': 'test_value_6', - 'encryption': 'enable', - 'ftp-proxy-threshold': 'test_value_8', - 'gratuitous-arps': 'enable', - 'group-id': '10', - 'group-name': 'test_value_11', - 'ha-direct': 'enable', - 'ha-eth-type': 'test_value_13', - 'ha-mgmt-status': 'enable', - 'ha-uptime-diff-margin': '15', - 'hb-interval': '16', - 'hb-lost-threshold': '17', - 'hbdev': 'test_value_18', - 'hc-eth-type': 'test_value_19', - 'hello-holddown': '20', - 'http-proxy-threshold': 'test_value_21', - 'imap-proxy-threshold': 'test_value_22', - 'inter-cluster-session-sync': 'enable', - 'key': 'test_value_24', - 'l2ep-eth-type': 'test_value_25', - 'link-failed-signal': 'enable', - 'load-balance-all': 'enable', - 'memory-compatible-mode': 'enable', - 'memory-threshold': 'test_value_29', - 'mode': 'standalone', - 'monitor': 'test_value_31', - 'multicast-ttl': '32', - 'nntp-proxy-threshold': 'test_value_33', - 'override': 'enable', - 'override-wait-time': '35', - 'password': 'test_value_36', - 'pingserver-failover-threshold': '37', - 'pingserver-flip-timeout': '38', - 'pingserver-monitor-interface': 'test_value_39', - 'pingserver-slave-force-reset': 'enable', - 'pop3-proxy-threshold': 'test_value_41', - 'priority': '42', - 'route-hold': '43', - 'route-ttl': '44', - 'route-wait': '45', - 'schedule': 'none', - 'session-pickup': 'enable', - 'session-pickup-connectionless': 'enable', - 'session-pickup-delay': 'enable', - 'session-pickup-expectation': 'enable', - 'session-pickup-nat': 'enable', - 'session-sync-dev': 'test_value_52', - 'smtp-proxy-threshold': 'test_value_53', - 'standalone-config-sync': 'enable', - 'standalone-mgmt-vdom': 'enable', - 'sync-config': 'enable', - 'sync-packet-balance': 'enable', - 'unicast-hb': 'enable', - 'unicast-hb-netmask': 'test_value_59', - 'unicast-hb-peerip': 'test_value_60', - 'uninterruptible-upgrade': 'enable', - 'vcluster-id': '62', - 'vcluster2': 'enable', - 'vdom': 'test_value_64', - 'weight': 'test_value_65' - } - - set_method_mock.assert_called_with('system', 'ha', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_ha_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ha': { - 'arps': '3', - 'arps_interval': '4', - 'authentication': 'enable', - 'cpu_threshold': 'test_value_6', - 'encryption': 'enable', - 'ftp_proxy_threshold': 'test_value_8', - 'gratuitous_arps': 'enable', - 'group_id': '10', - 'group_name': 'test_value_11', - 'ha_direct': 'enable', - 'ha_eth_type': 'test_value_13', - 'ha_mgmt_status': 'enable', - 'ha_uptime_diff_margin': '15', - 'hb_interval': '16', - 'hb_lost_threshold': '17', - 'hbdev': 'test_value_18', - 'hc_eth_type': 'test_value_19', - 'hello_holddown': '20', - 'http_proxy_threshold': 'test_value_21', - 'imap_proxy_threshold': 'test_value_22', - 'inter_cluster_session_sync': 'enable', - 'key': 'test_value_24', - 'l2ep_eth_type': 'test_value_25', - 'link_failed_signal': 'enable', - 'load_balance_all': 'enable', - 'memory_compatible_mode': 'enable', - 'memory_threshold': 'test_value_29', - 'mode': 'standalone', - 'monitor': 'test_value_31', - 'multicast_ttl': '32', - 'nntp_proxy_threshold': 'test_value_33', - 'override': 'enable', - 'override_wait_time': '35', - 'password': 'test_value_36', - 'pingserver_failover_threshold': '37', - 'pingserver_flip_timeout': '38', - 'pingserver_monitor_interface': 'test_value_39', - 'pingserver_slave_force_reset': 'enable', - 'pop3_proxy_threshold': 'test_value_41', - 'priority': '42', - 'route_hold': '43', - 'route_ttl': '44', - 'route_wait': '45', - 'schedule': 'none', - 'session_pickup': 'enable', - 'session_pickup_connectionless': 'enable', - 'session_pickup_delay': 'enable', - 'session_pickup_expectation': 'enable', - 'session_pickup_nat': 'enable', - 'session_sync_dev': 'test_value_52', - 'smtp_proxy_threshold': 'test_value_53', - 'standalone_config_sync': 'enable', - 'standalone_mgmt_vdom': 'enable', - 'sync_config': 'enable', - 'sync_packet_balance': 'enable', - 'unicast_hb': 'enable', - 'unicast_hb_netmask': 'test_value_59', - 'unicast_hb_peerip': 'test_value_60', - 'uninterruptible_upgrade': 'enable', - 'vcluster_id': '62', - 'vcluster2': 'enable', - 'vdom': 'test_value_64', - 'weight': 'test_value_65' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ha.fortios_system(input_data, fos_instance) - - expected_data = { - 'arps': '3', - 'arps-interval': '4', - 'authentication': 'enable', - 'cpu-threshold': 'test_value_6', - 'encryption': 'enable', - 'ftp-proxy-threshold': 'test_value_8', - 'gratuitous-arps': 'enable', - 'group-id': '10', - 'group-name': 'test_value_11', - 'ha-direct': 'enable', - 'ha-eth-type': 'test_value_13', - 'ha-mgmt-status': 'enable', - 'ha-uptime-diff-margin': '15', - 'hb-interval': '16', - 'hb-lost-threshold': '17', - 'hbdev': 'test_value_18', - 'hc-eth-type': 'test_value_19', - 'hello-holddown': '20', - 'http-proxy-threshold': 'test_value_21', - 'imap-proxy-threshold': 'test_value_22', - 'inter-cluster-session-sync': 'enable', - 'key': 'test_value_24', - 'l2ep-eth-type': 'test_value_25', - 'link-failed-signal': 'enable', - 'load-balance-all': 'enable', - 'memory-compatible-mode': 'enable', - 'memory-threshold': 'test_value_29', - 'mode': 'standalone', - 'monitor': 'test_value_31', - 'multicast-ttl': '32', - 'nntp-proxy-threshold': 'test_value_33', - 'override': 'enable', - 'override-wait-time': '35', - 'password': 'test_value_36', - 'pingserver-failover-threshold': '37', - 'pingserver-flip-timeout': '38', - 'pingserver-monitor-interface': 'test_value_39', - 'pingserver-slave-force-reset': 'enable', - 'pop3-proxy-threshold': 'test_value_41', - 'priority': '42', - 'route-hold': '43', - 'route-ttl': '44', - 'route-wait': '45', - 'schedule': 'none', - 'session-pickup': 'enable', - 'session-pickup-connectionless': 'enable', - 'session-pickup-delay': 'enable', - 'session-pickup-expectation': 'enable', - 'session-pickup-nat': 'enable', - 'session-sync-dev': 'test_value_52', - 'smtp-proxy-threshold': 'test_value_53', - 'standalone-config-sync': 'enable', - 'standalone-mgmt-vdom': 'enable', - 'sync-config': 'enable', - 'sync-packet-balance': 'enable', - 'unicast-hb': 'enable', - 'unicast-hb-netmask': 'test_value_59', - 'unicast-hb-peerip': 'test_value_60', - 'uninterruptible-upgrade': 'enable', - 'vcluster-id': '62', - 'vcluster2': 'enable', - 'vdom': 'test_value_64', - 'weight': 'test_value_65' - } - - set_method_mock.assert_called_with('system', 'ha', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_ha_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ha': { - 'arps': '3', - 'arps_interval': '4', - 'authentication': 'enable', - 'cpu_threshold': 'test_value_6', - 'encryption': 'enable', - 'ftp_proxy_threshold': 'test_value_8', - 'gratuitous_arps': 'enable', - 'group_id': '10', - 'group_name': 'test_value_11', - 'ha_direct': 'enable', - 'ha_eth_type': 'test_value_13', - 'ha_mgmt_status': 'enable', - 'ha_uptime_diff_margin': '15', - 'hb_interval': '16', - 'hb_lost_threshold': '17', - 'hbdev': 'test_value_18', - 'hc_eth_type': 'test_value_19', - 'hello_holddown': '20', - 'http_proxy_threshold': 'test_value_21', - 'imap_proxy_threshold': 'test_value_22', - 'inter_cluster_session_sync': 'enable', - 'key': 'test_value_24', - 'l2ep_eth_type': 'test_value_25', - 'link_failed_signal': 'enable', - 'load_balance_all': 'enable', - 'memory_compatible_mode': 'enable', - 'memory_threshold': 'test_value_29', - 'mode': 'standalone', - 'monitor': 'test_value_31', - 'multicast_ttl': '32', - 'nntp_proxy_threshold': 'test_value_33', - 'override': 'enable', - 'override_wait_time': '35', - 'password': 'test_value_36', - 'pingserver_failover_threshold': '37', - 'pingserver_flip_timeout': '38', - 'pingserver_monitor_interface': 'test_value_39', - 'pingserver_slave_force_reset': 'enable', - 'pop3_proxy_threshold': 'test_value_41', - 'priority': '42', - 'route_hold': '43', - 'route_ttl': '44', - 'route_wait': '45', - 'schedule': 'none', - 'session_pickup': 'enable', - 'session_pickup_connectionless': 'enable', - 'session_pickup_delay': 'enable', - 'session_pickup_expectation': 'enable', - 'session_pickup_nat': 'enable', - 'session_sync_dev': 'test_value_52', - 'smtp_proxy_threshold': 'test_value_53', - 'standalone_config_sync': 'enable', - 'standalone_mgmt_vdom': 'enable', - 'sync_config': 'enable', - 'sync_packet_balance': 'enable', - 'unicast_hb': 'enable', - 'unicast_hb_netmask': 'test_value_59', - 'unicast_hb_peerip': 'test_value_60', - 'uninterruptible_upgrade': 'enable', - 'vcluster_id': '62', - 'vcluster2': 'enable', - 'vdom': 'test_value_64', - 'weight': 'test_value_65' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ha.fortios_system(input_data, fos_instance) - - expected_data = { - 'arps': '3', - 'arps-interval': '4', - 'authentication': 'enable', - 'cpu-threshold': 'test_value_6', - 'encryption': 'enable', - 'ftp-proxy-threshold': 'test_value_8', - 'gratuitous-arps': 'enable', - 'group-id': '10', - 'group-name': 'test_value_11', - 'ha-direct': 'enable', - 'ha-eth-type': 'test_value_13', - 'ha-mgmt-status': 'enable', - 'ha-uptime-diff-margin': '15', - 'hb-interval': '16', - 'hb-lost-threshold': '17', - 'hbdev': 'test_value_18', - 'hc-eth-type': 'test_value_19', - 'hello-holddown': '20', - 'http-proxy-threshold': 'test_value_21', - 'imap-proxy-threshold': 'test_value_22', - 'inter-cluster-session-sync': 'enable', - 'key': 'test_value_24', - 'l2ep-eth-type': 'test_value_25', - 'link-failed-signal': 'enable', - 'load-balance-all': 'enable', - 'memory-compatible-mode': 'enable', - 'memory-threshold': 'test_value_29', - 'mode': 'standalone', - 'monitor': 'test_value_31', - 'multicast-ttl': '32', - 'nntp-proxy-threshold': 'test_value_33', - 'override': 'enable', - 'override-wait-time': '35', - 'password': 'test_value_36', - 'pingserver-failover-threshold': '37', - 'pingserver-flip-timeout': '38', - 'pingserver-monitor-interface': 'test_value_39', - 'pingserver-slave-force-reset': 'enable', - 'pop3-proxy-threshold': 'test_value_41', - 'priority': '42', - 'route-hold': '43', - 'route-ttl': '44', - 'route-wait': '45', - 'schedule': 'none', - 'session-pickup': 'enable', - 'session-pickup-connectionless': 'enable', - 'session-pickup-delay': 'enable', - 'session-pickup-expectation': 'enable', - 'session-pickup-nat': 'enable', - 'session-sync-dev': 'test_value_52', - 'smtp-proxy-threshold': 'test_value_53', - 'standalone-config-sync': 'enable', - 'standalone-mgmt-vdom': 'enable', - 'sync-config': 'enable', - 'sync-packet-balance': 'enable', - 'unicast-hb': 'enable', - 'unicast-hb-netmask': 'test_value_59', - 'unicast-hb-peerip': 'test_value_60', - 'uninterruptible-upgrade': 'enable', - 'vcluster-id': '62', - 'vcluster2': 'enable', - 'vdom': 'test_value_64', - 'weight': 'test_value_65' - } - - set_method_mock.assert_called_with('system', 'ha', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_ha_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ha': { - 'random_attribute_not_valid': 'tag', - 'arps': '3', - 'arps_interval': '4', - 'authentication': 'enable', - 'cpu_threshold': 'test_value_6', - 'encryption': 'enable', - 'ftp_proxy_threshold': 'test_value_8', - 'gratuitous_arps': 'enable', - 'group_id': '10', - 'group_name': 'test_value_11', - 'ha_direct': 'enable', - 'ha_eth_type': 'test_value_13', - 'ha_mgmt_status': 'enable', - 'ha_uptime_diff_margin': '15', - 'hb_interval': '16', - 'hb_lost_threshold': '17', - 'hbdev': 'test_value_18', - 'hc_eth_type': 'test_value_19', - 'hello_holddown': '20', - 'http_proxy_threshold': 'test_value_21', - 'imap_proxy_threshold': 'test_value_22', - 'inter_cluster_session_sync': 'enable', - 'key': 'test_value_24', - 'l2ep_eth_type': 'test_value_25', - 'link_failed_signal': 'enable', - 'load_balance_all': 'enable', - 'memory_compatible_mode': 'enable', - 'memory_threshold': 'test_value_29', - 'mode': 'standalone', - 'monitor': 'test_value_31', - 'multicast_ttl': '32', - 'nntp_proxy_threshold': 'test_value_33', - 'override': 'enable', - 'override_wait_time': '35', - 'password': 'test_value_36', - 'pingserver_failover_threshold': '37', - 'pingserver_flip_timeout': '38', - 'pingserver_monitor_interface': 'test_value_39', - 'pingserver_slave_force_reset': 'enable', - 'pop3_proxy_threshold': 'test_value_41', - 'priority': '42', - 'route_hold': '43', - 'route_ttl': '44', - 'route_wait': '45', - 'schedule': 'none', - 'session_pickup': 'enable', - 'session_pickup_connectionless': 'enable', - 'session_pickup_delay': 'enable', - 'session_pickup_expectation': 'enable', - 'session_pickup_nat': 'enable', - 'session_sync_dev': 'test_value_52', - 'smtp_proxy_threshold': 'test_value_53', - 'standalone_config_sync': 'enable', - 'standalone_mgmt_vdom': 'enable', - 'sync_config': 'enable', - 'sync_packet_balance': 'enable', - 'unicast_hb': 'enable', - 'unicast_hb_netmask': 'test_value_59', - 'unicast_hb_peerip': 'test_value_60', - 'uninterruptible_upgrade': 'enable', - 'vcluster_id': '62', - 'vcluster2': 'enable', - 'vdom': 'test_value_64', - 'weight': 'test_value_65' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ha.fortios_system(input_data, fos_instance) - - expected_data = { - 'arps': '3', - 'arps-interval': '4', - 'authentication': 'enable', - 'cpu-threshold': 'test_value_6', - 'encryption': 'enable', - 'ftp-proxy-threshold': 'test_value_8', - 'gratuitous-arps': 'enable', - 'group-id': '10', - 'group-name': 'test_value_11', - 'ha-direct': 'enable', - 'ha-eth-type': 'test_value_13', - 'ha-mgmt-status': 'enable', - 'ha-uptime-diff-margin': '15', - 'hb-interval': '16', - 'hb-lost-threshold': '17', - 'hbdev': 'test_value_18', - 'hc-eth-type': 'test_value_19', - 'hello-holddown': '20', - 'http-proxy-threshold': 'test_value_21', - 'imap-proxy-threshold': 'test_value_22', - 'inter-cluster-session-sync': 'enable', - 'key': 'test_value_24', - 'l2ep-eth-type': 'test_value_25', - 'link-failed-signal': 'enable', - 'load-balance-all': 'enable', - 'memory-compatible-mode': 'enable', - 'memory-threshold': 'test_value_29', - 'mode': 'standalone', - 'monitor': 'test_value_31', - 'multicast-ttl': '32', - 'nntp-proxy-threshold': 'test_value_33', - 'override': 'enable', - 'override-wait-time': '35', - 'password': 'test_value_36', - 'pingserver-failover-threshold': '37', - 'pingserver-flip-timeout': '38', - 'pingserver-monitor-interface': 'test_value_39', - 'pingserver-slave-force-reset': 'enable', - 'pop3-proxy-threshold': 'test_value_41', - 'priority': '42', - 'route-hold': '43', - 'route-ttl': '44', - 'route-wait': '45', - 'schedule': 'none', - 'session-pickup': 'enable', - 'session-pickup-connectionless': 'enable', - 'session-pickup-delay': 'enable', - 'session-pickup-expectation': 'enable', - 'session-pickup-nat': 'enable', - 'session-sync-dev': 'test_value_52', - 'smtp-proxy-threshold': 'test_value_53', - 'standalone-config-sync': 'enable', - 'standalone-mgmt-vdom': 'enable', - 'sync-config': 'enable', - 'sync-packet-balance': 'enable', - 'unicast-hb': 'enable', - 'unicast-hb-netmask': 'test_value_59', - 'unicast-hb-peerip': 'test_value_60', - 'uninterruptible-upgrade': 'enable', - 'vcluster-id': '62', - 'vcluster2': 'enable', - 'vdom': 'test_value_64', - 'weight': 'test_value_65' - } - - set_method_mock.assert_called_with('system', 'ha', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_ha_monitor.py b/test/units/modules/network/fortios/test_fortios_system_ha_monitor.py deleted file mode 100644 index 34cb747f1de..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_ha_monitor.py +++ /dev/null @@ -1,167 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_ha_monitor -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_ha_monitor.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_ha_monitor_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ha_monitor': { - 'monitor_vlan': 'enable', - 'vlan_hb_interval': '4', - 'vlan_hb_lost_threshold': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ha_monitor.fortios_system(input_data, fos_instance) - - expected_data = { - 'monitor-vlan': 'enable', - 'vlan-hb-interval': '4', - 'vlan-hb-lost-threshold': '5' - } - - set_method_mock.assert_called_with('system', 'ha-monitor', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_ha_monitor_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ha_monitor': { - 'monitor_vlan': 'enable', - 'vlan_hb_interval': '4', - 'vlan_hb_lost_threshold': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ha_monitor.fortios_system(input_data, fos_instance) - - expected_data = { - 'monitor-vlan': 'enable', - 'vlan-hb-interval': '4', - 'vlan-hb-lost-threshold': '5' - } - - set_method_mock.assert_called_with('system', 'ha-monitor', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_ha_monitor_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ha_monitor': { - 'monitor_vlan': 'enable', - 'vlan_hb_interval': '4', - 'vlan_hb_lost_threshold': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ha_monitor.fortios_system(input_data, fos_instance) - - expected_data = { - 'monitor-vlan': 'enable', - 'vlan-hb-interval': '4', - 'vlan-hb-lost-threshold': '5' - } - - set_method_mock.assert_called_with('system', 'ha-monitor', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_ha_monitor_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ha_monitor': { - 'random_attribute_not_valid': 'tag', - 'monitor_vlan': 'enable', - 'vlan_hb_interval': '4', - 'vlan_hb_lost_threshold': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ha_monitor.fortios_system(input_data, fos_instance) - - expected_data = { - 'monitor-vlan': 'enable', - 'vlan-hb-interval': '4', - 'vlan-hb-lost-threshold': '5' - } - - set_method_mock.assert_called_with('system', 'ha-monitor', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_interface.py b/test/units/modules/network/fortios/test_fortios_system_interface.py deleted file mode 100644 index 41a5bfd27ec..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_interface.py +++ /dev/null @@ -1,1769 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_interface -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_interface.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_interface_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_interface': { - 'ac_name': 'test_value_3', - 'aggregate': 'test_value_4', - 'algorithm': 'L2', - 'alias': 'test_value_6', - 'ap_discover': 'enable', - 'arpforward': 'enable', - 'auth_type': 'auto', - 'auto_auth_extension_device': 'enable', - 'bfd': 'global', - 'bfd_desired_min_tx': '12', - 'bfd_detect_mult': '13', - 'bfd_required_min_rx': '14', - 'broadcast_forticlient_discovery': 'enable', - 'broadcast_forward': 'enable', - 'captive_portal': '17', - 'cli_conn_status': '18', - 'color': '19', - 'dedicated_to': 'none', - 'defaultgw': 'enable', - 'description': 'test_value_22', - 'detected_peer_mtu': '23', - 'detectprotocol': 'ping', - 'detectserver': 'test_value_25', - 'device_access_list': 'test_value_26', - 'device_identification': 'enable', - 'device_identification_active_scan': 'enable', - 'device_netscan': 'disable', - 'device_user_identification': 'enable', - 'devindex': '31', - 'dhcp_client_identifier': 'myId_32', - 'dhcp_relay_agent_option': 'enable', - 'dhcp_relay_ip': 'test_value_34', - 'dhcp_relay_service': 'disable', - 'dhcp_relay_type': 'regular', - 'dhcp_renew_time': '37', - 'disc_retry_timeout': '38', - 'disconnect_threshold': '39', - 'distance': '40', - 'dns_server_override': 'enable', - 'drop_fragment': 'enable', - 'drop_overlapped_fragment': 'enable', - 'egress_shaping_profile': 'test_value_44', - 'endpoint_compliance': 'enable', - 'estimated_downstream_bandwidth': '46', - 'estimated_upstream_bandwidth': '47', - 'explicit_ftp_proxy': 'enable', - 'explicit_web_proxy': 'enable', - 'external': 'enable', - 'fail_action_on_extender': 'soft-restart', - 'fail_alert_method': 'link-failed-signal', - 'fail_detect': 'enable', - 'fail_detect_option': 'detectserver', - 'fortiheartbeat': 'enable', - 'fortilink': 'enable', - 'fortilink_backup_link': '57', - 'fortilink_split_interface': 'enable', - 'fortilink_stacking': 'enable', - 'forward_domain': '60', - 'gwdetect': 'enable', - 'ha_priority': '62', - 'icmp_accept_redirect': 'enable', - 'icmp_send_redirect': 'enable', - 'ident_accept': 'enable', - 'idle_timeout': '66', - 'inbandwidth': '67', - 'ingress_spillover_threshold': '68', - 'interface': 'test_value_69', - 'internal': '70', - 'ip': 'test_value_71', - 'ipmac': 'enable', - 'ips_sniffer_mode': 'enable', - 'ipunnumbered': 'test_value_74', - 'l2forward': 'enable', - 'lacp_ha_slave': 'enable', - 'lacp_mode': 'static', - 'lacp_speed': 'slow', - 'lcp_echo_interval': '79', - 'lcp_max_echo_fails': '80', - 'link_up_delay': '81', - 'lldp_transmission': 'enable', - 'macaddr': 'test_value_83', - 'management_ip': 'test_value_84', - 'min_links': '85', - 'min_links_down': 'operational', - 'mode': 'static', - 'mtu': '88', - 'mtu_override': 'enable', - 'name': 'default_name_90', - 'ndiscforward': 'enable', - 'netbios_forward': 'disable', - 'netflow_sampler': 'disable', - 'outbandwidth': '94', - 'padt_retry_timeout': '95', - 'password': 'test_value_96', - 'ping_serv_status': '97', - 'polling_interval': '98', - 'pppoe_unnumbered_negotiate': 'enable', - 'pptp_auth_type': 'auto', - 'pptp_client': 'enable', - 'pptp_password': 'test_value_102', - 'pptp_server_ip': 'test_value_103', - 'pptp_timeout': '104', - 'pptp_user': 'test_value_105', - 'preserve_session_route': 'enable', - 'priority': '107', - 'priority_override': 'enable', - 'proxy_captive_portal': 'enable', - 'redundant_interface': 'test_value_110', - 'remote_ip': 'test_value_111', - 'replacemsg_override_group': 'test_value_112', - 'role': 'lan', - 'sample_direction': 'tx', - 'sample_rate': '115', - 'scan_botnet_connections': 'disable', - 'secondary_IP': 'enable', - 'security_exempt_list': 'test_value_118', - 'security_external_logout': 'test_value_119', - 'security_external_web': 'test_value_120', - 'security_mac_auth_bypass': 'enable', - 'security_mode': 'none', - 'security_redirect_url': 'test_value_123', - 'service_name': 'test_value_124', - 'sflow_sampler': 'enable', - 'snmp_index': '126', - 'speed': 'auto', - 'spillover_threshold': '128', - 'src_check': 'enable', - 'status': 'up', - 'stpforward': 'enable', - 'stpforward_mode': 'rpl-all-ext-id', - 'subst': 'enable', - 'substitute_dst_mac': 'test_value_134', - 'switch': 'test_value_135', - 'switch_controller_access_vlan': 'enable', - 'switch_controller_arp_inspection': 'enable', - 'switch_controller_dhcp_snooping': 'enable', - 'switch_controller_dhcp_snooping_option82': 'enable', - 'switch_controller_dhcp_snooping_verify_mac': 'enable', - 'switch_controller_igmp_snooping': 'enable', - 'switch_controller_learning_limit': '142', - 'tcp_mss': '143', - 'trust_ip_1': 'test_value_144', - 'trust_ip_2': 'test_value_145', - 'trust_ip_3': 'test_value_146', - 'trust_ip6_1': 'test_value_147', - 'trust_ip6_2': 'test_value_148', - 'trust_ip6_3': 'test_value_149', - 'type': 'physical', - 'username': 'test_value_151', - 'vdom': 'test_value_152', - 'vindex': '153', - 'vlanforward': 'enable', - 'vlanid': '155', - 'vrf': '156', - 'vrrp_virtual_mac': 'enable', - 'wccp': 'enable', - 'weight': '159', - 'wins_ip': 'test_value_160' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_interface.fortios_system(input_data, fos_instance) - - expected_data = { - 'ac-name': 'test_value_3', - 'aggregate': 'test_value_4', - 'algorithm': 'L2', - 'alias': 'test_value_6', - 'ap-discover': 'enable', - 'arpforward': 'enable', - 'auth-type': 'auto', - 'auto-auth-extension-device': 'enable', - 'bfd': 'global', - 'bfd-desired-min-tx': '12', - 'bfd-detect-mult': '13', - 'bfd-required-min-rx': '14', - 'broadcast-forticlient-discovery': 'enable', - 'broadcast-forward': 'enable', - 'captive-portal': '17', - 'cli-conn-status': '18', - 'color': '19', - 'dedicated-to': 'none', - 'defaultgw': 'enable', - 'description': 'test_value_22', - 'detected-peer-mtu': '23', - 'detectprotocol': 'ping', - 'detectserver': 'test_value_25', - 'device-access-list': 'test_value_26', - 'device-identification': 'enable', - 'device-identification-active-scan': 'enable', - 'device-netscan': 'disable', - 'device-user-identification': 'enable', - 'devindex': '31', - 'dhcp-client-identifier': 'myId_32', - 'dhcp-relay-agent-option': 'enable', - 'dhcp-relay-ip': 'test_value_34', - 'dhcp-relay-service': 'disable', - 'dhcp-relay-type': 'regular', - 'dhcp-renew-time': '37', - 'disc-retry-timeout': '38', - 'disconnect-threshold': '39', - 'distance': '40', - 'dns-server-override': 'enable', - 'drop-fragment': 'enable', - 'drop-overlapped-fragment': 'enable', - 'egress-shaping-profile': 'test_value_44', - 'endpoint-compliance': 'enable', - 'estimated-downstream-bandwidth': '46', - 'estimated-upstream-bandwidth': '47', - 'explicit-ftp-proxy': 'enable', - 'explicit-web-proxy': 'enable', - 'external': 'enable', - 'fail-action-on-extender': 'soft-restart', - 'fail-alert-method': 'link-failed-signal', - 'fail-detect': 'enable', - 'fail-detect-option': 'detectserver', - 'fortiheartbeat': 'enable', - 'fortilink': 'enable', - 'fortilink-backup-link': '57', - 'fortilink-split-interface': 'enable', - 'fortilink-stacking': 'enable', - 'forward-domain': '60', - 'gwdetect': 'enable', - 'ha-priority': '62', - 'icmp-accept-redirect': 'enable', - 'icmp-send-redirect': 'enable', - 'ident-accept': 'enable', - 'idle-timeout': '66', - 'inbandwidth': '67', - 'ingress-spillover-threshold': '68', - 'interface': 'test_value_69', - 'internal': '70', - 'ip': 'test_value_71', - 'ipmac': 'enable', - 'ips-sniffer-mode': 'enable', - 'ipunnumbered': 'test_value_74', - 'l2forward': 'enable', - 'lacp-ha-slave': 'enable', - 'lacp-mode': 'static', - 'lacp-speed': 'slow', - 'lcp-echo-interval': '79', - 'lcp-max-echo-fails': '80', - 'link-up-delay': '81', - 'lldp-transmission': 'enable', - 'macaddr': 'test_value_83', - 'management-ip': 'test_value_84', - 'min-links': '85', - 'min-links-down': 'operational', - 'mode': 'static', - 'mtu': '88', - 'mtu-override': 'enable', - 'name': 'default_name_90', - 'ndiscforward': 'enable', - 'netbios-forward': 'disable', - 'netflow-sampler': 'disable', - 'outbandwidth': '94', - 'padt-retry-timeout': '95', - 'password': 'test_value_96', - 'ping-serv-status': '97', - 'polling-interval': '98', - 'pppoe-unnumbered-negotiate': 'enable', - 'pptp-auth-type': 'auto', - 'pptp-client': 'enable', - 'pptp-password': 'test_value_102', - 'pptp-server-ip': 'test_value_103', - 'pptp-timeout': '104', - 'pptp-user': 'test_value_105', - 'preserve-session-route': 'enable', - 'priority': '107', - 'priority-override': 'enable', - 'proxy-captive-portal': 'enable', - 'redundant-interface': 'test_value_110', - 'remote-ip': 'test_value_111', - 'replacemsg-override-group': 'test_value_112', - 'role': 'lan', - 'sample-direction': 'tx', - 'sample-rate': '115', - 'scan-botnet-connections': 'disable', - 'secondary-IP': 'enable', - 'security-exempt-list': 'test_value_118', - 'security-external-logout': 'test_value_119', - 'security-external-web': 'test_value_120', - 'security-mac-auth-bypass': 'enable', - 'security-mode': 'none', - 'security-redirect-url': 'test_value_123', - 'service-name': 'test_value_124', - 'sflow-sampler': 'enable', - 'snmp-index': '126', - 'speed': 'auto', - 'spillover-threshold': '128', - 'src-check': 'enable', - 'status': 'up', - 'stpforward': 'enable', - 'stpforward-mode': 'rpl-all-ext-id', - 'subst': 'enable', - 'substitute-dst-mac': 'test_value_134', - 'switch': 'test_value_135', - 'switch-controller-access-vlan': 'enable', - 'switch-controller-arp-inspection': 'enable', - 'switch-controller-dhcp-snooping': 'enable', - 'switch-controller-dhcp-snooping-option82': 'enable', - 'switch-controller-dhcp-snooping-verify-mac': 'enable', - 'switch-controller-igmp-snooping': 'enable', - 'switch-controller-learning-limit': '142', - 'tcp-mss': '143', - 'trust-ip-1': 'test_value_144', - 'trust-ip-2': 'test_value_145', - 'trust-ip-3': 'test_value_146', - 'trust-ip6-1': 'test_value_147', - 'trust-ip6-2': 'test_value_148', - 'trust-ip6-3': 'test_value_149', - 'type': 'physical', - 'username': 'test_value_151', - 'vdom': 'test_value_152', - 'vindex': '153', - 'vlanforward': 'enable', - 'vlanid': '155', - 'vrf': '156', - 'vrrp-virtual-mac': 'enable', - 'wccp': 'enable', - 'weight': '159', - 'wins-ip': 'test_value_160' - } - - set_method_mock.assert_called_with('system', 'interface', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_interface_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_interface': { - 'ac_name': 'test_value_3', - 'aggregate': 'test_value_4', - 'algorithm': 'L2', - 'alias': 'test_value_6', - 'ap_discover': 'enable', - 'arpforward': 'enable', - 'auth_type': 'auto', - 'auto_auth_extension_device': 'enable', - 'bfd': 'global', - 'bfd_desired_min_tx': '12', - 'bfd_detect_mult': '13', - 'bfd_required_min_rx': '14', - 'broadcast_forticlient_discovery': 'enable', - 'broadcast_forward': 'enable', - 'captive_portal': '17', - 'cli_conn_status': '18', - 'color': '19', - 'dedicated_to': 'none', - 'defaultgw': 'enable', - 'description': 'test_value_22', - 'detected_peer_mtu': '23', - 'detectprotocol': 'ping', - 'detectserver': 'test_value_25', - 'device_access_list': 'test_value_26', - 'device_identification': 'enable', - 'device_identification_active_scan': 'enable', - 'device_netscan': 'disable', - 'device_user_identification': 'enable', - 'devindex': '31', - 'dhcp_client_identifier': 'myId_32', - 'dhcp_relay_agent_option': 'enable', - 'dhcp_relay_ip': 'test_value_34', - 'dhcp_relay_service': 'disable', - 'dhcp_relay_type': 'regular', - 'dhcp_renew_time': '37', - 'disc_retry_timeout': '38', - 'disconnect_threshold': '39', - 'distance': '40', - 'dns_server_override': 'enable', - 'drop_fragment': 'enable', - 'drop_overlapped_fragment': 'enable', - 'egress_shaping_profile': 'test_value_44', - 'endpoint_compliance': 'enable', - 'estimated_downstream_bandwidth': '46', - 'estimated_upstream_bandwidth': '47', - 'explicit_ftp_proxy': 'enable', - 'explicit_web_proxy': 'enable', - 'external': 'enable', - 'fail_action_on_extender': 'soft-restart', - 'fail_alert_method': 'link-failed-signal', - 'fail_detect': 'enable', - 'fail_detect_option': 'detectserver', - 'fortiheartbeat': 'enable', - 'fortilink': 'enable', - 'fortilink_backup_link': '57', - 'fortilink_split_interface': 'enable', - 'fortilink_stacking': 'enable', - 'forward_domain': '60', - 'gwdetect': 'enable', - 'ha_priority': '62', - 'icmp_accept_redirect': 'enable', - 'icmp_send_redirect': 'enable', - 'ident_accept': 'enable', - 'idle_timeout': '66', - 'inbandwidth': '67', - 'ingress_spillover_threshold': '68', - 'interface': 'test_value_69', - 'internal': '70', - 'ip': 'test_value_71', - 'ipmac': 'enable', - 'ips_sniffer_mode': 'enable', - 'ipunnumbered': 'test_value_74', - 'l2forward': 'enable', - 'lacp_ha_slave': 'enable', - 'lacp_mode': 'static', - 'lacp_speed': 'slow', - 'lcp_echo_interval': '79', - 'lcp_max_echo_fails': '80', - 'link_up_delay': '81', - 'lldp_transmission': 'enable', - 'macaddr': 'test_value_83', - 'management_ip': 'test_value_84', - 'min_links': '85', - 'min_links_down': 'operational', - 'mode': 'static', - 'mtu': '88', - 'mtu_override': 'enable', - 'name': 'default_name_90', - 'ndiscforward': 'enable', - 'netbios_forward': 'disable', - 'netflow_sampler': 'disable', - 'outbandwidth': '94', - 'padt_retry_timeout': '95', - 'password': 'test_value_96', - 'ping_serv_status': '97', - 'polling_interval': '98', - 'pppoe_unnumbered_negotiate': 'enable', - 'pptp_auth_type': 'auto', - 'pptp_client': 'enable', - 'pptp_password': 'test_value_102', - 'pptp_server_ip': 'test_value_103', - 'pptp_timeout': '104', - 'pptp_user': 'test_value_105', - 'preserve_session_route': 'enable', - 'priority': '107', - 'priority_override': 'enable', - 'proxy_captive_portal': 'enable', - 'redundant_interface': 'test_value_110', - 'remote_ip': 'test_value_111', - 'replacemsg_override_group': 'test_value_112', - 'role': 'lan', - 'sample_direction': 'tx', - 'sample_rate': '115', - 'scan_botnet_connections': 'disable', - 'secondary_IP': 'enable', - 'security_exempt_list': 'test_value_118', - 'security_external_logout': 'test_value_119', - 'security_external_web': 'test_value_120', - 'security_mac_auth_bypass': 'enable', - 'security_mode': 'none', - 'security_redirect_url': 'test_value_123', - 'service_name': 'test_value_124', - 'sflow_sampler': 'enable', - 'snmp_index': '126', - 'speed': 'auto', - 'spillover_threshold': '128', - 'src_check': 'enable', - 'status': 'up', - 'stpforward': 'enable', - 'stpforward_mode': 'rpl-all-ext-id', - 'subst': 'enable', - 'substitute_dst_mac': 'test_value_134', - 'switch': 'test_value_135', - 'switch_controller_access_vlan': 'enable', - 'switch_controller_arp_inspection': 'enable', - 'switch_controller_dhcp_snooping': 'enable', - 'switch_controller_dhcp_snooping_option82': 'enable', - 'switch_controller_dhcp_snooping_verify_mac': 'enable', - 'switch_controller_igmp_snooping': 'enable', - 'switch_controller_learning_limit': '142', - 'tcp_mss': '143', - 'trust_ip_1': 'test_value_144', - 'trust_ip_2': 'test_value_145', - 'trust_ip_3': 'test_value_146', - 'trust_ip6_1': 'test_value_147', - 'trust_ip6_2': 'test_value_148', - 'trust_ip6_3': 'test_value_149', - 'type': 'physical', - 'username': 'test_value_151', - 'vdom': 'test_value_152', - 'vindex': '153', - 'vlanforward': 'enable', - 'vlanid': '155', - 'vrf': '156', - 'vrrp_virtual_mac': 'enable', - 'wccp': 'enable', - 'weight': '159', - 'wins_ip': 'test_value_160' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_interface.fortios_system(input_data, fos_instance) - - expected_data = { - 'ac-name': 'test_value_3', - 'aggregate': 'test_value_4', - 'algorithm': 'L2', - 'alias': 'test_value_6', - 'ap-discover': 'enable', - 'arpforward': 'enable', - 'auth-type': 'auto', - 'auto-auth-extension-device': 'enable', - 'bfd': 'global', - 'bfd-desired-min-tx': '12', - 'bfd-detect-mult': '13', - 'bfd-required-min-rx': '14', - 'broadcast-forticlient-discovery': 'enable', - 'broadcast-forward': 'enable', - 'captive-portal': '17', - 'cli-conn-status': '18', - 'color': '19', - 'dedicated-to': 'none', - 'defaultgw': 'enable', - 'description': 'test_value_22', - 'detected-peer-mtu': '23', - 'detectprotocol': 'ping', - 'detectserver': 'test_value_25', - 'device-access-list': 'test_value_26', - 'device-identification': 'enable', - 'device-identification-active-scan': 'enable', - 'device-netscan': 'disable', - 'device-user-identification': 'enable', - 'devindex': '31', - 'dhcp-client-identifier': 'myId_32', - 'dhcp-relay-agent-option': 'enable', - 'dhcp-relay-ip': 'test_value_34', - 'dhcp-relay-service': 'disable', - 'dhcp-relay-type': 'regular', - 'dhcp-renew-time': '37', - 'disc-retry-timeout': '38', - 'disconnect-threshold': '39', - 'distance': '40', - 'dns-server-override': 'enable', - 'drop-fragment': 'enable', - 'drop-overlapped-fragment': 'enable', - 'egress-shaping-profile': 'test_value_44', - 'endpoint-compliance': 'enable', - 'estimated-downstream-bandwidth': '46', - 'estimated-upstream-bandwidth': '47', - 'explicit-ftp-proxy': 'enable', - 'explicit-web-proxy': 'enable', - 'external': 'enable', - 'fail-action-on-extender': 'soft-restart', - 'fail-alert-method': 'link-failed-signal', - 'fail-detect': 'enable', - 'fail-detect-option': 'detectserver', - 'fortiheartbeat': 'enable', - 'fortilink': 'enable', - 'fortilink-backup-link': '57', - 'fortilink-split-interface': 'enable', - 'fortilink-stacking': 'enable', - 'forward-domain': '60', - 'gwdetect': 'enable', - 'ha-priority': '62', - 'icmp-accept-redirect': 'enable', - 'icmp-send-redirect': 'enable', - 'ident-accept': 'enable', - 'idle-timeout': '66', - 'inbandwidth': '67', - 'ingress-spillover-threshold': '68', - 'interface': 'test_value_69', - 'internal': '70', - 'ip': 'test_value_71', - 'ipmac': 'enable', - 'ips-sniffer-mode': 'enable', - 'ipunnumbered': 'test_value_74', - 'l2forward': 'enable', - 'lacp-ha-slave': 'enable', - 'lacp-mode': 'static', - 'lacp-speed': 'slow', - 'lcp-echo-interval': '79', - 'lcp-max-echo-fails': '80', - 'link-up-delay': '81', - 'lldp-transmission': 'enable', - 'macaddr': 'test_value_83', - 'management-ip': 'test_value_84', - 'min-links': '85', - 'min-links-down': 'operational', - 'mode': 'static', - 'mtu': '88', - 'mtu-override': 'enable', - 'name': 'default_name_90', - 'ndiscforward': 'enable', - 'netbios-forward': 'disable', - 'netflow-sampler': 'disable', - 'outbandwidth': '94', - 'padt-retry-timeout': '95', - 'password': 'test_value_96', - 'ping-serv-status': '97', - 'polling-interval': '98', - 'pppoe-unnumbered-negotiate': 'enable', - 'pptp-auth-type': 'auto', - 'pptp-client': 'enable', - 'pptp-password': 'test_value_102', - 'pptp-server-ip': 'test_value_103', - 'pptp-timeout': '104', - 'pptp-user': 'test_value_105', - 'preserve-session-route': 'enable', - 'priority': '107', - 'priority-override': 'enable', - 'proxy-captive-portal': 'enable', - 'redundant-interface': 'test_value_110', - 'remote-ip': 'test_value_111', - 'replacemsg-override-group': 'test_value_112', - 'role': 'lan', - 'sample-direction': 'tx', - 'sample-rate': '115', - 'scan-botnet-connections': 'disable', - 'secondary-IP': 'enable', - 'security-exempt-list': 'test_value_118', - 'security-external-logout': 'test_value_119', - 'security-external-web': 'test_value_120', - 'security-mac-auth-bypass': 'enable', - 'security-mode': 'none', - 'security-redirect-url': 'test_value_123', - 'service-name': 'test_value_124', - 'sflow-sampler': 'enable', - 'snmp-index': '126', - 'speed': 'auto', - 'spillover-threshold': '128', - 'src-check': 'enable', - 'status': 'up', - 'stpforward': 'enable', - 'stpforward-mode': 'rpl-all-ext-id', - 'subst': 'enable', - 'substitute-dst-mac': 'test_value_134', - 'switch': 'test_value_135', - 'switch-controller-access-vlan': 'enable', - 'switch-controller-arp-inspection': 'enable', - 'switch-controller-dhcp-snooping': 'enable', - 'switch-controller-dhcp-snooping-option82': 'enable', - 'switch-controller-dhcp-snooping-verify-mac': 'enable', - 'switch-controller-igmp-snooping': 'enable', - 'switch-controller-learning-limit': '142', - 'tcp-mss': '143', - 'trust-ip-1': 'test_value_144', - 'trust-ip-2': 'test_value_145', - 'trust-ip-3': 'test_value_146', - 'trust-ip6-1': 'test_value_147', - 'trust-ip6-2': 'test_value_148', - 'trust-ip6-3': 'test_value_149', - 'type': 'physical', - 'username': 'test_value_151', - 'vdom': 'test_value_152', - 'vindex': '153', - 'vlanforward': 'enable', - 'vlanid': '155', - 'vrf': '156', - 'vrrp-virtual-mac': 'enable', - 'wccp': 'enable', - 'weight': '159', - 'wins-ip': 'test_value_160' - } - - set_method_mock.assert_called_with('system', 'interface', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_interface_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_interface': { - 'ac_name': 'test_value_3', - 'aggregate': 'test_value_4', - 'algorithm': 'L2', - 'alias': 'test_value_6', - 'ap_discover': 'enable', - 'arpforward': 'enable', - 'auth_type': 'auto', - 'auto_auth_extension_device': 'enable', - 'bfd': 'global', - 'bfd_desired_min_tx': '12', - 'bfd_detect_mult': '13', - 'bfd_required_min_rx': '14', - 'broadcast_forticlient_discovery': 'enable', - 'broadcast_forward': 'enable', - 'captive_portal': '17', - 'cli_conn_status': '18', - 'color': '19', - 'dedicated_to': 'none', - 'defaultgw': 'enable', - 'description': 'test_value_22', - 'detected_peer_mtu': '23', - 'detectprotocol': 'ping', - 'detectserver': 'test_value_25', - 'device_access_list': 'test_value_26', - 'device_identification': 'enable', - 'device_identification_active_scan': 'enable', - 'device_netscan': 'disable', - 'device_user_identification': 'enable', - 'devindex': '31', - 'dhcp_client_identifier': 'myId_32', - 'dhcp_relay_agent_option': 'enable', - 'dhcp_relay_ip': 'test_value_34', - 'dhcp_relay_service': 'disable', - 'dhcp_relay_type': 'regular', - 'dhcp_renew_time': '37', - 'disc_retry_timeout': '38', - 'disconnect_threshold': '39', - 'distance': '40', - 'dns_server_override': 'enable', - 'drop_fragment': 'enable', - 'drop_overlapped_fragment': 'enable', - 'egress_shaping_profile': 'test_value_44', - 'endpoint_compliance': 'enable', - 'estimated_downstream_bandwidth': '46', - 'estimated_upstream_bandwidth': '47', - 'explicit_ftp_proxy': 'enable', - 'explicit_web_proxy': 'enable', - 'external': 'enable', - 'fail_action_on_extender': 'soft-restart', - 'fail_alert_method': 'link-failed-signal', - 'fail_detect': 'enable', - 'fail_detect_option': 'detectserver', - 'fortiheartbeat': 'enable', - 'fortilink': 'enable', - 'fortilink_backup_link': '57', - 'fortilink_split_interface': 'enable', - 'fortilink_stacking': 'enable', - 'forward_domain': '60', - 'gwdetect': 'enable', - 'ha_priority': '62', - 'icmp_accept_redirect': 'enable', - 'icmp_send_redirect': 'enable', - 'ident_accept': 'enable', - 'idle_timeout': '66', - 'inbandwidth': '67', - 'ingress_spillover_threshold': '68', - 'interface': 'test_value_69', - 'internal': '70', - 'ip': 'test_value_71', - 'ipmac': 'enable', - 'ips_sniffer_mode': 'enable', - 'ipunnumbered': 'test_value_74', - 'l2forward': 'enable', - 'lacp_ha_slave': 'enable', - 'lacp_mode': 'static', - 'lacp_speed': 'slow', - 'lcp_echo_interval': '79', - 'lcp_max_echo_fails': '80', - 'link_up_delay': '81', - 'lldp_transmission': 'enable', - 'macaddr': 'test_value_83', - 'management_ip': 'test_value_84', - 'min_links': '85', - 'min_links_down': 'operational', - 'mode': 'static', - 'mtu': '88', - 'mtu_override': 'enable', - 'name': 'default_name_90', - 'ndiscforward': 'enable', - 'netbios_forward': 'disable', - 'netflow_sampler': 'disable', - 'outbandwidth': '94', - 'padt_retry_timeout': '95', - 'password': 'test_value_96', - 'ping_serv_status': '97', - 'polling_interval': '98', - 'pppoe_unnumbered_negotiate': 'enable', - 'pptp_auth_type': 'auto', - 'pptp_client': 'enable', - 'pptp_password': 'test_value_102', - 'pptp_server_ip': 'test_value_103', - 'pptp_timeout': '104', - 'pptp_user': 'test_value_105', - 'preserve_session_route': 'enable', - 'priority': '107', - 'priority_override': 'enable', - 'proxy_captive_portal': 'enable', - 'redundant_interface': 'test_value_110', - 'remote_ip': 'test_value_111', - 'replacemsg_override_group': 'test_value_112', - 'role': 'lan', - 'sample_direction': 'tx', - 'sample_rate': '115', - 'scan_botnet_connections': 'disable', - 'secondary_IP': 'enable', - 'security_exempt_list': 'test_value_118', - 'security_external_logout': 'test_value_119', - 'security_external_web': 'test_value_120', - 'security_mac_auth_bypass': 'enable', - 'security_mode': 'none', - 'security_redirect_url': 'test_value_123', - 'service_name': 'test_value_124', - 'sflow_sampler': 'enable', - 'snmp_index': '126', - 'speed': 'auto', - 'spillover_threshold': '128', - 'src_check': 'enable', - 'status': 'up', - 'stpforward': 'enable', - 'stpforward_mode': 'rpl-all-ext-id', - 'subst': 'enable', - 'substitute_dst_mac': 'test_value_134', - 'switch': 'test_value_135', - 'switch_controller_access_vlan': 'enable', - 'switch_controller_arp_inspection': 'enable', - 'switch_controller_dhcp_snooping': 'enable', - 'switch_controller_dhcp_snooping_option82': 'enable', - 'switch_controller_dhcp_snooping_verify_mac': 'enable', - 'switch_controller_igmp_snooping': 'enable', - 'switch_controller_learning_limit': '142', - 'tcp_mss': '143', - 'trust_ip_1': 'test_value_144', - 'trust_ip_2': 'test_value_145', - 'trust_ip_3': 'test_value_146', - 'trust_ip6_1': 'test_value_147', - 'trust_ip6_2': 'test_value_148', - 'trust_ip6_3': 'test_value_149', - 'type': 'physical', - 'username': 'test_value_151', - 'vdom': 'test_value_152', - 'vindex': '153', - 'vlanforward': 'enable', - 'vlanid': '155', - 'vrf': '156', - 'vrrp_virtual_mac': 'enable', - 'wccp': 'enable', - 'weight': '159', - 'wins_ip': 'test_value_160' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_interface.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'interface', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_interface_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_interface': { - 'ac_name': 'test_value_3', - 'aggregate': 'test_value_4', - 'algorithm': 'L2', - 'alias': 'test_value_6', - 'ap_discover': 'enable', - 'arpforward': 'enable', - 'auth_type': 'auto', - 'auto_auth_extension_device': 'enable', - 'bfd': 'global', - 'bfd_desired_min_tx': '12', - 'bfd_detect_mult': '13', - 'bfd_required_min_rx': '14', - 'broadcast_forticlient_discovery': 'enable', - 'broadcast_forward': 'enable', - 'captive_portal': '17', - 'cli_conn_status': '18', - 'color': '19', - 'dedicated_to': 'none', - 'defaultgw': 'enable', - 'description': 'test_value_22', - 'detected_peer_mtu': '23', - 'detectprotocol': 'ping', - 'detectserver': 'test_value_25', - 'device_access_list': 'test_value_26', - 'device_identification': 'enable', - 'device_identification_active_scan': 'enable', - 'device_netscan': 'disable', - 'device_user_identification': 'enable', - 'devindex': '31', - 'dhcp_client_identifier': 'myId_32', - 'dhcp_relay_agent_option': 'enable', - 'dhcp_relay_ip': 'test_value_34', - 'dhcp_relay_service': 'disable', - 'dhcp_relay_type': 'regular', - 'dhcp_renew_time': '37', - 'disc_retry_timeout': '38', - 'disconnect_threshold': '39', - 'distance': '40', - 'dns_server_override': 'enable', - 'drop_fragment': 'enable', - 'drop_overlapped_fragment': 'enable', - 'egress_shaping_profile': 'test_value_44', - 'endpoint_compliance': 'enable', - 'estimated_downstream_bandwidth': '46', - 'estimated_upstream_bandwidth': '47', - 'explicit_ftp_proxy': 'enable', - 'explicit_web_proxy': 'enable', - 'external': 'enable', - 'fail_action_on_extender': 'soft-restart', - 'fail_alert_method': 'link-failed-signal', - 'fail_detect': 'enable', - 'fail_detect_option': 'detectserver', - 'fortiheartbeat': 'enable', - 'fortilink': 'enable', - 'fortilink_backup_link': '57', - 'fortilink_split_interface': 'enable', - 'fortilink_stacking': 'enable', - 'forward_domain': '60', - 'gwdetect': 'enable', - 'ha_priority': '62', - 'icmp_accept_redirect': 'enable', - 'icmp_send_redirect': 'enable', - 'ident_accept': 'enable', - 'idle_timeout': '66', - 'inbandwidth': '67', - 'ingress_spillover_threshold': '68', - 'interface': 'test_value_69', - 'internal': '70', - 'ip': 'test_value_71', - 'ipmac': 'enable', - 'ips_sniffer_mode': 'enable', - 'ipunnumbered': 'test_value_74', - 'l2forward': 'enable', - 'lacp_ha_slave': 'enable', - 'lacp_mode': 'static', - 'lacp_speed': 'slow', - 'lcp_echo_interval': '79', - 'lcp_max_echo_fails': '80', - 'link_up_delay': '81', - 'lldp_transmission': 'enable', - 'macaddr': 'test_value_83', - 'management_ip': 'test_value_84', - 'min_links': '85', - 'min_links_down': 'operational', - 'mode': 'static', - 'mtu': '88', - 'mtu_override': 'enable', - 'name': 'default_name_90', - 'ndiscforward': 'enable', - 'netbios_forward': 'disable', - 'netflow_sampler': 'disable', - 'outbandwidth': '94', - 'padt_retry_timeout': '95', - 'password': 'test_value_96', - 'ping_serv_status': '97', - 'polling_interval': '98', - 'pppoe_unnumbered_negotiate': 'enable', - 'pptp_auth_type': 'auto', - 'pptp_client': 'enable', - 'pptp_password': 'test_value_102', - 'pptp_server_ip': 'test_value_103', - 'pptp_timeout': '104', - 'pptp_user': 'test_value_105', - 'preserve_session_route': 'enable', - 'priority': '107', - 'priority_override': 'enable', - 'proxy_captive_portal': 'enable', - 'redundant_interface': 'test_value_110', - 'remote_ip': 'test_value_111', - 'replacemsg_override_group': 'test_value_112', - 'role': 'lan', - 'sample_direction': 'tx', - 'sample_rate': '115', - 'scan_botnet_connections': 'disable', - 'secondary_IP': 'enable', - 'security_exempt_list': 'test_value_118', - 'security_external_logout': 'test_value_119', - 'security_external_web': 'test_value_120', - 'security_mac_auth_bypass': 'enable', - 'security_mode': 'none', - 'security_redirect_url': 'test_value_123', - 'service_name': 'test_value_124', - 'sflow_sampler': 'enable', - 'snmp_index': '126', - 'speed': 'auto', - 'spillover_threshold': '128', - 'src_check': 'enable', - 'status': 'up', - 'stpforward': 'enable', - 'stpforward_mode': 'rpl-all-ext-id', - 'subst': 'enable', - 'substitute_dst_mac': 'test_value_134', - 'switch': 'test_value_135', - 'switch_controller_access_vlan': 'enable', - 'switch_controller_arp_inspection': 'enable', - 'switch_controller_dhcp_snooping': 'enable', - 'switch_controller_dhcp_snooping_option82': 'enable', - 'switch_controller_dhcp_snooping_verify_mac': 'enable', - 'switch_controller_igmp_snooping': 'enable', - 'switch_controller_learning_limit': '142', - 'tcp_mss': '143', - 'trust_ip_1': 'test_value_144', - 'trust_ip_2': 'test_value_145', - 'trust_ip_3': 'test_value_146', - 'trust_ip6_1': 'test_value_147', - 'trust_ip6_2': 'test_value_148', - 'trust_ip6_3': 'test_value_149', - 'type': 'physical', - 'username': 'test_value_151', - 'vdom': 'test_value_152', - 'vindex': '153', - 'vlanforward': 'enable', - 'vlanid': '155', - 'vrf': '156', - 'vrrp_virtual_mac': 'enable', - 'wccp': 'enable', - 'weight': '159', - 'wins_ip': 'test_value_160' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_interface.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'interface', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_interface_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_interface': { - 'ac_name': 'test_value_3', - 'aggregate': 'test_value_4', - 'algorithm': 'L2', - 'alias': 'test_value_6', - 'ap_discover': 'enable', - 'arpforward': 'enable', - 'auth_type': 'auto', - 'auto_auth_extension_device': 'enable', - 'bfd': 'global', - 'bfd_desired_min_tx': '12', - 'bfd_detect_mult': '13', - 'bfd_required_min_rx': '14', - 'broadcast_forticlient_discovery': 'enable', - 'broadcast_forward': 'enable', - 'captive_portal': '17', - 'cli_conn_status': '18', - 'color': '19', - 'dedicated_to': 'none', - 'defaultgw': 'enable', - 'description': 'test_value_22', - 'detected_peer_mtu': '23', - 'detectprotocol': 'ping', - 'detectserver': 'test_value_25', - 'device_access_list': 'test_value_26', - 'device_identification': 'enable', - 'device_identification_active_scan': 'enable', - 'device_netscan': 'disable', - 'device_user_identification': 'enable', - 'devindex': '31', - 'dhcp_client_identifier': 'myId_32', - 'dhcp_relay_agent_option': 'enable', - 'dhcp_relay_ip': 'test_value_34', - 'dhcp_relay_service': 'disable', - 'dhcp_relay_type': 'regular', - 'dhcp_renew_time': '37', - 'disc_retry_timeout': '38', - 'disconnect_threshold': '39', - 'distance': '40', - 'dns_server_override': 'enable', - 'drop_fragment': 'enable', - 'drop_overlapped_fragment': 'enable', - 'egress_shaping_profile': 'test_value_44', - 'endpoint_compliance': 'enable', - 'estimated_downstream_bandwidth': '46', - 'estimated_upstream_bandwidth': '47', - 'explicit_ftp_proxy': 'enable', - 'explicit_web_proxy': 'enable', - 'external': 'enable', - 'fail_action_on_extender': 'soft-restart', - 'fail_alert_method': 'link-failed-signal', - 'fail_detect': 'enable', - 'fail_detect_option': 'detectserver', - 'fortiheartbeat': 'enable', - 'fortilink': 'enable', - 'fortilink_backup_link': '57', - 'fortilink_split_interface': 'enable', - 'fortilink_stacking': 'enable', - 'forward_domain': '60', - 'gwdetect': 'enable', - 'ha_priority': '62', - 'icmp_accept_redirect': 'enable', - 'icmp_send_redirect': 'enable', - 'ident_accept': 'enable', - 'idle_timeout': '66', - 'inbandwidth': '67', - 'ingress_spillover_threshold': '68', - 'interface': 'test_value_69', - 'internal': '70', - 'ip': 'test_value_71', - 'ipmac': 'enable', - 'ips_sniffer_mode': 'enable', - 'ipunnumbered': 'test_value_74', - 'l2forward': 'enable', - 'lacp_ha_slave': 'enable', - 'lacp_mode': 'static', - 'lacp_speed': 'slow', - 'lcp_echo_interval': '79', - 'lcp_max_echo_fails': '80', - 'link_up_delay': '81', - 'lldp_transmission': 'enable', - 'macaddr': 'test_value_83', - 'management_ip': 'test_value_84', - 'min_links': '85', - 'min_links_down': 'operational', - 'mode': 'static', - 'mtu': '88', - 'mtu_override': 'enable', - 'name': 'default_name_90', - 'ndiscforward': 'enable', - 'netbios_forward': 'disable', - 'netflow_sampler': 'disable', - 'outbandwidth': '94', - 'padt_retry_timeout': '95', - 'password': 'test_value_96', - 'ping_serv_status': '97', - 'polling_interval': '98', - 'pppoe_unnumbered_negotiate': 'enable', - 'pptp_auth_type': 'auto', - 'pptp_client': 'enable', - 'pptp_password': 'test_value_102', - 'pptp_server_ip': 'test_value_103', - 'pptp_timeout': '104', - 'pptp_user': 'test_value_105', - 'preserve_session_route': 'enable', - 'priority': '107', - 'priority_override': 'enable', - 'proxy_captive_portal': 'enable', - 'redundant_interface': 'test_value_110', - 'remote_ip': 'test_value_111', - 'replacemsg_override_group': 'test_value_112', - 'role': 'lan', - 'sample_direction': 'tx', - 'sample_rate': '115', - 'scan_botnet_connections': 'disable', - 'secondary_IP': 'enable', - 'security_exempt_list': 'test_value_118', - 'security_external_logout': 'test_value_119', - 'security_external_web': 'test_value_120', - 'security_mac_auth_bypass': 'enable', - 'security_mode': 'none', - 'security_redirect_url': 'test_value_123', - 'service_name': 'test_value_124', - 'sflow_sampler': 'enable', - 'snmp_index': '126', - 'speed': 'auto', - 'spillover_threshold': '128', - 'src_check': 'enable', - 'status': 'up', - 'stpforward': 'enable', - 'stpforward_mode': 'rpl-all-ext-id', - 'subst': 'enable', - 'substitute_dst_mac': 'test_value_134', - 'switch': 'test_value_135', - 'switch_controller_access_vlan': 'enable', - 'switch_controller_arp_inspection': 'enable', - 'switch_controller_dhcp_snooping': 'enable', - 'switch_controller_dhcp_snooping_option82': 'enable', - 'switch_controller_dhcp_snooping_verify_mac': 'enable', - 'switch_controller_igmp_snooping': 'enable', - 'switch_controller_learning_limit': '142', - 'tcp_mss': '143', - 'trust_ip_1': 'test_value_144', - 'trust_ip_2': 'test_value_145', - 'trust_ip_3': 'test_value_146', - 'trust_ip6_1': 'test_value_147', - 'trust_ip6_2': 'test_value_148', - 'trust_ip6_3': 'test_value_149', - 'type': 'physical', - 'username': 'test_value_151', - 'vdom': 'test_value_152', - 'vindex': '153', - 'vlanforward': 'enable', - 'vlanid': '155', - 'vrf': '156', - 'vrrp_virtual_mac': 'enable', - 'wccp': 'enable', - 'weight': '159', - 'wins_ip': 'test_value_160' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_interface.fortios_system(input_data, fos_instance) - - expected_data = { - 'ac-name': 'test_value_3', - 'aggregate': 'test_value_4', - 'algorithm': 'L2', - 'alias': 'test_value_6', - 'ap-discover': 'enable', - 'arpforward': 'enable', - 'auth-type': 'auto', - 'auto-auth-extension-device': 'enable', - 'bfd': 'global', - 'bfd-desired-min-tx': '12', - 'bfd-detect-mult': '13', - 'bfd-required-min-rx': '14', - 'broadcast-forticlient-discovery': 'enable', - 'broadcast-forward': 'enable', - 'captive-portal': '17', - 'cli-conn-status': '18', - 'color': '19', - 'dedicated-to': 'none', - 'defaultgw': 'enable', - 'description': 'test_value_22', - 'detected-peer-mtu': '23', - 'detectprotocol': 'ping', - 'detectserver': 'test_value_25', - 'device-access-list': 'test_value_26', - 'device-identification': 'enable', - 'device-identification-active-scan': 'enable', - 'device-netscan': 'disable', - 'device-user-identification': 'enable', - 'devindex': '31', - 'dhcp-client-identifier': 'myId_32', - 'dhcp-relay-agent-option': 'enable', - 'dhcp-relay-ip': 'test_value_34', - 'dhcp-relay-service': 'disable', - 'dhcp-relay-type': 'regular', - 'dhcp-renew-time': '37', - 'disc-retry-timeout': '38', - 'disconnect-threshold': '39', - 'distance': '40', - 'dns-server-override': 'enable', - 'drop-fragment': 'enable', - 'drop-overlapped-fragment': 'enable', - 'egress-shaping-profile': 'test_value_44', - 'endpoint-compliance': 'enable', - 'estimated-downstream-bandwidth': '46', - 'estimated-upstream-bandwidth': '47', - 'explicit-ftp-proxy': 'enable', - 'explicit-web-proxy': 'enable', - 'external': 'enable', - 'fail-action-on-extender': 'soft-restart', - 'fail-alert-method': 'link-failed-signal', - 'fail-detect': 'enable', - 'fail-detect-option': 'detectserver', - 'fortiheartbeat': 'enable', - 'fortilink': 'enable', - 'fortilink-backup-link': '57', - 'fortilink-split-interface': 'enable', - 'fortilink-stacking': 'enable', - 'forward-domain': '60', - 'gwdetect': 'enable', - 'ha-priority': '62', - 'icmp-accept-redirect': 'enable', - 'icmp-send-redirect': 'enable', - 'ident-accept': 'enable', - 'idle-timeout': '66', - 'inbandwidth': '67', - 'ingress-spillover-threshold': '68', - 'interface': 'test_value_69', - 'internal': '70', - 'ip': 'test_value_71', - 'ipmac': 'enable', - 'ips-sniffer-mode': 'enable', - 'ipunnumbered': 'test_value_74', - 'l2forward': 'enable', - 'lacp-ha-slave': 'enable', - 'lacp-mode': 'static', - 'lacp-speed': 'slow', - 'lcp-echo-interval': '79', - 'lcp-max-echo-fails': '80', - 'link-up-delay': '81', - 'lldp-transmission': 'enable', - 'macaddr': 'test_value_83', - 'management-ip': 'test_value_84', - 'min-links': '85', - 'min-links-down': 'operational', - 'mode': 'static', - 'mtu': '88', - 'mtu-override': 'enable', - 'name': 'default_name_90', - 'ndiscforward': 'enable', - 'netbios-forward': 'disable', - 'netflow-sampler': 'disable', - 'outbandwidth': '94', - 'padt-retry-timeout': '95', - 'password': 'test_value_96', - 'ping-serv-status': '97', - 'polling-interval': '98', - 'pppoe-unnumbered-negotiate': 'enable', - 'pptp-auth-type': 'auto', - 'pptp-client': 'enable', - 'pptp-password': 'test_value_102', - 'pptp-server-ip': 'test_value_103', - 'pptp-timeout': '104', - 'pptp-user': 'test_value_105', - 'preserve-session-route': 'enable', - 'priority': '107', - 'priority-override': 'enable', - 'proxy-captive-portal': 'enable', - 'redundant-interface': 'test_value_110', - 'remote-ip': 'test_value_111', - 'replacemsg-override-group': 'test_value_112', - 'role': 'lan', - 'sample-direction': 'tx', - 'sample-rate': '115', - 'scan-botnet-connections': 'disable', - 'secondary-IP': 'enable', - 'security-exempt-list': 'test_value_118', - 'security-external-logout': 'test_value_119', - 'security-external-web': 'test_value_120', - 'security-mac-auth-bypass': 'enable', - 'security-mode': 'none', - 'security-redirect-url': 'test_value_123', - 'service-name': 'test_value_124', - 'sflow-sampler': 'enable', - 'snmp-index': '126', - 'speed': 'auto', - 'spillover-threshold': '128', - 'src-check': 'enable', - 'status': 'up', - 'stpforward': 'enable', - 'stpforward-mode': 'rpl-all-ext-id', - 'subst': 'enable', - 'substitute-dst-mac': 'test_value_134', - 'switch': 'test_value_135', - 'switch-controller-access-vlan': 'enable', - 'switch-controller-arp-inspection': 'enable', - 'switch-controller-dhcp-snooping': 'enable', - 'switch-controller-dhcp-snooping-option82': 'enable', - 'switch-controller-dhcp-snooping-verify-mac': 'enable', - 'switch-controller-igmp-snooping': 'enable', - 'switch-controller-learning-limit': '142', - 'tcp-mss': '143', - 'trust-ip-1': 'test_value_144', - 'trust-ip-2': 'test_value_145', - 'trust-ip-3': 'test_value_146', - 'trust-ip6-1': 'test_value_147', - 'trust-ip6-2': 'test_value_148', - 'trust-ip6-3': 'test_value_149', - 'type': 'physical', - 'username': 'test_value_151', - 'vdom': 'test_value_152', - 'vindex': '153', - 'vlanforward': 'enable', - 'vlanid': '155', - 'vrf': '156', - 'vrrp-virtual-mac': 'enable', - 'wccp': 'enable', - 'weight': '159', - 'wins-ip': 'test_value_160' - } - - set_method_mock.assert_called_with('system', 'interface', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_interface_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_interface': { - 'random_attribute_not_valid': 'tag', - 'ac_name': 'test_value_3', - 'aggregate': 'test_value_4', - 'algorithm': 'L2', - 'alias': 'test_value_6', - 'ap_discover': 'enable', - 'arpforward': 'enable', - 'auth_type': 'auto', - 'auto_auth_extension_device': 'enable', - 'bfd': 'global', - 'bfd_desired_min_tx': '12', - 'bfd_detect_mult': '13', - 'bfd_required_min_rx': '14', - 'broadcast_forticlient_discovery': 'enable', - 'broadcast_forward': 'enable', - 'captive_portal': '17', - 'cli_conn_status': '18', - 'color': '19', - 'dedicated_to': 'none', - 'defaultgw': 'enable', - 'description': 'test_value_22', - 'detected_peer_mtu': '23', - 'detectprotocol': 'ping', - 'detectserver': 'test_value_25', - 'device_access_list': 'test_value_26', - 'device_identification': 'enable', - 'device_identification_active_scan': 'enable', - 'device_netscan': 'disable', - 'device_user_identification': 'enable', - 'devindex': '31', - 'dhcp_client_identifier': 'myId_32', - 'dhcp_relay_agent_option': 'enable', - 'dhcp_relay_ip': 'test_value_34', - 'dhcp_relay_service': 'disable', - 'dhcp_relay_type': 'regular', - 'dhcp_renew_time': '37', - 'disc_retry_timeout': '38', - 'disconnect_threshold': '39', - 'distance': '40', - 'dns_server_override': 'enable', - 'drop_fragment': 'enable', - 'drop_overlapped_fragment': 'enable', - 'egress_shaping_profile': 'test_value_44', - 'endpoint_compliance': 'enable', - 'estimated_downstream_bandwidth': '46', - 'estimated_upstream_bandwidth': '47', - 'explicit_ftp_proxy': 'enable', - 'explicit_web_proxy': 'enable', - 'external': 'enable', - 'fail_action_on_extender': 'soft-restart', - 'fail_alert_method': 'link-failed-signal', - 'fail_detect': 'enable', - 'fail_detect_option': 'detectserver', - 'fortiheartbeat': 'enable', - 'fortilink': 'enable', - 'fortilink_backup_link': '57', - 'fortilink_split_interface': 'enable', - 'fortilink_stacking': 'enable', - 'forward_domain': '60', - 'gwdetect': 'enable', - 'ha_priority': '62', - 'icmp_accept_redirect': 'enable', - 'icmp_send_redirect': 'enable', - 'ident_accept': 'enable', - 'idle_timeout': '66', - 'inbandwidth': '67', - 'ingress_spillover_threshold': '68', - 'interface': 'test_value_69', - 'internal': '70', - 'ip': 'test_value_71', - 'ipmac': 'enable', - 'ips_sniffer_mode': 'enable', - 'ipunnumbered': 'test_value_74', - 'l2forward': 'enable', - 'lacp_ha_slave': 'enable', - 'lacp_mode': 'static', - 'lacp_speed': 'slow', - 'lcp_echo_interval': '79', - 'lcp_max_echo_fails': '80', - 'link_up_delay': '81', - 'lldp_transmission': 'enable', - 'macaddr': 'test_value_83', - 'management_ip': 'test_value_84', - 'min_links': '85', - 'min_links_down': 'operational', - 'mode': 'static', - 'mtu': '88', - 'mtu_override': 'enable', - 'name': 'default_name_90', - 'ndiscforward': 'enable', - 'netbios_forward': 'disable', - 'netflow_sampler': 'disable', - 'outbandwidth': '94', - 'padt_retry_timeout': '95', - 'password': 'test_value_96', - 'ping_serv_status': '97', - 'polling_interval': '98', - 'pppoe_unnumbered_negotiate': 'enable', - 'pptp_auth_type': 'auto', - 'pptp_client': 'enable', - 'pptp_password': 'test_value_102', - 'pptp_server_ip': 'test_value_103', - 'pptp_timeout': '104', - 'pptp_user': 'test_value_105', - 'preserve_session_route': 'enable', - 'priority': '107', - 'priority_override': 'enable', - 'proxy_captive_portal': 'enable', - 'redundant_interface': 'test_value_110', - 'remote_ip': 'test_value_111', - 'replacemsg_override_group': 'test_value_112', - 'role': 'lan', - 'sample_direction': 'tx', - 'sample_rate': '115', - 'scan_botnet_connections': 'disable', - 'secondary_IP': 'enable', - 'security_exempt_list': 'test_value_118', - 'security_external_logout': 'test_value_119', - 'security_external_web': 'test_value_120', - 'security_mac_auth_bypass': 'enable', - 'security_mode': 'none', - 'security_redirect_url': 'test_value_123', - 'service_name': 'test_value_124', - 'sflow_sampler': 'enable', - 'snmp_index': '126', - 'speed': 'auto', - 'spillover_threshold': '128', - 'src_check': 'enable', - 'status': 'up', - 'stpforward': 'enable', - 'stpforward_mode': 'rpl-all-ext-id', - 'subst': 'enable', - 'substitute_dst_mac': 'test_value_134', - 'switch': 'test_value_135', - 'switch_controller_access_vlan': 'enable', - 'switch_controller_arp_inspection': 'enable', - 'switch_controller_dhcp_snooping': 'enable', - 'switch_controller_dhcp_snooping_option82': 'enable', - 'switch_controller_dhcp_snooping_verify_mac': 'enable', - 'switch_controller_igmp_snooping': 'enable', - 'switch_controller_learning_limit': '142', - 'tcp_mss': '143', - 'trust_ip_1': 'test_value_144', - 'trust_ip_2': 'test_value_145', - 'trust_ip_3': 'test_value_146', - 'trust_ip6_1': 'test_value_147', - 'trust_ip6_2': 'test_value_148', - 'trust_ip6_3': 'test_value_149', - 'type': 'physical', - 'username': 'test_value_151', - 'vdom': 'test_value_152', - 'vindex': '153', - 'vlanforward': 'enable', - 'vlanid': '155', - 'vrf': '156', - 'vrrp_virtual_mac': 'enable', - 'wccp': 'enable', - 'weight': '159', - 'wins_ip': 'test_value_160' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_interface.fortios_system(input_data, fos_instance) - - expected_data = { - 'ac-name': 'test_value_3', - 'aggregate': 'test_value_4', - 'algorithm': 'L2', - 'alias': 'test_value_6', - 'ap-discover': 'enable', - 'arpforward': 'enable', - 'auth-type': 'auto', - 'auto-auth-extension-device': 'enable', - 'bfd': 'global', - 'bfd-desired-min-tx': '12', - 'bfd-detect-mult': '13', - 'bfd-required-min-rx': '14', - 'broadcast-forticlient-discovery': 'enable', - 'broadcast-forward': 'enable', - 'captive-portal': '17', - 'cli-conn-status': '18', - 'color': '19', - 'dedicated-to': 'none', - 'defaultgw': 'enable', - 'description': 'test_value_22', - 'detected-peer-mtu': '23', - 'detectprotocol': 'ping', - 'detectserver': 'test_value_25', - 'device-access-list': 'test_value_26', - 'device-identification': 'enable', - 'device-identification-active-scan': 'enable', - 'device-netscan': 'disable', - 'device-user-identification': 'enable', - 'devindex': '31', - 'dhcp-client-identifier': 'myId_32', - 'dhcp-relay-agent-option': 'enable', - 'dhcp-relay-ip': 'test_value_34', - 'dhcp-relay-service': 'disable', - 'dhcp-relay-type': 'regular', - 'dhcp-renew-time': '37', - 'disc-retry-timeout': '38', - 'disconnect-threshold': '39', - 'distance': '40', - 'dns-server-override': 'enable', - 'drop-fragment': 'enable', - 'drop-overlapped-fragment': 'enable', - 'egress-shaping-profile': 'test_value_44', - 'endpoint-compliance': 'enable', - 'estimated-downstream-bandwidth': '46', - 'estimated-upstream-bandwidth': '47', - 'explicit-ftp-proxy': 'enable', - 'explicit-web-proxy': 'enable', - 'external': 'enable', - 'fail-action-on-extender': 'soft-restart', - 'fail-alert-method': 'link-failed-signal', - 'fail-detect': 'enable', - 'fail-detect-option': 'detectserver', - 'fortiheartbeat': 'enable', - 'fortilink': 'enable', - 'fortilink-backup-link': '57', - 'fortilink-split-interface': 'enable', - 'fortilink-stacking': 'enable', - 'forward-domain': '60', - 'gwdetect': 'enable', - 'ha-priority': '62', - 'icmp-accept-redirect': 'enable', - 'icmp-send-redirect': 'enable', - 'ident-accept': 'enable', - 'idle-timeout': '66', - 'inbandwidth': '67', - 'ingress-spillover-threshold': '68', - 'interface': 'test_value_69', - 'internal': '70', - 'ip': 'test_value_71', - 'ipmac': 'enable', - 'ips-sniffer-mode': 'enable', - 'ipunnumbered': 'test_value_74', - 'l2forward': 'enable', - 'lacp-ha-slave': 'enable', - 'lacp-mode': 'static', - 'lacp-speed': 'slow', - 'lcp-echo-interval': '79', - 'lcp-max-echo-fails': '80', - 'link-up-delay': '81', - 'lldp-transmission': 'enable', - 'macaddr': 'test_value_83', - 'management-ip': 'test_value_84', - 'min-links': '85', - 'min-links-down': 'operational', - 'mode': 'static', - 'mtu': '88', - 'mtu-override': 'enable', - 'name': 'default_name_90', - 'ndiscforward': 'enable', - 'netbios-forward': 'disable', - 'netflow-sampler': 'disable', - 'outbandwidth': '94', - 'padt-retry-timeout': '95', - 'password': 'test_value_96', - 'ping-serv-status': '97', - 'polling-interval': '98', - 'pppoe-unnumbered-negotiate': 'enable', - 'pptp-auth-type': 'auto', - 'pptp-client': 'enable', - 'pptp-password': 'test_value_102', - 'pptp-server-ip': 'test_value_103', - 'pptp-timeout': '104', - 'pptp-user': 'test_value_105', - 'preserve-session-route': 'enable', - 'priority': '107', - 'priority-override': 'enable', - 'proxy-captive-portal': 'enable', - 'redundant-interface': 'test_value_110', - 'remote-ip': 'test_value_111', - 'replacemsg-override-group': 'test_value_112', - 'role': 'lan', - 'sample-direction': 'tx', - 'sample-rate': '115', - 'scan-botnet-connections': 'disable', - 'secondary-IP': 'enable', - 'security-exempt-list': 'test_value_118', - 'security-external-logout': 'test_value_119', - 'security-external-web': 'test_value_120', - 'security-mac-auth-bypass': 'enable', - 'security-mode': 'none', - 'security-redirect-url': 'test_value_123', - 'service-name': 'test_value_124', - 'sflow-sampler': 'enable', - 'snmp-index': '126', - 'speed': 'auto', - 'spillover-threshold': '128', - 'src-check': 'enable', - 'status': 'up', - 'stpforward': 'enable', - 'stpforward-mode': 'rpl-all-ext-id', - 'subst': 'enable', - 'substitute-dst-mac': 'test_value_134', - 'switch': 'test_value_135', - 'switch-controller-access-vlan': 'enable', - 'switch-controller-arp-inspection': 'enable', - 'switch-controller-dhcp-snooping': 'enable', - 'switch-controller-dhcp-snooping-option82': 'enable', - 'switch-controller-dhcp-snooping-verify-mac': 'enable', - 'switch-controller-igmp-snooping': 'enable', - 'switch-controller-learning-limit': '142', - 'tcp-mss': '143', - 'trust-ip-1': 'test_value_144', - 'trust-ip-2': 'test_value_145', - 'trust-ip-3': 'test_value_146', - 'trust-ip6-1': 'test_value_147', - 'trust-ip6-2': 'test_value_148', - 'trust-ip6-3': 'test_value_149', - 'type': 'physical', - 'username': 'test_value_151', - 'vdom': 'test_value_152', - 'vindex': '153', - 'vlanforward': 'enable', - 'vlanid': '155', - 'vrf': '156', - 'vrrp-virtual-mac': 'enable', - 'wccp': 'enable', - 'weight': '159', - 'wins-ip': 'test_value_160' - } - - set_method_mock.assert_called_with('system', 'interface', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_ipip_tunnel.py b/test/units/modules/network/fortios/test_fortios_system_ipip_tunnel.py deleted file mode 100644 index 4471f61cdd4..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_ipip_tunnel.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_ipip_tunnel -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_ipip_tunnel.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_ipip_tunnel_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ipip_tunnel': { - 'interface': 'test_value_3', - 'local_gw': 'test_value_4', - 'name': 'default_name_5', - 'remote_gw': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ipip_tunnel.fortios_system(input_data, fos_instance) - - expected_data = { - 'interface': 'test_value_3', - 'local-gw': 'test_value_4', - 'name': 'default_name_5', - 'remote-gw': 'test_value_6' - } - - set_method_mock.assert_called_with('system', 'ipip-tunnel', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_ipip_tunnel_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ipip_tunnel': { - 'interface': 'test_value_3', - 'local_gw': 'test_value_4', - 'name': 'default_name_5', - 'remote_gw': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ipip_tunnel.fortios_system(input_data, fos_instance) - - expected_data = { - 'interface': 'test_value_3', - 'local-gw': 'test_value_4', - 'name': 'default_name_5', - 'remote-gw': 'test_value_6' - } - - set_method_mock.assert_called_with('system', 'ipip-tunnel', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_ipip_tunnel_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_ipip_tunnel': { - 'interface': 'test_value_3', - 'local_gw': 'test_value_4', - 'name': 'default_name_5', - 'remote_gw': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ipip_tunnel.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'ipip-tunnel', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_ipip_tunnel_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_ipip_tunnel': { - 'interface': 'test_value_3', - 'local_gw': 'test_value_4', - 'name': 'default_name_5', - 'remote_gw': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ipip_tunnel.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'ipip-tunnel', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_ipip_tunnel_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ipip_tunnel': { - 'interface': 'test_value_3', - 'local_gw': 'test_value_4', - 'name': 'default_name_5', - 'remote_gw': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ipip_tunnel.fortios_system(input_data, fos_instance) - - expected_data = { - 'interface': 'test_value_3', - 'local-gw': 'test_value_4', - 'name': 'default_name_5', - 'remote-gw': 'test_value_6' - } - - set_method_mock.assert_called_with('system', 'ipip-tunnel', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_ipip_tunnel_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ipip_tunnel': { - 'random_attribute_not_valid': 'tag', - 'interface': 'test_value_3', - 'local_gw': 'test_value_4', - 'name': 'default_name_5', - 'remote_gw': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ipip_tunnel.fortios_system(input_data, fos_instance) - - expected_data = { - 'interface': 'test_value_3', - 'local-gw': 'test_value_4', - 'name': 'default_name_5', - 'remote-gw': 'test_value_6' - } - - set_method_mock.assert_called_with('system', 'ipip-tunnel', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_ips_urlfilter_dns.py b/test/units/modules/network/fortios/test_fortios_system_ips_urlfilter_dns.py deleted file mode 100644 index dd684b3e4de..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_ips_urlfilter_dns.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_ips_urlfilter_dns -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_ips_urlfilter_dns.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_ips_urlfilter_dns_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ips_urlfilter_dns': { - 'address': 'test_value_3', - 'ipv6_capability': 'enable', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ips_urlfilter_dns.fortios_system(input_data, fos_instance) - - expected_data = { - 'address': 'test_value_3', - 'ipv6-capability': 'enable', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'ips-urlfilter-dns', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_ips_urlfilter_dns_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ips_urlfilter_dns': { - 'address': 'test_value_3', - 'ipv6_capability': 'enable', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ips_urlfilter_dns.fortios_system(input_data, fos_instance) - - expected_data = { - 'address': 'test_value_3', - 'ipv6-capability': 'enable', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'ips-urlfilter-dns', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_ips_urlfilter_dns_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_ips_urlfilter_dns': { - 'address': 'test_value_3', - 'ipv6_capability': 'enable', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ips_urlfilter_dns.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'ips-urlfilter-dns', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_ips_urlfilter_dns_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_ips_urlfilter_dns': { - 'address': 'test_value_3', - 'ipv6_capability': 'enable', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ips_urlfilter_dns.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'ips-urlfilter-dns', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_ips_urlfilter_dns_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ips_urlfilter_dns': { - 'address': 'test_value_3', - 'ipv6_capability': 'enable', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ips_urlfilter_dns.fortios_system(input_data, fos_instance) - - expected_data = { - 'address': 'test_value_3', - 'ipv6-capability': 'enable', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'ips-urlfilter-dns', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_ips_urlfilter_dns_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ips_urlfilter_dns': { - 'random_attribute_not_valid': 'tag', - 'address': 'test_value_3', - 'ipv6_capability': 'enable', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ips_urlfilter_dns.fortios_system(input_data, fos_instance) - - expected_data = { - 'address': 'test_value_3', - 'ipv6-capability': 'enable', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'ips-urlfilter-dns', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_ips_urlfilter_dns6.py b/test/units/modules/network/fortios/test_fortios_system_ips_urlfilter_dns6.py deleted file mode 100644 index aaa4d87c8cd..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_ips_urlfilter_dns6.py +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_ips_urlfilter_dns6 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_ips_urlfilter_dns6.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_ips_urlfilter_dns6_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ips_urlfilter_dns6': { - 'address6': 'test_value_3', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ips_urlfilter_dns6.fortios_system(input_data, fos_instance) - - expected_data = { - 'address6': 'test_value_3', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'ips-urlfilter-dns6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_ips_urlfilter_dns6_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ips_urlfilter_dns6': { - 'address6': 'test_value_3', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ips_urlfilter_dns6.fortios_system(input_data, fos_instance) - - expected_data = { - 'address6': 'test_value_3', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'ips-urlfilter-dns6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_ips_urlfilter_dns6_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_ips_urlfilter_dns6': { - 'address6': 'test_value_3', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ips_urlfilter_dns6.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'ips-urlfilter-dns6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_ips_urlfilter_dns6_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_ips_urlfilter_dns6': { - 'address6': 'test_value_3', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ips_urlfilter_dns6.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'ips-urlfilter-dns6', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_ips_urlfilter_dns6_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ips_urlfilter_dns6': { - 'address6': 'test_value_3', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ips_urlfilter_dns6.fortios_system(input_data, fos_instance) - - expected_data = { - 'address6': 'test_value_3', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'ips-urlfilter-dns6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_ips_urlfilter_dns6_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ips_urlfilter_dns6': { - 'random_attribute_not_valid': 'tag', - 'address6': 'test_value_3', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ips_urlfilter_dns6.fortios_system(input_data, fos_instance) - - expected_data = { - 'address6': 'test_value_3', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'ips-urlfilter-dns6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_ipv6_neighbor_cache.py b/test/units/modules/network/fortios/test_fortios_system_ipv6_neighbor_cache.py deleted file mode 100644 index 90dc1dc71d8..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_ipv6_neighbor_cache.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_ipv6_neighbor_cache -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_ipv6_neighbor_cache.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_ipv6_neighbor_cache_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ipv6_neighbor_cache': { - 'id': '3', - 'interface': 'test_value_4', - 'ipv6': 'test_value_5', - 'mac': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ipv6_neighbor_cache.fortios_system(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'interface': 'test_value_4', - 'ipv6': 'test_value_5', - 'mac': 'test_value_6' - } - - set_method_mock.assert_called_with('system', 'ipv6-neighbor-cache', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_ipv6_neighbor_cache_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ipv6_neighbor_cache': { - 'id': '3', - 'interface': 'test_value_4', - 'ipv6': 'test_value_5', - 'mac': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ipv6_neighbor_cache.fortios_system(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'interface': 'test_value_4', - 'ipv6': 'test_value_5', - 'mac': 'test_value_6' - } - - set_method_mock.assert_called_with('system', 'ipv6-neighbor-cache', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_ipv6_neighbor_cache_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_ipv6_neighbor_cache': { - 'id': '3', - 'interface': 'test_value_4', - 'ipv6': 'test_value_5', - 'mac': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ipv6_neighbor_cache.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'ipv6-neighbor-cache', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_ipv6_neighbor_cache_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_ipv6_neighbor_cache': { - 'id': '3', - 'interface': 'test_value_4', - 'ipv6': 'test_value_5', - 'mac': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ipv6_neighbor_cache.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'ipv6-neighbor-cache', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_ipv6_neighbor_cache_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ipv6_neighbor_cache': { - 'id': '3', - 'interface': 'test_value_4', - 'ipv6': 'test_value_5', - 'mac': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ipv6_neighbor_cache.fortios_system(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'interface': 'test_value_4', - 'ipv6': 'test_value_5', - 'mac': 'test_value_6' - } - - set_method_mock.assert_called_with('system', 'ipv6-neighbor-cache', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_ipv6_neighbor_cache_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ipv6_neighbor_cache': { - 'random_attribute_not_valid': 'tag', - 'id': '3', - 'interface': 'test_value_4', - 'ipv6': 'test_value_5', - 'mac': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ipv6_neighbor_cache.fortios_system(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'interface': 'test_value_4', - 'ipv6': 'test_value_5', - 'mac': 'test_value_6' - } - - set_method_mock.assert_called_with('system', 'ipv6-neighbor-cache', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_ipv6_tunnel.py b/test/units/modules/network/fortios/test_fortios_system_ipv6_tunnel.py deleted file mode 100644 index b8706ce4744..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_ipv6_tunnel.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_ipv6_tunnel -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_ipv6_tunnel.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_ipv6_tunnel_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ipv6_tunnel': { - 'destination': 'test_value_3', - 'interface': 'test_value_4', - 'name': 'default_name_5', - 'source': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ipv6_tunnel.fortios_system(input_data, fos_instance) - - expected_data = { - 'destination': 'test_value_3', - 'interface': 'test_value_4', - 'name': 'default_name_5', - 'source': 'test_value_6' - } - - set_method_mock.assert_called_with('system', 'ipv6-tunnel', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_ipv6_tunnel_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ipv6_tunnel': { - 'destination': 'test_value_3', - 'interface': 'test_value_4', - 'name': 'default_name_5', - 'source': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ipv6_tunnel.fortios_system(input_data, fos_instance) - - expected_data = { - 'destination': 'test_value_3', - 'interface': 'test_value_4', - 'name': 'default_name_5', - 'source': 'test_value_6' - } - - set_method_mock.assert_called_with('system', 'ipv6-tunnel', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_ipv6_tunnel_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_ipv6_tunnel': { - 'destination': 'test_value_3', - 'interface': 'test_value_4', - 'name': 'default_name_5', - 'source': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ipv6_tunnel.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'ipv6-tunnel', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_ipv6_tunnel_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_ipv6_tunnel': { - 'destination': 'test_value_3', - 'interface': 'test_value_4', - 'name': 'default_name_5', - 'source': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ipv6_tunnel.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'ipv6-tunnel', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_ipv6_tunnel_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ipv6_tunnel': { - 'destination': 'test_value_3', - 'interface': 'test_value_4', - 'name': 'default_name_5', - 'source': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ipv6_tunnel.fortios_system(input_data, fos_instance) - - expected_data = { - 'destination': 'test_value_3', - 'interface': 'test_value_4', - 'name': 'default_name_5', - 'source': 'test_value_6' - } - - set_method_mock.assert_called_with('system', 'ipv6-tunnel', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_ipv6_tunnel_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ipv6_tunnel': { - 'random_attribute_not_valid': 'tag', - 'destination': 'test_value_3', - 'interface': 'test_value_4', - 'name': 'default_name_5', - 'source': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ipv6_tunnel.fortios_system(input_data, fos_instance) - - expected_data = { - 'destination': 'test_value_3', - 'interface': 'test_value_4', - 'name': 'default_name_5', - 'source': 'test_value_6' - } - - set_method_mock.assert_called_with('system', 'ipv6-tunnel', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_link_monitor.py b/test/units/modules/network/fortios/test_fortios_system_link_monitor.py deleted file mode 100644 index db708537454..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_link_monitor.py +++ /dev/null @@ -1,409 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_link_monitor -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_link_monitor.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_link_monitor_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_link_monitor': { - 'addr_mode': 'ipv4', - 'failtime': '4', - 'gateway_ip': 'test_value_5', - 'gateway_ip6': 'test_value_6', - 'ha_priority': '7', - 'http_agent': 'test_value_8', - 'http_get': 'test_value_9', - 'http_match': 'test_value_10', - 'interval': '11', - 'name': 'default_name_12', - 'packet_size': '13', - 'password': 'test_value_14', - 'port': '15', - 'protocol': 'ping', - 'recoverytime': '17', - 'security_mode': 'none', - 'source_ip': '84.230.14.19', - 'source_ip6': 'test_value_20', - 'srcintf': 'test_value_21', - 'status': 'enable', - 'update_cascade_interface': 'enable', - 'update_static_route': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_link_monitor.fortios_system(input_data, fos_instance) - - expected_data = { - 'addr-mode': 'ipv4', - 'failtime': '4', - 'gateway-ip': 'test_value_5', - 'gateway-ip6': 'test_value_6', - 'ha-priority': '7', - 'http-agent': 'test_value_8', - 'http-get': 'test_value_9', - 'http-match': 'test_value_10', - 'interval': '11', - 'name': 'default_name_12', - 'packet-size': '13', - 'password': 'test_value_14', - 'port': '15', - 'protocol': 'ping', - 'recoverytime': '17', - 'security-mode': 'none', - 'source-ip': '84.230.14.19', - 'source-ip6': 'test_value_20', - 'srcintf': 'test_value_21', - 'status': 'enable', - 'update-cascade-interface': 'enable', - 'update-static-route': 'enable' - } - - set_method_mock.assert_called_with('system', 'link-monitor', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_link_monitor_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_link_monitor': { - 'addr_mode': 'ipv4', - 'failtime': '4', - 'gateway_ip': 'test_value_5', - 'gateway_ip6': 'test_value_6', - 'ha_priority': '7', - 'http_agent': 'test_value_8', - 'http_get': 'test_value_9', - 'http_match': 'test_value_10', - 'interval': '11', - 'name': 'default_name_12', - 'packet_size': '13', - 'password': 'test_value_14', - 'port': '15', - 'protocol': 'ping', - 'recoverytime': '17', - 'security_mode': 'none', - 'source_ip': '84.230.14.19', - 'source_ip6': 'test_value_20', - 'srcintf': 'test_value_21', - 'status': 'enable', - 'update_cascade_interface': 'enable', - 'update_static_route': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_link_monitor.fortios_system(input_data, fos_instance) - - expected_data = { - 'addr-mode': 'ipv4', - 'failtime': '4', - 'gateway-ip': 'test_value_5', - 'gateway-ip6': 'test_value_6', - 'ha-priority': '7', - 'http-agent': 'test_value_8', - 'http-get': 'test_value_9', - 'http-match': 'test_value_10', - 'interval': '11', - 'name': 'default_name_12', - 'packet-size': '13', - 'password': 'test_value_14', - 'port': '15', - 'protocol': 'ping', - 'recoverytime': '17', - 'security-mode': 'none', - 'source-ip': '84.230.14.19', - 'source-ip6': 'test_value_20', - 'srcintf': 'test_value_21', - 'status': 'enable', - 'update-cascade-interface': 'enable', - 'update-static-route': 'enable' - } - - set_method_mock.assert_called_with('system', 'link-monitor', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_link_monitor_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_link_monitor': { - 'addr_mode': 'ipv4', - 'failtime': '4', - 'gateway_ip': 'test_value_5', - 'gateway_ip6': 'test_value_6', - 'ha_priority': '7', - 'http_agent': 'test_value_8', - 'http_get': 'test_value_9', - 'http_match': 'test_value_10', - 'interval': '11', - 'name': 'default_name_12', - 'packet_size': '13', - 'password': 'test_value_14', - 'port': '15', - 'protocol': 'ping', - 'recoverytime': '17', - 'security_mode': 'none', - 'source_ip': '84.230.14.19', - 'source_ip6': 'test_value_20', - 'srcintf': 'test_value_21', - 'status': 'enable', - 'update_cascade_interface': 'enable', - 'update_static_route': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_link_monitor.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'link-monitor', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_link_monitor_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_link_monitor': { - 'addr_mode': 'ipv4', - 'failtime': '4', - 'gateway_ip': 'test_value_5', - 'gateway_ip6': 'test_value_6', - 'ha_priority': '7', - 'http_agent': 'test_value_8', - 'http_get': 'test_value_9', - 'http_match': 'test_value_10', - 'interval': '11', - 'name': 'default_name_12', - 'packet_size': '13', - 'password': 'test_value_14', - 'port': '15', - 'protocol': 'ping', - 'recoverytime': '17', - 'security_mode': 'none', - 'source_ip': '84.230.14.19', - 'source_ip6': 'test_value_20', - 'srcintf': 'test_value_21', - 'status': 'enable', - 'update_cascade_interface': 'enable', - 'update_static_route': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_link_monitor.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'link-monitor', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_link_monitor_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_link_monitor': { - 'addr_mode': 'ipv4', - 'failtime': '4', - 'gateway_ip': 'test_value_5', - 'gateway_ip6': 'test_value_6', - 'ha_priority': '7', - 'http_agent': 'test_value_8', - 'http_get': 'test_value_9', - 'http_match': 'test_value_10', - 'interval': '11', - 'name': 'default_name_12', - 'packet_size': '13', - 'password': 'test_value_14', - 'port': '15', - 'protocol': 'ping', - 'recoverytime': '17', - 'security_mode': 'none', - 'source_ip': '84.230.14.19', - 'source_ip6': 'test_value_20', - 'srcintf': 'test_value_21', - 'status': 'enable', - 'update_cascade_interface': 'enable', - 'update_static_route': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_link_monitor.fortios_system(input_data, fos_instance) - - expected_data = { - 'addr-mode': 'ipv4', - 'failtime': '4', - 'gateway-ip': 'test_value_5', - 'gateway-ip6': 'test_value_6', - 'ha-priority': '7', - 'http-agent': 'test_value_8', - 'http-get': 'test_value_9', - 'http-match': 'test_value_10', - 'interval': '11', - 'name': 'default_name_12', - 'packet-size': '13', - 'password': 'test_value_14', - 'port': '15', - 'protocol': 'ping', - 'recoverytime': '17', - 'security-mode': 'none', - 'source-ip': '84.230.14.19', - 'source-ip6': 'test_value_20', - 'srcintf': 'test_value_21', - 'status': 'enable', - 'update-cascade-interface': 'enable', - 'update-static-route': 'enable' - } - - set_method_mock.assert_called_with('system', 'link-monitor', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_link_monitor_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_link_monitor': { - 'random_attribute_not_valid': 'tag', - 'addr_mode': 'ipv4', - 'failtime': '4', - 'gateway_ip': 'test_value_5', - 'gateway_ip6': 'test_value_6', - 'ha_priority': '7', - 'http_agent': 'test_value_8', - 'http_get': 'test_value_9', - 'http_match': 'test_value_10', - 'interval': '11', - 'name': 'default_name_12', - 'packet_size': '13', - 'password': 'test_value_14', - 'port': '15', - 'protocol': 'ping', - 'recoverytime': '17', - 'security_mode': 'none', - 'source_ip': '84.230.14.19', - 'source_ip6': 'test_value_20', - 'srcintf': 'test_value_21', - 'status': 'enable', - 'update_cascade_interface': 'enable', - 'update_static_route': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_link_monitor.fortios_system(input_data, fos_instance) - - expected_data = { - 'addr-mode': 'ipv4', - 'failtime': '4', - 'gateway-ip': 'test_value_5', - 'gateway-ip6': 'test_value_6', - 'ha-priority': '7', - 'http-agent': 'test_value_8', - 'http-get': 'test_value_9', - 'http-match': 'test_value_10', - 'interval': '11', - 'name': 'default_name_12', - 'packet-size': '13', - 'password': 'test_value_14', - 'port': '15', - 'protocol': 'ping', - 'recoverytime': '17', - 'security-mode': 'none', - 'source-ip': '84.230.14.19', - 'source-ip6': 'test_value_20', - 'srcintf': 'test_value_21', - 'status': 'enable', - 'update-cascade-interface': 'enable', - 'update-static-route': 'enable' - } - - set_method_mock.assert_called_with('system', 'link-monitor', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_mac_address_table.py b/test/units/modules/network/fortios/test_fortios_system_mac_address_table.py deleted file mode 100644 index ec60a34f8a0..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_mac_address_table.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_mac_address_table -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_mac_address_table.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_mac_address_table_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_mac_address_table': { - 'interface': 'test_value_3', - 'mac': 'test_value_4', - 'reply_substitute': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_mac_address_table.fortios_system(input_data, fos_instance) - - expected_data = { - 'interface': 'test_value_3', - 'mac': 'test_value_4', - 'reply-substitute': 'test_value_5' - } - - set_method_mock.assert_called_with('system', 'mac-address-table', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_mac_address_table_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_mac_address_table': { - 'interface': 'test_value_3', - 'mac': 'test_value_4', - 'reply_substitute': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_mac_address_table.fortios_system(input_data, fos_instance) - - expected_data = { - 'interface': 'test_value_3', - 'mac': 'test_value_4', - 'reply-substitute': 'test_value_5' - } - - set_method_mock.assert_called_with('system', 'mac-address-table', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_mac_address_table_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_mac_address_table': { - 'interface': 'test_value_3', - 'mac': 'test_value_4', - 'reply_substitute': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_mac_address_table.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'mac-address-table', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_mac_address_table_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_mac_address_table': { - 'interface': 'test_value_3', - 'mac': 'test_value_4', - 'reply_substitute': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_mac_address_table.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'mac-address-table', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_mac_address_table_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_mac_address_table': { - 'interface': 'test_value_3', - 'mac': 'test_value_4', - 'reply_substitute': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_mac_address_table.fortios_system(input_data, fos_instance) - - expected_data = { - 'interface': 'test_value_3', - 'mac': 'test_value_4', - 'reply-substitute': 'test_value_5' - } - - set_method_mock.assert_called_with('system', 'mac-address-table', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_mac_address_table_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_mac_address_table': { - 'random_attribute_not_valid': 'tag', - 'interface': 'test_value_3', - 'mac': 'test_value_4', - 'reply_substitute': 'test_value_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_mac_address_table.fortios_system(input_data, fos_instance) - - expected_data = { - 'interface': 'test_value_3', - 'mac': 'test_value_4', - 'reply-substitute': 'test_value_5' - } - - set_method_mock.assert_called_with('system', 'mac-address-table', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_management_tunnel.py b/test/units/modules/network/fortios/test_fortios_system_management_tunnel.py deleted file mode 100644 index 8eded28426d..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_management_tunnel.py +++ /dev/null @@ -1,199 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_management_tunnel -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_management_tunnel.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_management_tunnel_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_management_tunnel': { - 'allow_collect_statistics': 'enable', - 'allow_config_restore': 'enable', - 'allow_push_configuration': 'enable', - 'allow_push_firmware': 'enable', - 'authorized_manager_only': 'enable', - 'serial_number': 'test_value_8', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_management_tunnel.fortios_system(input_data, fos_instance) - - expected_data = { - 'allow-collect-statistics': 'enable', - 'allow-config-restore': 'enable', - 'allow-push-configuration': 'enable', - 'allow-push-firmware': 'enable', - 'authorized-manager-only': 'enable', - 'serial-number': 'test_value_8', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'management-tunnel', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_management_tunnel_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_management_tunnel': { - 'allow_collect_statistics': 'enable', - 'allow_config_restore': 'enable', - 'allow_push_configuration': 'enable', - 'allow_push_firmware': 'enable', - 'authorized_manager_only': 'enable', - 'serial_number': 'test_value_8', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_management_tunnel.fortios_system(input_data, fos_instance) - - expected_data = { - 'allow-collect-statistics': 'enable', - 'allow-config-restore': 'enable', - 'allow-push-configuration': 'enable', - 'allow-push-firmware': 'enable', - 'authorized-manager-only': 'enable', - 'serial-number': 'test_value_8', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'management-tunnel', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_management_tunnel_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_management_tunnel': { - 'allow_collect_statistics': 'enable', - 'allow_config_restore': 'enable', - 'allow_push_configuration': 'enable', - 'allow_push_firmware': 'enable', - 'authorized_manager_only': 'enable', - 'serial_number': 'test_value_8', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_management_tunnel.fortios_system(input_data, fos_instance) - - expected_data = { - 'allow-collect-statistics': 'enable', - 'allow-config-restore': 'enable', - 'allow-push-configuration': 'enable', - 'allow-push-firmware': 'enable', - 'authorized-manager-only': 'enable', - 'serial-number': 'test_value_8', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'management-tunnel', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_management_tunnel_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_management_tunnel': { - 'random_attribute_not_valid': 'tag', - 'allow_collect_statistics': 'enable', - 'allow_config_restore': 'enable', - 'allow_push_configuration': 'enable', - 'allow_push_firmware': 'enable', - 'authorized_manager_only': 'enable', - 'serial_number': 'test_value_8', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_management_tunnel.fortios_system(input_data, fos_instance) - - expected_data = { - 'allow-collect-statistics': 'enable', - 'allow-config-restore': 'enable', - 'allow-push-configuration': 'enable', - 'allow-push-firmware': 'enable', - 'authorized-manager-only': 'enable', - 'serial-number': 'test_value_8', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'management-tunnel', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_mobile_tunnel.py b/test/units/modules/network/fortios/test_fortios_system_mobile_tunnel.py deleted file mode 100644 index 4db3ff2dc95..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_mobile_tunnel.py +++ /dev/null @@ -1,329 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_mobile_tunnel -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_mobile_tunnel.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_mobile_tunnel_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_mobile_tunnel': { - 'hash_algorithm': 'hmac-md5', - 'home_address': 'test_value_4', - 'home_agent': 'test_value_5', - 'lifetime': '6', - 'n_mhae_key': 'test_value_7', - 'n_mhae_key_type': 'ascii', - 'n_mhae_spi': '9', - 'name': 'default_name_10', - 'reg_interval': '11', - 'reg_retry': '12', - 'renew_interval': '13', - 'roaming_interface': 'test_value_14', - 'status': 'disable', - 'tunnel_mode': 'gre' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_mobile_tunnel.fortios_system(input_data, fos_instance) - - expected_data = { - 'hash-algorithm': 'hmac-md5', - 'home-address': 'test_value_4', - 'home-agent': 'test_value_5', - 'lifetime': '6', - 'n-mhae-key': 'test_value_7', - 'n-mhae-key-type': 'ascii', - 'n-mhae-spi': '9', - 'name': 'default_name_10', - 'reg-interval': '11', - 'reg-retry': '12', - 'renew-interval': '13', - 'roaming-interface': 'test_value_14', - 'status': 'disable', - 'tunnel-mode': 'gre' - } - - set_method_mock.assert_called_with('system', 'mobile-tunnel', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_mobile_tunnel_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_mobile_tunnel': { - 'hash_algorithm': 'hmac-md5', - 'home_address': 'test_value_4', - 'home_agent': 'test_value_5', - 'lifetime': '6', - 'n_mhae_key': 'test_value_7', - 'n_mhae_key_type': 'ascii', - 'n_mhae_spi': '9', - 'name': 'default_name_10', - 'reg_interval': '11', - 'reg_retry': '12', - 'renew_interval': '13', - 'roaming_interface': 'test_value_14', - 'status': 'disable', - 'tunnel_mode': 'gre' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_mobile_tunnel.fortios_system(input_data, fos_instance) - - expected_data = { - 'hash-algorithm': 'hmac-md5', - 'home-address': 'test_value_4', - 'home-agent': 'test_value_5', - 'lifetime': '6', - 'n-mhae-key': 'test_value_7', - 'n-mhae-key-type': 'ascii', - 'n-mhae-spi': '9', - 'name': 'default_name_10', - 'reg-interval': '11', - 'reg-retry': '12', - 'renew-interval': '13', - 'roaming-interface': 'test_value_14', - 'status': 'disable', - 'tunnel-mode': 'gre' - } - - set_method_mock.assert_called_with('system', 'mobile-tunnel', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_mobile_tunnel_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_mobile_tunnel': { - 'hash_algorithm': 'hmac-md5', - 'home_address': 'test_value_4', - 'home_agent': 'test_value_5', - 'lifetime': '6', - 'n_mhae_key': 'test_value_7', - 'n_mhae_key_type': 'ascii', - 'n_mhae_spi': '9', - 'name': 'default_name_10', - 'reg_interval': '11', - 'reg_retry': '12', - 'renew_interval': '13', - 'roaming_interface': 'test_value_14', - 'status': 'disable', - 'tunnel_mode': 'gre' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_mobile_tunnel.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'mobile-tunnel', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_mobile_tunnel_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_mobile_tunnel': { - 'hash_algorithm': 'hmac-md5', - 'home_address': 'test_value_4', - 'home_agent': 'test_value_5', - 'lifetime': '6', - 'n_mhae_key': 'test_value_7', - 'n_mhae_key_type': 'ascii', - 'n_mhae_spi': '9', - 'name': 'default_name_10', - 'reg_interval': '11', - 'reg_retry': '12', - 'renew_interval': '13', - 'roaming_interface': 'test_value_14', - 'status': 'disable', - 'tunnel_mode': 'gre' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_mobile_tunnel.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'mobile-tunnel', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_mobile_tunnel_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_mobile_tunnel': { - 'hash_algorithm': 'hmac-md5', - 'home_address': 'test_value_4', - 'home_agent': 'test_value_5', - 'lifetime': '6', - 'n_mhae_key': 'test_value_7', - 'n_mhae_key_type': 'ascii', - 'n_mhae_spi': '9', - 'name': 'default_name_10', - 'reg_interval': '11', - 'reg_retry': '12', - 'renew_interval': '13', - 'roaming_interface': 'test_value_14', - 'status': 'disable', - 'tunnel_mode': 'gre' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_mobile_tunnel.fortios_system(input_data, fos_instance) - - expected_data = { - 'hash-algorithm': 'hmac-md5', - 'home-address': 'test_value_4', - 'home-agent': 'test_value_5', - 'lifetime': '6', - 'n-mhae-key': 'test_value_7', - 'n-mhae-key-type': 'ascii', - 'n-mhae-spi': '9', - 'name': 'default_name_10', - 'reg-interval': '11', - 'reg-retry': '12', - 'renew-interval': '13', - 'roaming-interface': 'test_value_14', - 'status': 'disable', - 'tunnel-mode': 'gre' - } - - set_method_mock.assert_called_with('system', 'mobile-tunnel', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_mobile_tunnel_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_mobile_tunnel': { - 'random_attribute_not_valid': 'tag', - 'hash_algorithm': 'hmac-md5', - 'home_address': 'test_value_4', - 'home_agent': 'test_value_5', - 'lifetime': '6', - 'n_mhae_key': 'test_value_7', - 'n_mhae_key_type': 'ascii', - 'n_mhae_spi': '9', - 'name': 'default_name_10', - 'reg_interval': '11', - 'reg_retry': '12', - 'renew_interval': '13', - 'roaming_interface': 'test_value_14', - 'status': 'disable', - 'tunnel_mode': 'gre' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_mobile_tunnel.fortios_system(input_data, fos_instance) - - expected_data = { - 'hash-algorithm': 'hmac-md5', - 'home-address': 'test_value_4', - 'home-agent': 'test_value_5', - 'lifetime': '6', - 'n-mhae-key': 'test_value_7', - 'n-mhae-key-type': 'ascii', - 'n-mhae-spi': '9', - 'name': 'default_name_10', - 'reg-interval': '11', - 'reg-retry': '12', - 'renew-interval': '13', - 'roaming-interface': 'test_value_14', - 'status': 'disable', - 'tunnel-mode': 'gre' - } - - set_method_mock.assert_called_with('system', 'mobile-tunnel', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_nat64.py b/test/units/modules/network/fortios/test_fortios_system_nat64.py deleted file mode 100644 index ac8e2e2dd03..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_nat64.py +++ /dev/null @@ -1,191 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_nat64 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_nat64.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_nat64_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_nat64': { - 'always_synthesize_aaaa_record': 'enable', - 'generate_ipv6_fragment_header': 'enable', - 'nat46_force_ipv4_packet_forwarding': 'enable', - 'nat64_prefix': 'test_value_6', - 'secondary_prefix_status': 'enable', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_nat64.fortios_system(input_data, fos_instance) - - expected_data = { - 'always-synthesize-aaaa-record': 'enable', - 'generate-ipv6-fragment-header': 'enable', - 'nat46-force-ipv4-packet-forwarding': 'enable', - 'nat64-prefix': 'test_value_6', - 'secondary-prefix-status': 'enable', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'nat64', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_nat64_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_nat64': { - 'always_synthesize_aaaa_record': 'enable', - 'generate_ipv6_fragment_header': 'enable', - 'nat46_force_ipv4_packet_forwarding': 'enable', - 'nat64_prefix': 'test_value_6', - 'secondary_prefix_status': 'enable', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_nat64.fortios_system(input_data, fos_instance) - - expected_data = { - 'always-synthesize-aaaa-record': 'enable', - 'generate-ipv6-fragment-header': 'enable', - 'nat46-force-ipv4-packet-forwarding': 'enable', - 'nat64-prefix': 'test_value_6', - 'secondary-prefix-status': 'enable', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'nat64', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_nat64_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_nat64': { - 'always_synthesize_aaaa_record': 'enable', - 'generate_ipv6_fragment_header': 'enable', - 'nat46_force_ipv4_packet_forwarding': 'enable', - 'nat64_prefix': 'test_value_6', - 'secondary_prefix_status': 'enable', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_nat64.fortios_system(input_data, fos_instance) - - expected_data = { - 'always-synthesize-aaaa-record': 'enable', - 'generate-ipv6-fragment-header': 'enable', - 'nat46-force-ipv4-packet-forwarding': 'enable', - 'nat64-prefix': 'test_value_6', - 'secondary-prefix-status': 'enable', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'nat64', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_nat64_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_nat64': { - 'random_attribute_not_valid': 'tag', - 'always_synthesize_aaaa_record': 'enable', - 'generate_ipv6_fragment_header': 'enable', - 'nat46_force_ipv4_packet_forwarding': 'enable', - 'nat64_prefix': 'test_value_6', - 'secondary_prefix_status': 'enable', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_nat64.fortios_system(input_data, fos_instance) - - expected_data = { - 'always-synthesize-aaaa-record': 'enable', - 'generate-ipv6-fragment-header': 'enable', - 'nat46-force-ipv4-packet-forwarding': 'enable', - 'nat64-prefix': 'test_value_6', - 'secondary-prefix-status': 'enable', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'nat64', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_nd_proxy.py b/test/units/modules/network/fortios/test_fortios_system_nd_proxy.py deleted file mode 100644 index 68f0c1830c6..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_nd_proxy.py +++ /dev/null @@ -1,143 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_nd_proxy -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_nd_proxy.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_nd_proxy_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_nd_proxy': {'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_nd_proxy.fortios_system(input_data, fos_instance) - - expected_data = {'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'nd-proxy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_nd_proxy_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_nd_proxy': {'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_nd_proxy.fortios_system(input_data, fos_instance) - - expected_data = {'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'nd-proxy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_nd_proxy_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_nd_proxy': {'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_nd_proxy.fortios_system(input_data, fos_instance) - - expected_data = {'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'nd-proxy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_nd_proxy_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_nd_proxy': { - 'random_attribute_not_valid': 'tag', 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_nd_proxy.fortios_system(input_data, fos_instance) - - expected_data = {'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'nd-proxy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_netflow.py b/test/units/modules/network/fortios/test_fortios_system_netflow.py deleted file mode 100644 index 69baf759d21..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_netflow.py +++ /dev/null @@ -1,199 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_netflow -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_netflow.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_netflow_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_netflow': { - 'active_flow_timeout': '3', - 'collector_ip': 'test_value_4', - 'collector_port': '5', - 'inactive_flow_timeout': '6', - 'source_ip': '84.230.14.7', - 'template_tx_counter': '8', - 'template_tx_timeout': '9' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_netflow.fortios_system(input_data, fos_instance) - - expected_data = { - 'active-flow-timeout': '3', - 'collector-ip': 'test_value_4', - 'collector-port': '5', - 'inactive-flow-timeout': '6', - 'source-ip': '84.230.14.7', - 'template-tx-counter': '8', - 'template-tx-timeout': '9' - } - - set_method_mock.assert_called_with('system', 'netflow', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_netflow_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_netflow': { - 'active_flow_timeout': '3', - 'collector_ip': 'test_value_4', - 'collector_port': '5', - 'inactive_flow_timeout': '6', - 'source_ip': '84.230.14.7', - 'template_tx_counter': '8', - 'template_tx_timeout': '9' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_netflow.fortios_system(input_data, fos_instance) - - expected_data = { - 'active-flow-timeout': '3', - 'collector-ip': 'test_value_4', - 'collector-port': '5', - 'inactive-flow-timeout': '6', - 'source-ip': '84.230.14.7', - 'template-tx-counter': '8', - 'template-tx-timeout': '9' - } - - set_method_mock.assert_called_with('system', 'netflow', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_netflow_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_netflow': { - 'active_flow_timeout': '3', - 'collector_ip': 'test_value_4', - 'collector_port': '5', - 'inactive_flow_timeout': '6', - 'source_ip': '84.230.14.7', - 'template_tx_counter': '8', - 'template_tx_timeout': '9' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_netflow.fortios_system(input_data, fos_instance) - - expected_data = { - 'active-flow-timeout': '3', - 'collector-ip': 'test_value_4', - 'collector-port': '5', - 'inactive-flow-timeout': '6', - 'source-ip': '84.230.14.7', - 'template-tx-counter': '8', - 'template-tx-timeout': '9' - } - - set_method_mock.assert_called_with('system', 'netflow', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_netflow_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_netflow': { - 'random_attribute_not_valid': 'tag', - 'active_flow_timeout': '3', - 'collector_ip': 'test_value_4', - 'collector_port': '5', - 'inactive_flow_timeout': '6', - 'source_ip': '84.230.14.7', - 'template_tx_counter': '8', - 'template_tx_timeout': '9' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_netflow.fortios_system(input_data, fos_instance) - - expected_data = { - 'active-flow-timeout': '3', - 'collector-ip': 'test_value_4', - 'collector-port': '5', - 'inactive-flow-timeout': '6', - 'source-ip': '84.230.14.7', - 'template-tx-counter': '8', - 'template-tx-timeout': '9' - } - - set_method_mock.assert_called_with('system', 'netflow', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_network_visibility.py b/test/units/modules/network/fortios/test_fortios_system_network_visibility.py deleted file mode 100644 index c0b2615113b..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_network_visibility.py +++ /dev/null @@ -1,191 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_network_visibility -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_network_visibility.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_network_visibility_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_network_visibility': { - 'destination_hostname_visibility': 'disable', - 'destination_location': 'disable', - 'destination_visibility': 'disable', - 'hostname_limit': '6', - 'hostname_ttl': '7', - 'source_location': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_network_visibility.fortios_system(input_data, fos_instance) - - expected_data = { - 'destination-hostname-visibility': 'disable', - 'destination-location': 'disable', - 'destination-visibility': 'disable', - 'hostname-limit': '6', - 'hostname-ttl': '7', - 'source-location': 'disable' - } - - set_method_mock.assert_called_with('system', 'network-visibility', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_network_visibility_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_network_visibility': { - 'destination_hostname_visibility': 'disable', - 'destination_location': 'disable', - 'destination_visibility': 'disable', - 'hostname_limit': '6', - 'hostname_ttl': '7', - 'source_location': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_network_visibility.fortios_system(input_data, fos_instance) - - expected_data = { - 'destination-hostname-visibility': 'disable', - 'destination-location': 'disable', - 'destination-visibility': 'disable', - 'hostname-limit': '6', - 'hostname-ttl': '7', - 'source-location': 'disable' - } - - set_method_mock.assert_called_with('system', 'network-visibility', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_network_visibility_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_network_visibility': { - 'destination_hostname_visibility': 'disable', - 'destination_location': 'disable', - 'destination_visibility': 'disable', - 'hostname_limit': '6', - 'hostname_ttl': '7', - 'source_location': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_network_visibility.fortios_system(input_data, fos_instance) - - expected_data = { - 'destination-hostname-visibility': 'disable', - 'destination-location': 'disable', - 'destination-visibility': 'disable', - 'hostname-limit': '6', - 'hostname-ttl': '7', - 'source-location': 'disable' - } - - set_method_mock.assert_called_with('system', 'network-visibility', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_network_visibility_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_network_visibility': { - 'random_attribute_not_valid': 'tag', - 'destination_hostname_visibility': 'disable', - 'destination_location': 'disable', - 'destination_visibility': 'disable', - 'hostname_limit': '6', - 'hostname_ttl': '7', - 'source_location': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_network_visibility.fortios_system(input_data, fos_instance) - - expected_data = { - 'destination-hostname-visibility': 'disable', - 'destination-location': 'disable', - 'destination-visibility': 'disable', - 'hostname-limit': '6', - 'hostname-ttl': '7', - 'source-location': 'disable' - } - - set_method_mock.assert_called_with('system', 'network-visibility', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_ntp.py b/test/units/modules/network/fortios/test_fortios_system_ntp.py deleted file mode 100644 index 9340b0fd187..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_ntp.py +++ /dev/null @@ -1,183 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_ntp -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_ntp.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_ntp_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ntp': {'ntpsync': 'enable', - 'server_mode': 'enable', - 'source_ip': '84.230.14.5', - 'source_ip6': 'test_value_6', - 'syncinterval': '7', - 'type': 'fortiguard' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ntp.fortios_system(input_data, fos_instance) - - expected_data = {'ntpsync': 'enable', - 'server-mode': 'enable', - 'source-ip': '84.230.14.5', - 'source-ip6': 'test_value_6', - 'syncinterval': '7', - 'type': 'fortiguard' - } - - set_method_mock.assert_called_with('system', 'ntp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_ntp_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ntp': {'ntpsync': 'enable', - 'server_mode': 'enable', - 'source_ip': '84.230.14.5', - 'source_ip6': 'test_value_6', - 'syncinterval': '7', - 'type': 'fortiguard' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ntp.fortios_system(input_data, fos_instance) - - expected_data = {'ntpsync': 'enable', - 'server-mode': 'enable', - 'source-ip': '84.230.14.5', - 'source-ip6': 'test_value_6', - 'syncinterval': '7', - 'type': 'fortiguard' - } - - set_method_mock.assert_called_with('system', 'ntp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_ntp_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ntp': {'ntpsync': 'enable', - 'server_mode': 'enable', - 'source_ip': '84.230.14.5', - 'source_ip6': 'test_value_6', - 'syncinterval': '7', - 'type': 'fortiguard' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ntp.fortios_system(input_data, fos_instance) - - expected_data = {'ntpsync': 'enable', - 'server-mode': 'enable', - 'source-ip': '84.230.14.5', - 'source-ip6': 'test_value_6', - 'syncinterval': '7', - 'type': 'fortiguard' - } - - set_method_mock.assert_called_with('system', 'ntp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_ntp_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_ntp': { - 'random_attribute_not_valid': 'tag', 'ntpsync': 'enable', - 'server_mode': 'enable', - 'source_ip': '84.230.14.5', - 'source_ip6': 'test_value_6', - 'syncinterval': '7', - 'type': 'fortiguard' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_ntp.fortios_system(input_data, fos_instance) - - expected_data = {'ntpsync': 'enable', - 'server-mode': 'enable', - 'source-ip': '84.230.14.5', - 'source-ip6': 'test_value_6', - 'syncinterval': '7', - 'type': 'fortiguard' - } - - set_method_mock.assert_called_with('system', 'ntp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_object_tagging.py b/test/units/modules/network/fortios/test_fortios_system_object_tagging.py deleted file mode 100644 index ee8615623e2..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_object_tagging.py +++ /dev/null @@ -1,259 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_object_tagging -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_object_tagging.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_object_tagging_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_object_tagging': { - 'address': 'disable', - 'category': 'test_value_4', - 'color': '5', - 'device': 'disable', - 'interface': 'disable', - 'multiple': 'enable', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_object_tagging.fortios_system(input_data, fos_instance) - - expected_data = { - 'address': 'disable', - 'category': 'test_value_4', - 'color': '5', - 'device': 'disable', - 'interface': 'disable', - 'multiple': 'enable', - - } - - set_method_mock.assert_called_with('system', 'object-tagging', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_object_tagging_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_object_tagging': { - 'address': 'disable', - 'category': 'test_value_4', - 'color': '5', - 'device': 'disable', - 'interface': 'disable', - 'multiple': 'enable', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_object_tagging.fortios_system(input_data, fos_instance) - - expected_data = { - 'address': 'disable', - 'category': 'test_value_4', - 'color': '5', - 'device': 'disable', - 'interface': 'disable', - 'multiple': 'enable', - - } - - set_method_mock.assert_called_with('system', 'object-tagging', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_object_tagging_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_object_tagging': { - 'address': 'disable', - 'category': 'test_value_4', - 'color': '5', - 'device': 'disable', - 'interface': 'disable', - 'multiple': 'enable', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_object_tagging.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'object-tagging', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_object_tagging_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_object_tagging': { - 'address': 'disable', - 'category': 'test_value_4', - 'color': '5', - 'device': 'disable', - 'interface': 'disable', - 'multiple': 'enable', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_object_tagging.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'object-tagging', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_object_tagging_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_object_tagging': { - 'address': 'disable', - 'category': 'test_value_4', - 'color': '5', - 'device': 'disable', - 'interface': 'disable', - 'multiple': 'enable', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_object_tagging.fortios_system(input_data, fos_instance) - - expected_data = { - 'address': 'disable', - 'category': 'test_value_4', - 'color': '5', - 'device': 'disable', - 'interface': 'disable', - 'multiple': 'enable', - - } - - set_method_mock.assert_called_with('system', 'object-tagging', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_object_tagging_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_object_tagging': { - 'random_attribute_not_valid': 'tag', - 'address': 'disable', - 'category': 'test_value_4', - 'color': '5', - 'device': 'disable', - 'interface': 'disable', - 'multiple': 'enable', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_object_tagging.fortios_system(input_data, fos_instance) - - expected_data = { - 'address': 'disable', - 'category': 'test_value_4', - 'color': '5', - 'device': 'disable', - 'interface': 'disable', - 'multiple': 'enable', - - } - - set_method_mock.assert_called_with('system', 'object-tagging', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_password_policy.py b/test/units/modules/network/fortios/test_fortios_system_password_policy.py deleted file mode 100644 index ff37f67ec83..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_password_policy.py +++ /dev/null @@ -1,231 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_password_policy -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_password_policy.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_password_policy_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_password_policy': { - 'apply_to': 'admin-password', - 'change_4_characters': 'enable', - 'expire_day': '5', - 'expire_status': 'enable', - 'min_lower_case_letter': '7', - 'min_non_alphanumeric': '8', - 'min_number': '9', - 'min_upper_case_letter': '10', - 'minimum_length': '11', - 'reuse_password': 'enable', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_password_policy.fortios_system(input_data, fos_instance) - - expected_data = { - 'apply-to': 'admin-password', - 'change-4-characters': 'enable', - 'expire-day': '5', - 'expire-status': 'enable', - 'min-lower-case-letter': '7', - 'min-non-alphanumeric': '8', - 'min-number': '9', - 'min-upper-case-letter': '10', - 'minimum-length': '11', - 'reuse-password': 'enable', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'password-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_password_policy_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_password_policy': { - 'apply_to': 'admin-password', - 'change_4_characters': 'enable', - 'expire_day': '5', - 'expire_status': 'enable', - 'min_lower_case_letter': '7', - 'min_non_alphanumeric': '8', - 'min_number': '9', - 'min_upper_case_letter': '10', - 'minimum_length': '11', - 'reuse_password': 'enable', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_password_policy.fortios_system(input_data, fos_instance) - - expected_data = { - 'apply-to': 'admin-password', - 'change-4-characters': 'enable', - 'expire-day': '5', - 'expire-status': 'enable', - 'min-lower-case-letter': '7', - 'min-non-alphanumeric': '8', - 'min-number': '9', - 'min-upper-case-letter': '10', - 'minimum-length': '11', - 'reuse-password': 'enable', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'password-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_password_policy_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_password_policy': { - 'apply_to': 'admin-password', - 'change_4_characters': 'enable', - 'expire_day': '5', - 'expire_status': 'enable', - 'min_lower_case_letter': '7', - 'min_non_alphanumeric': '8', - 'min_number': '9', - 'min_upper_case_letter': '10', - 'minimum_length': '11', - 'reuse_password': 'enable', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_password_policy.fortios_system(input_data, fos_instance) - - expected_data = { - 'apply-to': 'admin-password', - 'change-4-characters': 'enable', - 'expire-day': '5', - 'expire-status': 'enable', - 'min-lower-case-letter': '7', - 'min-non-alphanumeric': '8', - 'min-number': '9', - 'min-upper-case-letter': '10', - 'minimum-length': '11', - 'reuse-password': 'enable', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'password-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_password_policy_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_password_policy': { - 'random_attribute_not_valid': 'tag', - 'apply_to': 'admin-password', - 'change_4_characters': 'enable', - 'expire_day': '5', - 'expire_status': 'enable', - 'min_lower_case_letter': '7', - 'min_non_alphanumeric': '8', - 'min_number': '9', - 'min_upper_case_letter': '10', - 'minimum_length': '11', - 'reuse_password': 'enable', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_password_policy.fortios_system(input_data, fos_instance) - - expected_data = { - 'apply-to': 'admin-password', - 'change-4-characters': 'enable', - 'expire-day': '5', - 'expire-status': 'enable', - 'min-lower-case-letter': '7', - 'min-non-alphanumeric': '8', - 'min-number': '9', - 'min-upper-case-letter': '10', - 'minimum-length': '11', - 'reuse-password': 'enable', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'password-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_password_policy_guest_admin.py b/test/units/modules/network/fortios/test_fortios_system_password_policy_guest_admin.py deleted file mode 100644 index 862b93f18ed..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_password_policy_guest_admin.py +++ /dev/null @@ -1,231 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_password_policy_guest_admin -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_password_policy_guest_admin.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_password_policy_guest_admin_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_password_policy_guest_admin': { - 'apply_to': 'guest-admin-password', - 'change_4_characters': 'enable', - 'expire_day': '5', - 'expire_status': 'enable', - 'min_lower_case_letter': '7', - 'min_non_alphanumeric': '8', - 'min_number': '9', - 'min_upper_case_letter': '10', - 'minimum_length': '11', - 'reuse_password': 'enable', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_password_policy_guest_admin.fortios_system(input_data, fos_instance) - - expected_data = { - 'apply-to': 'guest-admin-password', - 'change-4-characters': 'enable', - 'expire-day': '5', - 'expire-status': 'enable', - 'min-lower-case-letter': '7', - 'min-non-alphanumeric': '8', - 'min-number': '9', - 'min-upper-case-letter': '10', - 'minimum-length': '11', - 'reuse-password': 'enable', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'password-policy-guest-admin', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_password_policy_guest_admin_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_password_policy_guest_admin': { - 'apply_to': 'guest-admin-password', - 'change_4_characters': 'enable', - 'expire_day': '5', - 'expire_status': 'enable', - 'min_lower_case_letter': '7', - 'min_non_alphanumeric': '8', - 'min_number': '9', - 'min_upper_case_letter': '10', - 'minimum_length': '11', - 'reuse_password': 'enable', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_password_policy_guest_admin.fortios_system(input_data, fos_instance) - - expected_data = { - 'apply-to': 'guest-admin-password', - 'change-4-characters': 'enable', - 'expire-day': '5', - 'expire-status': 'enable', - 'min-lower-case-letter': '7', - 'min-non-alphanumeric': '8', - 'min-number': '9', - 'min-upper-case-letter': '10', - 'minimum-length': '11', - 'reuse-password': 'enable', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'password-policy-guest-admin', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_password_policy_guest_admin_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_password_policy_guest_admin': { - 'apply_to': 'guest-admin-password', - 'change_4_characters': 'enable', - 'expire_day': '5', - 'expire_status': 'enable', - 'min_lower_case_letter': '7', - 'min_non_alphanumeric': '8', - 'min_number': '9', - 'min_upper_case_letter': '10', - 'minimum_length': '11', - 'reuse_password': 'enable', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_password_policy_guest_admin.fortios_system(input_data, fos_instance) - - expected_data = { - 'apply-to': 'guest-admin-password', - 'change-4-characters': 'enable', - 'expire-day': '5', - 'expire-status': 'enable', - 'min-lower-case-letter': '7', - 'min-non-alphanumeric': '8', - 'min-number': '9', - 'min-upper-case-letter': '10', - 'minimum-length': '11', - 'reuse-password': 'enable', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'password-policy-guest-admin', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_password_policy_guest_admin_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_password_policy_guest_admin': { - 'random_attribute_not_valid': 'tag', - 'apply_to': 'guest-admin-password', - 'change_4_characters': 'enable', - 'expire_day': '5', - 'expire_status': 'enable', - 'min_lower_case_letter': '7', - 'min_non_alphanumeric': '8', - 'min_number': '9', - 'min_upper_case_letter': '10', - 'minimum_length': '11', - 'reuse_password': 'enable', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_password_policy_guest_admin.fortios_system(input_data, fos_instance) - - expected_data = { - 'apply-to': 'guest-admin-password', - 'change-4-characters': 'enable', - 'expire-day': '5', - 'expire-status': 'enable', - 'min-lower-case-letter': '7', - 'min-non-alphanumeric': '8', - 'min-number': '9', - 'min-upper-case-letter': '10', - 'minimum-length': '11', - 'reuse-password': 'enable', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'password-policy-guest-admin', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_pppoe_interface.py b/test/units/modules/network/fortios/test_fortios_system_pppoe_interface.py deleted file mode 100644 index 47b9acda928..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_pppoe_interface.py +++ /dev/null @@ -1,349 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_pppoe_interface -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_pppoe_interface.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_pppoe_interface_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_pppoe_interface': { - 'ac_name': 'test_value_3', - 'auth_type': 'auto', - 'device': 'test_value_5', - 'dial_on_demand': 'enable', - 'disc_retry_timeout': '7', - 'idle_timeout': '8', - 'ipunnumbered': 'test_value_9', - 'ipv6': 'enable', - 'lcp_echo_interval': '11', - 'lcp_max_echo_fails': '12', - 'name': 'default_name_13', - 'padt_retry_timeout': '14', - 'password': 'test_value_15', - 'pppoe_unnumbered_negotiate': 'enable', - 'service_name': 'test_value_17', - 'username': 'test_value_18' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_pppoe_interface.fortios_system(input_data, fos_instance) - - expected_data = { - 'ac-name': 'test_value_3', - 'auth-type': 'auto', - 'device': 'test_value_5', - 'dial-on-demand': 'enable', - 'disc-retry-timeout': '7', - 'idle-timeout': '8', - 'ipunnumbered': 'test_value_9', - 'ipv6': 'enable', - 'lcp-echo-interval': '11', - 'lcp-max-echo-fails': '12', - 'name': 'default_name_13', - 'padt-retry-timeout': '14', - 'password': 'test_value_15', - 'pppoe-unnumbered-negotiate': 'enable', - 'service-name': 'test_value_17', - 'username': 'test_value_18' - } - - set_method_mock.assert_called_with('system', 'pppoe-interface', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_pppoe_interface_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_pppoe_interface': { - 'ac_name': 'test_value_3', - 'auth_type': 'auto', - 'device': 'test_value_5', - 'dial_on_demand': 'enable', - 'disc_retry_timeout': '7', - 'idle_timeout': '8', - 'ipunnumbered': 'test_value_9', - 'ipv6': 'enable', - 'lcp_echo_interval': '11', - 'lcp_max_echo_fails': '12', - 'name': 'default_name_13', - 'padt_retry_timeout': '14', - 'password': 'test_value_15', - 'pppoe_unnumbered_negotiate': 'enable', - 'service_name': 'test_value_17', - 'username': 'test_value_18' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_pppoe_interface.fortios_system(input_data, fos_instance) - - expected_data = { - 'ac-name': 'test_value_3', - 'auth-type': 'auto', - 'device': 'test_value_5', - 'dial-on-demand': 'enable', - 'disc-retry-timeout': '7', - 'idle-timeout': '8', - 'ipunnumbered': 'test_value_9', - 'ipv6': 'enable', - 'lcp-echo-interval': '11', - 'lcp-max-echo-fails': '12', - 'name': 'default_name_13', - 'padt-retry-timeout': '14', - 'password': 'test_value_15', - 'pppoe-unnumbered-negotiate': 'enable', - 'service-name': 'test_value_17', - 'username': 'test_value_18' - } - - set_method_mock.assert_called_with('system', 'pppoe-interface', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_pppoe_interface_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_pppoe_interface': { - 'ac_name': 'test_value_3', - 'auth_type': 'auto', - 'device': 'test_value_5', - 'dial_on_demand': 'enable', - 'disc_retry_timeout': '7', - 'idle_timeout': '8', - 'ipunnumbered': 'test_value_9', - 'ipv6': 'enable', - 'lcp_echo_interval': '11', - 'lcp_max_echo_fails': '12', - 'name': 'default_name_13', - 'padt_retry_timeout': '14', - 'password': 'test_value_15', - 'pppoe_unnumbered_negotiate': 'enable', - 'service_name': 'test_value_17', - 'username': 'test_value_18' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_pppoe_interface.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'pppoe-interface', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_pppoe_interface_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_pppoe_interface': { - 'ac_name': 'test_value_3', - 'auth_type': 'auto', - 'device': 'test_value_5', - 'dial_on_demand': 'enable', - 'disc_retry_timeout': '7', - 'idle_timeout': '8', - 'ipunnumbered': 'test_value_9', - 'ipv6': 'enable', - 'lcp_echo_interval': '11', - 'lcp_max_echo_fails': '12', - 'name': 'default_name_13', - 'padt_retry_timeout': '14', - 'password': 'test_value_15', - 'pppoe_unnumbered_negotiate': 'enable', - 'service_name': 'test_value_17', - 'username': 'test_value_18' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_pppoe_interface.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'pppoe-interface', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_pppoe_interface_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_pppoe_interface': { - 'ac_name': 'test_value_3', - 'auth_type': 'auto', - 'device': 'test_value_5', - 'dial_on_demand': 'enable', - 'disc_retry_timeout': '7', - 'idle_timeout': '8', - 'ipunnumbered': 'test_value_9', - 'ipv6': 'enable', - 'lcp_echo_interval': '11', - 'lcp_max_echo_fails': '12', - 'name': 'default_name_13', - 'padt_retry_timeout': '14', - 'password': 'test_value_15', - 'pppoe_unnumbered_negotiate': 'enable', - 'service_name': 'test_value_17', - 'username': 'test_value_18' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_pppoe_interface.fortios_system(input_data, fos_instance) - - expected_data = { - 'ac-name': 'test_value_3', - 'auth-type': 'auto', - 'device': 'test_value_5', - 'dial-on-demand': 'enable', - 'disc-retry-timeout': '7', - 'idle-timeout': '8', - 'ipunnumbered': 'test_value_9', - 'ipv6': 'enable', - 'lcp-echo-interval': '11', - 'lcp-max-echo-fails': '12', - 'name': 'default_name_13', - 'padt-retry-timeout': '14', - 'password': 'test_value_15', - 'pppoe-unnumbered-negotiate': 'enable', - 'service-name': 'test_value_17', - 'username': 'test_value_18' - } - - set_method_mock.assert_called_with('system', 'pppoe-interface', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_pppoe_interface_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_pppoe_interface': { - 'random_attribute_not_valid': 'tag', - 'ac_name': 'test_value_3', - 'auth_type': 'auto', - 'device': 'test_value_5', - 'dial_on_demand': 'enable', - 'disc_retry_timeout': '7', - 'idle_timeout': '8', - 'ipunnumbered': 'test_value_9', - 'ipv6': 'enable', - 'lcp_echo_interval': '11', - 'lcp_max_echo_fails': '12', - 'name': 'default_name_13', - 'padt_retry_timeout': '14', - 'password': 'test_value_15', - 'pppoe_unnumbered_negotiate': 'enable', - 'service_name': 'test_value_17', - 'username': 'test_value_18' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_pppoe_interface.fortios_system(input_data, fos_instance) - - expected_data = { - 'ac-name': 'test_value_3', - 'auth-type': 'auto', - 'device': 'test_value_5', - 'dial-on-demand': 'enable', - 'disc-retry-timeout': '7', - 'idle-timeout': '8', - 'ipunnumbered': 'test_value_9', - 'ipv6': 'enable', - 'lcp-echo-interval': '11', - 'lcp-max-echo-fails': '12', - 'name': 'default_name_13', - 'padt-retry-timeout': '14', - 'password': 'test_value_15', - 'pppoe-unnumbered-negotiate': 'enable', - 'service-name': 'test_value_17', - 'username': 'test_value_18' - } - - set_method_mock.assert_called_with('system', 'pppoe-interface', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_probe_response.py b/test/units/modules/network/fortios/test_fortios_system_probe_response.py deleted file mode 100644 index 9d1c9713c75..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_probe_response.py +++ /dev/null @@ -1,199 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_probe_response -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_probe_response.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_probe_response_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_probe_response': { - 'http_probe_value': 'test_value_3', - 'mode': 'none', - 'password': 'test_value_5', - 'port': '6', - 'security_mode': 'none', - 'timeout': '8', - 'ttl_mode': 'reinit' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_probe_response.fortios_system(input_data, fos_instance) - - expected_data = { - 'http-probe-value': 'test_value_3', - 'mode': 'none', - 'password': 'test_value_5', - 'port': '6', - 'security-mode': 'none', - 'timeout': '8', - 'ttl-mode': 'reinit' - } - - set_method_mock.assert_called_with('system', 'probe-response', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_probe_response_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_probe_response': { - 'http_probe_value': 'test_value_3', - 'mode': 'none', - 'password': 'test_value_5', - 'port': '6', - 'security_mode': 'none', - 'timeout': '8', - 'ttl_mode': 'reinit' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_probe_response.fortios_system(input_data, fos_instance) - - expected_data = { - 'http-probe-value': 'test_value_3', - 'mode': 'none', - 'password': 'test_value_5', - 'port': '6', - 'security-mode': 'none', - 'timeout': '8', - 'ttl-mode': 'reinit' - } - - set_method_mock.assert_called_with('system', 'probe-response', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_probe_response_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_probe_response': { - 'http_probe_value': 'test_value_3', - 'mode': 'none', - 'password': 'test_value_5', - 'port': '6', - 'security_mode': 'none', - 'timeout': '8', - 'ttl_mode': 'reinit' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_probe_response.fortios_system(input_data, fos_instance) - - expected_data = { - 'http-probe-value': 'test_value_3', - 'mode': 'none', - 'password': 'test_value_5', - 'port': '6', - 'security-mode': 'none', - 'timeout': '8', - 'ttl-mode': 'reinit' - } - - set_method_mock.assert_called_with('system', 'probe-response', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_probe_response_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_probe_response': { - 'random_attribute_not_valid': 'tag', - 'http_probe_value': 'test_value_3', - 'mode': 'none', - 'password': 'test_value_5', - 'port': '6', - 'security_mode': 'none', - 'timeout': '8', - 'ttl_mode': 'reinit' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_probe_response.fortios_system(input_data, fos_instance) - - expected_data = { - 'http-probe-value': 'test_value_3', - 'mode': 'none', - 'password': 'test_value_5', - 'port': '6', - 'security-mode': 'none', - 'timeout': '8', - 'ttl-mode': 'reinit' - } - - set_method_mock.assert_called_with('system', 'probe-response', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_proxy_arp.py b/test/units/modules/network/fortios/test_fortios_system_proxy_arp.py deleted file mode 100644 index 6642e43f5a3..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_proxy_arp.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_proxy_arp -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_proxy_arp.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_proxy_arp_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_proxy_arp': { - 'end_ip': 'test_value_3', - 'id': '4', - 'interface': 'test_value_5', - 'ip': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_proxy_arp.fortios_system(input_data, fos_instance) - - expected_data = { - 'end-ip': 'test_value_3', - 'id': '4', - 'interface': 'test_value_5', - 'ip': 'test_value_6' - } - - set_method_mock.assert_called_with('system', 'proxy-arp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_proxy_arp_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_proxy_arp': { - 'end_ip': 'test_value_3', - 'id': '4', - 'interface': 'test_value_5', - 'ip': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_proxy_arp.fortios_system(input_data, fos_instance) - - expected_data = { - 'end-ip': 'test_value_3', - 'id': '4', - 'interface': 'test_value_5', - 'ip': 'test_value_6' - } - - set_method_mock.assert_called_with('system', 'proxy-arp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_proxy_arp_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_proxy_arp': { - 'end_ip': 'test_value_3', - 'id': '4', - 'interface': 'test_value_5', - 'ip': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_proxy_arp.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'proxy-arp', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_proxy_arp_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_proxy_arp': { - 'end_ip': 'test_value_3', - 'id': '4', - 'interface': 'test_value_5', - 'ip': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_proxy_arp.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'proxy-arp', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_proxy_arp_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_proxy_arp': { - 'end_ip': 'test_value_3', - 'id': '4', - 'interface': 'test_value_5', - 'ip': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_proxy_arp.fortios_system(input_data, fos_instance) - - expected_data = { - 'end-ip': 'test_value_3', - 'id': '4', - 'interface': 'test_value_5', - 'ip': 'test_value_6' - } - - set_method_mock.assert_called_with('system', 'proxy-arp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_proxy_arp_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_proxy_arp': { - 'random_attribute_not_valid': 'tag', - 'end_ip': 'test_value_3', - 'id': '4', - 'interface': 'test_value_5', - 'ip': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_proxy_arp.fortios_system(input_data, fos_instance) - - expected_data = { - 'end-ip': 'test_value_3', - 'id': '4', - 'interface': 'test_value_5', - 'ip': 'test_value_6' - } - - set_method_mock.assert_called_with('system', 'proxy-arp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_replacemsg_admin.py b/test/units/modules/network/fortios/test_fortios_system_replacemsg_admin.py deleted file mode 100644 index a50bfd9b75c..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_replacemsg_admin.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_replacemsg_admin -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_replacemsg_admin.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_replacemsg_admin_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_admin': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_admin.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'admin', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_admin_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_admin': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_admin.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'admin', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_admin_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_admin': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_admin.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'admin', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_admin_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_admin': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_admin.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'admin', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_admin_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_admin': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_admin.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'admin', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_replacemsg_admin_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_admin': { - 'random_attribute_not_valid': 'tag', - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_admin.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'admin', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_replacemsg_alertmail.py b/test/units/modules/network/fortios/test_fortios_system_replacemsg_alertmail.py deleted file mode 100644 index 3d62d1ee37e..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_replacemsg_alertmail.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_replacemsg_alertmail -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_replacemsg_alertmail.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_replacemsg_alertmail_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_alertmail': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_alertmail.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'alertmail', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_alertmail_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_alertmail': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_alertmail.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'alertmail', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_alertmail_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_alertmail': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_alertmail.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'alertmail', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_alertmail_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_alertmail': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_alertmail.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'alertmail', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_alertmail_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_alertmail': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_alertmail.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'alertmail', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_replacemsg_alertmail_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_alertmail': { - 'random_attribute_not_valid': 'tag', - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_alertmail.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'alertmail', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_replacemsg_auth.py b/test/units/modules/network/fortios/test_fortios_system_replacemsg_auth.py deleted file mode 100644 index bbf514eb6c6..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_replacemsg_auth.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_replacemsg_auth -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_replacemsg_auth.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_replacemsg_auth_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_auth': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_auth.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'auth', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_auth_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_auth': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_auth.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'auth', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_auth_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_auth': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_auth.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'auth', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_auth_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_auth': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_auth.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'auth', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_auth_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_auth': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_auth.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'auth', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_replacemsg_auth_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_auth': { - 'random_attribute_not_valid': 'tag', - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_auth.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'auth', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_replacemsg_device_detection_portal.py b/test/units/modules/network/fortios/test_fortios_system_replacemsg_device_detection_portal.py deleted file mode 100644 index 7b4f161f1bb..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_replacemsg_device_detection_portal.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_replacemsg_device_detection_portal -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_replacemsg_device_detection_portal.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_replacemsg_device_detection_portal_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_device_detection_portal': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_device_detection_portal.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'device-detection-portal', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_device_detection_portal_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_device_detection_portal': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_device_detection_portal.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'device-detection-portal', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_device_detection_portal_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_device_detection_portal': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_device_detection_portal.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'device-detection-portal', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_device_detection_portal_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_device_detection_portal': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_device_detection_portal.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'device-detection-portal', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_device_detection_portal_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_device_detection_portal': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_device_detection_portal.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'device-detection-portal', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_replacemsg_device_detection_portal_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_device_detection_portal': { - 'random_attribute_not_valid': 'tag', - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_device_detection_portal.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'device-detection-portal', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_replacemsg_ec.py b/test/units/modules/network/fortios/test_fortios_system_replacemsg_ec.py deleted file mode 100644 index 172fd65bfd4..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_replacemsg_ec.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_replacemsg_ec -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_replacemsg_ec.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_replacemsg_ec_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_ec': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_ec.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'ec', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_ec_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_ec': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_ec.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'ec', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_ec_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_ec': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_ec.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'ec', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_ec_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_ec': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_ec.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'ec', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_ec_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_ec': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_ec.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'ec', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_replacemsg_ec_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_ec': { - 'random_attribute_not_valid': 'tag', - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_ec.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'ec', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_replacemsg_fortiguard_wf.py b/test/units/modules/network/fortios/test_fortios_system_replacemsg_fortiguard_wf.py deleted file mode 100644 index dcab7bfd748..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_replacemsg_fortiguard_wf.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_replacemsg_fortiguard_wf -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_replacemsg_fortiguard_wf.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_replacemsg_fortiguard_wf_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_fortiguard_wf': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_fortiguard_wf.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'fortiguard-wf', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_fortiguard_wf_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_fortiguard_wf': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_fortiguard_wf.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'fortiguard-wf', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_fortiguard_wf_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_fortiguard_wf': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_fortiguard_wf.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'fortiguard-wf', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_fortiguard_wf_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_fortiguard_wf': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_fortiguard_wf.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'fortiguard-wf', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_fortiguard_wf_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_fortiguard_wf': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_fortiguard_wf.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'fortiguard-wf', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_replacemsg_fortiguard_wf_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_fortiguard_wf': { - 'random_attribute_not_valid': 'tag', - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_fortiguard_wf.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'fortiguard-wf', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_replacemsg_ftp.py b/test/units/modules/network/fortios/test_fortios_system_replacemsg_ftp.py deleted file mode 100644 index 240c7e0c99f..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_replacemsg_ftp.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_replacemsg_ftp -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_replacemsg_ftp.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_replacemsg_ftp_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_ftp': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_ftp.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'ftp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_ftp_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_ftp': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_ftp.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'ftp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_ftp_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_ftp': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_ftp.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'ftp', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_ftp_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_ftp': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_ftp.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'ftp', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_ftp_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_ftp': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_ftp.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'ftp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_replacemsg_ftp_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_ftp': { - 'random_attribute_not_valid': 'tag', - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_ftp.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'ftp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_replacemsg_group.py b/test/units/modules/network/fortios/test_fortios_system_replacemsg_group.py deleted file mode 100644 index bea08ed2157..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_replacemsg_group.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_replacemsg_group -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_replacemsg_group.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_replacemsg_group_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_group': {'comment': 'Comment.', - 'group_type': 'default', - 'name': 'default_name_5', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_group.fortios_system(input_data, fos_instance) - - expected_data = {'comment': 'Comment.', - 'group-type': 'default', - 'name': 'default_name_5', - - } - - set_method_mock.assert_called_with('system', 'replacemsg-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_group_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_group': {'comment': 'Comment.', - 'group_type': 'default', - 'name': 'default_name_5', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_group.fortios_system(input_data, fos_instance) - - expected_data = {'comment': 'Comment.', - 'group-type': 'default', - 'name': 'default_name_5', - - } - - set_method_mock.assert_called_with('system', 'replacemsg-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_group_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_group': {'comment': 'Comment.', - 'group_type': 'default', - 'name': 'default_name_5', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_group.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'replacemsg-group', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_group_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_group': {'comment': 'Comment.', - 'group_type': 'default', - 'name': 'default_name_5', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_group.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'replacemsg-group', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_group_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_group': {'comment': 'Comment.', - 'group_type': 'default', - 'name': 'default_name_5', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_group.fortios_system(input_data, fos_instance) - - expected_data = {'comment': 'Comment.', - 'group-type': 'default', - 'name': 'default_name_5', - - } - - set_method_mock.assert_called_with('system', 'replacemsg-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_replacemsg_group_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_group': { - 'random_attribute_not_valid': 'tag', 'comment': 'Comment.', - 'group_type': 'default', - 'name': 'default_name_5', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_group.fortios_system(input_data, fos_instance) - - expected_data = {'comment': 'Comment.', - 'group-type': 'default', - 'name': 'default_name_5', - - } - - set_method_mock.assert_called_with('system', 'replacemsg-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_replacemsg_http.py b/test/units/modules/network/fortios/test_fortios_system_replacemsg_http.py deleted file mode 100644 index d6651ffed83..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_replacemsg_http.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_replacemsg_http -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_replacemsg_http.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_replacemsg_http_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_http': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_http.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'http', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_http_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_http': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_http.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'http', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_http_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_http': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_http.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'http', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_http_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_http': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_http.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'http', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_http_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_http': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_http.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'http', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_replacemsg_http_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_http': { - 'random_attribute_not_valid': 'tag', - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_http.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'http', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_replacemsg_icap.py b/test/units/modules/network/fortios/test_fortios_system_replacemsg_icap.py deleted file mode 100644 index cfc48707243..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_replacemsg_icap.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_replacemsg_icap -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_replacemsg_icap.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_replacemsg_icap_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_icap': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_icap.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'icap', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_icap_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_icap': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_icap.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'icap', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_icap_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_icap': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_icap.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'icap', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_icap_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_icap': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_icap.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'icap', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_icap_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_icap': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_icap.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'icap', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_replacemsg_icap_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_icap': { - 'random_attribute_not_valid': 'tag', - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_icap.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'icap', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_replacemsg_image.py b/test/units/modules/network/fortios/test_fortios_system_replacemsg_image.py deleted file mode 100644 index 5b9f0cac425..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_replacemsg_image.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_replacemsg_image -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_replacemsg_image.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_replacemsg_image_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_image': { - 'image_base64': 'test_value_3', - 'image_type': 'gif', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_image.fortios_system(input_data, fos_instance) - - expected_data = { - 'image-base64': 'test_value_3', - 'image-type': 'gif', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('system', 'replacemsg-image', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_image_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_image': { - 'image_base64': 'test_value_3', - 'image_type': 'gif', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_image.fortios_system(input_data, fos_instance) - - expected_data = { - 'image-base64': 'test_value_3', - 'image-type': 'gif', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('system', 'replacemsg-image', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_image_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_image': { - 'image_base64': 'test_value_3', - 'image_type': 'gif', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_image.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'replacemsg-image', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_image_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_image': { - 'image_base64': 'test_value_3', - 'image_type': 'gif', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_image.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'replacemsg-image', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_image_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_image': { - 'image_base64': 'test_value_3', - 'image_type': 'gif', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_image.fortios_system(input_data, fos_instance) - - expected_data = { - 'image-base64': 'test_value_3', - 'image-type': 'gif', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('system', 'replacemsg-image', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_replacemsg_image_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_image': { - 'random_attribute_not_valid': 'tag', - 'image_base64': 'test_value_3', - 'image_type': 'gif', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_image.fortios_system(input_data, fos_instance) - - expected_data = { - 'image-base64': 'test_value_3', - 'image-type': 'gif', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('system', 'replacemsg-image', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_replacemsg_mail.py b/test/units/modules/network/fortios/test_fortios_system_replacemsg_mail.py deleted file mode 100644 index fffb32512a7..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_replacemsg_mail.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_replacemsg_mail -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_replacemsg_mail.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_replacemsg_mail_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_mail': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_mail.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'mail', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_mail_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_mail': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_mail.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'mail', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_mail_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_mail': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_mail.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'mail', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_mail_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_mail': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_mail.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'mail', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_mail_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_mail': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_mail.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'mail', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_replacemsg_mail_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_mail': { - 'random_attribute_not_valid': 'tag', - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_mail.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'mail', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_replacemsg_nac_quar.py b/test/units/modules/network/fortios/test_fortios_system_replacemsg_nac_quar.py deleted file mode 100644 index b09bbad08a4..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_replacemsg_nac_quar.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_replacemsg_nac_quar -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_replacemsg_nac_quar.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_replacemsg_nac_quar_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_nac_quar': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_nac_quar.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'nac-quar', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_nac_quar_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_nac_quar': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_nac_quar.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'nac-quar', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_nac_quar_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_nac_quar': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_nac_quar.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'nac-quar', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_nac_quar_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_nac_quar': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_nac_quar.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'nac-quar', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_nac_quar_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_nac_quar': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_nac_quar.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'nac-quar', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_replacemsg_nac_quar_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_nac_quar': { - 'random_attribute_not_valid': 'tag', - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_nac_quar.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'nac-quar', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_replacemsg_nntp.py b/test/units/modules/network/fortios/test_fortios_system_replacemsg_nntp.py deleted file mode 100644 index ce5b7adef19..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_replacemsg_nntp.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_replacemsg_nntp -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_replacemsg_nntp.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_replacemsg_nntp_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_nntp': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_nntp.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'nntp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_nntp_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_nntp': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_nntp.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'nntp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_nntp_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_nntp': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_nntp.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'nntp', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_nntp_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_nntp': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_nntp.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'nntp', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_nntp_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_nntp': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_nntp.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'nntp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_replacemsg_nntp_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_nntp': { - 'random_attribute_not_valid': 'tag', - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_nntp.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'nntp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_replacemsg_spam.py b/test/units/modules/network/fortios/test_fortios_system_replacemsg_spam.py deleted file mode 100644 index 7b2b2c2acfe..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_replacemsg_spam.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_replacemsg_spam -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_replacemsg_spam.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_replacemsg_spam_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_spam': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_spam.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'spam', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_spam_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_spam': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_spam.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'spam', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_spam_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_spam': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_spam.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'spam', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_spam_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_spam': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_spam.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'spam', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_spam_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_spam': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_spam.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'spam', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_replacemsg_spam_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_spam': { - 'random_attribute_not_valid': 'tag', - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_spam.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'spam', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_replacemsg_sslvpn.py b/test/units/modules/network/fortios/test_fortios_system_replacemsg_sslvpn.py deleted file mode 100644 index b22ce48b626..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_replacemsg_sslvpn.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_replacemsg_sslvpn -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_replacemsg_sslvpn.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_replacemsg_sslvpn_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_sslvpn': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_sslvpn.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'sslvpn', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_sslvpn_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_sslvpn': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_sslvpn.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'sslvpn', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_sslvpn_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_sslvpn': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_sslvpn.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'sslvpn', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_sslvpn_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_sslvpn': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_sslvpn.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'sslvpn', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_sslvpn_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_sslvpn': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_sslvpn.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'sslvpn', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_replacemsg_sslvpn_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_sslvpn': { - 'random_attribute_not_valid': 'tag', - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_sslvpn.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'sslvpn', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_replacemsg_traffic_quota.py b/test/units/modules/network/fortios/test_fortios_system_replacemsg_traffic_quota.py deleted file mode 100644 index 9ea80be75f0..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_replacemsg_traffic_quota.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_replacemsg_traffic_quota -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_replacemsg_traffic_quota.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_replacemsg_traffic_quota_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_traffic_quota': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_traffic_quota.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'traffic-quota', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_traffic_quota_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_traffic_quota': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_traffic_quota.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'traffic-quota', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_traffic_quota_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_traffic_quota': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_traffic_quota.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'traffic-quota', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_traffic_quota_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_traffic_quota': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_traffic_quota.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'traffic-quota', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_traffic_quota_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_traffic_quota': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_traffic_quota.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'traffic-quota', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_replacemsg_traffic_quota_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_traffic_quota': { - 'random_attribute_not_valid': 'tag', - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_traffic_quota.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'traffic-quota', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_replacemsg_utm.py b/test/units/modules/network/fortios/test_fortios_system_replacemsg_utm.py deleted file mode 100644 index 5448f054d7a..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_replacemsg_utm.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_replacemsg_utm -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_replacemsg_utm.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_replacemsg_utm_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_utm': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_utm.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'utm', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_utm_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_utm': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_utm.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'utm', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_utm_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_utm': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_utm.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'utm', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_utm_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_utm': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_utm.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'utm', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_utm_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_utm': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_utm.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'utm', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_replacemsg_utm_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_utm': { - 'random_attribute_not_valid': 'tag', - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_utm.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'utm', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_replacemsg_webproxy.py b/test/units/modules/network/fortios/test_fortios_system_replacemsg_webproxy.py deleted file mode 100644 index 60b1469432c..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_replacemsg_webproxy.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_replacemsg_webproxy -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_replacemsg_webproxy.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_replacemsg_webproxy_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_webproxy': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_webproxy.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'webproxy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_webproxy_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_webproxy': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_webproxy.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'webproxy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_webproxy_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_webproxy': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_webproxy.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'webproxy', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_replacemsg_webproxy_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_replacemsg_webproxy': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_webproxy.fortios_system_replacemsg(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.replacemsg', 'webproxy', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_replacemsg_webproxy_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_webproxy': { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_webproxy.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'webproxy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_replacemsg_webproxy_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_replacemsg_webproxy': { - 'random_attribute_not_valid': 'tag', - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg_type': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_replacemsg_webproxy.fortios_system_replacemsg(input_data, fos_instance) - - expected_data = { - 'buffer': 'test_value_3', - 'format': 'none', - 'header': 'none', - 'msg-type': 'test_value_6' - } - - set_method_mock.assert_called_with('system.replacemsg', 'webproxy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_resource_limits.py b/test/units/modules/network/fortios/test_fortios_system_resource_limits.py deleted file mode 100644 index da1f19f694d..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_resource_limits.py +++ /dev/null @@ -1,287 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_resource_limits -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_resource_limits.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_resource_limits_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_resource_limits': { - 'custom_service': '3', - 'dialup_tunnel': '4', - 'firewall_address': '5', - 'firewall_addrgrp': '6', - 'firewall_policy': '7', - 'ipsec_phase1': '8', - 'ipsec_phase1_interface': '9', - 'ipsec_phase2': '10', - 'ipsec_phase2_interface': '11', - 'log_disk_quota': '12', - 'onetime_schedule': '13', - 'proxy': '14', - 'recurring_schedule': '15', - 'service_group': '16', - 'session': '17', - 'sslvpn': '18', - 'user': '19', - 'user_group': '20' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_resource_limits.fortios_system(input_data, fos_instance) - - expected_data = { - 'custom-service': '3', - 'dialup-tunnel': '4', - 'firewall-address': '5', - 'firewall-addrgrp': '6', - 'firewall-policy': '7', - 'ipsec-phase1': '8', - 'ipsec-phase1-interface': '9', - 'ipsec-phase2': '10', - 'ipsec-phase2-interface': '11', - 'log-disk-quota': '12', - 'onetime-schedule': '13', - 'proxy': '14', - 'recurring-schedule': '15', - 'service-group': '16', - 'session': '17', - 'sslvpn': '18', - 'user': '19', - 'user-group': '20' - } - - set_method_mock.assert_called_with('system', 'resource-limits', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_resource_limits_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_resource_limits': { - 'custom_service': '3', - 'dialup_tunnel': '4', - 'firewall_address': '5', - 'firewall_addrgrp': '6', - 'firewall_policy': '7', - 'ipsec_phase1': '8', - 'ipsec_phase1_interface': '9', - 'ipsec_phase2': '10', - 'ipsec_phase2_interface': '11', - 'log_disk_quota': '12', - 'onetime_schedule': '13', - 'proxy': '14', - 'recurring_schedule': '15', - 'service_group': '16', - 'session': '17', - 'sslvpn': '18', - 'user': '19', - 'user_group': '20' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_resource_limits.fortios_system(input_data, fos_instance) - - expected_data = { - 'custom-service': '3', - 'dialup-tunnel': '4', - 'firewall-address': '5', - 'firewall-addrgrp': '6', - 'firewall-policy': '7', - 'ipsec-phase1': '8', - 'ipsec-phase1-interface': '9', - 'ipsec-phase2': '10', - 'ipsec-phase2-interface': '11', - 'log-disk-quota': '12', - 'onetime-schedule': '13', - 'proxy': '14', - 'recurring-schedule': '15', - 'service-group': '16', - 'session': '17', - 'sslvpn': '18', - 'user': '19', - 'user-group': '20' - } - - set_method_mock.assert_called_with('system', 'resource-limits', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_resource_limits_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_resource_limits': { - 'custom_service': '3', - 'dialup_tunnel': '4', - 'firewall_address': '5', - 'firewall_addrgrp': '6', - 'firewall_policy': '7', - 'ipsec_phase1': '8', - 'ipsec_phase1_interface': '9', - 'ipsec_phase2': '10', - 'ipsec_phase2_interface': '11', - 'log_disk_quota': '12', - 'onetime_schedule': '13', - 'proxy': '14', - 'recurring_schedule': '15', - 'service_group': '16', - 'session': '17', - 'sslvpn': '18', - 'user': '19', - 'user_group': '20' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_resource_limits.fortios_system(input_data, fos_instance) - - expected_data = { - 'custom-service': '3', - 'dialup-tunnel': '4', - 'firewall-address': '5', - 'firewall-addrgrp': '6', - 'firewall-policy': '7', - 'ipsec-phase1': '8', - 'ipsec-phase1-interface': '9', - 'ipsec-phase2': '10', - 'ipsec-phase2-interface': '11', - 'log-disk-quota': '12', - 'onetime-schedule': '13', - 'proxy': '14', - 'recurring-schedule': '15', - 'service-group': '16', - 'session': '17', - 'sslvpn': '18', - 'user': '19', - 'user-group': '20' - } - - set_method_mock.assert_called_with('system', 'resource-limits', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_resource_limits_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_resource_limits': { - 'random_attribute_not_valid': 'tag', - 'custom_service': '3', - 'dialup_tunnel': '4', - 'firewall_address': '5', - 'firewall_addrgrp': '6', - 'firewall_policy': '7', - 'ipsec_phase1': '8', - 'ipsec_phase1_interface': '9', - 'ipsec_phase2': '10', - 'ipsec_phase2_interface': '11', - 'log_disk_quota': '12', - 'onetime_schedule': '13', - 'proxy': '14', - 'recurring_schedule': '15', - 'service_group': '16', - 'session': '17', - 'sslvpn': '18', - 'user': '19', - 'user_group': '20' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_resource_limits.fortios_system(input_data, fos_instance) - - expected_data = { - 'custom-service': '3', - 'dialup-tunnel': '4', - 'firewall-address': '5', - 'firewall-addrgrp': '6', - 'firewall-policy': '7', - 'ipsec-phase1': '8', - 'ipsec-phase1-interface': '9', - 'ipsec-phase2': '10', - 'ipsec-phase2-interface': '11', - 'log-disk-quota': '12', - 'onetime-schedule': '13', - 'proxy': '14', - 'recurring-schedule': '15', - 'service-group': '16', - 'session': '17', - 'sslvpn': '18', - 'user': '19', - 'user-group': '20' - } - - set_method_mock.assert_called_with('system', 'resource-limits', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_sdn_connector.py b/test/units/modules/network/fortios/test_fortios_system_sdn_connector.py deleted file mode 100644 index 7d4ef82a438..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_sdn_connector.py +++ /dev/null @@ -1,489 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_sdn_connector -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_sdn_connector.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_sdn_connector_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_sdn_connector': { - 'access_key': 'test_value_3', - 'azure_region': 'global', - 'client_id': 'test_value_5', - 'client_secret': 'test_value_6', - 'compartment_id': 'test_value_7', - 'gcp_project': 'test_value_8', - 'key_passwd': 'test_value_9', - 'login_endpoint': 'test_value_10', - 'name': 'default_name_11', - 'oci_cert': 'test_value_12', - 'oci_fingerprint': 'test_value_13', - 'oci_region': 'phoenix', - 'password': 'test_value_15', - 'private_key': 'test_value_16', - 'region': 'test_value_17', - 'resource_group': 'test_value_18', - 'resource_url': 'test_value_19', - 'secret_key': 'test_value_20', - 'server': '192.168.100.21', - 'server_port': '22', - 'service_account': 'test_value_23', - 'status': 'disable', - 'subscription_id': 'test_value_25', - 'tenant_id': 'test_value_26', - 'type': 'aci', - 'update_interval': '28', - 'use_metadata_iam': 'disable', - 'user_id': 'test_value_30', - 'username': 'test_value_31', - 'vpc_id': 'test_value_32' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_sdn_connector.fortios_system(input_data, fos_instance) - - expected_data = { - 'access-key': 'test_value_3', - 'azure-region': 'global', - 'client-id': 'test_value_5', - 'client-secret': 'test_value_6', - 'compartment-id': 'test_value_7', - 'gcp-project': 'test_value_8', - 'key-passwd': 'test_value_9', - 'login-endpoint': 'test_value_10', - 'name': 'default_name_11', - 'oci-cert': 'test_value_12', - 'oci-fingerprint': 'test_value_13', - 'oci-region': 'phoenix', - 'password': 'test_value_15', - 'private-key': 'test_value_16', - 'region': 'test_value_17', - 'resource-group': 'test_value_18', - 'resource-url': 'test_value_19', - 'secret-key': 'test_value_20', - 'server': '192.168.100.21', - 'server-port': '22', - 'service-account': 'test_value_23', - 'status': 'disable', - 'subscription-id': 'test_value_25', - 'tenant-id': 'test_value_26', - 'type': 'aci', - 'update-interval': '28', - 'use-metadata-iam': 'disable', - 'user-id': 'test_value_30', - 'username': 'test_value_31', - 'vpc-id': 'test_value_32' - } - - set_method_mock.assert_called_with('system', 'sdn-connector', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_sdn_connector_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_sdn_connector': { - 'access_key': 'test_value_3', - 'azure_region': 'global', - 'client_id': 'test_value_5', - 'client_secret': 'test_value_6', - 'compartment_id': 'test_value_7', - 'gcp_project': 'test_value_8', - 'key_passwd': 'test_value_9', - 'login_endpoint': 'test_value_10', - 'name': 'default_name_11', - 'oci_cert': 'test_value_12', - 'oci_fingerprint': 'test_value_13', - 'oci_region': 'phoenix', - 'password': 'test_value_15', - 'private_key': 'test_value_16', - 'region': 'test_value_17', - 'resource_group': 'test_value_18', - 'resource_url': 'test_value_19', - 'secret_key': 'test_value_20', - 'server': '192.168.100.21', - 'server_port': '22', - 'service_account': 'test_value_23', - 'status': 'disable', - 'subscription_id': 'test_value_25', - 'tenant_id': 'test_value_26', - 'type': 'aci', - 'update_interval': '28', - 'use_metadata_iam': 'disable', - 'user_id': 'test_value_30', - 'username': 'test_value_31', - 'vpc_id': 'test_value_32' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_sdn_connector.fortios_system(input_data, fos_instance) - - expected_data = { - 'access-key': 'test_value_3', - 'azure-region': 'global', - 'client-id': 'test_value_5', - 'client-secret': 'test_value_6', - 'compartment-id': 'test_value_7', - 'gcp-project': 'test_value_8', - 'key-passwd': 'test_value_9', - 'login-endpoint': 'test_value_10', - 'name': 'default_name_11', - 'oci-cert': 'test_value_12', - 'oci-fingerprint': 'test_value_13', - 'oci-region': 'phoenix', - 'password': 'test_value_15', - 'private-key': 'test_value_16', - 'region': 'test_value_17', - 'resource-group': 'test_value_18', - 'resource-url': 'test_value_19', - 'secret-key': 'test_value_20', - 'server': '192.168.100.21', - 'server-port': '22', - 'service-account': 'test_value_23', - 'status': 'disable', - 'subscription-id': 'test_value_25', - 'tenant-id': 'test_value_26', - 'type': 'aci', - 'update-interval': '28', - 'use-metadata-iam': 'disable', - 'user-id': 'test_value_30', - 'username': 'test_value_31', - 'vpc-id': 'test_value_32' - } - - set_method_mock.assert_called_with('system', 'sdn-connector', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_sdn_connector_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_sdn_connector': { - 'access_key': 'test_value_3', - 'azure_region': 'global', - 'client_id': 'test_value_5', - 'client_secret': 'test_value_6', - 'compartment_id': 'test_value_7', - 'gcp_project': 'test_value_8', - 'key_passwd': 'test_value_9', - 'login_endpoint': 'test_value_10', - 'name': 'default_name_11', - 'oci_cert': 'test_value_12', - 'oci_fingerprint': 'test_value_13', - 'oci_region': 'phoenix', - 'password': 'test_value_15', - 'private_key': 'test_value_16', - 'region': 'test_value_17', - 'resource_group': 'test_value_18', - 'resource_url': 'test_value_19', - 'secret_key': 'test_value_20', - 'server': '192.168.100.21', - 'server_port': '22', - 'service_account': 'test_value_23', - 'status': 'disable', - 'subscription_id': 'test_value_25', - 'tenant_id': 'test_value_26', - 'type': 'aci', - 'update_interval': '28', - 'use_metadata_iam': 'disable', - 'user_id': 'test_value_30', - 'username': 'test_value_31', - 'vpc_id': 'test_value_32' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_sdn_connector.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'sdn-connector', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_sdn_connector_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_sdn_connector': { - 'access_key': 'test_value_3', - 'azure_region': 'global', - 'client_id': 'test_value_5', - 'client_secret': 'test_value_6', - 'compartment_id': 'test_value_7', - 'gcp_project': 'test_value_8', - 'key_passwd': 'test_value_9', - 'login_endpoint': 'test_value_10', - 'name': 'default_name_11', - 'oci_cert': 'test_value_12', - 'oci_fingerprint': 'test_value_13', - 'oci_region': 'phoenix', - 'password': 'test_value_15', - 'private_key': 'test_value_16', - 'region': 'test_value_17', - 'resource_group': 'test_value_18', - 'resource_url': 'test_value_19', - 'secret_key': 'test_value_20', - 'server': '192.168.100.21', - 'server_port': '22', - 'service_account': 'test_value_23', - 'status': 'disable', - 'subscription_id': 'test_value_25', - 'tenant_id': 'test_value_26', - 'type': 'aci', - 'update_interval': '28', - 'use_metadata_iam': 'disable', - 'user_id': 'test_value_30', - 'username': 'test_value_31', - 'vpc_id': 'test_value_32' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_sdn_connector.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'sdn-connector', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_sdn_connector_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_sdn_connector': { - 'access_key': 'test_value_3', - 'azure_region': 'global', - 'client_id': 'test_value_5', - 'client_secret': 'test_value_6', - 'compartment_id': 'test_value_7', - 'gcp_project': 'test_value_8', - 'key_passwd': 'test_value_9', - 'login_endpoint': 'test_value_10', - 'name': 'default_name_11', - 'oci_cert': 'test_value_12', - 'oci_fingerprint': 'test_value_13', - 'oci_region': 'phoenix', - 'password': 'test_value_15', - 'private_key': 'test_value_16', - 'region': 'test_value_17', - 'resource_group': 'test_value_18', - 'resource_url': 'test_value_19', - 'secret_key': 'test_value_20', - 'server': '192.168.100.21', - 'server_port': '22', - 'service_account': 'test_value_23', - 'status': 'disable', - 'subscription_id': 'test_value_25', - 'tenant_id': 'test_value_26', - 'type': 'aci', - 'update_interval': '28', - 'use_metadata_iam': 'disable', - 'user_id': 'test_value_30', - 'username': 'test_value_31', - 'vpc_id': 'test_value_32' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_sdn_connector.fortios_system(input_data, fos_instance) - - expected_data = { - 'access-key': 'test_value_3', - 'azure-region': 'global', - 'client-id': 'test_value_5', - 'client-secret': 'test_value_6', - 'compartment-id': 'test_value_7', - 'gcp-project': 'test_value_8', - 'key-passwd': 'test_value_9', - 'login-endpoint': 'test_value_10', - 'name': 'default_name_11', - 'oci-cert': 'test_value_12', - 'oci-fingerprint': 'test_value_13', - 'oci-region': 'phoenix', - 'password': 'test_value_15', - 'private-key': 'test_value_16', - 'region': 'test_value_17', - 'resource-group': 'test_value_18', - 'resource-url': 'test_value_19', - 'secret-key': 'test_value_20', - 'server': '192.168.100.21', - 'server-port': '22', - 'service-account': 'test_value_23', - 'status': 'disable', - 'subscription-id': 'test_value_25', - 'tenant-id': 'test_value_26', - 'type': 'aci', - 'update-interval': '28', - 'use-metadata-iam': 'disable', - 'user-id': 'test_value_30', - 'username': 'test_value_31', - 'vpc-id': 'test_value_32' - } - - set_method_mock.assert_called_with('system', 'sdn-connector', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_sdn_connector_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_sdn_connector': { - 'random_attribute_not_valid': 'tag', - 'access_key': 'test_value_3', - 'azure_region': 'global', - 'client_id': 'test_value_5', - 'client_secret': 'test_value_6', - 'compartment_id': 'test_value_7', - 'gcp_project': 'test_value_8', - 'key_passwd': 'test_value_9', - 'login_endpoint': 'test_value_10', - 'name': 'default_name_11', - 'oci_cert': 'test_value_12', - 'oci_fingerprint': 'test_value_13', - 'oci_region': 'phoenix', - 'password': 'test_value_15', - 'private_key': 'test_value_16', - 'region': 'test_value_17', - 'resource_group': 'test_value_18', - 'resource_url': 'test_value_19', - 'secret_key': 'test_value_20', - 'server': '192.168.100.21', - 'server_port': '22', - 'service_account': 'test_value_23', - 'status': 'disable', - 'subscription_id': 'test_value_25', - 'tenant_id': 'test_value_26', - 'type': 'aci', - 'update_interval': '28', - 'use_metadata_iam': 'disable', - 'user_id': 'test_value_30', - 'username': 'test_value_31', - 'vpc_id': 'test_value_32' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_sdn_connector.fortios_system(input_data, fos_instance) - - expected_data = { - 'access-key': 'test_value_3', - 'azure-region': 'global', - 'client-id': 'test_value_5', - 'client-secret': 'test_value_6', - 'compartment-id': 'test_value_7', - 'gcp-project': 'test_value_8', - 'key-passwd': 'test_value_9', - 'login-endpoint': 'test_value_10', - 'name': 'default_name_11', - 'oci-cert': 'test_value_12', - 'oci-fingerprint': 'test_value_13', - 'oci-region': 'phoenix', - 'password': 'test_value_15', - 'private-key': 'test_value_16', - 'region': 'test_value_17', - 'resource-group': 'test_value_18', - 'resource-url': 'test_value_19', - 'secret-key': 'test_value_20', - 'server': '192.168.100.21', - 'server-port': '22', - 'service-account': 'test_value_23', - 'status': 'disable', - 'subscription-id': 'test_value_25', - 'tenant-id': 'test_value_26', - 'type': 'aci', - 'update-interval': '28', - 'use-metadata-iam': 'disable', - 'user-id': 'test_value_30', - 'username': 'test_value_31', - 'vpc-id': 'test_value_32' - } - - set_method_mock.assert_called_with('system', 'sdn-connector', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_session_helper.py b/test/units/modules/network/fortios/test_fortios_system_session_helper.py deleted file mode 100644 index b50e6789b89..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_session_helper.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_session_helper -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_session_helper.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_session_helper_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_session_helper': { - 'id': '3', - 'name': 'default_name_4', - 'port': '5', - 'protocol': '6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_session_helper.fortios_system(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'name': 'default_name_4', - 'port': '5', - 'protocol': '6' - } - - set_method_mock.assert_called_with('system', 'session-helper', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_session_helper_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_session_helper': { - 'id': '3', - 'name': 'default_name_4', - 'port': '5', - 'protocol': '6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_session_helper.fortios_system(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'name': 'default_name_4', - 'port': '5', - 'protocol': '6' - } - - set_method_mock.assert_called_with('system', 'session-helper', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_session_helper_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_session_helper': { - 'id': '3', - 'name': 'default_name_4', - 'port': '5', - 'protocol': '6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_session_helper.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'session-helper', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_session_helper_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_session_helper': { - 'id': '3', - 'name': 'default_name_4', - 'port': '5', - 'protocol': '6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_session_helper.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'session-helper', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_session_helper_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_session_helper': { - 'id': '3', - 'name': 'default_name_4', - 'port': '5', - 'protocol': '6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_session_helper.fortios_system(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'name': 'default_name_4', - 'port': '5', - 'protocol': '6' - } - - set_method_mock.assert_called_with('system', 'session-helper', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_session_helper_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_session_helper': { - 'random_attribute_not_valid': 'tag', - 'id': '3', - 'name': 'default_name_4', - 'port': '5', - 'protocol': '6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_session_helper.fortios_system(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'name': 'default_name_4', - 'port': '5', - 'protocol': '6' - } - - set_method_mock.assert_called_with('system', 'session-helper', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_session_ttl.py b/test/units/modules/network/fortios/test_fortios_system_session_ttl.py deleted file mode 100644 index 08964163638..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_session_ttl.py +++ /dev/null @@ -1,159 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_session_ttl -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_session_ttl.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_session_ttl_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_session_ttl': { - 'default': 'test_value_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_session_ttl.fortios_system(input_data, fos_instance) - - expected_data = { - 'default': 'test_value_3', - - } - - set_method_mock.assert_called_with('system', 'session-ttl', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_session_ttl_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_session_ttl': { - 'default': 'test_value_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_session_ttl.fortios_system(input_data, fos_instance) - - expected_data = { - 'default': 'test_value_3', - - } - - set_method_mock.assert_called_with('system', 'session-ttl', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_session_ttl_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_session_ttl': { - 'default': 'test_value_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_session_ttl.fortios_system(input_data, fos_instance) - - expected_data = { - 'default': 'test_value_3', - - } - - set_method_mock.assert_called_with('system', 'session-ttl', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_session_ttl_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_session_ttl': { - 'random_attribute_not_valid': 'tag', - 'default': 'test_value_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_session_ttl.fortios_system(input_data, fos_instance) - - expected_data = { - 'default': 'test_value_3', - - } - - set_method_mock.assert_called_with('system', 'session-ttl', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_settings.py b/test/units/modules/network/fortios/test_fortios_system_settings.py deleted file mode 100644 index 8e81a70c635..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_settings.py +++ /dev/null @@ -1,1031 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_settings -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_settings.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_settings_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_settings': { - 'allow_linkdown_path': 'enable', - 'allow_subnet_overlap': 'enable', - 'asymroute': 'enable', - 'asymroute_icmp': 'enable', - 'asymroute6': 'enable', - 'asymroute6_icmp': 'enable', - 'bfd': 'enable', - 'bfd_desired_min_tx': '10', - 'bfd_detect_mult': '11', - 'bfd_dont_enforce_src_port': 'enable', - 'bfd_required_min_rx': '13', - 'block_land_attack': 'disable', - 'central_nat': 'enable', - 'comments': 'test_value_16', - 'compliance_check': 'enable', - 'default_voip_alg_mode': 'proxy-based', - 'deny_tcp_with_icmp': 'enable', - 'device': 'test_value_20', - 'dhcp_proxy': 'enable', - 'dhcp_server_ip': 'test_value_22', - 'dhcp6_server_ip': 'test_value_23', - 'discovered_device_timeout': '24', - 'ecmp_max_paths': '25', - 'email_portal_check_dns': 'disable', - 'firewall_session_dirty': 'check-all', - 'fw_session_hairpin': 'enable', - 'gateway': 'test_value_29', - 'gateway6': 'test_value_30', - 'gui_advanced_policy': 'enable', - 'gui_allow_unnamed_policy': 'enable', - 'gui_antivirus': 'enable', - 'gui_ap_profile': 'enable', - 'gui_application_control': 'enable', - 'gui_dhcp_advanced': 'enable', - 'gui_dlp': 'enable', - 'gui_dns_database': 'enable', - 'gui_dnsfilter': 'enable', - 'gui_domain_ip_reputation': 'enable', - 'gui_dos_policy': 'enable', - 'gui_dynamic_profile_display': 'enable', - 'gui_dynamic_routing': 'enable', - 'gui_email_collection': 'enable', - 'gui_endpoint_control': 'enable', - 'gui_endpoint_control_advanced': 'enable', - 'gui_explicit_proxy': 'enable', - 'gui_fortiap_split_tunneling': 'enable', - 'gui_fortiextender_controller': 'enable', - 'gui_icap': 'enable', - 'gui_implicit_policy': 'enable', - 'gui_ips': 'enable', - 'gui_load_balance': 'enable', - 'gui_local_in_policy': 'enable', - 'gui_local_reports': 'enable', - 'gui_multicast_policy': 'enable', - 'gui_multiple_interface_policy': 'enable', - 'gui_multiple_utm_profiles': 'enable', - 'gui_nat46_64': 'enable', - 'gui_object_colors': 'enable', - 'gui_policy_based_ipsec': 'enable', - 'gui_policy_learning': 'enable', - 'gui_replacement_message_groups': 'enable', - 'gui_spamfilter': 'enable', - 'gui_sslvpn_personal_bookmarks': 'enable', - 'gui_sslvpn_realms': 'enable', - 'gui_switch_controller': 'enable', - 'gui_threat_weight': 'enable', - 'gui_traffic_shaping': 'enable', - 'gui_voip_profile': 'enable', - 'gui_vpn': 'enable', - 'gui_waf_profile': 'enable', - 'gui_wan_load_balancing': 'enable', - 'gui_wanopt_cache': 'enable', - 'gui_webfilter': 'enable', - 'gui_webfilter_advanced': 'enable', - 'gui_wireless_controller': 'enable', - 'http_external_dest': 'fortiweb', - 'ike_dn_format': 'with-space', - 'ike_quick_crash_detect': 'enable', - 'ike_session_resume': 'enable', - 'implicit_allow_dns': 'enable', - 'inspection_mode': 'proxy', - 'ip': 'test_value_84', - 'ip6': 'test_value_85', - 'link_down_access': 'enable', - 'lldp_transmission': 'enable', - 'mac_ttl': '88', - 'manageip': 'test_value_89', - 'manageip6': 'test_value_90', - 'multicast_forward': 'enable', - 'multicast_skip_policy': 'enable', - 'multicast_ttl_notchange': 'enable', - 'ngfw_mode': 'profile-based', - 'opmode': 'nat', - 'prp_trailer_action': 'enable', - 'sccp_port': '97', - 'ses_denied_traffic': 'enable', - 'sip_helper': 'enable', - 'sip_nat_trace': 'enable', - 'sip_ssl_port': '101', - 'sip_tcp_port': '102', - 'sip_udp_port': '103', - 'snat_hairpin_traffic': 'enable', - 'ssl_ssh_profile': 'test_value_105', - 'status': 'enable', - 'strict_src_check': 'enable', - 'tcp_session_without_syn': 'enable', - 'utf8_spam_tagging': 'enable', - 'v4_ecmp_mode': 'source-ip-based', - 'vpn_stats_log': 'ipsec', - 'vpn_stats_period': '112', - 'wccp_cache_engine': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_settings.fortios_system(input_data, fos_instance) - - expected_data = { - 'allow-linkdown-path': 'enable', - 'allow-subnet-overlap': 'enable', - 'asymroute': 'enable', - 'asymroute-icmp': 'enable', - 'asymroute6': 'enable', - 'asymroute6-icmp': 'enable', - 'bfd': 'enable', - 'bfd-desired-min-tx': '10', - 'bfd-detect-mult': '11', - 'bfd-dont-enforce-src-port': 'enable', - 'bfd-required-min-rx': '13', - 'block-land-attack': 'disable', - 'central-nat': 'enable', - 'comments': 'test_value_16', - 'compliance-check': 'enable', - 'default-voip-alg-mode': 'proxy-based', - 'deny-tcp-with-icmp': 'enable', - 'device': 'test_value_20', - 'dhcp-proxy': 'enable', - 'dhcp-server-ip': 'test_value_22', - 'dhcp6-server-ip': 'test_value_23', - 'discovered-device-timeout': '24', - 'ecmp-max-paths': '25', - 'email-portal-check-dns': 'disable', - 'firewall-session-dirty': 'check-all', - 'fw-session-hairpin': 'enable', - 'gateway': 'test_value_29', - 'gateway6': 'test_value_30', - 'gui-advanced-policy': 'enable', - 'gui-allow-unnamed-policy': 'enable', - 'gui-antivirus': 'enable', - 'gui-ap-profile': 'enable', - 'gui-application-control': 'enable', - 'gui-dhcp-advanced': 'enable', - 'gui-dlp': 'enable', - 'gui-dns-database': 'enable', - 'gui-dnsfilter': 'enable', - 'gui-domain-ip-reputation': 'enable', - 'gui-dos-policy': 'enable', - 'gui-dynamic-profile-display': 'enable', - 'gui-dynamic-routing': 'enable', - 'gui-email-collection': 'enable', - 'gui-endpoint-control': 'enable', - 'gui-endpoint-control-advanced': 'enable', - 'gui-explicit-proxy': 'enable', - 'gui-fortiap-split-tunneling': 'enable', - 'gui-fortiextender-controller': 'enable', - 'gui-icap': 'enable', - 'gui-implicit-policy': 'enable', - 'gui-ips': 'enable', - 'gui-load-balance': 'enable', - 'gui-local-in-policy': 'enable', - 'gui-local-reports': 'enable', - 'gui-multicast-policy': 'enable', - 'gui-multiple-interface-policy': 'enable', - 'gui-multiple-utm-profiles': 'enable', - 'gui-nat46-64': 'enable', - 'gui-object-colors': 'enable', - 'gui-policy-based-ipsec': 'enable', - 'gui-policy-learning': 'enable', - 'gui-replacement-message-groups': 'enable', - 'gui-spamfilter': 'enable', - 'gui-sslvpn-personal-bookmarks': 'enable', - 'gui-sslvpn-realms': 'enable', - 'gui-switch-controller': 'enable', - 'gui-threat-weight': 'enable', - 'gui-traffic-shaping': 'enable', - 'gui-voip-profile': 'enable', - 'gui-vpn': 'enable', - 'gui-waf-profile': 'enable', - 'gui-wan-load-balancing': 'enable', - 'gui-wanopt-cache': 'enable', - 'gui-webfilter': 'enable', - 'gui-webfilter-advanced': 'enable', - 'gui-wireless-controller': 'enable', - 'http-external-dest': 'fortiweb', - 'ike-dn-format': 'with-space', - 'ike-quick-crash-detect': 'enable', - 'ike-session-resume': 'enable', - 'implicit-allow-dns': 'enable', - 'inspection-mode': 'proxy', - 'ip': 'test_value_84', - 'ip6': 'test_value_85', - 'link-down-access': 'enable', - 'lldp-transmission': 'enable', - 'mac-ttl': '88', - 'manageip': 'test_value_89', - 'manageip6': 'test_value_90', - 'multicast-forward': 'enable', - 'multicast-skip-policy': 'enable', - 'multicast-ttl-notchange': 'enable', - 'ngfw-mode': 'profile-based', - 'opmode': 'nat', - 'prp-trailer-action': 'enable', - 'sccp-port': '97', - 'ses-denied-traffic': 'enable', - 'sip-helper': 'enable', - 'sip-nat-trace': 'enable', - 'sip-ssl-port': '101', - 'sip-tcp-port': '102', - 'sip-udp-port': '103', - 'snat-hairpin-traffic': 'enable', - 'ssl-ssh-profile': 'test_value_105', - 'status': 'enable', - 'strict-src-check': 'enable', - 'tcp-session-without-syn': 'enable', - 'utf8-spam-tagging': 'enable', - 'v4-ecmp-mode': 'source-ip-based', - 'vpn-stats-log': 'ipsec', - 'vpn-stats-period': '112', - 'wccp-cache-engine': 'enable' - } - - set_method_mock.assert_called_with('system', 'settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_settings_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_settings': { - 'allow_linkdown_path': 'enable', - 'allow_subnet_overlap': 'enable', - 'asymroute': 'enable', - 'asymroute_icmp': 'enable', - 'asymroute6': 'enable', - 'asymroute6_icmp': 'enable', - 'bfd': 'enable', - 'bfd_desired_min_tx': '10', - 'bfd_detect_mult': '11', - 'bfd_dont_enforce_src_port': 'enable', - 'bfd_required_min_rx': '13', - 'block_land_attack': 'disable', - 'central_nat': 'enable', - 'comments': 'test_value_16', - 'compliance_check': 'enable', - 'default_voip_alg_mode': 'proxy-based', - 'deny_tcp_with_icmp': 'enable', - 'device': 'test_value_20', - 'dhcp_proxy': 'enable', - 'dhcp_server_ip': 'test_value_22', - 'dhcp6_server_ip': 'test_value_23', - 'discovered_device_timeout': '24', - 'ecmp_max_paths': '25', - 'email_portal_check_dns': 'disable', - 'firewall_session_dirty': 'check-all', - 'fw_session_hairpin': 'enable', - 'gateway': 'test_value_29', - 'gateway6': 'test_value_30', - 'gui_advanced_policy': 'enable', - 'gui_allow_unnamed_policy': 'enable', - 'gui_antivirus': 'enable', - 'gui_ap_profile': 'enable', - 'gui_application_control': 'enable', - 'gui_dhcp_advanced': 'enable', - 'gui_dlp': 'enable', - 'gui_dns_database': 'enable', - 'gui_dnsfilter': 'enable', - 'gui_domain_ip_reputation': 'enable', - 'gui_dos_policy': 'enable', - 'gui_dynamic_profile_display': 'enable', - 'gui_dynamic_routing': 'enable', - 'gui_email_collection': 'enable', - 'gui_endpoint_control': 'enable', - 'gui_endpoint_control_advanced': 'enable', - 'gui_explicit_proxy': 'enable', - 'gui_fortiap_split_tunneling': 'enable', - 'gui_fortiextender_controller': 'enable', - 'gui_icap': 'enable', - 'gui_implicit_policy': 'enable', - 'gui_ips': 'enable', - 'gui_load_balance': 'enable', - 'gui_local_in_policy': 'enable', - 'gui_local_reports': 'enable', - 'gui_multicast_policy': 'enable', - 'gui_multiple_interface_policy': 'enable', - 'gui_multiple_utm_profiles': 'enable', - 'gui_nat46_64': 'enable', - 'gui_object_colors': 'enable', - 'gui_policy_based_ipsec': 'enable', - 'gui_policy_learning': 'enable', - 'gui_replacement_message_groups': 'enable', - 'gui_spamfilter': 'enable', - 'gui_sslvpn_personal_bookmarks': 'enable', - 'gui_sslvpn_realms': 'enable', - 'gui_switch_controller': 'enable', - 'gui_threat_weight': 'enable', - 'gui_traffic_shaping': 'enable', - 'gui_voip_profile': 'enable', - 'gui_vpn': 'enable', - 'gui_waf_profile': 'enable', - 'gui_wan_load_balancing': 'enable', - 'gui_wanopt_cache': 'enable', - 'gui_webfilter': 'enable', - 'gui_webfilter_advanced': 'enable', - 'gui_wireless_controller': 'enable', - 'http_external_dest': 'fortiweb', - 'ike_dn_format': 'with-space', - 'ike_quick_crash_detect': 'enable', - 'ike_session_resume': 'enable', - 'implicit_allow_dns': 'enable', - 'inspection_mode': 'proxy', - 'ip': 'test_value_84', - 'ip6': 'test_value_85', - 'link_down_access': 'enable', - 'lldp_transmission': 'enable', - 'mac_ttl': '88', - 'manageip': 'test_value_89', - 'manageip6': 'test_value_90', - 'multicast_forward': 'enable', - 'multicast_skip_policy': 'enable', - 'multicast_ttl_notchange': 'enable', - 'ngfw_mode': 'profile-based', - 'opmode': 'nat', - 'prp_trailer_action': 'enable', - 'sccp_port': '97', - 'ses_denied_traffic': 'enable', - 'sip_helper': 'enable', - 'sip_nat_trace': 'enable', - 'sip_ssl_port': '101', - 'sip_tcp_port': '102', - 'sip_udp_port': '103', - 'snat_hairpin_traffic': 'enable', - 'ssl_ssh_profile': 'test_value_105', - 'status': 'enable', - 'strict_src_check': 'enable', - 'tcp_session_without_syn': 'enable', - 'utf8_spam_tagging': 'enable', - 'v4_ecmp_mode': 'source-ip-based', - 'vpn_stats_log': 'ipsec', - 'vpn_stats_period': '112', - 'wccp_cache_engine': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_settings.fortios_system(input_data, fos_instance) - - expected_data = { - 'allow-linkdown-path': 'enable', - 'allow-subnet-overlap': 'enable', - 'asymroute': 'enable', - 'asymroute-icmp': 'enable', - 'asymroute6': 'enable', - 'asymroute6-icmp': 'enable', - 'bfd': 'enable', - 'bfd-desired-min-tx': '10', - 'bfd-detect-mult': '11', - 'bfd-dont-enforce-src-port': 'enable', - 'bfd-required-min-rx': '13', - 'block-land-attack': 'disable', - 'central-nat': 'enable', - 'comments': 'test_value_16', - 'compliance-check': 'enable', - 'default-voip-alg-mode': 'proxy-based', - 'deny-tcp-with-icmp': 'enable', - 'device': 'test_value_20', - 'dhcp-proxy': 'enable', - 'dhcp-server-ip': 'test_value_22', - 'dhcp6-server-ip': 'test_value_23', - 'discovered-device-timeout': '24', - 'ecmp-max-paths': '25', - 'email-portal-check-dns': 'disable', - 'firewall-session-dirty': 'check-all', - 'fw-session-hairpin': 'enable', - 'gateway': 'test_value_29', - 'gateway6': 'test_value_30', - 'gui-advanced-policy': 'enable', - 'gui-allow-unnamed-policy': 'enable', - 'gui-antivirus': 'enable', - 'gui-ap-profile': 'enable', - 'gui-application-control': 'enable', - 'gui-dhcp-advanced': 'enable', - 'gui-dlp': 'enable', - 'gui-dns-database': 'enable', - 'gui-dnsfilter': 'enable', - 'gui-domain-ip-reputation': 'enable', - 'gui-dos-policy': 'enable', - 'gui-dynamic-profile-display': 'enable', - 'gui-dynamic-routing': 'enable', - 'gui-email-collection': 'enable', - 'gui-endpoint-control': 'enable', - 'gui-endpoint-control-advanced': 'enable', - 'gui-explicit-proxy': 'enable', - 'gui-fortiap-split-tunneling': 'enable', - 'gui-fortiextender-controller': 'enable', - 'gui-icap': 'enable', - 'gui-implicit-policy': 'enable', - 'gui-ips': 'enable', - 'gui-load-balance': 'enable', - 'gui-local-in-policy': 'enable', - 'gui-local-reports': 'enable', - 'gui-multicast-policy': 'enable', - 'gui-multiple-interface-policy': 'enable', - 'gui-multiple-utm-profiles': 'enable', - 'gui-nat46-64': 'enable', - 'gui-object-colors': 'enable', - 'gui-policy-based-ipsec': 'enable', - 'gui-policy-learning': 'enable', - 'gui-replacement-message-groups': 'enable', - 'gui-spamfilter': 'enable', - 'gui-sslvpn-personal-bookmarks': 'enable', - 'gui-sslvpn-realms': 'enable', - 'gui-switch-controller': 'enable', - 'gui-threat-weight': 'enable', - 'gui-traffic-shaping': 'enable', - 'gui-voip-profile': 'enable', - 'gui-vpn': 'enable', - 'gui-waf-profile': 'enable', - 'gui-wan-load-balancing': 'enable', - 'gui-wanopt-cache': 'enable', - 'gui-webfilter': 'enable', - 'gui-webfilter-advanced': 'enable', - 'gui-wireless-controller': 'enable', - 'http-external-dest': 'fortiweb', - 'ike-dn-format': 'with-space', - 'ike-quick-crash-detect': 'enable', - 'ike-session-resume': 'enable', - 'implicit-allow-dns': 'enable', - 'inspection-mode': 'proxy', - 'ip': 'test_value_84', - 'ip6': 'test_value_85', - 'link-down-access': 'enable', - 'lldp-transmission': 'enable', - 'mac-ttl': '88', - 'manageip': 'test_value_89', - 'manageip6': 'test_value_90', - 'multicast-forward': 'enable', - 'multicast-skip-policy': 'enable', - 'multicast-ttl-notchange': 'enable', - 'ngfw-mode': 'profile-based', - 'opmode': 'nat', - 'prp-trailer-action': 'enable', - 'sccp-port': '97', - 'ses-denied-traffic': 'enable', - 'sip-helper': 'enable', - 'sip-nat-trace': 'enable', - 'sip-ssl-port': '101', - 'sip-tcp-port': '102', - 'sip-udp-port': '103', - 'snat-hairpin-traffic': 'enable', - 'ssl-ssh-profile': 'test_value_105', - 'status': 'enable', - 'strict-src-check': 'enable', - 'tcp-session-without-syn': 'enable', - 'utf8-spam-tagging': 'enable', - 'v4-ecmp-mode': 'source-ip-based', - 'vpn-stats-log': 'ipsec', - 'vpn-stats-period': '112', - 'wccp-cache-engine': 'enable' - } - - set_method_mock.assert_called_with('system', 'settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_settings_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_settings': { - 'allow_linkdown_path': 'enable', - 'allow_subnet_overlap': 'enable', - 'asymroute': 'enable', - 'asymroute_icmp': 'enable', - 'asymroute6': 'enable', - 'asymroute6_icmp': 'enable', - 'bfd': 'enable', - 'bfd_desired_min_tx': '10', - 'bfd_detect_mult': '11', - 'bfd_dont_enforce_src_port': 'enable', - 'bfd_required_min_rx': '13', - 'block_land_attack': 'disable', - 'central_nat': 'enable', - 'comments': 'test_value_16', - 'compliance_check': 'enable', - 'default_voip_alg_mode': 'proxy-based', - 'deny_tcp_with_icmp': 'enable', - 'device': 'test_value_20', - 'dhcp_proxy': 'enable', - 'dhcp_server_ip': 'test_value_22', - 'dhcp6_server_ip': 'test_value_23', - 'discovered_device_timeout': '24', - 'ecmp_max_paths': '25', - 'email_portal_check_dns': 'disable', - 'firewall_session_dirty': 'check-all', - 'fw_session_hairpin': 'enable', - 'gateway': 'test_value_29', - 'gateway6': 'test_value_30', - 'gui_advanced_policy': 'enable', - 'gui_allow_unnamed_policy': 'enable', - 'gui_antivirus': 'enable', - 'gui_ap_profile': 'enable', - 'gui_application_control': 'enable', - 'gui_dhcp_advanced': 'enable', - 'gui_dlp': 'enable', - 'gui_dns_database': 'enable', - 'gui_dnsfilter': 'enable', - 'gui_domain_ip_reputation': 'enable', - 'gui_dos_policy': 'enable', - 'gui_dynamic_profile_display': 'enable', - 'gui_dynamic_routing': 'enable', - 'gui_email_collection': 'enable', - 'gui_endpoint_control': 'enable', - 'gui_endpoint_control_advanced': 'enable', - 'gui_explicit_proxy': 'enable', - 'gui_fortiap_split_tunneling': 'enable', - 'gui_fortiextender_controller': 'enable', - 'gui_icap': 'enable', - 'gui_implicit_policy': 'enable', - 'gui_ips': 'enable', - 'gui_load_balance': 'enable', - 'gui_local_in_policy': 'enable', - 'gui_local_reports': 'enable', - 'gui_multicast_policy': 'enable', - 'gui_multiple_interface_policy': 'enable', - 'gui_multiple_utm_profiles': 'enable', - 'gui_nat46_64': 'enable', - 'gui_object_colors': 'enable', - 'gui_policy_based_ipsec': 'enable', - 'gui_policy_learning': 'enable', - 'gui_replacement_message_groups': 'enable', - 'gui_spamfilter': 'enable', - 'gui_sslvpn_personal_bookmarks': 'enable', - 'gui_sslvpn_realms': 'enable', - 'gui_switch_controller': 'enable', - 'gui_threat_weight': 'enable', - 'gui_traffic_shaping': 'enable', - 'gui_voip_profile': 'enable', - 'gui_vpn': 'enable', - 'gui_waf_profile': 'enable', - 'gui_wan_load_balancing': 'enable', - 'gui_wanopt_cache': 'enable', - 'gui_webfilter': 'enable', - 'gui_webfilter_advanced': 'enable', - 'gui_wireless_controller': 'enable', - 'http_external_dest': 'fortiweb', - 'ike_dn_format': 'with-space', - 'ike_quick_crash_detect': 'enable', - 'ike_session_resume': 'enable', - 'implicit_allow_dns': 'enable', - 'inspection_mode': 'proxy', - 'ip': 'test_value_84', - 'ip6': 'test_value_85', - 'link_down_access': 'enable', - 'lldp_transmission': 'enable', - 'mac_ttl': '88', - 'manageip': 'test_value_89', - 'manageip6': 'test_value_90', - 'multicast_forward': 'enable', - 'multicast_skip_policy': 'enable', - 'multicast_ttl_notchange': 'enable', - 'ngfw_mode': 'profile-based', - 'opmode': 'nat', - 'prp_trailer_action': 'enable', - 'sccp_port': '97', - 'ses_denied_traffic': 'enable', - 'sip_helper': 'enable', - 'sip_nat_trace': 'enable', - 'sip_ssl_port': '101', - 'sip_tcp_port': '102', - 'sip_udp_port': '103', - 'snat_hairpin_traffic': 'enable', - 'ssl_ssh_profile': 'test_value_105', - 'status': 'enable', - 'strict_src_check': 'enable', - 'tcp_session_without_syn': 'enable', - 'utf8_spam_tagging': 'enable', - 'v4_ecmp_mode': 'source-ip-based', - 'vpn_stats_log': 'ipsec', - 'vpn_stats_period': '112', - 'wccp_cache_engine': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_settings.fortios_system(input_data, fos_instance) - - expected_data = { - 'allow-linkdown-path': 'enable', - 'allow-subnet-overlap': 'enable', - 'asymroute': 'enable', - 'asymroute-icmp': 'enable', - 'asymroute6': 'enable', - 'asymroute6-icmp': 'enable', - 'bfd': 'enable', - 'bfd-desired-min-tx': '10', - 'bfd-detect-mult': '11', - 'bfd-dont-enforce-src-port': 'enable', - 'bfd-required-min-rx': '13', - 'block-land-attack': 'disable', - 'central-nat': 'enable', - 'comments': 'test_value_16', - 'compliance-check': 'enable', - 'default-voip-alg-mode': 'proxy-based', - 'deny-tcp-with-icmp': 'enable', - 'device': 'test_value_20', - 'dhcp-proxy': 'enable', - 'dhcp-server-ip': 'test_value_22', - 'dhcp6-server-ip': 'test_value_23', - 'discovered-device-timeout': '24', - 'ecmp-max-paths': '25', - 'email-portal-check-dns': 'disable', - 'firewall-session-dirty': 'check-all', - 'fw-session-hairpin': 'enable', - 'gateway': 'test_value_29', - 'gateway6': 'test_value_30', - 'gui-advanced-policy': 'enable', - 'gui-allow-unnamed-policy': 'enable', - 'gui-antivirus': 'enable', - 'gui-ap-profile': 'enable', - 'gui-application-control': 'enable', - 'gui-dhcp-advanced': 'enable', - 'gui-dlp': 'enable', - 'gui-dns-database': 'enable', - 'gui-dnsfilter': 'enable', - 'gui-domain-ip-reputation': 'enable', - 'gui-dos-policy': 'enable', - 'gui-dynamic-profile-display': 'enable', - 'gui-dynamic-routing': 'enable', - 'gui-email-collection': 'enable', - 'gui-endpoint-control': 'enable', - 'gui-endpoint-control-advanced': 'enable', - 'gui-explicit-proxy': 'enable', - 'gui-fortiap-split-tunneling': 'enable', - 'gui-fortiextender-controller': 'enable', - 'gui-icap': 'enable', - 'gui-implicit-policy': 'enable', - 'gui-ips': 'enable', - 'gui-load-balance': 'enable', - 'gui-local-in-policy': 'enable', - 'gui-local-reports': 'enable', - 'gui-multicast-policy': 'enable', - 'gui-multiple-interface-policy': 'enable', - 'gui-multiple-utm-profiles': 'enable', - 'gui-nat46-64': 'enable', - 'gui-object-colors': 'enable', - 'gui-policy-based-ipsec': 'enable', - 'gui-policy-learning': 'enable', - 'gui-replacement-message-groups': 'enable', - 'gui-spamfilter': 'enable', - 'gui-sslvpn-personal-bookmarks': 'enable', - 'gui-sslvpn-realms': 'enable', - 'gui-switch-controller': 'enable', - 'gui-threat-weight': 'enable', - 'gui-traffic-shaping': 'enable', - 'gui-voip-profile': 'enable', - 'gui-vpn': 'enable', - 'gui-waf-profile': 'enable', - 'gui-wan-load-balancing': 'enable', - 'gui-wanopt-cache': 'enable', - 'gui-webfilter': 'enable', - 'gui-webfilter-advanced': 'enable', - 'gui-wireless-controller': 'enable', - 'http-external-dest': 'fortiweb', - 'ike-dn-format': 'with-space', - 'ike-quick-crash-detect': 'enable', - 'ike-session-resume': 'enable', - 'implicit-allow-dns': 'enable', - 'inspection-mode': 'proxy', - 'ip': 'test_value_84', - 'ip6': 'test_value_85', - 'link-down-access': 'enable', - 'lldp-transmission': 'enable', - 'mac-ttl': '88', - 'manageip': 'test_value_89', - 'manageip6': 'test_value_90', - 'multicast-forward': 'enable', - 'multicast-skip-policy': 'enable', - 'multicast-ttl-notchange': 'enable', - 'ngfw-mode': 'profile-based', - 'opmode': 'nat', - 'prp-trailer-action': 'enable', - 'sccp-port': '97', - 'ses-denied-traffic': 'enable', - 'sip-helper': 'enable', - 'sip-nat-trace': 'enable', - 'sip-ssl-port': '101', - 'sip-tcp-port': '102', - 'sip-udp-port': '103', - 'snat-hairpin-traffic': 'enable', - 'ssl-ssh-profile': 'test_value_105', - 'status': 'enable', - 'strict-src-check': 'enable', - 'tcp-session-without-syn': 'enable', - 'utf8-spam-tagging': 'enable', - 'v4-ecmp-mode': 'source-ip-based', - 'vpn-stats-log': 'ipsec', - 'vpn-stats-period': '112', - 'wccp-cache-engine': 'enable' - } - - set_method_mock.assert_called_with('system', 'settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_settings_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_settings': { - 'random_attribute_not_valid': 'tag', - 'allow_linkdown_path': 'enable', - 'allow_subnet_overlap': 'enable', - 'asymroute': 'enable', - 'asymroute_icmp': 'enable', - 'asymroute6': 'enable', - 'asymroute6_icmp': 'enable', - 'bfd': 'enable', - 'bfd_desired_min_tx': '10', - 'bfd_detect_mult': '11', - 'bfd_dont_enforce_src_port': 'enable', - 'bfd_required_min_rx': '13', - 'block_land_attack': 'disable', - 'central_nat': 'enable', - 'comments': 'test_value_16', - 'compliance_check': 'enable', - 'default_voip_alg_mode': 'proxy-based', - 'deny_tcp_with_icmp': 'enable', - 'device': 'test_value_20', - 'dhcp_proxy': 'enable', - 'dhcp_server_ip': 'test_value_22', - 'dhcp6_server_ip': 'test_value_23', - 'discovered_device_timeout': '24', - 'ecmp_max_paths': '25', - 'email_portal_check_dns': 'disable', - 'firewall_session_dirty': 'check-all', - 'fw_session_hairpin': 'enable', - 'gateway': 'test_value_29', - 'gateway6': 'test_value_30', - 'gui_advanced_policy': 'enable', - 'gui_allow_unnamed_policy': 'enable', - 'gui_antivirus': 'enable', - 'gui_ap_profile': 'enable', - 'gui_application_control': 'enable', - 'gui_dhcp_advanced': 'enable', - 'gui_dlp': 'enable', - 'gui_dns_database': 'enable', - 'gui_dnsfilter': 'enable', - 'gui_domain_ip_reputation': 'enable', - 'gui_dos_policy': 'enable', - 'gui_dynamic_profile_display': 'enable', - 'gui_dynamic_routing': 'enable', - 'gui_email_collection': 'enable', - 'gui_endpoint_control': 'enable', - 'gui_endpoint_control_advanced': 'enable', - 'gui_explicit_proxy': 'enable', - 'gui_fortiap_split_tunneling': 'enable', - 'gui_fortiextender_controller': 'enable', - 'gui_icap': 'enable', - 'gui_implicit_policy': 'enable', - 'gui_ips': 'enable', - 'gui_load_balance': 'enable', - 'gui_local_in_policy': 'enable', - 'gui_local_reports': 'enable', - 'gui_multicast_policy': 'enable', - 'gui_multiple_interface_policy': 'enable', - 'gui_multiple_utm_profiles': 'enable', - 'gui_nat46_64': 'enable', - 'gui_object_colors': 'enable', - 'gui_policy_based_ipsec': 'enable', - 'gui_policy_learning': 'enable', - 'gui_replacement_message_groups': 'enable', - 'gui_spamfilter': 'enable', - 'gui_sslvpn_personal_bookmarks': 'enable', - 'gui_sslvpn_realms': 'enable', - 'gui_switch_controller': 'enable', - 'gui_threat_weight': 'enable', - 'gui_traffic_shaping': 'enable', - 'gui_voip_profile': 'enable', - 'gui_vpn': 'enable', - 'gui_waf_profile': 'enable', - 'gui_wan_load_balancing': 'enable', - 'gui_wanopt_cache': 'enable', - 'gui_webfilter': 'enable', - 'gui_webfilter_advanced': 'enable', - 'gui_wireless_controller': 'enable', - 'http_external_dest': 'fortiweb', - 'ike_dn_format': 'with-space', - 'ike_quick_crash_detect': 'enable', - 'ike_session_resume': 'enable', - 'implicit_allow_dns': 'enable', - 'inspection_mode': 'proxy', - 'ip': 'test_value_84', - 'ip6': 'test_value_85', - 'link_down_access': 'enable', - 'lldp_transmission': 'enable', - 'mac_ttl': '88', - 'manageip': 'test_value_89', - 'manageip6': 'test_value_90', - 'multicast_forward': 'enable', - 'multicast_skip_policy': 'enable', - 'multicast_ttl_notchange': 'enable', - 'ngfw_mode': 'profile-based', - 'opmode': 'nat', - 'prp_trailer_action': 'enable', - 'sccp_port': '97', - 'ses_denied_traffic': 'enable', - 'sip_helper': 'enable', - 'sip_nat_trace': 'enable', - 'sip_ssl_port': '101', - 'sip_tcp_port': '102', - 'sip_udp_port': '103', - 'snat_hairpin_traffic': 'enable', - 'ssl_ssh_profile': 'test_value_105', - 'status': 'enable', - 'strict_src_check': 'enable', - 'tcp_session_without_syn': 'enable', - 'utf8_spam_tagging': 'enable', - 'v4_ecmp_mode': 'source-ip-based', - 'vpn_stats_log': 'ipsec', - 'vpn_stats_period': '112', - 'wccp_cache_engine': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_settings.fortios_system(input_data, fos_instance) - - expected_data = { - 'allow-linkdown-path': 'enable', - 'allow-subnet-overlap': 'enable', - 'asymroute': 'enable', - 'asymroute-icmp': 'enable', - 'asymroute6': 'enable', - 'asymroute6-icmp': 'enable', - 'bfd': 'enable', - 'bfd-desired-min-tx': '10', - 'bfd-detect-mult': '11', - 'bfd-dont-enforce-src-port': 'enable', - 'bfd-required-min-rx': '13', - 'block-land-attack': 'disable', - 'central-nat': 'enable', - 'comments': 'test_value_16', - 'compliance-check': 'enable', - 'default-voip-alg-mode': 'proxy-based', - 'deny-tcp-with-icmp': 'enable', - 'device': 'test_value_20', - 'dhcp-proxy': 'enable', - 'dhcp-server-ip': 'test_value_22', - 'dhcp6-server-ip': 'test_value_23', - 'discovered-device-timeout': '24', - 'ecmp-max-paths': '25', - 'email-portal-check-dns': 'disable', - 'firewall-session-dirty': 'check-all', - 'fw-session-hairpin': 'enable', - 'gateway': 'test_value_29', - 'gateway6': 'test_value_30', - 'gui-advanced-policy': 'enable', - 'gui-allow-unnamed-policy': 'enable', - 'gui-antivirus': 'enable', - 'gui-ap-profile': 'enable', - 'gui-application-control': 'enable', - 'gui-dhcp-advanced': 'enable', - 'gui-dlp': 'enable', - 'gui-dns-database': 'enable', - 'gui-dnsfilter': 'enable', - 'gui-domain-ip-reputation': 'enable', - 'gui-dos-policy': 'enable', - 'gui-dynamic-profile-display': 'enable', - 'gui-dynamic-routing': 'enable', - 'gui-email-collection': 'enable', - 'gui-endpoint-control': 'enable', - 'gui-endpoint-control-advanced': 'enable', - 'gui-explicit-proxy': 'enable', - 'gui-fortiap-split-tunneling': 'enable', - 'gui-fortiextender-controller': 'enable', - 'gui-icap': 'enable', - 'gui-implicit-policy': 'enable', - 'gui-ips': 'enable', - 'gui-load-balance': 'enable', - 'gui-local-in-policy': 'enable', - 'gui-local-reports': 'enable', - 'gui-multicast-policy': 'enable', - 'gui-multiple-interface-policy': 'enable', - 'gui-multiple-utm-profiles': 'enable', - 'gui-nat46-64': 'enable', - 'gui-object-colors': 'enable', - 'gui-policy-based-ipsec': 'enable', - 'gui-policy-learning': 'enable', - 'gui-replacement-message-groups': 'enable', - 'gui-spamfilter': 'enable', - 'gui-sslvpn-personal-bookmarks': 'enable', - 'gui-sslvpn-realms': 'enable', - 'gui-switch-controller': 'enable', - 'gui-threat-weight': 'enable', - 'gui-traffic-shaping': 'enable', - 'gui-voip-profile': 'enable', - 'gui-vpn': 'enable', - 'gui-waf-profile': 'enable', - 'gui-wan-load-balancing': 'enable', - 'gui-wanopt-cache': 'enable', - 'gui-webfilter': 'enable', - 'gui-webfilter-advanced': 'enable', - 'gui-wireless-controller': 'enable', - 'http-external-dest': 'fortiweb', - 'ike-dn-format': 'with-space', - 'ike-quick-crash-detect': 'enable', - 'ike-session-resume': 'enable', - 'implicit-allow-dns': 'enable', - 'inspection-mode': 'proxy', - 'ip': 'test_value_84', - 'ip6': 'test_value_85', - 'link-down-access': 'enable', - 'lldp-transmission': 'enable', - 'mac-ttl': '88', - 'manageip': 'test_value_89', - 'manageip6': 'test_value_90', - 'multicast-forward': 'enable', - 'multicast-skip-policy': 'enable', - 'multicast-ttl-notchange': 'enable', - 'ngfw-mode': 'profile-based', - 'opmode': 'nat', - 'prp-trailer-action': 'enable', - 'sccp-port': '97', - 'ses-denied-traffic': 'enable', - 'sip-helper': 'enable', - 'sip-nat-trace': 'enable', - 'sip-ssl-port': '101', - 'sip-tcp-port': '102', - 'sip-udp-port': '103', - 'snat-hairpin-traffic': 'enable', - 'ssl-ssh-profile': 'test_value_105', - 'status': 'enable', - 'strict-src-check': 'enable', - 'tcp-session-without-syn': 'enable', - 'utf8-spam-tagging': 'enable', - 'v4-ecmp-mode': 'source-ip-based', - 'vpn-stats-log': 'ipsec', - 'vpn-stats-period': '112', - 'wccp-cache-engine': 'enable' - } - - set_method_mock.assert_called_with('system', 'settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_sflow.py b/test/units/modules/network/fortios/test_fortios_system_sflow.py deleted file mode 100644 index 20ba2b3f205..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_sflow.py +++ /dev/null @@ -1,167 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_sflow -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_sflow.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_sflow_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_sflow': { - 'collector_ip': 'test_value_3', - 'collector_port': '4', - 'source_ip': '84.230.14.5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_sflow.fortios_system(input_data, fos_instance) - - expected_data = { - 'collector-ip': 'test_value_3', - 'collector-port': '4', - 'source-ip': '84.230.14.5' - } - - set_method_mock.assert_called_with('system', 'sflow', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_sflow_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_sflow': { - 'collector_ip': 'test_value_3', - 'collector_port': '4', - 'source_ip': '84.230.14.5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_sflow.fortios_system(input_data, fos_instance) - - expected_data = { - 'collector-ip': 'test_value_3', - 'collector-port': '4', - 'source-ip': '84.230.14.5' - } - - set_method_mock.assert_called_with('system', 'sflow', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_sflow_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_sflow': { - 'collector_ip': 'test_value_3', - 'collector_port': '4', - 'source_ip': '84.230.14.5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_sflow.fortios_system(input_data, fos_instance) - - expected_data = { - 'collector-ip': 'test_value_3', - 'collector-port': '4', - 'source-ip': '84.230.14.5' - } - - set_method_mock.assert_called_with('system', 'sflow', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_sflow_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_sflow': { - 'random_attribute_not_valid': 'tag', - 'collector_ip': 'test_value_3', - 'collector_port': '4', - 'source_ip': '84.230.14.5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_sflow.fortios_system(input_data, fos_instance) - - expected_data = { - 'collector-ip': 'test_value_3', - 'collector-port': '4', - 'source-ip': '84.230.14.5' - } - - set_method_mock.assert_called_with('system', 'sflow', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_sit_tunnel.py b/test/units/modules/network/fortios/test_fortios_system_sit_tunnel.py deleted file mode 100644 index 1fac5729452..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_sit_tunnel.py +++ /dev/null @@ -1,239 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_sit_tunnel -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_sit_tunnel.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_sit_tunnel_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_sit_tunnel': { - 'destination': 'test_value_3', - 'interface': 'test_value_4', - 'ip6': 'test_value_5', - 'name': 'default_name_6', - 'source': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_sit_tunnel.fortios_system(input_data, fos_instance) - - expected_data = { - 'destination': 'test_value_3', - 'interface': 'test_value_4', - 'ip6': 'test_value_5', - 'name': 'default_name_6', - 'source': 'test_value_7' - } - - set_method_mock.assert_called_with('system', 'sit-tunnel', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_sit_tunnel_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_sit_tunnel': { - 'destination': 'test_value_3', - 'interface': 'test_value_4', - 'ip6': 'test_value_5', - 'name': 'default_name_6', - 'source': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_sit_tunnel.fortios_system(input_data, fos_instance) - - expected_data = { - 'destination': 'test_value_3', - 'interface': 'test_value_4', - 'ip6': 'test_value_5', - 'name': 'default_name_6', - 'source': 'test_value_7' - } - - set_method_mock.assert_called_with('system', 'sit-tunnel', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_sit_tunnel_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_sit_tunnel': { - 'destination': 'test_value_3', - 'interface': 'test_value_4', - 'ip6': 'test_value_5', - 'name': 'default_name_6', - 'source': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_sit_tunnel.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'sit-tunnel', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_sit_tunnel_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_sit_tunnel': { - 'destination': 'test_value_3', - 'interface': 'test_value_4', - 'ip6': 'test_value_5', - 'name': 'default_name_6', - 'source': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_sit_tunnel.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'sit-tunnel', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_sit_tunnel_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_sit_tunnel': { - 'destination': 'test_value_3', - 'interface': 'test_value_4', - 'ip6': 'test_value_5', - 'name': 'default_name_6', - 'source': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_sit_tunnel.fortios_system(input_data, fos_instance) - - expected_data = { - 'destination': 'test_value_3', - 'interface': 'test_value_4', - 'ip6': 'test_value_5', - 'name': 'default_name_6', - 'source': 'test_value_7' - } - - set_method_mock.assert_called_with('system', 'sit-tunnel', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_sit_tunnel_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_sit_tunnel': { - 'random_attribute_not_valid': 'tag', - 'destination': 'test_value_3', - 'interface': 'test_value_4', - 'ip6': 'test_value_5', - 'name': 'default_name_6', - 'source': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_sit_tunnel.fortios_system(input_data, fos_instance) - - expected_data = { - 'destination': 'test_value_3', - 'interface': 'test_value_4', - 'ip6': 'test_value_5', - 'name': 'default_name_6', - 'source': 'test_value_7' - } - - set_method_mock.assert_called_with('system', 'sit-tunnel', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_sms_server.py b/test/units/modules/network/fortios/test_fortios_system_sms_server.py deleted file mode 100644 index 350db03c3a0..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_sms_server.py +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_sms_server -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_sms_server.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_sms_server_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_sms_server': { - 'mail_server': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_sms_server.fortios_system(input_data, fos_instance) - - expected_data = { - 'mail-server': 'test_value_3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('system', 'sms-server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_sms_server_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_sms_server': { - 'mail_server': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_sms_server.fortios_system(input_data, fos_instance) - - expected_data = { - 'mail-server': 'test_value_3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('system', 'sms-server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_sms_server_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_sms_server': { - 'mail_server': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_sms_server.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'sms-server', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_sms_server_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_sms_server': { - 'mail_server': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_sms_server.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'sms-server', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_sms_server_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_sms_server': { - 'mail_server': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_sms_server.fortios_system(input_data, fos_instance) - - expected_data = { - 'mail-server': 'test_value_3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('system', 'sms-server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_sms_server_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_sms_server': { - 'random_attribute_not_valid': 'tag', - 'mail_server': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_sms_server.fortios_system(input_data, fos_instance) - - expected_data = { - 'mail-server': 'test_value_3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('system', 'sms-server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_snmp_community.py b/test/units/modules/network/fortios/test_fortios_system_snmp_community.py deleted file mode 100644 index e3c39a45b04..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_snmp_community.py +++ /dev/null @@ -1,329 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_snmp_community -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_snmp_community.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_snmp_community_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_snmp_community': { - 'events': 'cpu-high', - 'id': '4', - 'name': 'default_name_5', - 'query_v1_port': '6', - 'query_v1_status': 'enable', - 'query_v2c_port': '8', - 'query_v2c_status': 'enable', - 'status': 'enable', - 'trap_v1_lport': '11', - 'trap_v1_rport': '12', - 'trap_v1_status': 'enable', - 'trap_v2c_lport': '14', - 'trap_v2c_rport': '15', - 'trap_v2c_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_snmp_community.fortios_system_snmp(input_data, fos_instance) - - expected_data = { - 'events': 'cpu-high', - 'id': '4', - 'name': 'default_name_5', - 'query-v1-port': '6', - 'query-v1-status': 'enable', - 'query-v2c-port': '8', - 'query-v2c-status': 'enable', - 'status': 'enable', - 'trap-v1-lport': '11', - 'trap-v1-rport': '12', - 'trap-v1-status': 'enable', - 'trap-v2c-lport': '14', - 'trap-v2c-rport': '15', - 'trap-v2c-status': 'enable' - } - - set_method_mock.assert_called_with('system.snmp', 'community', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_snmp_community_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_snmp_community': { - 'events': 'cpu-high', - 'id': '4', - 'name': 'default_name_5', - 'query_v1_port': '6', - 'query_v1_status': 'enable', - 'query_v2c_port': '8', - 'query_v2c_status': 'enable', - 'status': 'enable', - 'trap_v1_lport': '11', - 'trap_v1_rport': '12', - 'trap_v1_status': 'enable', - 'trap_v2c_lport': '14', - 'trap_v2c_rport': '15', - 'trap_v2c_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_snmp_community.fortios_system_snmp(input_data, fos_instance) - - expected_data = { - 'events': 'cpu-high', - 'id': '4', - 'name': 'default_name_5', - 'query-v1-port': '6', - 'query-v1-status': 'enable', - 'query-v2c-port': '8', - 'query-v2c-status': 'enable', - 'status': 'enable', - 'trap-v1-lport': '11', - 'trap-v1-rport': '12', - 'trap-v1-status': 'enable', - 'trap-v2c-lport': '14', - 'trap-v2c-rport': '15', - 'trap-v2c-status': 'enable' - } - - set_method_mock.assert_called_with('system.snmp', 'community', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_snmp_community_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_snmp_community': { - 'events': 'cpu-high', - 'id': '4', - 'name': 'default_name_5', - 'query_v1_port': '6', - 'query_v1_status': 'enable', - 'query_v2c_port': '8', - 'query_v2c_status': 'enable', - 'status': 'enable', - 'trap_v1_lport': '11', - 'trap_v1_rport': '12', - 'trap_v1_status': 'enable', - 'trap_v2c_lport': '14', - 'trap_v2c_rport': '15', - 'trap_v2c_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_snmp_community.fortios_system_snmp(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.snmp', 'community', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_snmp_community_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_snmp_community': { - 'events': 'cpu-high', - 'id': '4', - 'name': 'default_name_5', - 'query_v1_port': '6', - 'query_v1_status': 'enable', - 'query_v2c_port': '8', - 'query_v2c_status': 'enable', - 'status': 'enable', - 'trap_v1_lport': '11', - 'trap_v1_rport': '12', - 'trap_v1_status': 'enable', - 'trap_v2c_lport': '14', - 'trap_v2c_rport': '15', - 'trap_v2c_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_snmp_community.fortios_system_snmp(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.snmp', 'community', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_snmp_community_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_snmp_community': { - 'events': 'cpu-high', - 'id': '4', - 'name': 'default_name_5', - 'query_v1_port': '6', - 'query_v1_status': 'enable', - 'query_v2c_port': '8', - 'query_v2c_status': 'enable', - 'status': 'enable', - 'trap_v1_lport': '11', - 'trap_v1_rport': '12', - 'trap_v1_status': 'enable', - 'trap_v2c_lport': '14', - 'trap_v2c_rport': '15', - 'trap_v2c_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_snmp_community.fortios_system_snmp(input_data, fos_instance) - - expected_data = { - 'events': 'cpu-high', - 'id': '4', - 'name': 'default_name_5', - 'query-v1-port': '6', - 'query-v1-status': 'enable', - 'query-v2c-port': '8', - 'query-v2c-status': 'enable', - 'status': 'enable', - 'trap-v1-lport': '11', - 'trap-v1-rport': '12', - 'trap-v1-status': 'enable', - 'trap-v2c-lport': '14', - 'trap-v2c-rport': '15', - 'trap-v2c-status': 'enable' - } - - set_method_mock.assert_called_with('system.snmp', 'community', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_snmp_community_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_snmp_community': { - 'random_attribute_not_valid': 'tag', - 'events': 'cpu-high', - 'id': '4', - 'name': 'default_name_5', - 'query_v1_port': '6', - 'query_v1_status': 'enable', - 'query_v2c_port': '8', - 'query_v2c_status': 'enable', - 'status': 'enable', - 'trap_v1_lport': '11', - 'trap_v1_rport': '12', - 'trap_v1_status': 'enable', - 'trap_v2c_lport': '14', - 'trap_v2c_rport': '15', - 'trap_v2c_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_snmp_community.fortios_system_snmp(input_data, fos_instance) - - expected_data = { - 'events': 'cpu-high', - 'id': '4', - 'name': 'default_name_5', - 'query-v1-port': '6', - 'query-v1-status': 'enable', - 'query-v2c-port': '8', - 'query-v2c-status': 'enable', - 'status': 'enable', - 'trap-v1-lport': '11', - 'trap-v1-rport': '12', - 'trap-v1-status': 'enable', - 'trap-v2c-lport': '14', - 'trap-v2c-rport': '15', - 'trap-v2c-status': 'enable' - } - - set_method_mock.assert_called_with('system.snmp', 'community', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_snmp_sysinfo.py b/test/units/modules/network/fortios/test_fortios_system_snmp_sysinfo.py deleted file mode 100644 index 1c6ea0c2ec5..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_snmp_sysinfo.py +++ /dev/null @@ -1,207 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_snmp_sysinfo -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_snmp_sysinfo.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_snmp_sysinfo_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_snmp_sysinfo': { - 'contact_info': 'test_value_3', - 'description': 'test_value_4', - 'engine_id': 'test_value_5', - 'location': 'test_value_6', - 'status': 'enable', - 'trap_high_cpu_threshold': '8', - 'trap_log_full_threshold': '9', - 'trap_low_memory_threshold': '10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_snmp_sysinfo.fortios_system_snmp(input_data, fos_instance) - - expected_data = { - 'contact-info': 'test_value_3', - 'description': 'test_value_4', - 'engine-id': 'test_value_5', - 'location': 'test_value_6', - 'status': 'enable', - 'trap-high-cpu-threshold': '8', - 'trap-log-full-threshold': '9', - 'trap-low-memory-threshold': '10' - } - - set_method_mock.assert_called_with('system.snmp', 'sysinfo', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_snmp_sysinfo_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_snmp_sysinfo': { - 'contact_info': 'test_value_3', - 'description': 'test_value_4', - 'engine_id': 'test_value_5', - 'location': 'test_value_6', - 'status': 'enable', - 'trap_high_cpu_threshold': '8', - 'trap_log_full_threshold': '9', - 'trap_low_memory_threshold': '10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_snmp_sysinfo.fortios_system_snmp(input_data, fos_instance) - - expected_data = { - 'contact-info': 'test_value_3', - 'description': 'test_value_4', - 'engine-id': 'test_value_5', - 'location': 'test_value_6', - 'status': 'enable', - 'trap-high-cpu-threshold': '8', - 'trap-log-full-threshold': '9', - 'trap-low-memory-threshold': '10' - } - - set_method_mock.assert_called_with('system.snmp', 'sysinfo', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_snmp_sysinfo_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_snmp_sysinfo': { - 'contact_info': 'test_value_3', - 'description': 'test_value_4', - 'engine_id': 'test_value_5', - 'location': 'test_value_6', - 'status': 'enable', - 'trap_high_cpu_threshold': '8', - 'trap_log_full_threshold': '9', - 'trap_low_memory_threshold': '10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_snmp_sysinfo.fortios_system_snmp(input_data, fos_instance) - - expected_data = { - 'contact-info': 'test_value_3', - 'description': 'test_value_4', - 'engine-id': 'test_value_5', - 'location': 'test_value_6', - 'status': 'enable', - 'trap-high-cpu-threshold': '8', - 'trap-log-full-threshold': '9', - 'trap-low-memory-threshold': '10' - } - - set_method_mock.assert_called_with('system.snmp', 'sysinfo', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_snmp_sysinfo_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_snmp_sysinfo': { - 'random_attribute_not_valid': 'tag', - 'contact_info': 'test_value_3', - 'description': 'test_value_4', - 'engine_id': 'test_value_5', - 'location': 'test_value_6', - 'status': 'enable', - 'trap_high_cpu_threshold': '8', - 'trap_log_full_threshold': '9', - 'trap_low_memory_threshold': '10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_snmp_sysinfo.fortios_system_snmp(input_data, fos_instance) - - expected_data = { - 'contact-info': 'test_value_3', - 'description': 'test_value_4', - 'engine-id': 'test_value_5', - 'location': 'test_value_6', - 'status': 'enable', - 'trap-high-cpu-threshold': '8', - 'trap-log-full-threshold': '9', - 'trap-low-memory-threshold': '10' - } - - set_method_mock.assert_called_with('system.snmp', 'sysinfo', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_snmp_user.py b/test/units/modules/network/fortios/test_fortios_system_snmp_user.py deleted file mode 100644 index 07488cf9f4a..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_snmp_user.py +++ /dev/null @@ -1,339 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_snmp_user -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_snmp_user.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_snmp_user_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_snmp_user': { - 'auth_proto': 'md5', - 'auth_pwd': 'test_value_4', - 'ha_direct': 'enable', - 'name': 'default_name_6', - 'priv_proto': 'aes', - 'priv_pwd': 'test_value_8', - 'queries': 'enable', - 'query_port': '10', - 'security_level': 'no-auth-no-priv', - 'source_ip': '84.230.14.12', - 'source_ipv6': 'test_value_13', - 'status': 'enable', - 'trap_lport': '15', - 'trap_rport': '16', - 'trap_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_snmp_user.fortios_system_snmp(input_data, fos_instance) - - expected_data = { - 'auth-proto': 'md5', - 'auth-pwd': 'test_value_4', - 'ha-direct': 'enable', - 'name': 'default_name_6', - 'priv-proto': 'aes', - 'priv-pwd': 'test_value_8', - 'queries': 'enable', - 'query-port': '10', - 'security-level': 'no-auth-no-priv', - 'source-ip': '84.230.14.12', - 'source-ipv6': 'test_value_13', - 'status': 'enable', - 'trap-lport': '15', - 'trap-rport': '16', - 'trap-status': 'enable' - } - - set_method_mock.assert_called_with('system.snmp', 'user', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_snmp_user_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_snmp_user': { - 'auth_proto': 'md5', - 'auth_pwd': 'test_value_4', - 'ha_direct': 'enable', - 'name': 'default_name_6', - 'priv_proto': 'aes', - 'priv_pwd': 'test_value_8', - 'queries': 'enable', - 'query_port': '10', - 'security_level': 'no-auth-no-priv', - 'source_ip': '84.230.14.12', - 'source_ipv6': 'test_value_13', - 'status': 'enable', - 'trap_lport': '15', - 'trap_rport': '16', - 'trap_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_snmp_user.fortios_system_snmp(input_data, fos_instance) - - expected_data = { - 'auth-proto': 'md5', - 'auth-pwd': 'test_value_4', - 'ha-direct': 'enable', - 'name': 'default_name_6', - 'priv-proto': 'aes', - 'priv-pwd': 'test_value_8', - 'queries': 'enable', - 'query-port': '10', - 'security-level': 'no-auth-no-priv', - 'source-ip': '84.230.14.12', - 'source-ipv6': 'test_value_13', - 'status': 'enable', - 'trap-lport': '15', - 'trap-rport': '16', - 'trap-status': 'enable' - } - - set_method_mock.assert_called_with('system.snmp', 'user', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_snmp_user_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_snmp_user': { - 'auth_proto': 'md5', - 'auth_pwd': 'test_value_4', - 'ha_direct': 'enable', - 'name': 'default_name_6', - 'priv_proto': 'aes', - 'priv_pwd': 'test_value_8', - 'queries': 'enable', - 'query_port': '10', - 'security_level': 'no-auth-no-priv', - 'source_ip': '84.230.14.12', - 'source_ipv6': 'test_value_13', - 'status': 'enable', - 'trap_lport': '15', - 'trap_rport': '16', - 'trap_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_snmp_user.fortios_system_snmp(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.snmp', 'user', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_snmp_user_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_snmp_user': { - 'auth_proto': 'md5', - 'auth_pwd': 'test_value_4', - 'ha_direct': 'enable', - 'name': 'default_name_6', - 'priv_proto': 'aes', - 'priv_pwd': 'test_value_8', - 'queries': 'enable', - 'query_port': '10', - 'security_level': 'no-auth-no-priv', - 'source_ip': '84.230.14.12', - 'source_ipv6': 'test_value_13', - 'status': 'enable', - 'trap_lport': '15', - 'trap_rport': '16', - 'trap_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_snmp_user.fortios_system_snmp(input_data, fos_instance) - - delete_method_mock.assert_called_with('system.snmp', 'user', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_snmp_user_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_snmp_user': { - 'auth_proto': 'md5', - 'auth_pwd': 'test_value_4', - 'ha_direct': 'enable', - 'name': 'default_name_6', - 'priv_proto': 'aes', - 'priv_pwd': 'test_value_8', - 'queries': 'enable', - 'query_port': '10', - 'security_level': 'no-auth-no-priv', - 'source_ip': '84.230.14.12', - 'source_ipv6': 'test_value_13', - 'status': 'enable', - 'trap_lport': '15', - 'trap_rport': '16', - 'trap_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_snmp_user.fortios_system_snmp(input_data, fos_instance) - - expected_data = { - 'auth-proto': 'md5', - 'auth-pwd': 'test_value_4', - 'ha-direct': 'enable', - 'name': 'default_name_6', - 'priv-proto': 'aes', - 'priv-pwd': 'test_value_8', - 'queries': 'enable', - 'query-port': '10', - 'security-level': 'no-auth-no-priv', - 'source-ip': '84.230.14.12', - 'source-ipv6': 'test_value_13', - 'status': 'enable', - 'trap-lport': '15', - 'trap-rport': '16', - 'trap-status': 'enable' - } - - set_method_mock.assert_called_with('system.snmp', 'user', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_snmp_user_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_snmp_user': { - 'random_attribute_not_valid': 'tag', - 'auth_proto': 'md5', - 'auth_pwd': 'test_value_4', - 'ha_direct': 'enable', - 'name': 'default_name_6', - 'priv_proto': 'aes', - 'priv_pwd': 'test_value_8', - 'queries': 'enable', - 'query_port': '10', - 'security_level': 'no-auth-no-priv', - 'source_ip': '84.230.14.12', - 'source_ipv6': 'test_value_13', - 'status': 'enable', - 'trap_lport': '15', - 'trap_rport': '16', - 'trap_status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_snmp_user.fortios_system_snmp(input_data, fos_instance) - - expected_data = { - 'auth-proto': 'md5', - 'auth-pwd': 'test_value_4', - 'ha-direct': 'enable', - 'name': 'default_name_6', - 'priv-proto': 'aes', - 'priv-pwd': 'test_value_8', - 'queries': 'enable', - 'query-port': '10', - 'security-level': 'no-auth-no-priv', - 'source-ip': '84.230.14.12', - 'source-ipv6': 'test_value_13', - 'status': 'enable', - 'trap-lport': '15', - 'trap-rport': '16', - 'trap-status': 'enable' - } - - set_method_mock.assert_called_with('system.snmp', 'user', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_storage.py b/test/units/modules/network/fortios/test_fortios_system_storage.py deleted file mode 100644 index 31988e0bbea..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_storage.py +++ /dev/null @@ -1,279 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_storage -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_storage.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_storage_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_storage': { - 'device': 'test_value_3', - 'media_status': 'enable', - 'name': 'default_name_5', - 'order': '6', - 'partition': 'test_value_7', - 'size': '8', - 'status': 'enable', - 'usage': 'log', - 'wanopt_mode': 'mix' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_storage.fortios_system(input_data, fos_instance) - - expected_data = { - 'device': 'test_value_3', - 'media-status': 'enable', - 'name': 'default_name_5', - 'order': '6', - 'partition': 'test_value_7', - 'size': '8', - 'status': 'enable', - 'usage': 'log', - 'wanopt-mode': 'mix' - } - - set_method_mock.assert_called_with('system', 'storage', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_storage_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_storage': { - 'device': 'test_value_3', - 'media_status': 'enable', - 'name': 'default_name_5', - 'order': '6', - 'partition': 'test_value_7', - 'size': '8', - 'status': 'enable', - 'usage': 'log', - 'wanopt_mode': 'mix' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_storage.fortios_system(input_data, fos_instance) - - expected_data = { - 'device': 'test_value_3', - 'media-status': 'enable', - 'name': 'default_name_5', - 'order': '6', - 'partition': 'test_value_7', - 'size': '8', - 'status': 'enable', - 'usage': 'log', - 'wanopt-mode': 'mix' - } - - set_method_mock.assert_called_with('system', 'storage', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_storage_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_storage': { - 'device': 'test_value_3', - 'media_status': 'enable', - 'name': 'default_name_5', - 'order': '6', - 'partition': 'test_value_7', - 'size': '8', - 'status': 'enable', - 'usage': 'log', - 'wanopt_mode': 'mix' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_storage.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'storage', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_storage_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_storage': { - 'device': 'test_value_3', - 'media_status': 'enable', - 'name': 'default_name_5', - 'order': '6', - 'partition': 'test_value_7', - 'size': '8', - 'status': 'enable', - 'usage': 'log', - 'wanopt_mode': 'mix' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_storage.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'storage', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_storage_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_storage': { - 'device': 'test_value_3', - 'media_status': 'enable', - 'name': 'default_name_5', - 'order': '6', - 'partition': 'test_value_7', - 'size': '8', - 'status': 'enable', - 'usage': 'log', - 'wanopt_mode': 'mix' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_storage.fortios_system(input_data, fos_instance) - - expected_data = { - 'device': 'test_value_3', - 'media-status': 'enable', - 'name': 'default_name_5', - 'order': '6', - 'partition': 'test_value_7', - 'size': '8', - 'status': 'enable', - 'usage': 'log', - 'wanopt-mode': 'mix' - } - - set_method_mock.assert_called_with('system', 'storage', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_storage_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_storage': { - 'random_attribute_not_valid': 'tag', - 'device': 'test_value_3', - 'media_status': 'enable', - 'name': 'default_name_5', - 'order': '6', - 'partition': 'test_value_7', - 'size': '8', - 'status': 'enable', - 'usage': 'log', - 'wanopt_mode': 'mix' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_storage.fortios_system(input_data, fos_instance) - - expected_data = { - 'device': 'test_value_3', - 'media-status': 'enable', - 'name': 'default_name_5', - 'order': '6', - 'partition': 'test_value_7', - 'size': '8', - 'status': 'enable', - 'usage': 'log', - 'wanopt-mode': 'mix' - } - - set_method_mock.assert_called_with('system', 'storage', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_switch_interface.py b/test/units/modules/network/fortios/test_fortios_system_switch_interface.py deleted file mode 100644 index db4bb7499f0..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_switch_interface.py +++ /dev/null @@ -1,259 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_switch_interface -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_switch_interface.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_switch_interface_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_switch_interface': { - 'intra_switch_policy': 'implicit', - 'name': 'default_name_4', - 'span': 'disable', - 'span_dest_port': 'test_value_6', - 'span_direction': 'rx', - 'type': 'switch', - 'vdom': 'test_value_9' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_switch_interface.fortios_system(input_data, fos_instance) - - expected_data = { - 'intra-switch-policy': 'implicit', - 'name': 'default_name_4', - 'span': 'disable', - 'span-dest-port': 'test_value_6', - 'span-direction': 'rx', - 'type': 'switch', - 'vdom': 'test_value_9' - } - - set_method_mock.assert_called_with('system', 'switch-interface', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_switch_interface_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_switch_interface': { - 'intra_switch_policy': 'implicit', - 'name': 'default_name_4', - 'span': 'disable', - 'span_dest_port': 'test_value_6', - 'span_direction': 'rx', - 'type': 'switch', - 'vdom': 'test_value_9' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_switch_interface.fortios_system(input_data, fos_instance) - - expected_data = { - 'intra-switch-policy': 'implicit', - 'name': 'default_name_4', - 'span': 'disable', - 'span-dest-port': 'test_value_6', - 'span-direction': 'rx', - 'type': 'switch', - 'vdom': 'test_value_9' - } - - set_method_mock.assert_called_with('system', 'switch-interface', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_switch_interface_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_switch_interface': { - 'intra_switch_policy': 'implicit', - 'name': 'default_name_4', - 'span': 'disable', - 'span_dest_port': 'test_value_6', - 'span_direction': 'rx', - 'type': 'switch', - 'vdom': 'test_value_9' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_switch_interface.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'switch-interface', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_switch_interface_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_switch_interface': { - 'intra_switch_policy': 'implicit', - 'name': 'default_name_4', - 'span': 'disable', - 'span_dest_port': 'test_value_6', - 'span_direction': 'rx', - 'type': 'switch', - 'vdom': 'test_value_9' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_switch_interface.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'switch-interface', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_switch_interface_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_switch_interface': { - 'intra_switch_policy': 'implicit', - 'name': 'default_name_4', - 'span': 'disable', - 'span_dest_port': 'test_value_6', - 'span_direction': 'rx', - 'type': 'switch', - 'vdom': 'test_value_9' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_switch_interface.fortios_system(input_data, fos_instance) - - expected_data = { - 'intra-switch-policy': 'implicit', - 'name': 'default_name_4', - 'span': 'disable', - 'span-dest-port': 'test_value_6', - 'span-direction': 'rx', - 'type': 'switch', - 'vdom': 'test_value_9' - } - - set_method_mock.assert_called_with('system', 'switch-interface', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_switch_interface_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_switch_interface': { - 'random_attribute_not_valid': 'tag', - 'intra_switch_policy': 'implicit', - 'name': 'default_name_4', - 'span': 'disable', - 'span_dest_port': 'test_value_6', - 'span_direction': 'rx', - 'type': 'switch', - 'vdom': 'test_value_9' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_switch_interface.fortios_system(input_data, fos_instance) - - expected_data = { - 'intra-switch-policy': 'implicit', - 'name': 'default_name_4', - 'span': 'disable', - 'span-dest-port': 'test_value_6', - 'span-direction': 'rx', - 'type': 'switch', - 'vdom': 'test_value_9' - } - - set_method_mock.assert_called_with('system', 'switch-interface', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_tos_based_priority.py b/test/units/modules/network/fortios/test_fortios_system_tos_based_priority.py deleted file mode 100644 index 2631debba9a..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_tos_based_priority.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_tos_based_priority -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_tos_based_priority.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_tos_based_priority_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_tos_based_priority': { - 'id': '3', - 'priority': 'low', - 'tos': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_tos_based_priority.fortios_system(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'priority': 'low', - 'tos': '5' - } - - set_method_mock.assert_called_with('system', 'tos-based-priority', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_tos_based_priority_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_tos_based_priority': { - 'id': '3', - 'priority': 'low', - 'tos': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_tos_based_priority.fortios_system(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'priority': 'low', - 'tos': '5' - } - - set_method_mock.assert_called_with('system', 'tos-based-priority', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_tos_based_priority_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_tos_based_priority': { - 'id': '3', - 'priority': 'low', - 'tos': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_tos_based_priority.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'tos-based-priority', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_tos_based_priority_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_tos_based_priority': { - 'id': '3', - 'priority': 'low', - 'tos': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_tos_based_priority.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'tos-based-priority', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_tos_based_priority_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_tos_based_priority': { - 'id': '3', - 'priority': 'low', - 'tos': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_tos_based_priority.fortios_system(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'priority': 'low', - 'tos': '5' - } - - set_method_mock.assert_called_with('system', 'tos-based-priority', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_tos_based_priority_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_tos_based_priority': { - 'random_attribute_not_valid': 'tag', - 'id': '3', - 'priority': 'low', - 'tos': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_tos_based_priority.fortios_system(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'priority': 'low', - 'tos': '5' - } - - set_method_mock.assert_called_with('system', 'tos-based-priority', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_vdom.py b/test/units/modules/network/fortios/test_fortios_system_vdom.py deleted file mode 100644 index 131f125ff06..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_vdom.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_vdom -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_vdom.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_vdom_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom': { - 'name': 'default_name_3', - 'short_name': 'test_value_4', - 'temporary': '5', - 'vcluster_id': '6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom.fortios_system(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'short-name': 'test_value_4', - 'temporary': '5', - 'vcluster-id': '6' - } - - set_method_mock.assert_called_with('system', 'vdom', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_vdom_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom': { - 'name': 'default_name_3', - 'short_name': 'test_value_4', - 'temporary': '5', - 'vcluster_id': '6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom.fortios_system(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'short-name': 'test_value_4', - 'temporary': '5', - 'vcluster-id': '6' - } - - set_method_mock.assert_called_with('system', 'vdom', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_vdom_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_vdom': { - 'name': 'default_name_3', - 'short_name': 'test_value_4', - 'temporary': '5', - 'vcluster_id': '6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'vdom', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_vdom_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_vdom': { - 'name': 'default_name_3', - 'short_name': 'test_value_4', - 'temporary': '5', - 'vcluster_id': '6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'vdom', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_vdom_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom': { - 'name': 'default_name_3', - 'short_name': 'test_value_4', - 'temporary': '5', - 'vcluster_id': '6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom.fortios_system(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'short-name': 'test_value_4', - 'temporary': '5', - 'vcluster-id': '6' - } - - set_method_mock.assert_called_with('system', 'vdom', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_vdom_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom': { - 'random_attribute_not_valid': 'tag', - 'name': 'default_name_3', - 'short_name': 'test_value_4', - 'temporary': '5', - 'vcluster_id': '6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom.fortios_system(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'short-name': 'test_value_4', - 'temporary': '5', - 'vcluster-id': '6' - } - - set_method_mock.assert_called_with('system', 'vdom', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_vdom_dns.py b/test/units/modules/network/fortios/test_fortios_system_vdom_dns.py deleted file mode 100644 index 35484cd53b1..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_vdom_dns.py +++ /dev/null @@ -1,191 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_vdom_dns -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_vdom_dns.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_vdom_dns_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom_dns': { - 'ip6_primary': 'test_value_3', - 'ip6_secondary': 'test_value_4', - 'primary': 'test_value_5', - 'secondary': 'test_value_6', - 'source_ip': '84.230.14.7', - 'vdom_dns': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_dns.fortios_system(input_data, fos_instance) - - expected_data = { - 'ip6-primary': 'test_value_3', - 'ip6-secondary': 'test_value_4', - 'primary': 'test_value_5', - 'secondary': 'test_value_6', - 'source-ip': '84.230.14.7', - 'vdom-dns': 'enable' - } - - set_method_mock.assert_called_with('system', 'vdom-dns', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_vdom_dns_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom_dns': { - 'ip6_primary': 'test_value_3', - 'ip6_secondary': 'test_value_4', - 'primary': 'test_value_5', - 'secondary': 'test_value_6', - 'source_ip': '84.230.14.7', - 'vdom_dns': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_dns.fortios_system(input_data, fos_instance) - - expected_data = { - 'ip6-primary': 'test_value_3', - 'ip6-secondary': 'test_value_4', - 'primary': 'test_value_5', - 'secondary': 'test_value_6', - 'source-ip': '84.230.14.7', - 'vdom-dns': 'enable' - } - - set_method_mock.assert_called_with('system', 'vdom-dns', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_vdom_dns_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom_dns': { - 'ip6_primary': 'test_value_3', - 'ip6_secondary': 'test_value_4', - 'primary': 'test_value_5', - 'secondary': 'test_value_6', - 'source_ip': '84.230.14.7', - 'vdom_dns': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_dns.fortios_system(input_data, fos_instance) - - expected_data = { - 'ip6-primary': 'test_value_3', - 'ip6-secondary': 'test_value_4', - 'primary': 'test_value_5', - 'secondary': 'test_value_6', - 'source-ip': '84.230.14.7', - 'vdom-dns': 'enable' - } - - set_method_mock.assert_called_with('system', 'vdom-dns', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_vdom_dns_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom_dns': { - 'random_attribute_not_valid': 'tag', - 'ip6_primary': 'test_value_3', - 'ip6_secondary': 'test_value_4', - 'primary': 'test_value_5', - 'secondary': 'test_value_6', - 'source_ip': '84.230.14.7', - 'vdom_dns': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_dns.fortios_system(input_data, fos_instance) - - expected_data = { - 'ip6-primary': 'test_value_3', - 'ip6-secondary': 'test_value_4', - 'primary': 'test_value_5', - 'secondary': 'test_value_6', - 'source-ip': '84.230.14.7', - 'vdom-dns': 'enable' - } - - set_method_mock.assert_called_with('system', 'vdom-dns', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_vdom_exception.py b/test/units/modules/network/fortios/test_fortios_system_vdom_exception.py deleted file mode 100644 index aecea72e75d..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_vdom_exception.py +++ /dev/null @@ -1,239 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_vdom_exception -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_vdom_exception.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_vdom_exception_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom_exception': { - 'id': '3', - 'object': 'log.fortianalyzer.setting', - 'oid': '5', - 'scope': 'all', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_exception.fortios_system(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'object': 'log.fortianalyzer.setting', - 'oid': '5', - 'scope': 'all', - - } - - set_method_mock.assert_called_with('system', 'vdom-exception', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_vdom_exception_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom_exception': { - 'id': '3', - 'object': 'log.fortianalyzer.setting', - 'oid': '5', - 'scope': 'all', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_exception.fortios_system(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'object': 'log.fortianalyzer.setting', - 'oid': '5', - 'scope': 'all', - - } - - set_method_mock.assert_called_with('system', 'vdom-exception', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_vdom_exception_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_vdom_exception': { - 'id': '3', - 'object': 'log.fortianalyzer.setting', - 'oid': '5', - 'scope': 'all', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_exception.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'vdom-exception', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_vdom_exception_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_vdom_exception': { - 'id': '3', - 'object': 'log.fortianalyzer.setting', - 'oid': '5', - 'scope': 'all', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_exception.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'vdom-exception', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_vdom_exception_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom_exception': { - 'id': '3', - 'object': 'log.fortianalyzer.setting', - 'oid': '5', - 'scope': 'all', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_exception.fortios_system(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'object': 'log.fortianalyzer.setting', - 'oid': '5', - 'scope': 'all', - - } - - set_method_mock.assert_called_with('system', 'vdom-exception', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_vdom_exception_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom_exception': { - 'random_attribute_not_valid': 'tag', - 'id': '3', - 'object': 'log.fortianalyzer.setting', - 'oid': '5', - 'scope': 'all', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_exception.fortios_system(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'object': 'log.fortianalyzer.setting', - 'oid': '5', - 'scope': 'all', - - } - - set_method_mock.assert_called_with('system', 'vdom-exception', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_vdom_link.py b/test/units/modules/network/fortios/test_fortios_system_vdom_link.py deleted file mode 100644 index 19a7045affc..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_vdom_link.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_vdom_link -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_vdom_link.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_vdom_link_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom_link': { - 'name': 'default_name_3', - 'type': 'ppp', - 'vcluster': 'vcluster1' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_link.fortios_system(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'type': 'ppp', - 'vcluster': 'vcluster1' - } - - set_method_mock.assert_called_with('system', 'vdom-link', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_vdom_link_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom_link': { - 'name': 'default_name_3', - 'type': 'ppp', - 'vcluster': 'vcluster1' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_link.fortios_system(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'type': 'ppp', - 'vcluster': 'vcluster1' - } - - set_method_mock.assert_called_with('system', 'vdom-link', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_vdom_link_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_vdom_link': { - 'name': 'default_name_3', - 'type': 'ppp', - 'vcluster': 'vcluster1' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_link.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'vdom-link', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_vdom_link_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_vdom_link': { - 'name': 'default_name_3', - 'type': 'ppp', - 'vcluster': 'vcluster1' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_link.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'vdom-link', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_vdom_link_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom_link': { - 'name': 'default_name_3', - 'type': 'ppp', - 'vcluster': 'vcluster1' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_link.fortios_system(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'type': 'ppp', - 'vcluster': 'vcluster1' - } - - set_method_mock.assert_called_with('system', 'vdom-link', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_vdom_link_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom_link': { - 'random_attribute_not_valid': 'tag', - 'name': 'default_name_3', - 'type': 'ppp', - 'vcluster': 'vcluster1' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_link.fortios_system(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'type': 'ppp', - 'vcluster': 'vcluster1' - } - - set_method_mock.assert_called_with('system', 'vdom-link', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_vdom_netflow.py b/test/units/modules/network/fortios/test_fortios_system_vdom_netflow.py deleted file mode 100644 index 5d776847edb..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_vdom_netflow.py +++ /dev/null @@ -1,175 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_vdom_netflow -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_vdom_netflow.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_vdom_netflow_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom_netflow': { - 'collector_ip': 'test_value_3', - 'collector_port': '4', - 'source_ip': '84.230.14.5', - 'vdom_netflow': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_netflow.fortios_system(input_data, fos_instance) - - expected_data = { - 'collector-ip': 'test_value_3', - 'collector-port': '4', - 'source-ip': '84.230.14.5', - 'vdom-netflow': 'enable' - } - - set_method_mock.assert_called_with('system', 'vdom-netflow', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_vdom_netflow_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom_netflow': { - 'collector_ip': 'test_value_3', - 'collector_port': '4', - 'source_ip': '84.230.14.5', - 'vdom_netflow': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_netflow.fortios_system(input_data, fos_instance) - - expected_data = { - 'collector-ip': 'test_value_3', - 'collector-port': '4', - 'source-ip': '84.230.14.5', - 'vdom-netflow': 'enable' - } - - set_method_mock.assert_called_with('system', 'vdom-netflow', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_vdom_netflow_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom_netflow': { - 'collector_ip': 'test_value_3', - 'collector_port': '4', - 'source_ip': '84.230.14.5', - 'vdom_netflow': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_netflow.fortios_system(input_data, fos_instance) - - expected_data = { - 'collector-ip': 'test_value_3', - 'collector-port': '4', - 'source-ip': '84.230.14.5', - 'vdom-netflow': 'enable' - } - - set_method_mock.assert_called_with('system', 'vdom-netflow', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_vdom_netflow_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom_netflow': { - 'random_attribute_not_valid': 'tag', - 'collector_ip': 'test_value_3', - 'collector_port': '4', - 'source_ip': '84.230.14.5', - 'vdom_netflow': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_netflow.fortios_system(input_data, fos_instance) - - expected_data = { - 'collector-ip': 'test_value_3', - 'collector-port': '4', - 'source-ip': '84.230.14.5', - 'vdom-netflow': 'enable' - } - - set_method_mock.assert_called_with('system', 'vdom-netflow', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_vdom_property.py b/test/units/modules/network/fortios/test_fortios_system_vdom_property.py deleted file mode 100644 index f8103f1ba83..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_vdom_property.py +++ /dev/null @@ -1,399 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_vdom_property -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_vdom_property.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_vdom_property_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom_property': { - 'custom_service': 'test_value_3', - 'description': 'test_value_4', - 'dialup_tunnel': 'test_value_5', - 'firewall_address': 'test_value_6', - 'firewall_addrgrp': 'test_value_7', - 'firewall_policy': 'test_value_8', - 'ipsec_phase1': 'test_value_9', - 'ipsec_phase1_interface': 'test_value_10', - 'ipsec_phase2': 'test_value_11', - 'ipsec_phase2_interface': 'test_value_12', - 'log_disk_quota': 'test_value_13', - 'name': 'default_name_14', - 'onetime_schedule': 'test_value_15', - 'proxy': 'test_value_16', - 'recurring_schedule': 'test_value_17', - 'service_group': 'test_value_18', - 'session': 'test_value_19', - 'snmp_index': '20', - 'sslvpn': 'test_value_21', - 'user': 'test_value_22', - 'user_group': 'test_value_23' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_property.fortios_system(input_data, fos_instance) - - expected_data = { - 'custom-service': 'test_value_3', - 'description': 'test_value_4', - 'dialup-tunnel': 'test_value_5', - 'firewall-address': 'test_value_6', - 'firewall-addrgrp': 'test_value_7', - 'firewall-policy': 'test_value_8', - 'ipsec-phase1': 'test_value_9', - 'ipsec-phase1-interface': 'test_value_10', - 'ipsec-phase2': 'test_value_11', - 'ipsec-phase2-interface': 'test_value_12', - 'log-disk-quota': 'test_value_13', - 'name': 'default_name_14', - 'onetime-schedule': 'test_value_15', - 'proxy': 'test_value_16', - 'recurring-schedule': 'test_value_17', - 'service-group': 'test_value_18', - 'session': 'test_value_19', - 'snmp-index': '20', - 'sslvpn': 'test_value_21', - 'user': 'test_value_22', - 'user-group': 'test_value_23' - } - - set_method_mock.assert_called_with('system', 'vdom-property', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_vdom_property_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom_property': { - 'custom_service': 'test_value_3', - 'description': 'test_value_4', - 'dialup_tunnel': 'test_value_5', - 'firewall_address': 'test_value_6', - 'firewall_addrgrp': 'test_value_7', - 'firewall_policy': 'test_value_8', - 'ipsec_phase1': 'test_value_9', - 'ipsec_phase1_interface': 'test_value_10', - 'ipsec_phase2': 'test_value_11', - 'ipsec_phase2_interface': 'test_value_12', - 'log_disk_quota': 'test_value_13', - 'name': 'default_name_14', - 'onetime_schedule': 'test_value_15', - 'proxy': 'test_value_16', - 'recurring_schedule': 'test_value_17', - 'service_group': 'test_value_18', - 'session': 'test_value_19', - 'snmp_index': '20', - 'sslvpn': 'test_value_21', - 'user': 'test_value_22', - 'user_group': 'test_value_23' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_property.fortios_system(input_data, fos_instance) - - expected_data = { - 'custom-service': 'test_value_3', - 'description': 'test_value_4', - 'dialup-tunnel': 'test_value_5', - 'firewall-address': 'test_value_6', - 'firewall-addrgrp': 'test_value_7', - 'firewall-policy': 'test_value_8', - 'ipsec-phase1': 'test_value_9', - 'ipsec-phase1-interface': 'test_value_10', - 'ipsec-phase2': 'test_value_11', - 'ipsec-phase2-interface': 'test_value_12', - 'log-disk-quota': 'test_value_13', - 'name': 'default_name_14', - 'onetime-schedule': 'test_value_15', - 'proxy': 'test_value_16', - 'recurring-schedule': 'test_value_17', - 'service-group': 'test_value_18', - 'session': 'test_value_19', - 'snmp-index': '20', - 'sslvpn': 'test_value_21', - 'user': 'test_value_22', - 'user-group': 'test_value_23' - } - - set_method_mock.assert_called_with('system', 'vdom-property', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_vdom_property_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_vdom_property': { - 'custom_service': 'test_value_3', - 'description': 'test_value_4', - 'dialup_tunnel': 'test_value_5', - 'firewall_address': 'test_value_6', - 'firewall_addrgrp': 'test_value_7', - 'firewall_policy': 'test_value_8', - 'ipsec_phase1': 'test_value_9', - 'ipsec_phase1_interface': 'test_value_10', - 'ipsec_phase2': 'test_value_11', - 'ipsec_phase2_interface': 'test_value_12', - 'log_disk_quota': 'test_value_13', - 'name': 'default_name_14', - 'onetime_schedule': 'test_value_15', - 'proxy': 'test_value_16', - 'recurring_schedule': 'test_value_17', - 'service_group': 'test_value_18', - 'session': 'test_value_19', - 'snmp_index': '20', - 'sslvpn': 'test_value_21', - 'user': 'test_value_22', - 'user_group': 'test_value_23' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_property.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'vdom-property', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_vdom_property_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_vdom_property': { - 'custom_service': 'test_value_3', - 'description': 'test_value_4', - 'dialup_tunnel': 'test_value_5', - 'firewall_address': 'test_value_6', - 'firewall_addrgrp': 'test_value_7', - 'firewall_policy': 'test_value_8', - 'ipsec_phase1': 'test_value_9', - 'ipsec_phase1_interface': 'test_value_10', - 'ipsec_phase2': 'test_value_11', - 'ipsec_phase2_interface': 'test_value_12', - 'log_disk_quota': 'test_value_13', - 'name': 'default_name_14', - 'onetime_schedule': 'test_value_15', - 'proxy': 'test_value_16', - 'recurring_schedule': 'test_value_17', - 'service_group': 'test_value_18', - 'session': 'test_value_19', - 'snmp_index': '20', - 'sslvpn': 'test_value_21', - 'user': 'test_value_22', - 'user_group': 'test_value_23' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_property.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'vdom-property', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_vdom_property_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom_property': { - 'custom_service': 'test_value_3', - 'description': 'test_value_4', - 'dialup_tunnel': 'test_value_5', - 'firewall_address': 'test_value_6', - 'firewall_addrgrp': 'test_value_7', - 'firewall_policy': 'test_value_8', - 'ipsec_phase1': 'test_value_9', - 'ipsec_phase1_interface': 'test_value_10', - 'ipsec_phase2': 'test_value_11', - 'ipsec_phase2_interface': 'test_value_12', - 'log_disk_quota': 'test_value_13', - 'name': 'default_name_14', - 'onetime_schedule': 'test_value_15', - 'proxy': 'test_value_16', - 'recurring_schedule': 'test_value_17', - 'service_group': 'test_value_18', - 'session': 'test_value_19', - 'snmp_index': '20', - 'sslvpn': 'test_value_21', - 'user': 'test_value_22', - 'user_group': 'test_value_23' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_property.fortios_system(input_data, fos_instance) - - expected_data = { - 'custom-service': 'test_value_3', - 'description': 'test_value_4', - 'dialup-tunnel': 'test_value_5', - 'firewall-address': 'test_value_6', - 'firewall-addrgrp': 'test_value_7', - 'firewall-policy': 'test_value_8', - 'ipsec-phase1': 'test_value_9', - 'ipsec-phase1-interface': 'test_value_10', - 'ipsec-phase2': 'test_value_11', - 'ipsec-phase2-interface': 'test_value_12', - 'log-disk-quota': 'test_value_13', - 'name': 'default_name_14', - 'onetime-schedule': 'test_value_15', - 'proxy': 'test_value_16', - 'recurring-schedule': 'test_value_17', - 'service-group': 'test_value_18', - 'session': 'test_value_19', - 'snmp-index': '20', - 'sslvpn': 'test_value_21', - 'user': 'test_value_22', - 'user-group': 'test_value_23' - } - - set_method_mock.assert_called_with('system', 'vdom-property', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_vdom_property_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom_property': { - 'random_attribute_not_valid': 'tag', - 'custom_service': 'test_value_3', - 'description': 'test_value_4', - 'dialup_tunnel': 'test_value_5', - 'firewall_address': 'test_value_6', - 'firewall_addrgrp': 'test_value_7', - 'firewall_policy': 'test_value_8', - 'ipsec_phase1': 'test_value_9', - 'ipsec_phase1_interface': 'test_value_10', - 'ipsec_phase2': 'test_value_11', - 'ipsec_phase2_interface': 'test_value_12', - 'log_disk_quota': 'test_value_13', - 'name': 'default_name_14', - 'onetime_schedule': 'test_value_15', - 'proxy': 'test_value_16', - 'recurring_schedule': 'test_value_17', - 'service_group': 'test_value_18', - 'session': 'test_value_19', - 'snmp_index': '20', - 'sslvpn': 'test_value_21', - 'user': 'test_value_22', - 'user_group': 'test_value_23' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_property.fortios_system(input_data, fos_instance) - - expected_data = { - 'custom-service': 'test_value_3', - 'description': 'test_value_4', - 'dialup-tunnel': 'test_value_5', - 'firewall-address': 'test_value_6', - 'firewall-addrgrp': 'test_value_7', - 'firewall-policy': 'test_value_8', - 'ipsec-phase1': 'test_value_9', - 'ipsec-phase1-interface': 'test_value_10', - 'ipsec-phase2': 'test_value_11', - 'ipsec-phase2-interface': 'test_value_12', - 'log-disk-quota': 'test_value_13', - 'name': 'default_name_14', - 'onetime-schedule': 'test_value_15', - 'proxy': 'test_value_16', - 'recurring-schedule': 'test_value_17', - 'service-group': 'test_value_18', - 'session': 'test_value_19', - 'snmp-index': '20', - 'sslvpn': 'test_value_21', - 'user': 'test_value_22', - 'user-group': 'test_value_23' - } - - set_method_mock.assert_called_with('system', 'vdom-property', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_vdom_radius_server.py b/test/units/modules/network/fortios/test_fortios_system_vdom_radius_server.py deleted file mode 100644 index ea96bca2947..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_vdom_radius_server.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_vdom_radius_server -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_vdom_radius_server.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_vdom_radius_server_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom_radius_server': { - 'name': 'default_name_3', - 'radius_server_vdom': 'test_value_4', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_radius_server.fortios_system(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'radius-server-vdom': 'test_value_4', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'vdom-radius-server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_vdom_radius_server_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom_radius_server': { - 'name': 'default_name_3', - 'radius_server_vdom': 'test_value_4', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_radius_server.fortios_system(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'radius-server-vdom': 'test_value_4', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'vdom-radius-server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_vdom_radius_server_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_vdom_radius_server': { - 'name': 'default_name_3', - 'radius_server_vdom': 'test_value_4', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_radius_server.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'vdom-radius-server', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_vdom_radius_server_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_vdom_radius_server': { - 'name': 'default_name_3', - 'radius_server_vdom': 'test_value_4', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_radius_server.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'vdom-radius-server', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_vdom_radius_server_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom_radius_server': { - 'name': 'default_name_3', - 'radius_server_vdom': 'test_value_4', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_radius_server.fortios_system(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'radius-server-vdom': 'test_value_4', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'vdom-radius-server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_vdom_radius_server_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom_radius_server': { - 'random_attribute_not_valid': 'tag', - 'name': 'default_name_3', - 'radius_server_vdom': 'test_value_4', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_radius_server.fortios_system(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'radius-server-vdom': 'test_value_4', - 'status': 'enable' - } - - set_method_mock.assert_called_with('system', 'vdom-radius-server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_vdom_sflow.py b/test/units/modules/network/fortios/test_fortios_system_vdom_sflow.py deleted file mode 100644 index e2ffaf07ee9..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_vdom_sflow.py +++ /dev/null @@ -1,175 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_vdom_sflow -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_vdom_sflow.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_vdom_sflow_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom_sflow': { - 'collector_ip': 'test_value_3', - 'collector_port': '4', - 'source_ip': '84.230.14.5', - 'vdom_sflow': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_sflow.fortios_system(input_data, fos_instance) - - expected_data = { - 'collector-ip': 'test_value_3', - 'collector-port': '4', - 'source-ip': '84.230.14.5', - 'vdom-sflow': 'enable' - } - - set_method_mock.assert_called_with('system', 'vdom-sflow', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_vdom_sflow_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom_sflow': { - 'collector_ip': 'test_value_3', - 'collector_port': '4', - 'source_ip': '84.230.14.5', - 'vdom_sflow': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_sflow.fortios_system(input_data, fos_instance) - - expected_data = { - 'collector-ip': 'test_value_3', - 'collector-port': '4', - 'source-ip': '84.230.14.5', - 'vdom-sflow': 'enable' - } - - set_method_mock.assert_called_with('system', 'vdom-sflow', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_vdom_sflow_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom_sflow': { - 'collector_ip': 'test_value_3', - 'collector_port': '4', - 'source_ip': '84.230.14.5', - 'vdom_sflow': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_sflow.fortios_system(input_data, fos_instance) - - expected_data = { - 'collector-ip': 'test_value_3', - 'collector-port': '4', - 'source-ip': '84.230.14.5', - 'vdom-sflow': 'enable' - } - - set_method_mock.assert_called_with('system', 'vdom-sflow', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_vdom_sflow_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vdom_sflow': { - 'random_attribute_not_valid': 'tag', - 'collector_ip': 'test_value_3', - 'collector_port': '4', - 'source_ip': '84.230.14.5', - 'vdom_sflow': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vdom_sflow.fortios_system(input_data, fos_instance) - - expected_data = { - 'collector-ip': 'test_value_3', - 'collector-port': '4', - 'source-ip': '84.230.14.5', - 'vdom-sflow': 'enable' - } - - set_method_mock.assert_called_with('system', 'vdom-sflow', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_virtual_wan_link.py b/test/units/modules/network/fortios/test_fortios_system_virtual_wan_link.py deleted file mode 100644 index a9c329ef1e6..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_virtual_wan_link.py +++ /dev/null @@ -1,159 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_virtual_wan_link -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_virtual_wan_link.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_virtual_wan_link_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_virtual_wan_link': {'fail_detect': 'enable', - 'load_balance_mode': 'source-ip-based', - 'status': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_virtual_wan_link.fortios_system(input_data, fos_instance) - - expected_data = {'fail-detect': 'enable', - 'load-balance-mode': 'source-ip-based', - 'status': 'disable' - } - - set_method_mock.assert_called_with('system', 'virtual-wan-link', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_virtual_wan_link_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_virtual_wan_link': {'fail_detect': 'enable', - 'load_balance_mode': 'source-ip-based', - 'status': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_virtual_wan_link.fortios_system(input_data, fos_instance) - - expected_data = {'fail-detect': 'enable', - 'load-balance-mode': 'source-ip-based', - 'status': 'disable' - } - - set_method_mock.assert_called_with('system', 'virtual-wan-link', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_virtual_wan_link_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_virtual_wan_link': {'fail_detect': 'enable', - 'load_balance_mode': 'source-ip-based', - 'status': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_virtual_wan_link.fortios_system(input_data, fos_instance) - - expected_data = {'fail-detect': 'enable', - 'load-balance-mode': 'source-ip-based', - 'status': 'disable' - } - - set_method_mock.assert_called_with('system', 'virtual-wan-link', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_virtual_wan_link_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_virtual_wan_link': { - 'random_attribute_not_valid': 'tag', 'fail_detect': 'enable', - 'load_balance_mode': 'source-ip-based', - 'status': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_virtual_wan_link.fortios_system(input_data, fos_instance) - - expected_data = {'fail-detect': 'enable', - 'load-balance-mode': 'source-ip-based', - 'status': 'disable' - } - - set_method_mock.assert_called_with('system', 'virtual-wan-link', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_virtual_wire_pair.py b/test/units/modules/network/fortios/test_fortios_system_virtual_wire_pair.py deleted file mode 100644 index 91106b5b1e7..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_virtual_wire_pair.py +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_virtual_wire_pair -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_virtual_wire_pair.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_virtual_wire_pair_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_virtual_wire_pair': {'name': 'default_name_3', - 'vlan_filter': 'test_value_4', - 'wildcard_vlan': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_virtual_wire_pair.fortios_system(input_data, fos_instance) - - expected_data = {'name': 'default_name_3', - 'vlan-filter': 'test_value_4', - 'wildcard-vlan': 'enable' - } - - set_method_mock.assert_called_with('system', 'virtual-wire-pair', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_virtual_wire_pair_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_virtual_wire_pair': {'name': 'default_name_3', - 'vlan_filter': 'test_value_4', - 'wildcard_vlan': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_virtual_wire_pair.fortios_system(input_data, fos_instance) - - expected_data = {'name': 'default_name_3', - 'vlan-filter': 'test_value_4', - 'wildcard-vlan': 'enable' - } - - set_method_mock.assert_called_with('system', 'virtual-wire-pair', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_virtual_wire_pair_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_virtual_wire_pair': {'name': 'default_name_3', - 'vlan_filter': 'test_value_4', - 'wildcard_vlan': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_virtual_wire_pair.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'virtual-wire-pair', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_virtual_wire_pair_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_virtual_wire_pair': {'name': 'default_name_3', - 'vlan_filter': 'test_value_4', - 'wildcard_vlan': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_virtual_wire_pair.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'virtual-wire-pair', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_virtual_wire_pair_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_virtual_wire_pair': {'name': 'default_name_3', - 'vlan_filter': 'test_value_4', - 'wildcard_vlan': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_virtual_wire_pair.fortios_system(input_data, fos_instance) - - expected_data = {'name': 'default_name_3', - 'vlan-filter': 'test_value_4', - 'wildcard-vlan': 'enable' - } - - set_method_mock.assert_called_with('system', 'virtual-wire-pair', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_virtual_wire_pair_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_virtual_wire_pair': { - 'random_attribute_not_valid': 'tag', 'name': 'default_name_3', - 'vlan_filter': 'test_value_4', - 'wildcard_vlan': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_virtual_wire_pair.fortios_system(input_data, fos_instance) - - expected_data = {'name': 'default_name_3', - 'vlan-filter': 'test_value_4', - 'wildcard-vlan': 'enable' - } - - set_method_mock.assert_called_with('system', 'virtual-wire-pair', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_vxlan.py b/test/units/modules/network/fortios/test_fortios_system_vxlan.py deleted file mode 100644 index 1a8817a0001..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_vxlan.py +++ /dev/null @@ -1,249 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_vxlan -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_vxlan.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_vxlan_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vxlan': { - 'dstport': '3', - 'interface': 'test_value_4', - 'ip_version': 'ipv4-unicast', - 'multicast_ttl': '6', - 'name': 'default_name_7', - 'vni': '8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vxlan.fortios_system(input_data, fos_instance) - - expected_data = { - 'dstport': '3', - 'interface': 'test_value_4', - 'ip-version': 'ipv4-unicast', - 'multicast-ttl': '6', - 'name': 'default_name_7', - 'vni': '8' - } - - set_method_mock.assert_called_with('system', 'vxlan', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_vxlan_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vxlan': { - 'dstport': '3', - 'interface': 'test_value_4', - 'ip_version': 'ipv4-unicast', - 'multicast_ttl': '6', - 'name': 'default_name_7', - 'vni': '8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vxlan.fortios_system(input_data, fos_instance) - - expected_data = { - 'dstport': '3', - 'interface': 'test_value_4', - 'ip-version': 'ipv4-unicast', - 'multicast-ttl': '6', - 'name': 'default_name_7', - 'vni': '8' - } - - set_method_mock.assert_called_with('system', 'vxlan', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_vxlan_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_vxlan': { - 'dstport': '3', - 'interface': 'test_value_4', - 'ip_version': 'ipv4-unicast', - 'multicast_ttl': '6', - 'name': 'default_name_7', - 'vni': '8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vxlan.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'vxlan', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_vxlan_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_vxlan': { - 'dstport': '3', - 'interface': 'test_value_4', - 'ip_version': 'ipv4-unicast', - 'multicast_ttl': '6', - 'name': 'default_name_7', - 'vni': '8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vxlan.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'vxlan', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_vxlan_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vxlan': { - 'dstport': '3', - 'interface': 'test_value_4', - 'ip_version': 'ipv4-unicast', - 'multicast_ttl': '6', - 'name': 'default_name_7', - 'vni': '8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vxlan.fortios_system(input_data, fos_instance) - - expected_data = { - 'dstport': '3', - 'interface': 'test_value_4', - 'ip-version': 'ipv4-unicast', - 'multicast-ttl': '6', - 'name': 'default_name_7', - 'vni': '8' - } - - set_method_mock.assert_called_with('system', 'vxlan', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_vxlan_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_vxlan': { - 'random_attribute_not_valid': 'tag', - 'dstport': '3', - 'interface': 'test_value_4', - 'ip_version': 'ipv4-unicast', - 'multicast_ttl': '6', - 'name': 'default_name_7', - 'vni': '8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_vxlan.fortios_system(input_data, fos_instance) - - expected_data = { - 'dstport': '3', - 'interface': 'test_value_4', - 'ip-version': 'ipv4-unicast', - 'multicast-ttl': '6', - 'name': 'default_name_7', - 'vni': '8' - } - - set_method_mock.assert_called_with('system', 'vxlan', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_wccp.py b/test/units/modules/network/fortios/test_fortios_system_wccp.py deleted file mode 100644 index 855fbddba65..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_wccp.py +++ /dev/null @@ -1,419 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_wccp -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_wccp.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_wccp_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_wccp': { - 'assignment_bucket_format': 'wccp-v2', - 'assignment_dstaddr_mask': 'test_value_4', - 'assignment_method': 'HASH', - 'assignment_srcaddr_mask': 'test_value_6', - 'assignment_weight': '7', - 'authentication': 'enable', - 'cache_engine_method': 'GRE', - 'cache_id': 'test_value_10', - 'forward_method': 'GRE', - 'group_address': 'test_value_12', - 'password': 'test_value_13', - 'ports': 'test_value_14', - 'ports_defined': 'source', - 'primary_hash': 'src-ip', - 'priority': '17', - 'protocol': '18', - 'return_method': 'GRE', - 'router_id': 'test_value_20', - 'router_list': 'test_value_21', - 'server_list': 'test_value_22', - 'server_type': 'forward', - 'service_id': 'test_value_24', - 'service_type': 'auto' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_wccp.fortios_system(input_data, fos_instance) - - expected_data = { - 'assignment-bucket-format': 'wccp-v2', - 'assignment-dstaddr-mask': 'test_value_4', - 'assignment-method': 'HASH', - 'assignment-srcaddr-mask': 'test_value_6', - 'assignment-weight': '7', - 'authentication': 'enable', - 'cache-engine-method': 'GRE', - 'cache-id': 'test_value_10', - 'forward-method': 'GRE', - 'group-address': 'test_value_12', - 'password': 'test_value_13', - 'ports': 'test_value_14', - 'ports-defined': 'source', - 'primary-hash': 'src-ip', - 'priority': '17', - 'protocol': '18', - 'return-method': 'GRE', - 'router-id': 'test_value_20', - 'router-list': 'test_value_21', - 'server-list': 'test_value_22', - 'server-type': 'forward', - 'service-id': 'test_value_24', - 'service-type': 'auto' - } - - set_method_mock.assert_called_with('system', 'wccp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_wccp_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_wccp': { - 'assignment_bucket_format': 'wccp-v2', - 'assignment_dstaddr_mask': 'test_value_4', - 'assignment_method': 'HASH', - 'assignment_srcaddr_mask': 'test_value_6', - 'assignment_weight': '7', - 'authentication': 'enable', - 'cache_engine_method': 'GRE', - 'cache_id': 'test_value_10', - 'forward_method': 'GRE', - 'group_address': 'test_value_12', - 'password': 'test_value_13', - 'ports': 'test_value_14', - 'ports_defined': 'source', - 'primary_hash': 'src-ip', - 'priority': '17', - 'protocol': '18', - 'return_method': 'GRE', - 'router_id': 'test_value_20', - 'router_list': 'test_value_21', - 'server_list': 'test_value_22', - 'server_type': 'forward', - 'service_id': 'test_value_24', - 'service_type': 'auto' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_wccp.fortios_system(input_data, fos_instance) - - expected_data = { - 'assignment-bucket-format': 'wccp-v2', - 'assignment-dstaddr-mask': 'test_value_4', - 'assignment-method': 'HASH', - 'assignment-srcaddr-mask': 'test_value_6', - 'assignment-weight': '7', - 'authentication': 'enable', - 'cache-engine-method': 'GRE', - 'cache-id': 'test_value_10', - 'forward-method': 'GRE', - 'group-address': 'test_value_12', - 'password': 'test_value_13', - 'ports': 'test_value_14', - 'ports-defined': 'source', - 'primary-hash': 'src-ip', - 'priority': '17', - 'protocol': '18', - 'return-method': 'GRE', - 'router-id': 'test_value_20', - 'router-list': 'test_value_21', - 'server-list': 'test_value_22', - 'server-type': 'forward', - 'service-id': 'test_value_24', - 'service-type': 'auto' - } - - set_method_mock.assert_called_with('system', 'wccp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_wccp_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_wccp': { - 'assignment_bucket_format': 'wccp-v2', - 'assignment_dstaddr_mask': 'test_value_4', - 'assignment_method': 'HASH', - 'assignment_srcaddr_mask': 'test_value_6', - 'assignment_weight': '7', - 'authentication': 'enable', - 'cache_engine_method': 'GRE', - 'cache_id': 'test_value_10', - 'forward_method': 'GRE', - 'group_address': 'test_value_12', - 'password': 'test_value_13', - 'ports': 'test_value_14', - 'ports_defined': 'source', - 'primary_hash': 'src-ip', - 'priority': '17', - 'protocol': '18', - 'return_method': 'GRE', - 'router_id': 'test_value_20', - 'router_list': 'test_value_21', - 'server_list': 'test_value_22', - 'server_type': 'forward', - 'service_id': 'test_value_24', - 'service_type': 'auto' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_wccp.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'wccp', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_wccp_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_wccp': { - 'assignment_bucket_format': 'wccp-v2', - 'assignment_dstaddr_mask': 'test_value_4', - 'assignment_method': 'HASH', - 'assignment_srcaddr_mask': 'test_value_6', - 'assignment_weight': '7', - 'authentication': 'enable', - 'cache_engine_method': 'GRE', - 'cache_id': 'test_value_10', - 'forward_method': 'GRE', - 'group_address': 'test_value_12', - 'password': 'test_value_13', - 'ports': 'test_value_14', - 'ports_defined': 'source', - 'primary_hash': 'src-ip', - 'priority': '17', - 'protocol': '18', - 'return_method': 'GRE', - 'router_id': 'test_value_20', - 'router_list': 'test_value_21', - 'server_list': 'test_value_22', - 'server_type': 'forward', - 'service_id': 'test_value_24', - 'service_type': 'auto' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_wccp.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'wccp', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_wccp_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_wccp': { - 'assignment_bucket_format': 'wccp-v2', - 'assignment_dstaddr_mask': 'test_value_4', - 'assignment_method': 'HASH', - 'assignment_srcaddr_mask': 'test_value_6', - 'assignment_weight': '7', - 'authentication': 'enable', - 'cache_engine_method': 'GRE', - 'cache_id': 'test_value_10', - 'forward_method': 'GRE', - 'group_address': 'test_value_12', - 'password': 'test_value_13', - 'ports': 'test_value_14', - 'ports_defined': 'source', - 'primary_hash': 'src-ip', - 'priority': '17', - 'protocol': '18', - 'return_method': 'GRE', - 'router_id': 'test_value_20', - 'router_list': 'test_value_21', - 'server_list': 'test_value_22', - 'server_type': 'forward', - 'service_id': 'test_value_24', - 'service_type': 'auto' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_wccp.fortios_system(input_data, fos_instance) - - expected_data = { - 'assignment-bucket-format': 'wccp-v2', - 'assignment-dstaddr-mask': 'test_value_4', - 'assignment-method': 'HASH', - 'assignment-srcaddr-mask': 'test_value_6', - 'assignment-weight': '7', - 'authentication': 'enable', - 'cache-engine-method': 'GRE', - 'cache-id': 'test_value_10', - 'forward-method': 'GRE', - 'group-address': 'test_value_12', - 'password': 'test_value_13', - 'ports': 'test_value_14', - 'ports-defined': 'source', - 'primary-hash': 'src-ip', - 'priority': '17', - 'protocol': '18', - 'return-method': 'GRE', - 'router-id': 'test_value_20', - 'router-list': 'test_value_21', - 'server-list': 'test_value_22', - 'server-type': 'forward', - 'service-id': 'test_value_24', - 'service-type': 'auto' - } - - set_method_mock.assert_called_with('system', 'wccp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_wccp_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_wccp': { - 'random_attribute_not_valid': 'tag', - 'assignment_bucket_format': 'wccp-v2', - 'assignment_dstaddr_mask': 'test_value_4', - 'assignment_method': 'HASH', - 'assignment_srcaddr_mask': 'test_value_6', - 'assignment_weight': '7', - 'authentication': 'enable', - 'cache_engine_method': 'GRE', - 'cache_id': 'test_value_10', - 'forward_method': 'GRE', - 'group_address': 'test_value_12', - 'password': 'test_value_13', - 'ports': 'test_value_14', - 'ports_defined': 'source', - 'primary_hash': 'src-ip', - 'priority': '17', - 'protocol': '18', - 'return_method': 'GRE', - 'router_id': 'test_value_20', - 'router_list': 'test_value_21', - 'server_list': 'test_value_22', - 'server_type': 'forward', - 'service_id': 'test_value_24', - 'service_type': 'auto' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_wccp.fortios_system(input_data, fos_instance) - - expected_data = { - 'assignment-bucket-format': 'wccp-v2', - 'assignment-dstaddr-mask': 'test_value_4', - 'assignment-method': 'HASH', - 'assignment-srcaddr-mask': 'test_value_6', - 'assignment-weight': '7', - 'authentication': 'enable', - 'cache-engine-method': 'GRE', - 'cache-id': 'test_value_10', - 'forward-method': 'GRE', - 'group-address': 'test_value_12', - 'password': 'test_value_13', - 'ports': 'test_value_14', - 'ports-defined': 'source', - 'primary-hash': 'src-ip', - 'priority': '17', - 'protocol': '18', - 'return-method': 'GRE', - 'router-id': 'test_value_20', - 'router-list': 'test_value_21', - 'server-list': 'test_value_22', - 'server-type': 'forward', - 'service-id': 'test_value_24', - 'service-type': 'auto' - } - - set_method_mock.assert_called_with('system', 'wccp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_system_zone.py b/test/units/modules/network/fortios/test_fortios_system_zone.py deleted file mode 100644 index b56546dcc71..00000000000 --- a/test/units/modules/network/fortios/test_fortios_system_zone.py +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_system_zone -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_system_zone.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_system_zone_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_zone': {'intrazone': 'allow', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_zone.fortios_system(input_data, fos_instance) - - expected_data = {'intrazone': 'allow', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('system', 'zone', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_zone_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_zone': {'intrazone': 'allow', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_zone.fortios_system(input_data, fos_instance) - - expected_data = {'intrazone': 'allow', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('system', 'zone', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_zone_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_zone': {'intrazone': 'allow', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_zone.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'zone', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_system_zone_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'system_zone': {'intrazone': 'allow', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_zone.fortios_system(input_data, fos_instance) - - delete_method_mock.assert_called_with('system', 'zone', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_system_zone_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_zone': {'intrazone': 'allow', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_zone.fortios_system(input_data, fos_instance) - - expected_data = {'intrazone': 'allow', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('system', 'zone', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_system_zone_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'system_zone': { - 'random_attribute_not_valid': 'tag', 'intrazone': 'allow', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_system_zone.fortios_system(input_data, fos_instance) - - expected_data = {'intrazone': 'allow', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('system', 'zone', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_user_adgrp.py b/test/units/modules/network/fortios/test_fortios_user_adgrp.py deleted file mode 100644 index 198ef2cb69b..00000000000 --- a/test/units/modules/network/fortios/test_fortios_user_adgrp.py +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_user_adgrp -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_user_adgrp.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_user_adgrp_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_adgrp': { - 'name': 'default_name_3', - 'server_name': 'test_value_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_adgrp.fortios_user(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'server-name': 'test_value_4' - } - - set_method_mock.assert_called_with('user', 'adgrp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_adgrp_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_adgrp': { - 'name': 'default_name_3', - 'server_name': 'test_value_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_adgrp.fortios_user(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'server-name': 'test_value_4' - } - - set_method_mock.assert_called_with('user', 'adgrp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_adgrp_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_adgrp': { - 'name': 'default_name_3', - 'server_name': 'test_value_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_adgrp.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'adgrp', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_adgrp_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_adgrp': { - 'name': 'default_name_3', - 'server_name': 'test_value_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_adgrp.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'adgrp', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_adgrp_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_adgrp': { - 'name': 'default_name_3', - 'server_name': 'test_value_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_adgrp.fortios_user(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'server-name': 'test_value_4' - } - - set_method_mock.assert_called_with('user', 'adgrp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_user_adgrp_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_adgrp': { - 'random_attribute_not_valid': 'tag', - 'name': 'default_name_3', - 'server_name': 'test_value_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_adgrp.fortios_user(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'server-name': 'test_value_4' - } - - set_method_mock.assert_called_with('user', 'adgrp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_user_device.py b/test/units/modules/network/fortios/test_fortios_user_device.py deleted file mode 100644 index 1a21c50416a..00000000000 --- a/test/units/modules/network/fortios/test_fortios_user_device.py +++ /dev/null @@ -1,269 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_user_device -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_user_device.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_user_device_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_device': { - 'alias': 'test_value_3', - 'avatar': 'test_value_4', - 'category': 'none', - 'comment': 'Comment.', - 'mac': 'test_value_7', - 'master_device': 'test_value_8', - 'type': 'unknown', - 'user': 'test_value_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_device.fortios_user(input_data, fos_instance) - - expected_data = { - 'alias': 'test_value_3', - 'avatar': 'test_value_4', - 'category': 'none', - 'comment': 'Comment.', - 'mac': 'test_value_7', - 'master-device': 'test_value_8', - 'type': 'unknown', - 'user': 'test_value_10' - } - - set_method_mock.assert_called_with('user', 'device', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_device_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_device': { - 'alias': 'test_value_3', - 'avatar': 'test_value_4', - 'category': 'none', - 'comment': 'Comment.', - 'mac': 'test_value_7', - 'master_device': 'test_value_8', - 'type': 'unknown', - 'user': 'test_value_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_device.fortios_user(input_data, fos_instance) - - expected_data = { - 'alias': 'test_value_3', - 'avatar': 'test_value_4', - 'category': 'none', - 'comment': 'Comment.', - 'mac': 'test_value_7', - 'master-device': 'test_value_8', - 'type': 'unknown', - 'user': 'test_value_10' - } - - set_method_mock.assert_called_with('user', 'device', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_device_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_device': { - 'alias': 'test_value_3', - 'avatar': 'test_value_4', - 'category': 'none', - 'comment': 'Comment.', - 'mac': 'test_value_7', - 'master_device': 'test_value_8', - 'type': 'unknown', - 'user': 'test_value_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_device.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'device', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_device_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_device': { - 'alias': 'test_value_3', - 'avatar': 'test_value_4', - 'category': 'none', - 'comment': 'Comment.', - 'mac': 'test_value_7', - 'master_device': 'test_value_8', - 'type': 'unknown', - 'user': 'test_value_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_device.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'device', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_device_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_device': { - 'alias': 'test_value_3', - 'avatar': 'test_value_4', - 'category': 'none', - 'comment': 'Comment.', - 'mac': 'test_value_7', - 'master_device': 'test_value_8', - 'type': 'unknown', - 'user': 'test_value_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_device.fortios_user(input_data, fos_instance) - - expected_data = { - 'alias': 'test_value_3', - 'avatar': 'test_value_4', - 'category': 'none', - 'comment': 'Comment.', - 'mac': 'test_value_7', - 'master-device': 'test_value_8', - 'type': 'unknown', - 'user': 'test_value_10' - } - - set_method_mock.assert_called_with('user', 'device', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_user_device_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_device': { - 'random_attribute_not_valid': 'tag', - 'alias': 'test_value_3', - 'avatar': 'test_value_4', - 'category': 'none', - 'comment': 'Comment.', - 'mac': 'test_value_7', - 'master_device': 'test_value_8', - 'type': 'unknown', - 'user': 'test_value_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_device.fortios_user(input_data, fos_instance) - - expected_data = { - 'alias': 'test_value_3', - 'avatar': 'test_value_4', - 'category': 'none', - 'comment': 'Comment.', - 'mac': 'test_value_7', - 'master-device': 'test_value_8', - 'type': 'unknown', - 'user': 'test_value_10' - } - - set_method_mock.assert_called_with('user', 'device', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_user_device_access_list.py b/test/units/modules/network/fortios/test_fortios_user_device_access_list.py deleted file mode 100644 index dde15c65e80..00000000000 --- a/test/units/modules/network/fortios/test_fortios_user_device_access_list.py +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_user_device_access_list -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_user_device_access_list.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_user_device_access_list_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_device_access_list': { - 'default_action': 'accept', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_device_access_list.fortios_user(input_data, fos_instance) - - expected_data = { - 'default-action': 'accept', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('user', 'device-access-list', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_device_access_list_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_device_access_list': { - 'default_action': 'accept', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_device_access_list.fortios_user(input_data, fos_instance) - - expected_data = { - 'default-action': 'accept', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('user', 'device-access-list', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_device_access_list_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_device_access_list': { - 'default_action': 'accept', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_device_access_list.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'device-access-list', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_device_access_list_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_device_access_list': { - 'default_action': 'accept', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_device_access_list.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'device-access-list', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_device_access_list_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_device_access_list': { - 'default_action': 'accept', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_device_access_list.fortios_user(input_data, fos_instance) - - expected_data = { - 'default-action': 'accept', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('user', 'device-access-list', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_user_device_access_list_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_device_access_list': { - 'random_attribute_not_valid': 'tag', - 'default_action': 'accept', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_device_access_list.fortios_user(input_data, fos_instance) - - expected_data = { - 'default-action': 'accept', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('user', 'device-access-list', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_user_device_category.py b/test/units/modules/network/fortios/test_fortios_user_device_category.py deleted file mode 100644 index dc09ede1c99..00000000000 --- a/test/units/modules/network/fortios/test_fortios_user_device_category.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_user_device_category -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_user_device_category.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_user_device_category_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_device_category': { - 'comment': 'Comment.', - 'desc': 'test_value_4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_device_category.fortios_user(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'desc': 'test_value_4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('user', 'device-category', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_device_category_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_device_category': { - 'comment': 'Comment.', - 'desc': 'test_value_4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_device_category.fortios_user(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'desc': 'test_value_4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('user', 'device-category', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_device_category_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_device_category': { - 'comment': 'Comment.', - 'desc': 'test_value_4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_device_category.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'device-category', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_device_category_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_device_category': { - 'comment': 'Comment.', - 'desc': 'test_value_4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_device_category.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'device-category', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_device_category_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_device_category': { - 'comment': 'Comment.', - 'desc': 'test_value_4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_device_category.fortios_user(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'desc': 'test_value_4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('user', 'device-category', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_user_device_category_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_device_category': { - 'random_attribute_not_valid': 'tag', - 'comment': 'Comment.', - 'desc': 'test_value_4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_device_category.fortios_user(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'desc': 'test_value_4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('user', 'device-category', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_user_device_group.py b/test/units/modules/network/fortios/test_fortios_user_device_group.py deleted file mode 100644 index c5f79f6c4c9..00000000000 --- a/test/units/modules/network/fortios/test_fortios_user_device_group.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_user_device_group -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_user_device_group.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_user_device_group_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_device_group': { - 'comment': 'Comment.', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_device_group.fortios_user(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('user', 'device-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_device_group_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_device_group': { - 'comment': 'Comment.', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_device_group.fortios_user(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('user', 'device-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_device_group_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_device_group': { - 'comment': 'Comment.', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_device_group.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'device-group', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_device_group_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_device_group': { - 'comment': 'Comment.', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_device_group.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'device-group', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_device_group_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_device_group': { - 'comment': 'Comment.', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_device_group.fortios_user(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('user', 'device-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_user_device_group_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_device_group': { - 'random_attribute_not_valid': 'tag', - 'comment': 'Comment.', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_device_group.fortios_user(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('user', 'device-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_user_domain_controller.py b/test/units/modules/network/fortios/test_fortios_user_domain_controller.py deleted file mode 100644 index 920da8a04a4..00000000000 --- a/test/units/modules/network/fortios/test_fortios_user_domain_controller.py +++ /dev/null @@ -1,239 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_user_domain_controller -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_user_domain_controller.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_user_domain_controller_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_domain_controller': { - 'domain_name': 'test_value_3', - 'ip_address': 'test_value_4', - 'ldap_server': 'test_value_5', - 'name': 'default_name_6', - 'port': '7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_domain_controller.fortios_user(input_data, fos_instance) - - expected_data = { - 'domain-name': 'test_value_3', - 'ip-address': 'test_value_4', - 'ldap-server': 'test_value_5', - 'name': 'default_name_6', - 'port': '7' - } - - set_method_mock.assert_called_with('user', 'domain-controller', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_domain_controller_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_domain_controller': { - 'domain_name': 'test_value_3', - 'ip_address': 'test_value_4', - 'ldap_server': 'test_value_5', - 'name': 'default_name_6', - 'port': '7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_domain_controller.fortios_user(input_data, fos_instance) - - expected_data = { - 'domain-name': 'test_value_3', - 'ip-address': 'test_value_4', - 'ldap-server': 'test_value_5', - 'name': 'default_name_6', - 'port': '7' - } - - set_method_mock.assert_called_with('user', 'domain-controller', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_domain_controller_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_domain_controller': { - 'domain_name': 'test_value_3', - 'ip_address': 'test_value_4', - 'ldap_server': 'test_value_5', - 'name': 'default_name_6', - 'port': '7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_domain_controller.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'domain-controller', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_domain_controller_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_domain_controller': { - 'domain_name': 'test_value_3', - 'ip_address': 'test_value_4', - 'ldap_server': 'test_value_5', - 'name': 'default_name_6', - 'port': '7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_domain_controller.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'domain-controller', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_domain_controller_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_domain_controller': { - 'domain_name': 'test_value_3', - 'ip_address': 'test_value_4', - 'ldap_server': 'test_value_5', - 'name': 'default_name_6', - 'port': '7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_domain_controller.fortios_user(input_data, fos_instance) - - expected_data = { - 'domain-name': 'test_value_3', - 'ip-address': 'test_value_4', - 'ldap-server': 'test_value_5', - 'name': 'default_name_6', - 'port': '7' - } - - set_method_mock.assert_called_with('user', 'domain-controller', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_user_domain_controller_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_domain_controller': { - 'random_attribute_not_valid': 'tag', - 'domain_name': 'test_value_3', - 'ip_address': 'test_value_4', - 'ldap_server': 'test_value_5', - 'name': 'default_name_6', - 'port': '7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_domain_controller.fortios_user(input_data, fos_instance) - - expected_data = { - 'domain-name': 'test_value_3', - 'ip-address': 'test_value_4', - 'ldap-server': 'test_value_5', - 'name': 'default_name_6', - 'port': '7' - } - - set_method_mock.assert_called_with('user', 'domain-controller', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_user_fortitoken.py b/test/units/modules/network/fortios/test_fortios_user_fortitoken.py deleted file mode 100644 index 265f82624e9..00000000000 --- a/test/units/modules/network/fortios/test_fortios_user_fortitoken.py +++ /dev/null @@ -1,279 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_user_fortitoken -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_user_fortitoken.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_user_fortitoken_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_fortitoken': { - 'activation_code': 'test_value_3', - 'activation_expire': '4', - 'comments': 'test_value_5', - 'license': 'test_value_6', - 'os_ver': 'test_value_7', - 'reg_id': 'test_value_8', - 'seed': 'test_value_9', - 'serial_number': 'test_value_10', - 'status': 'active' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_fortitoken.fortios_user(input_data, fos_instance) - - expected_data = { - 'activation-code': 'test_value_3', - 'activation-expire': '4', - 'comments': 'test_value_5', - 'license': 'test_value_6', - 'os-ver': 'test_value_7', - 'reg-id': 'test_value_8', - 'seed': 'test_value_9', - 'serial-number': 'test_value_10', - 'status': 'active' - } - - set_method_mock.assert_called_with('user', 'fortitoken', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_fortitoken_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_fortitoken': { - 'activation_code': 'test_value_3', - 'activation_expire': '4', - 'comments': 'test_value_5', - 'license': 'test_value_6', - 'os_ver': 'test_value_7', - 'reg_id': 'test_value_8', - 'seed': 'test_value_9', - 'serial_number': 'test_value_10', - 'status': 'active' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_fortitoken.fortios_user(input_data, fos_instance) - - expected_data = { - 'activation-code': 'test_value_3', - 'activation-expire': '4', - 'comments': 'test_value_5', - 'license': 'test_value_6', - 'os-ver': 'test_value_7', - 'reg-id': 'test_value_8', - 'seed': 'test_value_9', - 'serial-number': 'test_value_10', - 'status': 'active' - } - - set_method_mock.assert_called_with('user', 'fortitoken', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_fortitoken_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_fortitoken': { - 'activation_code': 'test_value_3', - 'activation_expire': '4', - 'comments': 'test_value_5', - 'license': 'test_value_6', - 'os_ver': 'test_value_7', - 'reg_id': 'test_value_8', - 'seed': 'test_value_9', - 'serial_number': 'test_value_10', - 'status': 'active' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_fortitoken.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'fortitoken', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_fortitoken_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_fortitoken': { - 'activation_code': 'test_value_3', - 'activation_expire': '4', - 'comments': 'test_value_5', - 'license': 'test_value_6', - 'os_ver': 'test_value_7', - 'reg_id': 'test_value_8', - 'seed': 'test_value_9', - 'serial_number': 'test_value_10', - 'status': 'active' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_fortitoken.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'fortitoken', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_fortitoken_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_fortitoken': { - 'activation_code': 'test_value_3', - 'activation_expire': '4', - 'comments': 'test_value_5', - 'license': 'test_value_6', - 'os_ver': 'test_value_7', - 'reg_id': 'test_value_8', - 'seed': 'test_value_9', - 'serial_number': 'test_value_10', - 'status': 'active' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_fortitoken.fortios_user(input_data, fos_instance) - - expected_data = { - 'activation-code': 'test_value_3', - 'activation-expire': '4', - 'comments': 'test_value_5', - 'license': 'test_value_6', - 'os-ver': 'test_value_7', - 'reg-id': 'test_value_8', - 'seed': 'test_value_9', - 'serial-number': 'test_value_10', - 'status': 'active' - } - - set_method_mock.assert_called_with('user', 'fortitoken', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_user_fortitoken_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_fortitoken': { - 'random_attribute_not_valid': 'tag', - 'activation_code': 'test_value_3', - 'activation_expire': '4', - 'comments': 'test_value_5', - 'license': 'test_value_6', - 'os_ver': 'test_value_7', - 'reg_id': 'test_value_8', - 'seed': 'test_value_9', - 'serial_number': 'test_value_10', - 'status': 'active' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_fortitoken.fortios_user(input_data, fos_instance) - - expected_data = { - 'activation-code': 'test_value_3', - 'activation-expire': '4', - 'comments': 'test_value_5', - 'license': 'test_value_6', - 'os-ver': 'test_value_7', - 'reg-id': 'test_value_8', - 'seed': 'test_value_9', - 'serial-number': 'test_value_10', - 'status': 'active' - } - - set_method_mock.assert_called_with('user', 'fortitoken', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_user_fsso.py b/test/units/modules/network/fortios/test_fortios_user_fsso.py deleted file mode 100644 index ac2f6be41ef..00000000000 --- a/test/units/modules/network/fortios/test_fortios_user_fsso.py +++ /dev/null @@ -1,379 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_user_fsso -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_user_fsso.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_user_fsso_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_fsso': { - 'ldap_server': 'test_value_3', - 'name': 'default_name_4', - 'password': 'test_value_5', - 'password2': 'test_value_6', - 'password3': 'test_value_7', - 'password4': 'test_value_8', - 'password5': 'test_value_9', - 'port': '10', - 'port2': '11', - 'port3': '12', - 'port4': '13', - 'port5': '14', - 'server': '192.168.100.15', - 'server2': 'test_value_16', - 'server3': 'test_value_17', - 'server4': 'test_value_18', - 'server5': 'test_value_19', - 'source_ip': '84.230.14.20', - 'source_ip6': 'test_value_21' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_fsso.fortios_user(input_data, fos_instance) - - expected_data = { - 'ldap-server': 'test_value_3', - 'name': 'default_name_4', - 'password': 'test_value_5', - 'password2': 'test_value_6', - 'password3': 'test_value_7', - 'password4': 'test_value_8', - 'password5': 'test_value_9', - 'port': '10', - 'port2': '11', - 'port3': '12', - 'port4': '13', - 'port5': '14', - 'server': '192.168.100.15', - 'server2': 'test_value_16', - 'server3': 'test_value_17', - 'server4': 'test_value_18', - 'server5': 'test_value_19', - 'source-ip': '84.230.14.20', - 'source-ip6': 'test_value_21' - } - - set_method_mock.assert_called_with('user', 'fsso', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_fsso_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_fsso': { - 'ldap_server': 'test_value_3', - 'name': 'default_name_4', - 'password': 'test_value_5', - 'password2': 'test_value_6', - 'password3': 'test_value_7', - 'password4': 'test_value_8', - 'password5': 'test_value_9', - 'port': '10', - 'port2': '11', - 'port3': '12', - 'port4': '13', - 'port5': '14', - 'server': '192.168.100.15', - 'server2': 'test_value_16', - 'server3': 'test_value_17', - 'server4': 'test_value_18', - 'server5': 'test_value_19', - 'source_ip': '84.230.14.20', - 'source_ip6': 'test_value_21' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_fsso.fortios_user(input_data, fos_instance) - - expected_data = { - 'ldap-server': 'test_value_3', - 'name': 'default_name_4', - 'password': 'test_value_5', - 'password2': 'test_value_6', - 'password3': 'test_value_7', - 'password4': 'test_value_8', - 'password5': 'test_value_9', - 'port': '10', - 'port2': '11', - 'port3': '12', - 'port4': '13', - 'port5': '14', - 'server': '192.168.100.15', - 'server2': 'test_value_16', - 'server3': 'test_value_17', - 'server4': 'test_value_18', - 'server5': 'test_value_19', - 'source-ip': '84.230.14.20', - 'source-ip6': 'test_value_21' - } - - set_method_mock.assert_called_with('user', 'fsso', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_fsso_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_fsso': { - 'ldap_server': 'test_value_3', - 'name': 'default_name_4', - 'password': 'test_value_5', - 'password2': 'test_value_6', - 'password3': 'test_value_7', - 'password4': 'test_value_8', - 'password5': 'test_value_9', - 'port': '10', - 'port2': '11', - 'port3': '12', - 'port4': '13', - 'port5': '14', - 'server': '192.168.100.15', - 'server2': 'test_value_16', - 'server3': 'test_value_17', - 'server4': 'test_value_18', - 'server5': 'test_value_19', - 'source_ip': '84.230.14.20', - 'source_ip6': 'test_value_21' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_fsso.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'fsso', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_fsso_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_fsso': { - 'ldap_server': 'test_value_3', - 'name': 'default_name_4', - 'password': 'test_value_5', - 'password2': 'test_value_6', - 'password3': 'test_value_7', - 'password4': 'test_value_8', - 'password5': 'test_value_9', - 'port': '10', - 'port2': '11', - 'port3': '12', - 'port4': '13', - 'port5': '14', - 'server': '192.168.100.15', - 'server2': 'test_value_16', - 'server3': 'test_value_17', - 'server4': 'test_value_18', - 'server5': 'test_value_19', - 'source_ip': '84.230.14.20', - 'source_ip6': 'test_value_21' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_fsso.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'fsso', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_fsso_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_fsso': { - 'ldap_server': 'test_value_3', - 'name': 'default_name_4', - 'password': 'test_value_5', - 'password2': 'test_value_6', - 'password3': 'test_value_7', - 'password4': 'test_value_8', - 'password5': 'test_value_9', - 'port': '10', - 'port2': '11', - 'port3': '12', - 'port4': '13', - 'port5': '14', - 'server': '192.168.100.15', - 'server2': 'test_value_16', - 'server3': 'test_value_17', - 'server4': 'test_value_18', - 'server5': 'test_value_19', - 'source_ip': '84.230.14.20', - 'source_ip6': 'test_value_21' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_fsso.fortios_user(input_data, fos_instance) - - expected_data = { - 'ldap-server': 'test_value_3', - 'name': 'default_name_4', - 'password': 'test_value_5', - 'password2': 'test_value_6', - 'password3': 'test_value_7', - 'password4': 'test_value_8', - 'password5': 'test_value_9', - 'port': '10', - 'port2': '11', - 'port3': '12', - 'port4': '13', - 'port5': '14', - 'server': '192.168.100.15', - 'server2': 'test_value_16', - 'server3': 'test_value_17', - 'server4': 'test_value_18', - 'server5': 'test_value_19', - 'source-ip': '84.230.14.20', - 'source-ip6': 'test_value_21' - } - - set_method_mock.assert_called_with('user', 'fsso', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_user_fsso_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_fsso': { - 'random_attribute_not_valid': 'tag', - 'ldap_server': 'test_value_3', - 'name': 'default_name_4', - 'password': 'test_value_5', - 'password2': 'test_value_6', - 'password3': 'test_value_7', - 'password4': 'test_value_8', - 'password5': 'test_value_9', - 'port': '10', - 'port2': '11', - 'port3': '12', - 'port4': '13', - 'port5': '14', - 'server': '192.168.100.15', - 'server2': 'test_value_16', - 'server3': 'test_value_17', - 'server4': 'test_value_18', - 'server5': 'test_value_19', - 'source_ip': '84.230.14.20', - 'source_ip6': 'test_value_21' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_fsso.fortios_user(input_data, fos_instance) - - expected_data = { - 'ldap-server': 'test_value_3', - 'name': 'default_name_4', - 'password': 'test_value_5', - 'password2': 'test_value_6', - 'password3': 'test_value_7', - 'password4': 'test_value_8', - 'password5': 'test_value_9', - 'port': '10', - 'port2': '11', - 'port3': '12', - 'port4': '13', - 'port5': '14', - 'server': '192.168.100.15', - 'server2': 'test_value_16', - 'server3': 'test_value_17', - 'server4': 'test_value_18', - 'server5': 'test_value_19', - 'source-ip': '84.230.14.20', - 'source-ip6': 'test_value_21' - } - - set_method_mock.assert_called_with('user', 'fsso', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_user_fsso_polling.py b/test/units/modules/network/fortios/test_fortios_user_fsso_polling.py deleted file mode 100644 index 6d495aff4d6..00000000000 --- a/test/units/modules/network/fortios/test_fortios_user_fsso_polling.py +++ /dev/null @@ -1,279 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_user_fsso_polling -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_user_fsso_polling.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_user_fsso_polling_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_fsso_polling': {'default_domain': 'test_value_3', - 'id': '4', - 'ldap_server': 'test_value_5', - 'logon_history': '6', - 'password': 'test_value_7', - 'polling_frequency': '8', - 'port': '9', - 'server': '192.168.100.10', - 'status': 'enable', - 'user': 'test_value_12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_fsso_polling.fortios_user(input_data, fos_instance) - - expected_data = {'default-domain': 'test_value_3', - 'id': '4', - 'ldap-server': 'test_value_5', - 'logon-history': '6', - 'password': 'test_value_7', - 'polling-frequency': '8', - 'port': '9', - 'server': '192.168.100.10', - 'status': 'enable', - 'user': 'test_value_12' - } - - set_method_mock.assert_called_with('user', 'fsso-polling', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_fsso_polling_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_fsso_polling': {'default_domain': 'test_value_3', - 'id': '4', - 'ldap_server': 'test_value_5', - 'logon_history': '6', - 'password': 'test_value_7', - 'polling_frequency': '8', - 'port': '9', - 'server': '192.168.100.10', - 'status': 'enable', - 'user': 'test_value_12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_fsso_polling.fortios_user(input_data, fos_instance) - - expected_data = {'default-domain': 'test_value_3', - 'id': '4', - 'ldap-server': 'test_value_5', - 'logon-history': '6', - 'password': 'test_value_7', - 'polling-frequency': '8', - 'port': '9', - 'server': '192.168.100.10', - 'status': 'enable', - 'user': 'test_value_12' - } - - set_method_mock.assert_called_with('user', 'fsso-polling', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_fsso_polling_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_fsso_polling': {'default_domain': 'test_value_3', - 'id': '4', - 'ldap_server': 'test_value_5', - 'logon_history': '6', - 'password': 'test_value_7', - 'polling_frequency': '8', - 'port': '9', - 'server': '192.168.100.10', - 'status': 'enable', - 'user': 'test_value_12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_fsso_polling.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'fsso-polling', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_fsso_polling_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_fsso_polling': {'default_domain': 'test_value_3', - 'id': '4', - 'ldap_server': 'test_value_5', - 'logon_history': '6', - 'password': 'test_value_7', - 'polling_frequency': '8', - 'port': '9', - 'server': '192.168.100.10', - 'status': 'enable', - 'user': 'test_value_12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_fsso_polling.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'fsso-polling', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_fsso_polling_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_fsso_polling': {'default_domain': 'test_value_3', - 'id': '4', - 'ldap_server': 'test_value_5', - 'logon_history': '6', - 'password': 'test_value_7', - 'polling_frequency': '8', - 'port': '9', - 'server': '192.168.100.10', - 'status': 'enable', - 'user': 'test_value_12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_fsso_polling.fortios_user(input_data, fos_instance) - - expected_data = {'default-domain': 'test_value_3', - 'id': '4', - 'ldap-server': 'test_value_5', - 'logon-history': '6', - 'password': 'test_value_7', - 'polling-frequency': '8', - 'port': '9', - 'server': '192.168.100.10', - 'status': 'enable', - 'user': 'test_value_12' - } - - set_method_mock.assert_called_with('user', 'fsso-polling', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_user_fsso_polling_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_fsso_polling': { - 'random_attribute_not_valid': 'tag', 'default_domain': 'test_value_3', - 'id': '4', - 'ldap_server': 'test_value_5', - 'logon_history': '6', - 'password': 'test_value_7', - 'polling_frequency': '8', - 'port': '9', - 'server': '192.168.100.10', - 'status': 'enable', - 'user': 'test_value_12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_fsso_polling.fortios_user(input_data, fos_instance) - - expected_data = {'default-domain': 'test_value_3', - 'id': '4', - 'ldap-server': 'test_value_5', - 'logon-history': '6', - 'password': 'test_value_7', - 'polling-frequency': '8', - 'port': '9', - 'server': '192.168.100.10', - 'status': 'enable', - 'user': 'test_value_12' - } - - set_method_mock.assert_called_with('user', 'fsso-polling', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_user_group.py b/test/units/modules/network/fortios/test_fortios_user_group.py deleted file mode 100644 index b7aa50bdb08..00000000000 --- a/test/units/modules/network/fortios/test_fortios_user_group.py +++ /dev/null @@ -1,399 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_user_group -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_user_group.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_user_group_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_group': { - 'auth_concurrent_override': 'enable', - 'auth_concurrent_value': '4', - 'authtimeout': '5', - 'company': 'optional', - 'email': 'disable', - 'expire': '8', - 'expire_type': 'immediately', - 'group_type': 'firewall', - 'http_digest_realm': 'test_value_11', - 'id': '12', - 'max_accounts': '13', - 'mobile_phone': 'disable', - 'multiple_guest_add': 'disable', - 'name': 'default_name_16', - 'password': 'auto-generate', - 'sms_custom_server': 'test_value_18', - 'sms_server': 'fortiguard', - 'sponsor': 'optional', - 'sso_attribute_value': 'test_value_21', - 'user_id': 'email', - 'user_name': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_group.fortios_user(input_data, fos_instance) - - expected_data = { - 'auth-concurrent-override': 'enable', - 'auth-concurrent-value': '4', - 'authtimeout': '5', - 'company': 'optional', - 'email': 'disable', - 'expire': '8', - 'expire-type': 'immediately', - 'group-type': 'firewall', - 'http-digest-realm': 'test_value_11', - 'id': '12', - 'max-accounts': '13', - 'mobile-phone': 'disable', - 'multiple-guest-add': 'disable', - 'name': 'default_name_16', - 'password': 'auto-generate', - 'sms-custom-server': 'test_value_18', - 'sms-server': 'fortiguard', - 'sponsor': 'optional', - 'sso-attribute-value': 'test_value_21', - 'user-id': 'email', - 'user-name': 'disable' - } - - set_method_mock.assert_called_with('user', 'group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_group_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_group': { - 'auth_concurrent_override': 'enable', - 'auth_concurrent_value': '4', - 'authtimeout': '5', - 'company': 'optional', - 'email': 'disable', - 'expire': '8', - 'expire_type': 'immediately', - 'group_type': 'firewall', - 'http_digest_realm': 'test_value_11', - 'id': '12', - 'max_accounts': '13', - 'mobile_phone': 'disable', - 'multiple_guest_add': 'disable', - 'name': 'default_name_16', - 'password': 'auto-generate', - 'sms_custom_server': 'test_value_18', - 'sms_server': 'fortiguard', - 'sponsor': 'optional', - 'sso_attribute_value': 'test_value_21', - 'user_id': 'email', - 'user_name': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_group.fortios_user(input_data, fos_instance) - - expected_data = { - 'auth-concurrent-override': 'enable', - 'auth-concurrent-value': '4', - 'authtimeout': '5', - 'company': 'optional', - 'email': 'disable', - 'expire': '8', - 'expire-type': 'immediately', - 'group-type': 'firewall', - 'http-digest-realm': 'test_value_11', - 'id': '12', - 'max-accounts': '13', - 'mobile-phone': 'disable', - 'multiple-guest-add': 'disable', - 'name': 'default_name_16', - 'password': 'auto-generate', - 'sms-custom-server': 'test_value_18', - 'sms-server': 'fortiguard', - 'sponsor': 'optional', - 'sso-attribute-value': 'test_value_21', - 'user-id': 'email', - 'user-name': 'disable' - } - - set_method_mock.assert_called_with('user', 'group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_group_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_group': { - 'auth_concurrent_override': 'enable', - 'auth_concurrent_value': '4', - 'authtimeout': '5', - 'company': 'optional', - 'email': 'disable', - 'expire': '8', - 'expire_type': 'immediately', - 'group_type': 'firewall', - 'http_digest_realm': 'test_value_11', - 'id': '12', - 'max_accounts': '13', - 'mobile_phone': 'disable', - 'multiple_guest_add': 'disable', - 'name': 'default_name_16', - 'password': 'auto-generate', - 'sms_custom_server': 'test_value_18', - 'sms_server': 'fortiguard', - 'sponsor': 'optional', - 'sso_attribute_value': 'test_value_21', - 'user_id': 'email', - 'user_name': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_group.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'group', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_group_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_group': { - 'auth_concurrent_override': 'enable', - 'auth_concurrent_value': '4', - 'authtimeout': '5', - 'company': 'optional', - 'email': 'disable', - 'expire': '8', - 'expire_type': 'immediately', - 'group_type': 'firewall', - 'http_digest_realm': 'test_value_11', - 'id': '12', - 'max_accounts': '13', - 'mobile_phone': 'disable', - 'multiple_guest_add': 'disable', - 'name': 'default_name_16', - 'password': 'auto-generate', - 'sms_custom_server': 'test_value_18', - 'sms_server': 'fortiguard', - 'sponsor': 'optional', - 'sso_attribute_value': 'test_value_21', - 'user_id': 'email', - 'user_name': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_group.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'group', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_group_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_group': { - 'auth_concurrent_override': 'enable', - 'auth_concurrent_value': '4', - 'authtimeout': '5', - 'company': 'optional', - 'email': 'disable', - 'expire': '8', - 'expire_type': 'immediately', - 'group_type': 'firewall', - 'http_digest_realm': 'test_value_11', - 'id': '12', - 'max_accounts': '13', - 'mobile_phone': 'disable', - 'multiple_guest_add': 'disable', - 'name': 'default_name_16', - 'password': 'auto-generate', - 'sms_custom_server': 'test_value_18', - 'sms_server': 'fortiguard', - 'sponsor': 'optional', - 'sso_attribute_value': 'test_value_21', - 'user_id': 'email', - 'user_name': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_group.fortios_user(input_data, fos_instance) - - expected_data = { - 'auth-concurrent-override': 'enable', - 'auth-concurrent-value': '4', - 'authtimeout': '5', - 'company': 'optional', - 'email': 'disable', - 'expire': '8', - 'expire-type': 'immediately', - 'group-type': 'firewall', - 'http-digest-realm': 'test_value_11', - 'id': '12', - 'max-accounts': '13', - 'mobile-phone': 'disable', - 'multiple-guest-add': 'disable', - 'name': 'default_name_16', - 'password': 'auto-generate', - 'sms-custom-server': 'test_value_18', - 'sms-server': 'fortiguard', - 'sponsor': 'optional', - 'sso-attribute-value': 'test_value_21', - 'user-id': 'email', - 'user-name': 'disable' - } - - set_method_mock.assert_called_with('user', 'group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_user_group_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_group': { - 'random_attribute_not_valid': 'tag', - 'auth_concurrent_override': 'enable', - 'auth_concurrent_value': '4', - 'authtimeout': '5', - 'company': 'optional', - 'email': 'disable', - 'expire': '8', - 'expire_type': 'immediately', - 'group_type': 'firewall', - 'http_digest_realm': 'test_value_11', - 'id': '12', - 'max_accounts': '13', - 'mobile_phone': 'disable', - 'multiple_guest_add': 'disable', - 'name': 'default_name_16', - 'password': 'auto-generate', - 'sms_custom_server': 'test_value_18', - 'sms_server': 'fortiguard', - 'sponsor': 'optional', - 'sso_attribute_value': 'test_value_21', - 'user_id': 'email', - 'user_name': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_group.fortios_user(input_data, fos_instance) - - expected_data = { - 'auth-concurrent-override': 'enable', - 'auth-concurrent-value': '4', - 'authtimeout': '5', - 'company': 'optional', - 'email': 'disable', - 'expire': '8', - 'expire-type': 'immediately', - 'group-type': 'firewall', - 'http-digest-realm': 'test_value_11', - 'id': '12', - 'max-accounts': '13', - 'mobile-phone': 'disable', - 'multiple-guest-add': 'disable', - 'name': 'default_name_16', - 'password': 'auto-generate', - 'sms-custom-server': 'test_value_18', - 'sms-server': 'fortiguard', - 'sponsor': 'optional', - 'sso-attribute-value': 'test_value_21', - 'user-id': 'email', - 'user-name': 'disable' - } - - set_method_mock.assert_called_with('user', 'group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_user_krb_keytab.py b/test/units/modules/network/fortios/test_fortios_user_krb_keytab.py deleted file mode 100644 index a30af02563b..00000000000 --- a/test/units/modules/network/fortios/test_fortios_user_krb_keytab.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_user_krb_keytab -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_user_krb_keytab.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_user_krb_keytab_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_krb_keytab': { - 'keytab': 'test_value_3', - 'ldap_server': 'test_value_4', - 'name': 'default_name_5', - 'principal': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_krb_keytab.fortios_user(input_data, fos_instance) - - expected_data = { - 'keytab': 'test_value_3', - 'ldap-server': 'test_value_4', - 'name': 'default_name_5', - 'principal': 'test_value_6' - } - - set_method_mock.assert_called_with('user', 'krb-keytab', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_krb_keytab_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_krb_keytab': { - 'keytab': 'test_value_3', - 'ldap_server': 'test_value_4', - 'name': 'default_name_5', - 'principal': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_krb_keytab.fortios_user(input_data, fos_instance) - - expected_data = { - 'keytab': 'test_value_3', - 'ldap-server': 'test_value_4', - 'name': 'default_name_5', - 'principal': 'test_value_6' - } - - set_method_mock.assert_called_with('user', 'krb-keytab', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_krb_keytab_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_krb_keytab': { - 'keytab': 'test_value_3', - 'ldap_server': 'test_value_4', - 'name': 'default_name_5', - 'principal': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_krb_keytab.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'krb-keytab', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_krb_keytab_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_krb_keytab': { - 'keytab': 'test_value_3', - 'ldap_server': 'test_value_4', - 'name': 'default_name_5', - 'principal': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_krb_keytab.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'krb-keytab', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_krb_keytab_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_krb_keytab': { - 'keytab': 'test_value_3', - 'ldap_server': 'test_value_4', - 'name': 'default_name_5', - 'principal': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_krb_keytab.fortios_user(input_data, fos_instance) - - expected_data = { - 'keytab': 'test_value_3', - 'ldap-server': 'test_value_4', - 'name': 'default_name_5', - 'principal': 'test_value_6' - } - - set_method_mock.assert_called_with('user', 'krb-keytab', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_user_krb_keytab_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_krb_keytab': { - 'random_attribute_not_valid': 'tag', - 'keytab': 'test_value_3', - 'ldap_server': 'test_value_4', - 'name': 'default_name_5', - 'principal': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_krb_keytab.fortios_user(input_data, fos_instance) - - expected_data = { - 'keytab': 'test_value_3', - 'ldap-server': 'test_value_4', - 'name': 'default_name_5', - 'principal': 'test_value_6' - } - - set_method_mock.assert_called_with('user', 'krb-keytab', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_user_ldap.py b/test/units/modules/network/fortios/test_fortios_user_ldap.py deleted file mode 100644 index 47b06f8622b..00000000000 --- a/test/units/modules/network/fortios/test_fortios_user_ldap.py +++ /dev/null @@ -1,429 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_user_ldap -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_user_ldap.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_user_ldap_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_ldap': { - 'account_key_filter': 'test_value_3', - 'account_key_processing': 'same', - 'ca_cert': 'test_value_5', - 'cnid': 'test_value_6', - 'dn': 'test_value_7', - 'group_filter': 'test_value_8', - 'group_member_check': 'user-attr', - 'group_object_filter': 'test_value_10', - 'group_search_base': 'test_value_11', - 'member_attr': 'test_value_12', - 'name': 'default_name_13', - 'password': 'test_value_14', - 'password_expiry_warning': 'enable', - 'password_renewal': 'enable', - 'port': '17', - 'secondary_server': 'test_value_18', - 'secure': 'disable', - 'server': '192.168.100.20', - 'server_identity_check': 'enable', - 'source_ip': '84.230.14.22', - 'ssl_min_proto_version': 'default', - 'tertiary_server': 'test_value_24', - 'type': 'simple', - 'username': 'test_value_26' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_ldap.fortios_user(input_data, fos_instance) - - expected_data = { - 'account-key-filter': 'test_value_3', - 'account-key-processing': 'same', - 'ca-cert': 'test_value_5', - 'cnid': 'test_value_6', - 'dn': 'test_value_7', - 'group-filter': 'test_value_8', - 'group-member-check': 'user-attr', - 'group-object-filter': 'test_value_10', - 'group-search-base': 'test_value_11', - 'member-attr': 'test_value_12', - 'name': 'default_name_13', - 'password': 'test_value_14', - 'password-expiry-warning': 'enable', - 'password-renewal': 'enable', - 'port': '17', - 'secondary-server': 'test_value_18', - 'secure': 'disable', - 'server': '192.168.100.20', - 'server-identity-check': 'enable', - 'source-ip': '84.230.14.22', - 'ssl-min-proto-version': 'default', - 'tertiary-server': 'test_value_24', - 'type': 'simple', - 'username': 'test_value_26' - } - - set_method_mock.assert_called_with('user', 'ldap', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_ldap_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_ldap': { - 'account_key_filter': 'test_value_3', - 'account_key_processing': 'same', - 'ca_cert': 'test_value_5', - 'cnid': 'test_value_6', - 'dn': 'test_value_7', - 'group_filter': 'test_value_8', - 'group_member_check': 'user-attr', - 'group_object_filter': 'test_value_10', - 'group_search_base': 'test_value_11', - 'member_attr': 'test_value_12', - 'name': 'default_name_13', - 'password': 'test_value_14', - 'password_expiry_warning': 'enable', - 'password_renewal': 'enable', - 'port': '17', - 'secondary_server': 'test_value_18', - 'secure': 'disable', - 'server': '192.168.100.20', - 'server_identity_check': 'enable', - 'source_ip': '84.230.14.22', - 'ssl_min_proto_version': 'default', - 'tertiary_server': 'test_value_24', - 'type': 'simple', - 'username': 'test_value_26' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_ldap.fortios_user(input_data, fos_instance) - - expected_data = { - 'account-key-filter': 'test_value_3', - 'account-key-processing': 'same', - 'ca-cert': 'test_value_5', - 'cnid': 'test_value_6', - 'dn': 'test_value_7', - 'group-filter': 'test_value_8', - 'group-member-check': 'user-attr', - 'group-object-filter': 'test_value_10', - 'group-search-base': 'test_value_11', - 'member-attr': 'test_value_12', - 'name': 'default_name_13', - 'password': 'test_value_14', - 'password-expiry-warning': 'enable', - 'password-renewal': 'enable', - 'port': '17', - 'secondary-server': 'test_value_18', - 'secure': 'disable', - 'server': '192.168.100.20', - 'server-identity-check': 'enable', - 'source-ip': '84.230.14.22', - 'ssl-min-proto-version': 'default', - 'tertiary-server': 'test_value_24', - 'type': 'simple', - 'username': 'test_value_26' - } - - set_method_mock.assert_called_with('user', 'ldap', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_ldap_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_ldap': { - 'account_key_filter': 'test_value_3', - 'account_key_processing': 'same', - 'ca_cert': 'test_value_5', - 'cnid': 'test_value_6', - 'dn': 'test_value_7', - 'group_filter': 'test_value_8', - 'group_member_check': 'user-attr', - 'group_object_filter': 'test_value_10', - 'group_search_base': 'test_value_11', - 'member_attr': 'test_value_12', - 'name': 'default_name_13', - 'password': 'test_value_14', - 'password_expiry_warning': 'enable', - 'password_renewal': 'enable', - 'port': '17', - 'secondary_server': 'test_value_18', - 'secure': 'disable', - 'server': '192.168.100.20', - 'server_identity_check': 'enable', - 'source_ip': '84.230.14.22', - 'ssl_min_proto_version': 'default', - 'tertiary_server': 'test_value_24', - 'type': 'simple', - 'username': 'test_value_26' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_ldap.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'ldap', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_ldap_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_ldap': { - 'account_key_filter': 'test_value_3', - 'account_key_processing': 'same', - 'ca_cert': 'test_value_5', - 'cnid': 'test_value_6', - 'dn': 'test_value_7', - 'group_filter': 'test_value_8', - 'group_member_check': 'user-attr', - 'group_object_filter': 'test_value_10', - 'group_search_base': 'test_value_11', - 'member_attr': 'test_value_12', - 'name': 'default_name_13', - 'password': 'test_value_14', - 'password_expiry_warning': 'enable', - 'password_renewal': 'enable', - 'port': '17', - 'secondary_server': 'test_value_18', - 'secure': 'disable', - 'server': '192.168.100.20', - 'server_identity_check': 'enable', - 'source_ip': '84.230.14.22', - 'ssl_min_proto_version': 'default', - 'tertiary_server': 'test_value_24', - 'type': 'simple', - 'username': 'test_value_26' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_ldap.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'ldap', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_ldap_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_ldap': { - 'account_key_filter': 'test_value_3', - 'account_key_processing': 'same', - 'ca_cert': 'test_value_5', - 'cnid': 'test_value_6', - 'dn': 'test_value_7', - 'group_filter': 'test_value_8', - 'group_member_check': 'user-attr', - 'group_object_filter': 'test_value_10', - 'group_search_base': 'test_value_11', - 'member_attr': 'test_value_12', - 'name': 'default_name_13', - 'password': 'test_value_14', - 'password_expiry_warning': 'enable', - 'password_renewal': 'enable', - 'port': '17', - 'secondary_server': 'test_value_18', - 'secure': 'disable', - 'server': '192.168.100.20', - 'server_identity_check': 'enable', - 'source_ip': '84.230.14.22', - 'ssl_min_proto_version': 'default', - 'tertiary_server': 'test_value_24', - 'type': 'simple', - 'username': 'test_value_26' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_ldap.fortios_user(input_data, fos_instance) - - expected_data = { - 'account-key-filter': 'test_value_3', - 'account-key-processing': 'same', - 'ca-cert': 'test_value_5', - 'cnid': 'test_value_6', - 'dn': 'test_value_7', - 'group-filter': 'test_value_8', - 'group-member-check': 'user-attr', - 'group-object-filter': 'test_value_10', - 'group-search-base': 'test_value_11', - 'member-attr': 'test_value_12', - 'name': 'default_name_13', - 'password': 'test_value_14', - 'password-expiry-warning': 'enable', - 'password-renewal': 'enable', - 'port': '17', - 'secondary-server': 'test_value_18', - 'secure': 'disable', - 'server': '192.168.100.20', - 'server-identity-check': 'enable', - 'source-ip': '84.230.14.22', - 'ssl-min-proto-version': 'default', - 'tertiary-server': 'test_value_24', - 'type': 'simple', - 'username': 'test_value_26' - } - - set_method_mock.assert_called_with('user', 'ldap', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_user_ldap_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_ldap': { - 'random_attribute_not_valid': 'tag', - 'account_key_filter': 'test_value_3', - 'account_key_processing': 'same', - 'ca_cert': 'test_value_5', - 'cnid': 'test_value_6', - 'dn': 'test_value_7', - 'group_filter': 'test_value_8', - 'group_member_check': 'user-attr', - 'group_object_filter': 'test_value_10', - 'group_search_base': 'test_value_11', - 'member_attr': 'test_value_12', - 'name': 'default_name_13', - 'password': 'test_value_14', - 'password_expiry_warning': 'enable', - 'password_renewal': 'enable', - 'port': '17', - 'secondary_server': 'test_value_18', - 'secure': 'disable', - 'server': '192.168.100.20', - 'server_identity_check': 'enable', - 'source_ip': '84.230.14.22', - 'ssl_min_proto_version': 'default', - 'tertiary_server': 'test_value_24', - 'type': 'simple', - 'username': 'test_value_26' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_ldap.fortios_user(input_data, fos_instance) - - expected_data = { - 'account-key-filter': 'test_value_3', - 'account-key-processing': 'same', - 'ca-cert': 'test_value_5', - 'cnid': 'test_value_6', - 'dn': 'test_value_7', - 'group-filter': 'test_value_8', - 'group-member-check': 'user-attr', - 'group-object-filter': 'test_value_10', - 'group-search-base': 'test_value_11', - 'member-attr': 'test_value_12', - 'name': 'default_name_13', - 'password': 'test_value_14', - 'password-expiry-warning': 'enable', - 'password-renewal': 'enable', - 'port': '17', - 'secondary-server': 'test_value_18', - 'secure': 'disable', - 'server': '192.168.100.20', - 'server-identity-check': 'enable', - 'source-ip': '84.230.14.22', - 'ssl-min-proto-version': 'default', - 'tertiary-server': 'test_value_24', - 'type': 'simple', - 'username': 'test_value_26' - } - - set_method_mock.assert_called_with('user', 'ldap', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_user_local.py b/test/units/modules/network/fortios/test_fortios_user_local.py deleted file mode 100644 index 27ab005a2d7..00000000000 --- a/test/units/modules/network/fortios/test_fortios_user_local.py +++ /dev/null @@ -1,399 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_user_local -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_user_local.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_user_local_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_local': { - 'auth_concurrent_override': 'enable', - 'auth_concurrent_value': '4', - 'authtimeout': '5', - 'email_to': 'test_value_6', - 'fortitoken': 'test_value_7', - 'id': '8', - 'ldap_server': 'test_value_9', - 'name': 'default_name_10', - 'passwd': 'test_value_11', - 'passwd_policy': 'test_value_12', - 'passwd_time': 'test_value_13', - 'ppk_identity': 'test_value_14', - 'ppk_secret': 'test_value_15', - 'radius_server': 'test_value_16', - 'sms_custom_server': 'test_value_17', - 'sms_phone': 'test_value_18', - 'sms_server': 'fortiguard', - 'status': 'enable', - 'two_factor': 'disable', - 'type': 'password', - 'workstation': 'test_value_24' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_local.fortios_user(input_data, fos_instance) - - expected_data = { - 'auth-concurrent-override': 'enable', - 'auth-concurrent-value': '4', - 'authtimeout': '5', - 'email-to': 'test_value_6', - 'fortitoken': 'test_value_7', - 'id': '8', - 'ldap-server': 'test_value_9', - 'name': 'default_name_10', - 'passwd': 'test_value_11', - 'passwd-policy': 'test_value_12', - 'passwd-time': 'test_value_13', - 'ppk-identity': 'test_value_14', - 'ppk-secret': 'test_value_15', - 'radius-server': 'test_value_16', - 'sms-custom-server': 'test_value_17', - 'sms-phone': 'test_value_18', - 'sms-server': 'fortiguard', - 'status': 'enable', - 'two-factor': 'disable', - 'type': 'password', - 'workstation': 'test_value_24' - } - - set_method_mock.assert_called_with('user', 'local', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_local_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_local': { - 'auth_concurrent_override': 'enable', - 'auth_concurrent_value': '4', - 'authtimeout': '5', - 'email_to': 'test_value_6', - 'fortitoken': 'test_value_7', - 'id': '8', - 'ldap_server': 'test_value_9', - 'name': 'default_name_10', - 'passwd': 'test_value_11', - 'passwd_policy': 'test_value_12', - 'passwd_time': 'test_value_13', - 'ppk_identity': 'test_value_14', - 'ppk_secret': 'test_value_15', - 'radius_server': 'test_value_16', - 'sms_custom_server': 'test_value_17', - 'sms_phone': 'test_value_18', - 'sms_server': 'fortiguard', - 'status': 'enable', - 'two_factor': 'disable', - 'type': 'password', - 'workstation': 'test_value_24' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_local.fortios_user(input_data, fos_instance) - - expected_data = { - 'auth-concurrent-override': 'enable', - 'auth-concurrent-value': '4', - 'authtimeout': '5', - 'email-to': 'test_value_6', - 'fortitoken': 'test_value_7', - 'id': '8', - 'ldap-server': 'test_value_9', - 'name': 'default_name_10', - 'passwd': 'test_value_11', - 'passwd-policy': 'test_value_12', - 'passwd-time': 'test_value_13', - 'ppk-identity': 'test_value_14', - 'ppk-secret': 'test_value_15', - 'radius-server': 'test_value_16', - 'sms-custom-server': 'test_value_17', - 'sms-phone': 'test_value_18', - 'sms-server': 'fortiguard', - 'status': 'enable', - 'two-factor': 'disable', - 'type': 'password', - 'workstation': 'test_value_24' - } - - set_method_mock.assert_called_with('user', 'local', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_local_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_local': { - 'auth_concurrent_override': 'enable', - 'auth_concurrent_value': '4', - 'authtimeout': '5', - 'email_to': 'test_value_6', - 'fortitoken': 'test_value_7', - 'id': '8', - 'ldap_server': 'test_value_9', - 'name': 'default_name_10', - 'passwd': 'test_value_11', - 'passwd_policy': 'test_value_12', - 'passwd_time': 'test_value_13', - 'ppk_identity': 'test_value_14', - 'ppk_secret': 'test_value_15', - 'radius_server': 'test_value_16', - 'sms_custom_server': 'test_value_17', - 'sms_phone': 'test_value_18', - 'sms_server': 'fortiguard', - 'status': 'enable', - 'two_factor': 'disable', - 'type': 'password', - 'workstation': 'test_value_24' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_local.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'local', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_local_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_local': { - 'auth_concurrent_override': 'enable', - 'auth_concurrent_value': '4', - 'authtimeout': '5', - 'email_to': 'test_value_6', - 'fortitoken': 'test_value_7', - 'id': '8', - 'ldap_server': 'test_value_9', - 'name': 'default_name_10', - 'passwd': 'test_value_11', - 'passwd_policy': 'test_value_12', - 'passwd_time': 'test_value_13', - 'ppk_identity': 'test_value_14', - 'ppk_secret': 'test_value_15', - 'radius_server': 'test_value_16', - 'sms_custom_server': 'test_value_17', - 'sms_phone': 'test_value_18', - 'sms_server': 'fortiguard', - 'status': 'enable', - 'two_factor': 'disable', - 'type': 'password', - 'workstation': 'test_value_24' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_local.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'local', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_local_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_local': { - 'auth_concurrent_override': 'enable', - 'auth_concurrent_value': '4', - 'authtimeout': '5', - 'email_to': 'test_value_6', - 'fortitoken': 'test_value_7', - 'id': '8', - 'ldap_server': 'test_value_9', - 'name': 'default_name_10', - 'passwd': 'test_value_11', - 'passwd_policy': 'test_value_12', - 'passwd_time': 'test_value_13', - 'ppk_identity': 'test_value_14', - 'ppk_secret': 'test_value_15', - 'radius_server': 'test_value_16', - 'sms_custom_server': 'test_value_17', - 'sms_phone': 'test_value_18', - 'sms_server': 'fortiguard', - 'status': 'enable', - 'two_factor': 'disable', - 'type': 'password', - 'workstation': 'test_value_24' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_local.fortios_user(input_data, fos_instance) - - expected_data = { - 'auth-concurrent-override': 'enable', - 'auth-concurrent-value': '4', - 'authtimeout': '5', - 'email-to': 'test_value_6', - 'fortitoken': 'test_value_7', - 'id': '8', - 'ldap-server': 'test_value_9', - 'name': 'default_name_10', - 'passwd': 'test_value_11', - 'passwd-policy': 'test_value_12', - 'passwd-time': 'test_value_13', - 'ppk-identity': 'test_value_14', - 'ppk-secret': 'test_value_15', - 'radius-server': 'test_value_16', - 'sms-custom-server': 'test_value_17', - 'sms-phone': 'test_value_18', - 'sms-server': 'fortiguard', - 'status': 'enable', - 'two-factor': 'disable', - 'type': 'password', - 'workstation': 'test_value_24' - } - - set_method_mock.assert_called_with('user', 'local', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_user_local_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_local': { - 'random_attribute_not_valid': 'tag', - 'auth_concurrent_override': 'enable', - 'auth_concurrent_value': '4', - 'authtimeout': '5', - 'email_to': 'test_value_6', - 'fortitoken': 'test_value_7', - 'id': '8', - 'ldap_server': 'test_value_9', - 'name': 'default_name_10', - 'passwd': 'test_value_11', - 'passwd_policy': 'test_value_12', - 'passwd_time': 'test_value_13', - 'ppk_identity': 'test_value_14', - 'ppk_secret': 'test_value_15', - 'radius_server': 'test_value_16', - 'sms_custom_server': 'test_value_17', - 'sms_phone': 'test_value_18', - 'sms_server': 'fortiguard', - 'status': 'enable', - 'two_factor': 'disable', - 'type': 'password', - 'workstation': 'test_value_24' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_local.fortios_user(input_data, fos_instance) - - expected_data = { - 'auth-concurrent-override': 'enable', - 'auth-concurrent-value': '4', - 'authtimeout': '5', - 'email-to': 'test_value_6', - 'fortitoken': 'test_value_7', - 'id': '8', - 'ldap-server': 'test_value_9', - 'name': 'default_name_10', - 'passwd': 'test_value_11', - 'passwd-policy': 'test_value_12', - 'passwd-time': 'test_value_13', - 'ppk-identity': 'test_value_14', - 'ppk-secret': 'test_value_15', - 'radius-server': 'test_value_16', - 'sms-custom-server': 'test_value_17', - 'sms-phone': 'test_value_18', - 'sms-server': 'fortiguard', - 'status': 'enable', - 'two-factor': 'disable', - 'type': 'password', - 'workstation': 'test_value_24' - } - - set_method_mock.assert_called_with('user', 'local', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_user_password_policy.py b/test/units/modules/network/fortios/test_fortios_user_password_policy.py deleted file mode 100644 index 0c939f4933b..00000000000 --- a/test/units/modules/network/fortios/test_fortios_user_password_policy.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_user_password_policy -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_user_password_policy.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_user_password_policy_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_password_policy': { - 'expire_days': '3', - 'name': 'default_name_4', - 'warn_days': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_password_policy.fortios_user(input_data, fos_instance) - - expected_data = { - 'expire-days': '3', - 'name': 'default_name_4', - 'warn-days': '5' - } - - set_method_mock.assert_called_with('user', 'password-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_password_policy_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_password_policy': { - 'expire_days': '3', - 'name': 'default_name_4', - 'warn_days': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_password_policy.fortios_user(input_data, fos_instance) - - expected_data = { - 'expire-days': '3', - 'name': 'default_name_4', - 'warn-days': '5' - } - - set_method_mock.assert_called_with('user', 'password-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_password_policy_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_password_policy': { - 'expire_days': '3', - 'name': 'default_name_4', - 'warn_days': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_password_policy.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'password-policy', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_password_policy_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_password_policy': { - 'expire_days': '3', - 'name': 'default_name_4', - 'warn_days': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_password_policy.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'password-policy', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_password_policy_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_password_policy': { - 'expire_days': '3', - 'name': 'default_name_4', - 'warn_days': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_password_policy.fortios_user(input_data, fos_instance) - - expected_data = { - 'expire-days': '3', - 'name': 'default_name_4', - 'warn-days': '5' - } - - set_method_mock.assert_called_with('user', 'password-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_user_password_policy_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_password_policy': { - 'random_attribute_not_valid': 'tag', - 'expire_days': '3', - 'name': 'default_name_4', - 'warn_days': '5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_password_policy.fortios_user(input_data, fos_instance) - - expected_data = { - 'expire-days': '3', - 'name': 'default_name_4', - 'warn-days': '5' - } - - set_method_mock.assert_called_with('user', 'password-policy', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_user_peer.py b/test/units/modules/network/fortios/test_fortios_user_peer.py deleted file mode 100644 index 044fd40481e..00000000000 --- a/test/units/modules/network/fortios/test_fortios_user_peer.py +++ /dev/null @@ -1,319 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_user_peer -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_user_peer.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_user_peer_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_peer': { - 'ca': 'test_value_3', - 'cn': 'test_value_4', - 'cn_type': 'string', - 'ldap_mode': 'password', - 'ldap_password': 'test_value_7', - 'ldap_server': 'test_value_8', - 'ldap_username': 'test_value_9', - 'mandatory_ca_verify': 'enable', - 'name': 'default_name_11', - 'ocsp_override_server': 'test_value_12', - 'passwd': 'test_value_13', - 'subject': 'test_value_14', - 'two_factor': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_peer.fortios_user(input_data, fos_instance) - - expected_data = { - 'ca': 'test_value_3', - 'cn': 'test_value_4', - 'cn-type': 'string', - 'ldap-mode': 'password', - 'ldap-password': 'test_value_7', - 'ldap-server': 'test_value_8', - 'ldap-username': 'test_value_9', - 'mandatory-ca-verify': 'enable', - 'name': 'default_name_11', - 'ocsp-override-server': 'test_value_12', - 'passwd': 'test_value_13', - 'subject': 'test_value_14', - 'two-factor': 'enable' - } - - set_method_mock.assert_called_with('user', 'peer', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_peer_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_peer': { - 'ca': 'test_value_3', - 'cn': 'test_value_4', - 'cn_type': 'string', - 'ldap_mode': 'password', - 'ldap_password': 'test_value_7', - 'ldap_server': 'test_value_8', - 'ldap_username': 'test_value_9', - 'mandatory_ca_verify': 'enable', - 'name': 'default_name_11', - 'ocsp_override_server': 'test_value_12', - 'passwd': 'test_value_13', - 'subject': 'test_value_14', - 'two_factor': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_peer.fortios_user(input_data, fos_instance) - - expected_data = { - 'ca': 'test_value_3', - 'cn': 'test_value_4', - 'cn-type': 'string', - 'ldap-mode': 'password', - 'ldap-password': 'test_value_7', - 'ldap-server': 'test_value_8', - 'ldap-username': 'test_value_9', - 'mandatory-ca-verify': 'enable', - 'name': 'default_name_11', - 'ocsp-override-server': 'test_value_12', - 'passwd': 'test_value_13', - 'subject': 'test_value_14', - 'two-factor': 'enable' - } - - set_method_mock.assert_called_with('user', 'peer', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_peer_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_peer': { - 'ca': 'test_value_3', - 'cn': 'test_value_4', - 'cn_type': 'string', - 'ldap_mode': 'password', - 'ldap_password': 'test_value_7', - 'ldap_server': 'test_value_8', - 'ldap_username': 'test_value_9', - 'mandatory_ca_verify': 'enable', - 'name': 'default_name_11', - 'ocsp_override_server': 'test_value_12', - 'passwd': 'test_value_13', - 'subject': 'test_value_14', - 'two_factor': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_peer.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'peer', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_peer_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_peer': { - 'ca': 'test_value_3', - 'cn': 'test_value_4', - 'cn_type': 'string', - 'ldap_mode': 'password', - 'ldap_password': 'test_value_7', - 'ldap_server': 'test_value_8', - 'ldap_username': 'test_value_9', - 'mandatory_ca_verify': 'enable', - 'name': 'default_name_11', - 'ocsp_override_server': 'test_value_12', - 'passwd': 'test_value_13', - 'subject': 'test_value_14', - 'two_factor': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_peer.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'peer', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_peer_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_peer': { - 'ca': 'test_value_3', - 'cn': 'test_value_4', - 'cn_type': 'string', - 'ldap_mode': 'password', - 'ldap_password': 'test_value_7', - 'ldap_server': 'test_value_8', - 'ldap_username': 'test_value_9', - 'mandatory_ca_verify': 'enable', - 'name': 'default_name_11', - 'ocsp_override_server': 'test_value_12', - 'passwd': 'test_value_13', - 'subject': 'test_value_14', - 'two_factor': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_peer.fortios_user(input_data, fos_instance) - - expected_data = { - 'ca': 'test_value_3', - 'cn': 'test_value_4', - 'cn-type': 'string', - 'ldap-mode': 'password', - 'ldap-password': 'test_value_7', - 'ldap-server': 'test_value_8', - 'ldap-username': 'test_value_9', - 'mandatory-ca-verify': 'enable', - 'name': 'default_name_11', - 'ocsp-override-server': 'test_value_12', - 'passwd': 'test_value_13', - 'subject': 'test_value_14', - 'two-factor': 'enable' - } - - set_method_mock.assert_called_with('user', 'peer', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_user_peer_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_peer': { - 'random_attribute_not_valid': 'tag', - 'ca': 'test_value_3', - 'cn': 'test_value_4', - 'cn_type': 'string', - 'ldap_mode': 'password', - 'ldap_password': 'test_value_7', - 'ldap_server': 'test_value_8', - 'ldap_username': 'test_value_9', - 'mandatory_ca_verify': 'enable', - 'name': 'default_name_11', - 'ocsp_override_server': 'test_value_12', - 'passwd': 'test_value_13', - 'subject': 'test_value_14', - 'two_factor': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_peer.fortios_user(input_data, fos_instance) - - expected_data = { - 'ca': 'test_value_3', - 'cn': 'test_value_4', - 'cn-type': 'string', - 'ldap-mode': 'password', - 'ldap-password': 'test_value_7', - 'ldap-server': 'test_value_8', - 'ldap-username': 'test_value_9', - 'mandatory-ca-verify': 'enable', - 'name': 'default_name_11', - 'ocsp-override-server': 'test_value_12', - 'passwd': 'test_value_13', - 'subject': 'test_value_14', - 'two-factor': 'enable' - } - - set_method_mock.assert_called_with('user', 'peer', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_user_peergrp.py b/test/units/modules/network/fortios/test_fortios_user_peergrp.py deleted file mode 100644 index 68c91829edb..00000000000 --- a/test/units/modules/network/fortios/test_fortios_user_peergrp.py +++ /dev/null @@ -1,189 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_user_peergrp -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_user_peergrp.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_user_peergrp_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_peergrp': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_peergrp.fortios_user(input_data, fos_instance) - - expected_data = {'name': 'default_name_3' - } - - set_method_mock.assert_called_with('user', 'peergrp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_peergrp_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_peergrp': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_peergrp.fortios_user(input_data, fos_instance) - - expected_data = {'name': 'default_name_3' - } - - set_method_mock.assert_called_with('user', 'peergrp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_peergrp_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_peergrp': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_peergrp.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'peergrp', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_peergrp_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_peergrp': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_peergrp.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'peergrp', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_peergrp_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_peergrp': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_peergrp.fortios_user(input_data, fos_instance) - - expected_data = {'name': 'default_name_3' - } - - set_method_mock.assert_called_with('user', 'peergrp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_user_peergrp_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_peergrp': { - 'random_attribute_not_valid': 'tag', 'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_peergrp.fortios_user(input_data, fos_instance) - - expected_data = {'name': 'default_name_3' - } - - set_method_mock.assert_called_with('user', 'peergrp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_user_pop3.py b/test/units/modules/network/fortios/test_fortios_user_pop3.py deleted file mode 100644 index cfba45ad659..00000000000 --- a/test/units/modules/network/fortios/test_fortios_user_pop3.py +++ /dev/null @@ -1,239 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_user_pop3 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_user_pop3.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_user_pop3_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_pop3': { - 'name': 'default_name_3', - 'port': '4', - 'secure': 'none', - 'server': '192.168.100.6', - 'ssl_min_proto_version': 'default' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_pop3.fortios_user(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'port': '4', - 'secure': 'none', - 'server': '192.168.100.6', - 'ssl-min-proto-version': 'default' - } - - set_method_mock.assert_called_with('user', 'pop3', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_pop3_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_pop3': { - 'name': 'default_name_3', - 'port': '4', - 'secure': 'none', - 'server': '192.168.100.6', - 'ssl_min_proto_version': 'default' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_pop3.fortios_user(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'port': '4', - 'secure': 'none', - 'server': '192.168.100.6', - 'ssl-min-proto-version': 'default' - } - - set_method_mock.assert_called_with('user', 'pop3', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_pop3_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_pop3': { - 'name': 'default_name_3', - 'port': '4', - 'secure': 'none', - 'server': '192.168.100.6', - 'ssl_min_proto_version': 'default' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_pop3.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'pop3', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_pop3_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_pop3': { - 'name': 'default_name_3', - 'port': '4', - 'secure': 'none', - 'server': '192.168.100.6', - 'ssl_min_proto_version': 'default' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_pop3.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'pop3', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_pop3_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_pop3': { - 'name': 'default_name_3', - 'port': '4', - 'secure': 'none', - 'server': '192.168.100.6', - 'ssl_min_proto_version': 'default' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_pop3.fortios_user(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'port': '4', - 'secure': 'none', - 'server': '192.168.100.6', - 'ssl-min-proto-version': 'default' - } - - set_method_mock.assert_called_with('user', 'pop3', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_user_pop3_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_pop3': { - 'random_attribute_not_valid': 'tag', - 'name': 'default_name_3', - 'port': '4', - 'secure': 'none', - 'server': '192.168.100.6', - 'ssl_min_proto_version': 'default' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_pop3.fortios_user(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'port': '4', - 'secure': 'none', - 'server': '192.168.100.6', - 'ssl-min-proto-version': 'default' - } - - set_method_mock.assert_called_with('user', 'pop3', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_user_quarantine.py b/test/units/modules/network/fortios/test_fortios_user_quarantine.py deleted file mode 100644 index 441283c3fa0..00000000000 --- a/test/units/modules/network/fortios/test_fortios_user_quarantine.py +++ /dev/null @@ -1,159 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_user_quarantine -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_user_quarantine.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_user_quarantine_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_quarantine': { - 'quarantine': 'enable', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_quarantine.fortios_user(input_data, fos_instance) - - expected_data = { - 'quarantine': 'enable', - - } - - set_method_mock.assert_called_with('user', 'quarantine', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_quarantine_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_quarantine': { - 'quarantine': 'enable', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_quarantine.fortios_user(input_data, fos_instance) - - expected_data = { - 'quarantine': 'enable', - - } - - set_method_mock.assert_called_with('user', 'quarantine', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_quarantine_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_quarantine': { - 'quarantine': 'enable', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_quarantine.fortios_user(input_data, fos_instance) - - expected_data = { - 'quarantine': 'enable', - - } - - set_method_mock.assert_called_with('user', 'quarantine', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_user_quarantine_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_quarantine': { - 'random_attribute_not_valid': 'tag', - 'quarantine': 'enable', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_quarantine.fortios_user(input_data, fos_instance) - - expected_data = { - 'quarantine': 'enable', - - } - - set_method_mock.assert_called_with('user', 'quarantine', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_user_radius.py b/test/units/modules/network/fortios/test_fortios_user_radius.py deleted file mode 100644 index 6e4e07118f1..00000000000 --- a/test/units/modules/network/fortios/test_fortios_user_radius.py +++ /dev/null @@ -1,539 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_user_radius -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_user_radius.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_user_radius_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_radius': {'acct_all_servers': 'enable', - 'acct_interim_interval': '4', - 'all_usergroup': 'disable', - 'auth_type': 'auto', - 'h3c_compatibility': 'enable', - 'name': 'default_name_8', - 'nas_ip': 'test_value_9', - 'password_encoding': 'auto', - 'password_renewal': 'enable', - 'radius_coa': 'enable', - 'radius_port': '13', - 'rsso': 'enable', - 'rsso_context_timeout': '15', - 'rsso_endpoint_attribute': 'User-Name', - 'rsso_endpoint_block_attribute': 'User-Name', - 'rsso_ep_one_ip_only': 'enable', - 'rsso_flush_ip_session': 'enable', - 'rsso_log_flags': 'protocol-error', - 'rsso_log_period': '21', - 'rsso_radius_response': 'enable', - 'rsso_radius_server_port': '23', - 'rsso_secret': 'test_value_24', - 'rsso_validate_request_secret': 'enable', - 'secondary_secret': 'test_value_26', - 'secondary_server': 'test_value_27', - 'secret': 'test_value_28', - 'server': '192.168.100.29', - 'source_ip': '84.230.14.30', - 'sso_attribute': 'User-Name', - 'sso_attribute_key': 'test_value_32', - 'sso_attribute_value_override': 'enable', - 'tertiary_secret': 'test_value_34', - 'tertiary_server': 'test_value_35', - 'timeout': '36', - 'use_management_vdom': 'enable', - 'username_case_sensitive': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_radius.fortios_user(input_data, fos_instance) - - expected_data = {'acct-all-servers': 'enable', - 'acct-interim-interval': '4', - 'all-usergroup': 'disable', - 'auth-type': 'auto', - 'h3c-compatibility': 'enable', - 'name': 'default_name_8', - 'nas-ip': 'test_value_9', - 'password-encoding': 'auto', - 'password-renewal': 'enable', - 'radius-coa': 'enable', - 'radius-port': '13', - 'rsso': 'enable', - 'rsso-context-timeout': '15', - 'rsso-endpoint-attribute': 'User-Name', - 'rsso-endpoint-block-attribute': 'User-Name', - 'rsso-ep-one-ip-only': 'enable', - 'rsso-flush-ip-session': 'enable', - 'rsso-log-flags': 'protocol-error', - 'rsso-log-period': '21', - 'rsso-radius-response': 'enable', - 'rsso-radius-server-port': '23', - 'rsso-secret': 'test_value_24', - 'rsso-validate-request-secret': 'enable', - 'secondary-secret': 'test_value_26', - 'secondary-server': 'test_value_27', - 'secret': 'test_value_28', - 'server': '192.168.100.29', - 'source-ip': '84.230.14.30', - 'sso-attribute': 'User-Name', - 'sso-attribute-key': 'test_value_32', - 'sso-attribute-value-override': 'enable', - 'tertiary-secret': 'test_value_34', - 'tertiary-server': 'test_value_35', - 'timeout': '36', - 'use-management-vdom': 'enable', - 'username-case-sensitive': 'enable' - } - - set_method_mock.assert_called_with('user', 'radius', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_radius_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_radius': {'acct_all_servers': 'enable', - 'acct_interim_interval': '4', - 'all_usergroup': 'disable', - 'auth_type': 'auto', - 'h3c_compatibility': 'enable', - 'name': 'default_name_8', - 'nas_ip': 'test_value_9', - 'password_encoding': 'auto', - 'password_renewal': 'enable', - 'radius_coa': 'enable', - 'radius_port': '13', - 'rsso': 'enable', - 'rsso_context_timeout': '15', - 'rsso_endpoint_attribute': 'User-Name', - 'rsso_endpoint_block_attribute': 'User-Name', - 'rsso_ep_one_ip_only': 'enable', - 'rsso_flush_ip_session': 'enable', - 'rsso_log_flags': 'protocol-error', - 'rsso_log_period': '21', - 'rsso_radius_response': 'enable', - 'rsso_radius_server_port': '23', - 'rsso_secret': 'test_value_24', - 'rsso_validate_request_secret': 'enable', - 'secondary_secret': 'test_value_26', - 'secondary_server': 'test_value_27', - 'secret': 'test_value_28', - 'server': '192.168.100.29', - 'source_ip': '84.230.14.30', - 'sso_attribute': 'User-Name', - 'sso_attribute_key': 'test_value_32', - 'sso_attribute_value_override': 'enable', - 'tertiary_secret': 'test_value_34', - 'tertiary_server': 'test_value_35', - 'timeout': '36', - 'use_management_vdom': 'enable', - 'username_case_sensitive': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_radius.fortios_user(input_data, fos_instance) - - expected_data = {'acct-all-servers': 'enable', - 'acct-interim-interval': '4', - 'all-usergroup': 'disable', - 'auth-type': 'auto', - 'h3c-compatibility': 'enable', - 'name': 'default_name_8', - 'nas-ip': 'test_value_9', - 'password-encoding': 'auto', - 'password-renewal': 'enable', - 'radius-coa': 'enable', - 'radius-port': '13', - 'rsso': 'enable', - 'rsso-context-timeout': '15', - 'rsso-endpoint-attribute': 'User-Name', - 'rsso-endpoint-block-attribute': 'User-Name', - 'rsso-ep-one-ip-only': 'enable', - 'rsso-flush-ip-session': 'enable', - 'rsso-log-flags': 'protocol-error', - 'rsso-log-period': '21', - 'rsso-radius-response': 'enable', - 'rsso-radius-server-port': '23', - 'rsso-secret': 'test_value_24', - 'rsso-validate-request-secret': 'enable', - 'secondary-secret': 'test_value_26', - 'secondary-server': 'test_value_27', - 'secret': 'test_value_28', - 'server': '192.168.100.29', - 'source-ip': '84.230.14.30', - 'sso-attribute': 'User-Name', - 'sso-attribute-key': 'test_value_32', - 'sso-attribute-value-override': 'enable', - 'tertiary-secret': 'test_value_34', - 'tertiary-server': 'test_value_35', - 'timeout': '36', - 'use-management-vdom': 'enable', - 'username-case-sensitive': 'enable' - } - - set_method_mock.assert_called_with('user', 'radius', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_radius_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_radius': {'acct_all_servers': 'enable', - 'acct_interim_interval': '4', - 'all_usergroup': 'disable', - 'auth_type': 'auto', - 'h3c_compatibility': 'enable', - 'name': 'default_name_8', - 'nas_ip': 'test_value_9', - 'password_encoding': 'auto', - 'password_renewal': 'enable', - 'radius_coa': 'enable', - 'radius_port': '13', - 'rsso': 'enable', - 'rsso_context_timeout': '15', - 'rsso_endpoint_attribute': 'User-Name', - 'rsso_endpoint_block_attribute': 'User-Name', - 'rsso_ep_one_ip_only': 'enable', - 'rsso_flush_ip_session': 'enable', - 'rsso_log_flags': 'protocol-error', - 'rsso_log_period': '21', - 'rsso_radius_response': 'enable', - 'rsso_radius_server_port': '23', - 'rsso_secret': 'test_value_24', - 'rsso_validate_request_secret': 'enable', - 'secondary_secret': 'test_value_26', - 'secondary_server': 'test_value_27', - 'secret': 'test_value_28', - 'server': '192.168.100.29', - 'source_ip': '84.230.14.30', - 'sso_attribute': 'User-Name', - 'sso_attribute_key': 'test_value_32', - 'sso_attribute_value_override': 'enable', - 'tertiary_secret': 'test_value_34', - 'tertiary_server': 'test_value_35', - 'timeout': '36', - 'use_management_vdom': 'enable', - 'username_case_sensitive': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_radius.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'radius', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_radius_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_radius': {'acct_all_servers': 'enable', - 'acct_interim_interval': '4', - 'all_usergroup': 'disable', - 'auth_type': 'auto', - 'h3c_compatibility': 'enable', - 'name': 'default_name_8', - 'nas_ip': 'test_value_9', - 'password_encoding': 'auto', - 'password_renewal': 'enable', - 'radius_coa': 'enable', - 'radius_port': '13', - 'rsso': 'enable', - 'rsso_context_timeout': '15', - 'rsso_endpoint_attribute': 'User-Name', - 'rsso_endpoint_block_attribute': 'User-Name', - 'rsso_ep_one_ip_only': 'enable', - 'rsso_flush_ip_session': 'enable', - 'rsso_log_flags': 'protocol-error', - 'rsso_log_period': '21', - 'rsso_radius_response': 'enable', - 'rsso_radius_server_port': '23', - 'rsso_secret': 'test_value_24', - 'rsso_validate_request_secret': 'enable', - 'secondary_secret': 'test_value_26', - 'secondary_server': 'test_value_27', - 'secret': 'test_value_28', - 'server': '192.168.100.29', - 'source_ip': '84.230.14.30', - 'sso_attribute': 'User-Name', - 'sso_attribute_key': 'test_value_32', - 'sso_attribute_value_override': 'enable', - 'tertiary_secret': 'test_value_34', - 'tertiary_server': 'test_value_35', - 'timeout': '36', - 'use_management_vdom': 'enable', - 'username_case_sensitive': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_radius.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'radius', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_radius_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_radius': {'acct_all_servers': 'enable', - 'acct_interim_interval': '4', - 'all_usergroup': 'disable', - 'auth_type': 'auto', - 'h3c_compatibility': 'enable', - 'name': 'default_name_8', - 'nas_ip': 'test_value_9', - 'password_encoding': 'auto', - 'password_renewal': 'enable', - 'radius_coa': 'enable', - 'radius_port': '13', - 'rsso': 'enable', - 'rsso_context_timeout': '15', - 'rsso_endpoint_attribute': 'User-Name', - 'rsso_endpoint_block_attribute': 'User-Name', - 'rsso_ep_one_ip_only': 'enable', - 'rsso_flush_ip_session': 'enable', - 'rsso_log_flags': 'protocol-error', - 'rsso_log_period': '21', - 'rsso_radius_response': 'enable', - 'rsso_radius_server_port': '23', - 'rsso_secret': 'test_value_24', - 'rsso_validate_request_secret': 'enable', - 'secondary_secret': 'test_value_26', - 'secondary_server': 'test_value_27', - 'secret': 'test_value_28', - 'server': '192.168.100.29', - 'source_ip': '84.230.14.30', - 'sso_attribute': 'User-Name', - 'sso_attribute_key': 'test_value_32', - 'sso_attribute_value_override': 'enable', - 'tertiary_secret': 'test_value_34', - 'tertiary_server': 'test_value_35', - 'timeout': '36', - 'use_management_vdom': 'enable', - 'username_case_sensitive': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_radius.fortios_user(input_data, fos_instance) - - expected_data = {'acct-all-servers': 'enable', - 'acct-interim-interval': '4', - 'all-usergroup': 'disable', - 'auth-type': 'auto', - 'h3c-compatibility': 'enable', - 'name': 'default_name_8', - 'nas-ip': 'test_value_9', - 'password-encoding': 'auto', - 'password-renewal': 'enable', - 'radius-coa': 'enable', - 'radius-port': '13', - 'rsso': 'enable', - 'rsso-context-timeout': '15', - 'rsso-endpoint-attribute': 'User-Name', - 'rsso-endpoint-block-attribute': 'User-Name', - 'rsso-ep-one-ip-only': 'enable', - 'rsso-flush-ip-session': 'enable', - 'rsso-log-flags': 'protocol-error', - 'rsso-log-period': '21', - 'rsso-radius-response': 'enable', - 'rsso-radius-server-port': '23', - 'rsso-secret': 'test_value_24', - 'rsso-validate-request-secret': 'enable', - 'secondary-secret': 'test_value_26', - 'secondary-server': 'test_value_27', - 'secret': 'test_value_28', - 'server': '192.168.100.29', - 'source-ip': '84.230.14.30', - 'sso-attribute': 'User-Name', - 'sso-attribute-key': 'test_value_32', - 'sso-attribute-value-override': 'enable', - 'tertiary-secret': 'test_value_34', - 'tertiary-server': 'test_value_35', - 'timeout': '36', - 'use-management-vdom': 'enable', - 'username-case-sensitive': 'enable' - } - - set_method_mock.assert_called_with('user', 'radius', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_user_radius_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_radius': { - 'random_attribute_not_valid': 'tag', 'acct_all_servers': 'enable', - 'acct_interim_interval': '4', - 'all_usergroup': 'disable', - 'auth_type': 'auto', - 'h3c_compatibility': 'enable', - 'name': 'default_name_8', - 'nas_ip': 'test_value_9', - 'password_encoding': 'auto', - 'password_renewal': 'enable', - 'radius_coa': 'enable', - 'radius_port': '13', - 'rsso': 'enable', - 'rsso_context_timeout': '15', - 'rsso_endpoint_attribute': 'User-Name', - 'rsso_endpoint_block_attribute': 'User-Name', - 'rsso_ep_one_ip_only': 'enable', - 'rsso_flush_ip_session': 'enable', - 'rsso_log_flags': 'protocol-error', - 'rsso_log_period': '21', - 'rsso_radius_response': 'enable', - 'rsso_radius_server_port': '23', - 'rsso_secret': 'test_value_24', - 'rsso_validate_request_secret': 'enable', - 'secondary_secret': 'test_value_26', - 'secondary_server': 'test_value_27', - 'secret': 'test_value_28', - 'server': '192.168.100.29', - 'source_ip': '84.230.14.30', - 'sso_attribute': 'User-Name', - 'sso_attribute_key': 'test_value_32', - 'sso_attribute_value_override': 'enable', - 'tertiary_secret': 'test_value_34', - 'tertiary_server': 'test_value_35', - 'timeout': '36', - 'use_management_vdom': 'enable', - 'username_case_sensitive': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_radius.fortios_user(input_data, fos_instance) - - expected_data = {'acct-all-servers': 'enable', - 'acct-interim-interval': '4', - 'all-usergroup': 'disable', - 'auth-type': 'auto', - 'h3c-compatibility': 'enable', - 'name': 'default_name_8', - 'nas-ip': 'test_value_9', - 'password-encoding': 'auto', - 'password-renewal': 'enable', - 'radius-coa': 'enable', - 'radius-port': '13', - 'rsso': 'enable', - 'rsso-context-timeout': '15', - 'rsso-endpoint-attribute': 'User-Name', - 'rsso-endpoint-block-attribute': 'User-Name', - 'rsso-ep-one-ip-only': 'enable', - 'rsso-flush-ip-session': 'enable', - 'rsso-log-flags': 'protocol-error', - 'rsso-log-period': '21', - 'rsso-radius-response': 'enable', - 'rsso-radius-server-port': '23', - 'rsso-secret': 'test_value_24', - 'rsso-validate-request-secret': 'enable', - 'secondary-secret': 'test_value_26', - 'secondary-server': 'test_value_27', - 'secret': 'test_value_28', - 'server': '192.168.100.29', - 'source-ip': '84.230.14.30', - 'sso-attribute': 'User-Name', - 'sso-attribute-key': 'test_value_32', - 'sso-attribute-value-override': 'enable', - 'tertiary-secret': 'test_value_34', - 'tertiary-server': 'test_value_35', - 'timeout': '36', - 'use-management-vdom': 'enable', - 'username-case-sensitive': 'enable' - } - - set_method_mock.assert_called_with('user', 'radius', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_user_security_exempt_list.py b/test/units/modules/network/fortios/test_fortios_user_security_exempt_list.py deleted file mode 100644 index b8e4780dbc9..00000000000 --- a/test/units/modules/network/fortios/test_fortios_user_security_exempt_list.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_user_security_exempt_list -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_user_security_exempt_list.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_user_security_exempt_list_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_security_exempt_list': { - 'description': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_security_exempt_list.fortios_user(input_data, fos_instance) - - expected_data = { - 'description': 'test_value_3', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('user', 'security-exempt-list', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_security_exempt_list_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_security_exempt_list': { - 'description': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_security_exempt_list.fortios_user(input_data, fos_instance) - - expected_data = { - 'description': 'test_value_3', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('user', 'security-exempt-list', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_security_exempt_list_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_security_exempt_list': { - 'description': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_security_exempt_list.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'security-exempt-list', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_security_exempt_list_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_security_exempt_list': { - 'description': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_security_exempt_list.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'security-exempt-list', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_security_exempt_list_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_security_exempt_list': { - 'description': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_security_exempt_list.fortios_user(input_data, fos_instance) - - expected_data = { - 'description': 'test_value_3', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('user', 'security-exempt-list', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_user_security_exempt_list_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_security_exempt_list': { - 'random_attribute_not_valid': 'tag', - 'description': 'test_value_3', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_security_exempt_list.fortios_user(input_data, fos_instance) - - expected_data = { - 'description': 'test_value_3', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('user', 'security-exempt-list', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_user_setting.py b/test/units/modules/network/fortios/test_fortios_user_setting.py deleted file mode 100644 index 056de49aa45..00000000000 --- a/test/units/modules/network/fortios/test_fortios_user_setting.py +++ /dev/null @@ -1,263 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_user_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_user_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_user_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_setting': { - 'auth_blackout_time': '3', - 'auth_ca_cert': 'test_value_4', - 'auth_cert': 'test_value_5', - 'auth_http_basic': 'enable', - 'auth_invalid_max': '7', - 'auth_lockout_duration': '8', - 'auth_lockout_threshold': '9', - 'auth_portal_timeout': '10', - 'auth_secure_http': 'enable', - 'auth_src_mac': 'enable', - 'auth_ssl_allow_renegotiation': 'enable', - 'auth_timeout': '14', - 'auth_timeout_type': 'idle-timeout', - 'auth_type': 'http', - 'radius_ses_timeout_act': 'hard-timeout' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_setting.fortios_user(input_data, fos_instance) - - expected_data = { - 'auth-blackout-time': '3', - 'auth-ca-cert': 'test_value_4', - 'auth-cert': 'test_value_5', - 'auth-http-basic': 'enable', - 'auth-invalid-max': '7', - 'auth-lockout-duration': '8', - 'auth-lockout-threshold': '9', - 'auth-portal-timeout': '10', - 'auth-secure-http': 'enable', - 'auth-src-mac': 'enable', - 'auth-ssl-allow-renegotiation': 'enable', - 'auth-timeout': '14', - 'auth-timeout-type': 'idle-timeout', - 'auth-type': 'http', - 'radius-ses-timeout-act': 'hard-timeout' - } - - set_method_mock.assert_called_with('user', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_setting': { - 'auth_blackout_time': '3', - 'auth_ca_cert': 'test_value_4', - 'auth_cert': 'test_value_5', - 'auth_http_basic': 'enable', - 'auth_invalid_max': '7', - 'auth_lockout_duration': '8', - 'auth_lockout_threshold': '9', - 'auth_portal_timeout': '10', - 'auth_secure_http': 'enable', - 'auth_src_mac': 'enable', - 'auth_ssl_allow_renegotiation': 'enable', - 'auth_timeout': '14', - 'auth_timeout_type': 'idle-timeout', - 'auth_type': 'http', - 'radius_ses_timeout_act': 'hard-timeout' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_setting.fortios_user(input_data, fos_instance) - - expected_data = { - 'auth-blackout-time': '3', - 'auth-ca-cert': 'test_value_4', - 'auth-cert': 'test_value_5', - 'auth-http-basic': 'enable', - 'auth-invalid-max': '7', - 'auth-lockout-duration': '8', - 'auth-lockout-threshold': '9', - 'auth-portal-timeout': '10', - 'auth-secure-http': 'enable', - 'auth-src-mac': 'enable', - 'auth-ssl-allow-renegotiation': 'enable', - 'auth-timeout': '14', - 'auth-timeout-type': 'idle-timeout', - 'auth-type': 'http', - 'radius-ses-timeout-act': 'hard-timeout' - } - - set_method_mock.assert_called_with('user', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_setting': { - 'auth_blackout_time': '3', - 'auth_ca_cert': 'test_value_4', - 'auth_cert': 'test_value_5', - 'auth_http_basic': 'enable', - 'auth_invalid_max': '7', - 'auth_lockout_duration': '8', - 'auth_lockout_threshold': '9', - 'auth_portal_timeout': '10', - 'auth_secure_http': 'enable', - 'auth_src_mac': 'enable', - 'auth_ssl_allow_renegotiation': 'enable', - 'auth_timeout': '14', - 'auth_timeout_type': 'idle-timeout', - 'auth_type': 'http', - 'radius_ses_timeout_act': 'hard-timeout' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_setting.fortios_user(input_data, fos_instance) - - expected_data = { - 'auth-blackout-time': '3', - 'auth-ca-cert': 'test_value_4', - 'auth-cert': 'test_value_5', - 'auth-http-basic': 'enable', - 'auth-invalid-max': '7', - 'auth-lockout-duration': '8', - 'auth-lockout-threshold': '9', - 'auth-portal-timeout': '10', - 'auth-secure-http': 'enable', - 'auth-src-mac': 'enable', - 'auth-ssl-allow-renegotiation': 'enable', - 'auth-timeout': '14', - 'auth-timeout-type': 'idle-timeout', - 'auth-type': 'http', - 'radius-ses-timeout-act': 'hard-timeout' - } - - set_method_mock.assert_called_with('user', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_user_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_setting': { - 'random_attribute_not_valid': 'tag', - 'auth_blackout_time': '3', - 'auth_ca_cert': 'test_value_4', - 'auth_cert': 'test_value_5', - 'auth_http_basic': 'enable', - 'auth_invalid_max': '7', - 'auth_lockout_duration': '8', - 'auth_lockout_threshold': '9', - 'auth_portal_timeout': '10', - 'auth_secure_http': 'enable', - 'auth_src_mac': 'enable', - 'auth_ssl_allow_renegotiation': 'enable', - 'auth_timeout': '14', - 'auth_timeout_type': 'idle-timeout', - 'auth_type': 'http', - 'radius_ses_timeout_act': 'hard-timeout' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_setting.fortios_user(input_data, fos_instance) - - expected_data = { - 'auth-blackout-time': '3', - 'auth-ca-cert': 'test_value_4', - 'auth-cert': 'test_value_5', - 'auth-http-basic': 'enable', - 'auth-invalid-max': '7', - 'auth-lockout-duration': '8', - 'auth-lockout-threshold': '9', - 'auth-portal-timeout': '10', - 'auth-secure-http': 'enable', - 'auth-src-mac': 'enable', - 'auth-ssl-allow-renegotiation': 'enable', - 'auth-timeout': '14', - 'auth-timeout-type': 'idle-timeout', - 'auth-type': 'http', - 'radius-ses-timeout-act': 'hard-timeout' - } - - set_method_mock.assert_called_with('user', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_user_tacacsplus.py b/test/units/modules/network/fortios/test_fortios_user_tacacsplus.py deleted file mode 100644 index 4df18b443d3..00000000000 --- a/test/units/modules/network/fortios/test_fortios_user_tacacsplus.py +++ /dev/null @@ -1,299 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_user_tacacsplus -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_user_tacacsplus.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_user_tacacsplus_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_tacacsplus': { - 'authen_type': 'mschap', - 'authorization': 'enable', - 'key': 'test_value_5', - 'name': 'default_name_6', - 'port': '7', - 'secondary_key': 'test_value_8', - 'secondary_server': 'test_value_9', - 'server': '192.168.100.10', - 'source_ip': '84.230.14.11', - 'tertiary_key': 'test_value_12', - 'tertiary_server': 'test_value_13' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_tacacsplus.fortios_user(input_data, fos_instance) - - expected_data = { - 'authen-type': 'mschap', - 'authorization': 'enable', - 'key': 'test_value_5', - 'name': 'default_name_6', - 'port': '7', - 'secondary-key': 'test_value_8', - 'secondary-server': 'test_value_9', - 'server': '192.168.100.10', - 'source-ip': '84.230.14.11', - 'tertiary-key': 'test_value_12', - 'tertiary-server': 'test_value_13' - } - - set_method_mock.assert_called_with('user', 'tacacs+', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_tacacsplus_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_tacacsplus': { - 'authen_type': 'mschap', - 'authorization': 'enable', - 'key': 'test_value_5', - 'name': 'default_name_6', - 'port': '7', - 'secondary_key': 'test_value_8', - 'secondary_server': 'test_value_9', - 'server': '192.168.100.10', - 'source_ip': '84.230.14.11', - 'tertiary_key': 'test_value_12', - 'tertiary_server': 'test_value_13' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_tacacsplus.fortios_user(input_data, fos_instance) - - expected_data = { - 'authen-type': 'mschap', - 'authorization': 'enable', - 'key': 'test_value_5', - 'name': 'default_name_6', - 'port': '7', - 'secondary-key': 'test_value_8', - 'secondary-server': 'test_value_9', - 'server': '192.168.100.10', - 'source-ip': '84.230.14.11', - 'tertiary-key': 'test_value_12', - 'tertiary-server': 'test_value_13' - } - - set_method_mock.assert_called_with('user', 'tacacs+', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_tacacsplus_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_tacacsplus': { - 'authen_type': 'mschap', - 'authorization': 'enable', - 'key': 'test_value_5', - 'name': 'default_name_6', - 'port': '7', - 'secondary_key': 'test_value_8', - 'secondary_server': 'test_value_9', - 'server': '192.168.100.10', - 'source_ip': '84.230.14.11', - 'tertiary_key': 'test_value_12', - 'tertiary_server': 'test_value_13' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_tacacsplus.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'tacacs+', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_user_tacacsplus_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'user_tacacsplus': { - 'authen_type': 'mschap', - 'authorization': 'enable', - 'key': 'test_value_5', - 'name': 'default_name_6', - 'port': '7', - 'secondary_key': 'test_value_8', - 'secondary_server': 'test_value_9', - 'server': '192.168.100.10', - 'source_ip': '84.230.14.11', - 'tertiary_key': 'test_value_12', - 'tertiary_server': 'test_value_13' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_tacacsplus.fortios_user(input_data, fos_instance) - - delete_method_mock.assert_called_with('user', 'tacacs+', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_user_tacacsplus_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_tacacsplus': { - 'authen_type': 'mschap', - 'authorization': 'enable', - 'key': 'test_value_5', - 'name': 'default_name_6', - 'port': '7', - 'secondary_key': 'test_value_8', - 'secondary_server': 'test_value_9', - 'server': '192.168.100.10', - 'source_ip': '84.230.14.11', - 'tertiary_key': 'test_value_12', - 'tertiary_server': 'test_value_13' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_tacacsplus.fortios_user(input_data, fos_instance) - - expected_data = { - 'authen-type': 'mschap', - 'authorization': 'enable', - 'key': 'test_value_5', - 'name': 'default_name_6', - 'port': '7', - 'secondary-key': 'test_value_8', - 'secondary-server': 'test_value_9', - 'server': '192.168.100.10', - 'source-ip': '84.230.14.11', - 'tertiary-key': 'test_value_12', - 'tertiary-server': 'test_value_13' - } - - set_method_mock.assert_called_with('user', 'tacacs+', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_user_tacacsplus_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'user_tacacsplus': { - 'random_attribute_not_valid': 'tag', - 'authen_type': 'mschap', - 'authorization': 'enable', - 'key': 'test_value_5', - 'name': 'default_name_6', - 'port': '7', - 'secondary_key': 'test_value_8', - 'secondary_server': 'test_value_9', - 'server': '192.168.100.10', - 'source_ip': '84.230.14.11', - 'tertiary_key': 'test_value_12', - 'tertiary_server': 'test_value_13' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_user_tacacsplus.fortios_user(input_data, fos_instance) - - expected_data = { - 'authen-type': 'mschap', - 'authorization': 'enable', - 'key': 'test_value_5', - 'name': 'default_name_6', - 'port': '7', - 'secondary-key': 'test_value_8', - 'secondary-server': 'test_value_9', - 'server': '192.168.100.10', - 'source-ip': '84.230.14.11', - 'tertiary-key': 'test_value_12', - 'tertiary-server': 'test_value_13' - } - - set_method_mock.assert_called_with('user', 'tacacs+', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_voip_profile.py b/test/units/modules/network/fortios/test_fortios_voip_profile.py deleted file mode 100644 index 3ce7064a828..00000000000 --- a/test/units/modules/network/fortios/test_fortios_voip_profile.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_voip_profile -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_voip_profile.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_voip_profile_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'voip_profile': { - 'comment': 'Comment.', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_voip_profile.fortios_voip(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('voip', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_voip_profile_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'voip_profile': { - 'comment': 'Comment.', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_voip_profile.fortios_voip(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('voip', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_voip_profile_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'voip_profile': { - 'comment': 'Comment.', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_voip_profile.fortios_voip(input_data, fos_instance) - - delete_method_mock.assert_called_with('voip', 'profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_voip_profile_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'voip_profile': { - 'comment': 'Comment.', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_voip_profile.fortios_voip(input_data, fos_instance) - - delete_method_mock.assert_called_with('voip', 'profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_voip_profile_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'voip_profile': { - 'comment': 'Comment.', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_voip_profile.fortios_voip(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('voip', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_voip_profile_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'voip_profile': { - 'random_attribute_not_valid': 'tag', - 'comment': 'Comment.', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_voip_profile.fortios_voip(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('voip', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_vpn_certificate_ca.py b/test/units/modules/network/fortios/test_fortios_vpn_certificate_ca.py deleted file mode 100644 index 96cceb41908..00000000000 --- a/test/units/modules/network/fortios/test_fortios_vpn_certificate_ca.py +++ /dev/null @@ -1,289 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_vpn_certificate_ca -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_vpn_certificate_ca.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_vpn_certificate_ca_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_certificate_ca': { - 'auto_update_days': '3', - 'auto_update_days_warning': '4', - 'ca': 'test_value_5', - 'last_updated': '6', - 'name': 'default_name_7', - 'range': 'global', - 'scep_url': 'test_value_9', - 'source': 'factory', - 'source_ip': '84.230.14.11', - 'trusted': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_ca.fortios_vpn_certificate(input_data, fos_instance) - - expected_data = { - 'auto-update-days': '3', - 'auto-update-days-warning': '4', - 'ca': 'test_value_5', - 'last-updated': '6', - 'name': 'default_name_7', - 'range': 'global', - 'scep-url': 'test_value_9', - 'source': 'factory', - 'source-ip': '84.230.14.11', - 'trusted': 'enable' - } - - set_method_mock.assert_called_with('vpn.certificate', 'ca', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_certificate_ca_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_certificate_ca': { - 'auto_update_days': '3', - 'auto_update_days_warning': '4', - 'ca': 'test_value_5', - 'last_updated': '6', - 'name': 'default_name_7', - 'range': 'global', - 'scep_url': 'test_value_9', - 'source': 'factory', - 'source_ip': '84.230.14.11', - 'trusted': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_ca.fortios_vpn_certificate(input_data, fos_instance) - - expected_data = { - 'auto-update-days': '3', - 'auto-update-days-warning': '4', - 'ca': 'test_value_5', - 'last-updated': '6', - 'name': 'default_name_7', - 'range': 'global', - 'scep-url': 'test_value_9', - 'source': 'factory', - 'source-ip': '84.230.14.11', - 'trusted': 'enable' - } - - set_method_mock.assert_called_with('vpn.certificate', 'ca', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_certificate_ca_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_certificate_ca': { - 'auto_update_days': '3', - 'auto_update_days_warning': '4', - 'ca': 'test_value_5', - 'last_updated': '6', - 'name': 'default_name_7', - 'range': 'global', - 'scep_url': 'test_value_9', - 'source': 'factory', - 'source_ip': '84.230.14.11', - 'trusted': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_ca.fortios_vpn_certificate(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.certificate', 'ca', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_certificate_ca_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_certificate_ca': { - 'auto_update_days': '3', - 'auto_update_days_warning': '4', - 'ca': 'test_value_5', - 'last_updated': '6', - 'name': 'default_name_7', - 'range': 'global', - 'scep_url': 'test_value_9', - 'source': 'factory', - 'source_ip': '84.230.14.11', - 'trusted': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_ca.fortios_vpn_certificate(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.certificate', 'ca', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_certificate_ca_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_certificate_ca': { - 'auto_update_days': '3', - 'auto_update_days_warning': '4', - 'ca': 'test_value_5', - 'last_updated': '6', - 'name': 'default_name_7', - 'range': 'global', - 'scep_url': 'test_value_9', - 'source': 'factory', - 'source_ip': '84.230.14.11', - 'trusted': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_ca.fortios_vpn_certificate(input_data, fos_instance) - - expected_data = { - 'auto-update-days': '3', - 'auto-update-days-warning': '4', - 'ca': 'test_value_5', - 'last-updated': '6', - 'name': 'default_name_7', - 'range': 'global', - 'scep-url': 'test_value_9', - 'source': 'factory', - 'source-ip': '84.230.14.11', - 'trusted': 'enable' - } - - set_method_mock.assert_called_with('vpn.certificate', 'ca', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_vpn_certificate_ca_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_certificate_ca': { - 'random_attribute_not_valid': 'tag', - 'auto_update_days': '3', - 'auto_update_days_warning': '4', - 'ca': 'test_value_5', - 'last_updated': '6', - 'name': 'default_name_7', - 'range': 'global', - 'scep_url': 'test_value_9', - 'source': 'factory', - 'source_ip': '84.230.14.11', - 'trusted': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_ca.fortios_vpn_certificate(input_data, fos_instance) - - expected_data = { - 'auto-update-days': '3', - 'auto-update-days-warning': '4', - 'ca': 'test_value_5', - 'last-updated': '6', - 'name': 'default_name_7', - 'range': 'global', - 'scep-url': 'test_value_9', - 'source': 'factory', - 'source-ip': '84.230.14.11', - 'trusted': 'enable' - } - - set_method_mock.assert_called_with('vpn.certificate', 'ca', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_vpn_certificate_crl.py b/test/units/modules/network/fortios/test_fortios_vpn_certificate_crl.py deleted file mode 100644 index ca660d1ba04..00000000000 --- a/test/units/modules/network/fortios/test_fortios_vpn_certificate_crl.py +++ /dev/null @@ -1,329 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_vpn_certificate_crl -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_vpn_certificate_crl.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_vpn_certificate_crl_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_certificate_crl': { - 'crl': 'test_value_3', - 'http_url': 'test_value_4', - 'last_updated': '5', - 'ldap_password': 'test_value_6', - 'ldap_server': 'test_value_7', - 'ldap_username': 'test_value_8', - 'name': 'default_name_9', - 'range': 'global', - 'scep_cert': 'test_value_11', - 'scep_url': 'test_value_12', - 'source': 'factory', - 'source_ip': '84.230.14.14', - 'update_interval': '15', - 'update_vdom': 'test_value_16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_crl.fortios_vpn_certificate(input_data, fos_instance) - - expected_data = { - 'crl': 'test_value_3', - 'http-url': 'test_value_4', - 'last-updated': '5', - 'ldap-password': 'test_value_6', - 'ldap-server': 'test_value_7', - 'ldap-username': 'test_value_8', - 'name': 'default_name_9', - 'range': 'global', - 'scep-cert': 'test_value_11', - 'scep-url': 'test_value_12', - 'source': 'factory', - 'source-ip': '84.230.14.14', - 'update-interval': '15', - 'update-vdom': 'test_value_16' - } - - set_method_mock.assert_called_with('vpn.certificate', 'crl', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_certificate_crl_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_certificate_crl': { - 'crl': 'test_value_3', - 'http_url': 'test_value_4', - 'last_updated': '5', - 'ldap_password': 'test_value_6', - 'ldap_server': 'test_value_7', - 'ldap_username': 'test_value_8', - 'name': 'default_name_9', - 'range': 'global', - 'scep_cert': 'test_value_11', - 'scep_url': 'test_value_12', - 'source': 'factory', - 'source_ip': '84.230.14.14', - 'update_interval': '15', - 'update_vdom': 'test_value_16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_crl.fortios_vpn_certificate(input_data, fos_instance) - - expected_data = { - 'crl': 'test_value_3', - 'http-url': 'test_value_4', - 'last-updated': '5', - 'ldap-password': 'test_value_6', - 'ldap-server': 'test_value_7', - 'ldap-username': 'test_value_8', - 'name': 'default_name_9', - 'range': 'global', - 'scep-cert': 'test_value_11', - 'scep-url': 'test_value_12', - 'source': 'factory', - 'source-ip': '84.230.14.14', - 'update-interval': '15', - 'update-vdom': 'test_value_16' - } - - set_method_mock.assert_called_with('vpn.certificate', 'crl', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_certificate_crl_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_certificate_crl': { - 'crl': 'test_value_3', - 'http_url': 'test_value_4', - 'last_updated': '5', - 'ldap_password': 'test_value_6', - 'ldap_server': 'test_value_7', - 'ldap_username': 'test_value_8', - 'name': 'default_name_9', - 'range': 'global', - 'scep_cert': 'test_value_11', - 'scep_url': 'test_value_12', - 'source': 'factory', - 'source_ip': '84.230.14.14', - 'update_interval': '15', - 'update_vdom': 'test_value_16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_crl.fortios_vpn_certificate(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.certificate', 'crl', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_certificate_crl_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_certificate_crl': { - 'crl': 'test_value_3', - 'http_url': 'test_value_4', - 'last_updated': '5', - 'ldap_password': 'test_value_6', - 'ldap_server': 'test_value_7', - 'ldap_username': 'test_value_8', - 'name': 'default_name_9', - 'range': 'global', - 'scep_cert': 'test_value_11', - 'scep_url': 'test_value_12', - 'source': 'factory', - 'source_ip': '84.230.14.14', - 'update_interval': '15', - 'update_vdom': 'test_value_16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_crl.fortios_vpn_certificate(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.certificate', 'crl', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_certificate_crl_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_certificate_crl': { - 'crl': 'test_value_3', - 'http_url': 'test_value_4', - 'last_updated': '5', - 'ldap_password': 'test_value_6', - 'ldap_server': 'test_value_7', - 'ldap_username': 'test_value_8', - 'name': 'default_name_9', - 'range': 'global', - 'scep_cert': 'test_value_11', - 'scep_url': 'test_value_12', - 'source': 'factory', - 'source_ip': '84.230.14.14', - 'update_interval': '15', - 'update_vdom': 'test_value_16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_crl.fortios_vpn_certificate(input_data, fos_instance) - - expected_data = { - 'crl': 'test_value_3', - 'http-url': 'test_value_4', - 'last-updated': '5', - 'ldap-password': 'test_value_6', - 'ldap-server': 'test_value_7', - 'ldap-username': 'test_value_8', - 'name': 'default_name_9', - 'range': 'global', - 'scep-cert': 'test_value_11', - 'scep-url': 'test_value_12', - 'source': 'factory', - 'source-ip': '84.230.14.14', - 'update-interval': '15', - 'update-vdom': 'test_value_16' - } - - set_method_mock.assert_called_with('vpn.certificate', 'crl', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_vpn_certificate_crl_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_certificate_crl': { - 'random_attribute_not_valid': 'tag', - 'crl': 'test_value_3', - 'http_url': 'test_value_4', - 'last_updated': '5', - 'ldap_password': 'test_value_6', - 'ldap_server': 'test_value_7', - 'ldap_username': 'test_value_8', - 'name': 'default_name_9', - 'range': 'global', - 'scep_cert': 'test_value_11', - 'scep_url': 'test_value_12', - 'source': 'factory', - 'source_ip': '84.230.14.14', - 'update_interval': '15', - 'update_vdom': 'test_value_16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_crl.fortios_vpn_certificate(input_data, fos_instance) - - expected_data = { - 'crl': 'test_value_3', - 'http-url': 'test_value_4', - 'last-updated': '5', - 'ldap-password': 'test_value_6', - 'ldap-server': 'test_value_7', - 'ldap-username': 'test_value_8', - 'name': 'default_name_9', - 'range': 'global', - 'scep-cert': 'test_value_11', - 'scep-url': 'test_value_12', - 'source': 'factory', - 'source-ip': '84.230.14.14', - 'update-interval': '15', - 'update-vdom': 'test_value_16' - } - - set_method_mock.assert_called_with('vpn.certificate', 'crl', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_vpn_certificate_local.py b/test/units/modules/network/fortios/test_fortios_vpn_certificate_local.py deleted file mode 100644 index c83c6c3e59d..00000000000 --- a/test/units/modules/network/fortios/test_fortios_vpn_certificate_local.py +++ /dev/null @@ -1,429 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_vpn_certificate_local -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_vpn_certificate_local.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_vpn_certificate_local_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_certificate_local': { - 'auto_regenerate_days': '3', - 'auto_regenerate_days_warning': '4', - 'ca_identifier': 'myId_5', - 'certificate': 'test_value_6', - 'cmp_path': 'test_value_7', - 'cmp_regeneration_method': 'keyupate', - 'cmp_server': 'test_value_9', - 'cmp_server_cert': 'test_value_10', - 'comments': 'test_value_11', - 'csr': 'test_value_12', - 'enroll_protocol': 'none', - 'ike_localid': 'test_value_14', - 'ike_localid_type': 'asn1dn', - 'last_updated': '16', - 'name': 'default_name_17', - 'name_encoding': 'printable', - 'password': 'test_value_19', - 'private_key': 'test_value_20', - 'range': 'global', - 'scep_password': 'test_value_22', - 'scep_url': 'test_value_23', - 'source': 'factory', - 'source_ip': '84.230.14.25', - 'state': 'test_value_26' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_local.fortios_vpn_certificate(input_data, fos_instance) - - expected_data = { - 'auto-regenerate-days': '3', - 'auto-regenerate-days-warning': '4', - 'ca-identifier': 'myId_5', - 'certificate': 'test_value_6', - 'cmp-path': 'test_value_7', - 'cmp-regeneration-method': 'keyupate', - 'cmp-server': 'test_value_9', - 'cmp-server-cert': 'test_value_10', - 'comments': 'test_value_11', - 'csr': 'test_value_12', - 'enroll-protocol': 'none', - 'ike-localid': 'test_value_14', - 'ike-localid-type': 'asn1dn', - 'last-updated': '16', - 'name': 'default_name_17', - 'name-encoding': 'printable', - 'password': 'test_value_19', - 'private-key': 'test_value_20', - 'range': 'global', - 'scep-password': 'test_value_22', - 'scep-url': 'test_value_23', - 'source': 'factory', - 'source-ip': '84.230.14.25', - 'state': 'test_value_26' - } - - set_method_mock.assert_called_with('vpn.certificate', 'local', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_certificate_local_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_certificate_local': { - 'auto_regenerate_days': '3', - 'auto_regenerate_days_warning': '4', - 'ca_identifier': 'myId_5', - 'certificate': 'test_value_6', - 'cmp_path': 'test_value_7', - 'cmp_regeneration_method': 'keyupate', - 'cmp_server': 'test_value_9', - 'cmp_server_cert': 'test_value_10', - 'comments': 'test_value_11', - 'csr': 'test_value_12', - 'enroll_protocol': 'none', - 'ike_localid': 'test_value_14', - 'ike_localid_type': 'asn1dn', - 'last_updated': '16', - 'name': 'default_name_17', - 'name_encoding': 'printable', - 'password': 'test_value_19', - 'private_key': 'test_value_20', - 'range': 'global', - 'scep_password': 'test_value_22', - 'scep_url': 'test_value_23', - 'source': 'factory', - 'source_ip': '84.230.14.25', - 'state': 'test_value_26' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_local.fortios_vpn_certificate(input_data, fos_instance) - - expected_data = { - 'auto-regenerate-days': '3', - 'auto-regenerate-days-warning': '4', - 'ca-identifier': 'myId_5', - 'certificate': 'test_value_6', - 'cmp-path': 'test_value_7', - 'cmp-regeneration-method': 'keyupate', - 'cmp-server': 'test_value_9', - 'cmp-server-cert': 'test_value_10', - 'comments': 'test_value_11', - 'csr': 'test_value_12', - 'enroll-protocol': 'none', - 'ike-localid': 'test_value_14', - 'ike-localid-type': 'asn1dn', - 'last-updated': '16', - 'name': 'default_name_17', - 'name-encoding': 'printable', - 'password': 'test_value_19', - 'private-key': 'test_value_20', - 'range': 'global', - 'scep-password': 'test_value_22', - 'scep-url': 'test_value_23', - 'source': 'factory', - 'source-ip': '84.230.14.25', - 'state': 'test_value_26' - } - - set_method_mock.assert_called_with('vpn.certificate', 'local', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_certificate_local_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_certificate_local': { - 'auto_regenerate_days': '3', - 'auto_regenerate_days_warning': '4', - 'ca_identifier': 'myId_5', - 'certificate': 'test_value_6', - 'cmp_path': 'test_value_7', - 'cmp_regeneration_method': 'keyupate', - 'cmp_server': 'test_value_9', - 'cmp_server_cert': 'test_value_10', - 'comments': 'test_value_11', - 'csr': 'test_value_12', - 'enroll_protocol': 'none', - 'ike_localid': 'test_value_14', - 'ike_localid_type': 'asn1dn', - 'last_updated': '16', - 'name': 'default_name_17', - 'name_encoding': 'printable', - 'password': 'test_value_19', - 'private_key': 'test_value_20', - 'range': 'global', - 'scep_password': 'test_value_22', - 'scep_url': 'test_value_23', - 'source': 'factory', - 'source_ip': '84.230.14.25', - 'state': 'test_value_26' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_local.fortios_vpn_certificate(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.certificate', 'local', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_certificate_local_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_certificate_local': { - 'auto_regenerate_days': '3', - 'auto_regenerate_days_warning': '4', - 'ca_identifier': 'myId_5', - 'certificate': 'test_value_6', - 'cmp_path': 'test_value_7', - 'cmp_regeneration_method': 'keyupate', - 'cmp_server': 'test_value_9', - 'cmp_server_cert': 'test_value_10', - 'comments': 'test_value_11', - 'csr': 'test_value_12', - 'enroll_protocol': 'none', - 'ike_localid': 'test_value_14', - 'ike_localid_type': 'asn1dn', - 'last_updated': '16', - 'name': 'default_name_17', - 'name_encoding': 'printable', - 'password': 'test_value_19', - 'private_key': 'test_value_20', - 'range': 'global', - 'scep_password': 'test_value_22', - 'scep_url': 'test_value_23', - 'source': 'factory', - 'source_ip': '84.230.14.25', - 'state': 'test_value_26' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_local.fortios_vpn_certificate(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.certificate', 'local', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_certificate_local_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_certificate_local': { - 'auto_regenerate_days': '3', - 'auto_regenerate_days_warning': '4', - 'ca_identifier': 'myId_5', - 'certificate': 'test_value_6', - 'cmp_path': 'test_value_7', - 'cmp_regeneration_method': 'keyupate', - 'cmp_server': 'test_value_9', - 'cmp_server_cert': 'test_value_10', - 'comments': 'test_value_11', - 'csr': 'test_value_12', - 'enroll_protocol': 'none', - 'ike_localid': 'test_value_14', - 'ike_localid_type': 'asn1dn', - 'last_updated': '16', - 'name': 'default_name_17', - 'name_encoding': 'printable', - 'password': 'test_value_19', - 'private_key': 'test_value_20', - 'range': 'global', - 'scep_password': 'test_value_22', - 'scep_url': 'test_value_23', - 'source': 'factory', - 'source_ip': '84.230.14.25', - 'state': 'test_value_26' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_local.fortios_vpn_certificate(input_data, fos_instance) - - expected_data = { - 'auto-regenerate-days': '3', - 'auto-regenerate-days-warning': '4', - 'ca-identifier': 'myId_5', - 'certificate': 'test_value_6', - 'cmp-path': 'test_value_7', - 'cmp-regeneration-method': 'keyupate', - 'cmp-server': 'test_value_9', - 'cmp-server-cert': 'test_value_10', - 'comments': 'test_value_11', - 'csr': 'test_value_12', - 'enroll-protocol': 'none', - 'ike-localid': 'test_value_14', - 'ike-localid-type': 'asn1dn', - 'last-updated': '16', - 'name': 'default_name_17', - 'name-encoding': 'printable', - 'password': 'test_value_19', - 'private-key': 'test_value_20', - 'range': 'global', - 'scep-password': 'test_value_22', - 'scep-url': 'test_value_23', - 'source': 'factory', - 'source-ip': '84.230.14.25', - 'state': 'test_value_26' - } - - set_method_mock.assert_called_with('vpn.certificate', 'local', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_vpn_certificate_local_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_certificate_local': { - 'random_attribute_not_valid': 'tag', - 'auto_regenerate_days': '3', - 'auto_regenerate_days_warning': '4', - 'ca_identifier': 'myId_5', - 'certificate': 'test_value_6', - 'cmp_path': 'test_value_7', - 'cmp_regeneration_method': 'keyupate', - 'cmp_server': 'test_value_9', - 'cmp_server_cert': 'test_value_10', - 'comments': 'test_value_11', - 'csr': 'test_value_12', - 'enroll_protocol': 'none', - 'ike_localid': 'test_value_14', - 'ike_localid_type': 'asn1dn', - 'last_updated': '16', - 'name': 'default_name_17', - 'name_encoding': 'printable', - 'password': 'test_value_19', - 'private_key': 'test_value_20', - 'range': 'global', - 'scep_password': 'test_value_22', - 'scep_url': 'test_value_23', - 'source': 'factory', - 'source_ip': '84.230.14.25', - 'state': 'test_value_26' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_local.fortios_vpn_certificate(input_data, fos_instance) - - expected_data = { - 'auto-regenerate-days': '3', - 'auto-regenerate-days-warning': '4', - 'ca-identifier': 'myId_5', - 'certificate': 'test_value_6', - 'cmp-path': 'test_value_7', - 'cmp-regeneration-method': 'keyupate', - 'cmp-server': 'test_value_9', - 'cmp-server-cert': 'test_value_10', - 'comments': 'test_value_11', - 'csr': 'test_value_12', - 'enroll-protocol': 'none', - 'ike-localid': 'test_value_14', - 'ike-localid-type': 'asn1dn', - 'last-updated': '16', - 'name': 'default_name_17', - 'name-encoding': 'printable', - 'password': 'test_value_19', - 'private-key': 'test_value_20', - 'range': 'global', - 'scep-password': 'test_value_22', - 'scep-url': 'test_value_23', - 'source': 'factory', - 'source-ip': '84.230.14.25', - 'state': 'test_value_26' - } - - set_method_mock.assert_called_with('vpn.certificate', 'local', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_vpn_certificate_ocsp_server.py b/test/units/modules/network/fortios/test_fortios_vpn_certificate_ocsp_server.py deleted file mode 100644 index 0ec48bd2897..00000000000 --- a/test/units/modules/network/fortios/test_fortios_vpn_certificate_ocsp_server.py +++ /dev/null @@ -1,259 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_vpn_certificate_ocsp_server -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_vpn_certificate_ocsp_server.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_vpn_certificate_ocsp_server_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_certificate_ocsp_server': { - 'cert': 'test_value_3', - 'name': 'default_name_4', - 'secondary_cert': 'test_value_5', - 'secondary_url': 'test_value_6', - 'source_ip': '84.230.14.7', - 'unavail_action': 'revoke', - 'url': 'myurl_9.com' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_ocsp_server.fortios_vpn_certificate(input_data, fos_instance) - - expected_data = { - 'cert': 'test_value_3', - 'name': 'default_name_4', - 'secondary-cert': 'test_value_5', - 'secondary-url': 'test_value_6', - 'source-ip': '84.230.14.7', - 'unavail-action': 'revoke', - 'url': 'myurl_9.com' - } - - set_method_mock.assert_called_with('vpn.certificate', 'ocsp-server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_certificate_ocsp_server_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_certificate_ocsp_server': { - 'cert': 'test_value_3', - 'name': 'default_name_4', - 'secondary_cert': 'test_value_5', - 'secondary_url': 'test_value_6', - 'source_ip': '84.230.14.7', - 'unavail_action': 'revoke', - 'url': 'myurl_9.com' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_ocsp_server.fortios_vpn_certificate(input_data, fos_instance) - - expected_data = { - 'cert': 'test_value_3', - 'name': 'default_name_4', - 'secondary-cert': 'test_value_5', - 'secondary-url': 'test_value_6', - 'source-ip': '84.230.14.7', - 'unavail-action': 'revoke', - 'url': 'myurl_9.com' - } - - set_method_mock.assert_called_with('vpn.certificate', 'ocsp-server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_certificate_ocsp_server_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_certificate_ocsp_server': { - 'cert': 'test_value_3', - 'name': 'default_name_4', - 'secondary_cert': 'test_value_5', - 'secondary_url': 'test_value_6', - 'source_ip': '84.230.14.7', - 'unavail_action': 'revoke', - 'url': 'myurl_9.com' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_ocsp_server.fortios_vpn_certificate(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.certificate', 'ocsp-server', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_certificate_ocsp_server_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_certificate_ocsp_server': { - 'cert': 'test_value_3', - 'name': 'default_name_4', - 'secondary_cert': 'test_value_5', - 'secondary_url': 'test_value_6', - 'source_ip': '84.230.14.7', - 'unavail_action': 'revoke', - 'url': 'myurl_9.com' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_ocsp_server.fortios_vpn_certificate(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.certificate', 'ocsp-server', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_certificate_ocsp_server_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_certificate_ocsp_server': { - 'cert': 'test_value_3', - 'name': 'default_name_4', - 'secondary_cert': 'test_value_5', - 'secondary_url': 'test_value_6', - 'source_ip': '84.230.14.7', - 'unavail_action': 'revoke', - 'url': 'myurl_9.com' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_ocsp_server.fortios_vpn_certificate(input_data, fos_instance) - - expected_data = { - 'cert': 'test_value_3', - 'name': 'default_name_4', - 'secondary-cert': 'test_value_5', - 'secondary-url': 'test_value_6', - 'source-ip': '84.230.14.7', - 'unavail-action': 'revoke', - 'url': 'myurl_9.com' - } - - set_method_mock.assert_called_with('vpn.certificate', 'ocsp-server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_vpn_certificate_ocsp_server_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_certificate_ocsp_server': { - 'random_attribute_not_valid': 'tag', - 'cert': 'test_value_3', - 'name': 'default_name_4', - 'secondary_cert': 'test_value_5', - 'secondary_url': 'test_value_6', - 'source_ip': '84.230.14.7', - 'unavail_action': 'revoke', - 'url': 'myurl_9.com' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_ocsp_server.fortios_vpn_certificate(input_data, fos_instance) - - expected_data = { - 'cert': 'test_value_3', - 'name': 'default_name_4', - 'secondary-cert': 'test_value_5', - 'secondary-url': 'test_value_6', - 'source-ip': '84.230.14.7', - 'unavail-action': 'revoke', - 'url': 'myurl_9.com' - } - - set_method_mock.assert_called_with('vpn.certificate', 'ocsp-server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_vpn_certificate_remote.py b/test/units/modules/network/fortios/test_fortios_vpn_certificate_remote.py deleted file mode 100644 index 926d1a12b63..00000000000 --- a/test/units/modules/network/fortios/test_fortios_vpn_certificate_remote.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_vpn_certificate_remote -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_vpn_certificate_remote.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_vpn_certificate_remote_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_certificate_remote': { - 'name': 'default_name_3', - 'range': 'global', - 'remote': 'test_value_5', - 'source': 'factory' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_remote.fortios_vpn_certificate(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'range': 'global', - 'remote': 'test_value_5', - 'source': 'factory' - } - - set_method_mock.assert_called_with('vpn.certificate', 'remote', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_certificate_remote_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_certificate_remote': { - 'name': 'default_name_3', - 'range': 'global', - 'remote': 'test_value_5', - 'source': 'factory' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_remote.fortios_vpn_certificate(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'range': 'global', - 'remote': 'test_value_5', - 'source': 'factory' - } - - set_method_mock.assert_called_with('vpn.certificate', 'remote', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_certificate_remote_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_certificate_remote': { - 'name': 'default_name_3', - 'range': 'global', - 'remote': 'test_value_5', - 'source': 'factory' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_remote.fortios_vpn_certificate(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.certificate', 'remote', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_certificate_remote_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_certificate_remote': { - 'name': 'default_name_3', - 'range': 'global', - 'remote': 'test_value_5', - 'source': 'factory' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_remote.fortios_vpn_certificate(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.certificate', 'remote', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_certificate_remote_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_certificate_remote': { - 'name': 'default_name_3', - 'range': 'global', - 'remote': 'test_value_5', - 'source': 'factory' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_remote.fortios_vpn_certificate(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'range': 'global', - 'remote': 'test_value_5', - 'source': 'factory' - } - - set_method_mock.assert_called_with('vpn.certificate', 'remote', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_vpn_certificate_remote_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_certificate_remote': { - 'random_attribute_not_valid': 'tag', - 'name': 'default_name_3', - 'range': 'global', - 'remote': 'test_value_5', - 'source': 'factory' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_remote.fortios_vpn_certificate(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'range': 'global', - 'remote': 'test_value_5', - 'source': 'factory' - } - - set_method_mock.assert_called_with('vpn.certificate', 'remote', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_vpn_certificate_setting.py b/test/units/modules/network/fortios/test_fortios_vpn_certificate_setting.py deleted file mode 100644 index 2fd011233ed..00000000000 --- a/test/units/modules/network/fortios/test_fortios_vpn_certificate_setting.py +++ /dev/null @@ -1,287 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_vpn_certificate_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_vpn_certificate_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_vpn_certificate_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_certificate_setting': { - 'certname_dsa1024': 'test_value_3', - 'certname_dsa2048': 'test_value_4', - 'certname_ecdsa256': 'test_value_5', - 'certname_ecdsa384': 'test_value_6', - 'certname_rsa1024': 'test_value_7', - 'certname_rsa2048': 'test_value_8', - 'check_ca_cert': 'enable', - 'check_ca_chain': 'enable', - 'cmp_save_extra_certs': 'enable', - 'cn_match': 'substring', - 'ocsp_default_server': 'test_value_13', - 'ocsp_status': 'enable', - 'ssl_min_proto_version': 'default', - 'ssl_ocsp_option': 'certificate', - 'ssl_ocsp_status': 'enable', - 'strict_crl_check': 'enable', - 'strict_ocsp_check': 'enable', - 'subject_match': 'substring' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_setting.fortios_vpn_certificate(input_data, fos_instance) - - expected_data = { - 'certname-dsa1024': 'test_value_3', - 'certname-dsa2048': 'test_value_4', - 'certname-ecdsa256': 'test_value_5', - 'certname-ecdsa384': 'test_value_6', - 'certname-rsa1024': 'test_value_7', - 'certname-rsa2048': 'test_value_8', - 'check-ca-cert': 'enable', - 'check-ca-chain': 'enable', - 'cmp-save-extra-certs': 'enable', - 'cn-match': 'substring', - 'ocsp-default-server': 'test_value_13', - 'ocsp-status': 'enable', - 'ssl-min-proto-version': 'default', - 'ssl-ocsp-option': 'certificate', - 'ssl-ocsp-status': 'enable', - 'strict-crl-check': 'enable', - 'strict-ocsp-check': 'enable', - 'subject-match': 'substring' - } - - set_method_mock.assert_called_with('vpn.certificate', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_certificate_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_certificate_setting': { - 'certname_dsa1024': 'test_value_3', - 'certname_dsa2048': 'test_value_4', - 'certname_ecdsa256': 'test_value_5', - 'certname_ecdsa384': 'test_value_6', - 'certname_rsa1024': 'test_value_7', - 'certname_rsa2048': 'test_value_8', - 'check_ca_cert': 'enable', - 'check_ca_chain': 'enable', - 'cmp_save_extra_certs': 'enable', - 'cn_match': 'substring', - 'ocsp_default_server': 'test_value_13', - 'ocsp_status': 'enable', - 'ssl_min_proto_version': 'default', - 'ssl_ocsp_option': 'certificate', - 'ssl_ocsp_status': 'enable', - 'strict_crl_check': 'enable', - 'strict_ocsp_check': 'enable', - 'subject_match': 'substring' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_setting.fortios_vpn_certificate(input_data, fos_instance) - - expected_data = { - 'certname-dsa1024': 'test_value_3', - 'certname-dsa2048': 'test_value_4', - 'certname-ecdsa256': 'test_value_5', - 'certname-ecdsa384': 'test_value_6', - 'certname-rsa1024': 'test_value_7', - 'certname-rsa2048': 'test_value_8', - 'check-ca-cert': 'enable', - 'check-ca-chain': 'enable', - 'cmp-save-extra-certs': 'enable', - 'cn-match': 'substring', - 'ocsp-default-server': 'test_value_13', - 'ocsp-status': 'enable', - 'ssl-min-proto-version': 'default', - 'ssl-ocsp-option': 'certificate', - 'ssl-ocsp-status': 'enable', - 'strict-crl-check': 'enable', - 'strict-ocsp-check': 'enable', - 'subject-match': 'substring' - } - - set_method_mock.assert_called_with('vpn.certificate', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_certificate_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_certificate_setting': { - 'certname_dsa1024': 'test_value_3', - 'certname_dsa2048': 'test_value_4', - 'certname_ecdsa256': 'test_value_5', - 'certname_ecdsa384': 'test_value_6', - 'certname_rsa1024': 'test_value_7', - 'certname_rsa2048': 'test_value_8', - 'check_ca_cert': 'enable', - 'check_ca_chain': 'enable', - 'cmp_save_extra_certs': 'enable', - 'cn_match': 'substring', - 'ocsp_default_server': 'test_value_13', - 'ocsp_status': 'enable', - 'ssl_min_proto_version': 'default', - 'ssl_ocsp_option': 'certificate', - 'ssl_ocsp_status': 'enable', - 'strict_crl_check': 'enable', - 'strict_ocsp_check': 'enable', - 'subject_match': 'substring' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_setting.fortios_vpn_certificate(input_data, fos_instance) - - expected_data = { - 'certname-dsa1024': 'test_value_3', - 'certname-dsa2048': 'test_value_4', - 'certname-ecdsa256': 'test_value_5', - 'certname-ecdsa384': 'test_value_6', - 'certname-rsa1024': 'test_value_7', - 'certname-rsa2048': 'test_value_8', - 'check-ca-cert': 'enable', - 'check-ca-chain': 'enable', - 'cmp-save-extra-certs': 'enable', - 'cn-match': 'substring', - 'ocsp-default-server': 'test_value_13', - 'ocsp-status': 'enable', - 'ssl-min-proto-version': 'default', - 'ssl-ocsp-option': 'certificate', - 'ssl-ocsp-status': 'enable', - 'strict-crl-check': 'enable', - 'strict-ocsp-check': 'enable', - 'subject-match': 'substring' - } - - set_method_mock.assert_called_with('vpn.certificate', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_vpn_certificate_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_certificate_setting': { - 'random_attribute_not_valid': 'tag', - 'certname_dsa1024': 'test_value_3', - 'certname_dsa2048': 'test_value_4', - 'certname_ecdsa256': 'test_value_5', - 'certname_ecdsa384': 'test_value_6', - 'certname_rsa1024': 'test_value_7', - 'certname_rsa2048': 'test_value_8', - 'check_ca_cert': 'enable', - 'check_ca_chain': 'enable', - 'cmp_save_extra_certs': 'enable', - 'cn_match': 'substring', - 'ocsp_default_server': 'test_value_13', - 'ocsp_status': 'enable', - 'ssl_min_proto_version': 'default', - 'ssl_ocsp_option': 'certificate', - 'ssl_ocsp_status': 'enable', - 'strict_crl_check': 'enable', - 'strict_ocsp_check': 'enable', - 'subject_match': 'substring' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_certificate_setting.fortios_vpn_certificate(input_data, fos_instance) - - expected_data = { - 'certname-dsa1024': 'test_value_3', - 'certname-dsa2048': 'test_value_4', - 'certname-ecdsa256': 'test_value_5', - 'certname-ecdsa384': 'test_value_6', - 'certname-rsa1024': 'test_value_7', - 'certname-rsa2048': 'test_value_8', - 'check-ca-cert': 'enable', - 'check-ca-chain': 'enable', - 'cmp-save-extra-certs': 'enable', - 'cn-match': 'substring', - 'ocsp-default-server': 'test_value_13', - 'ocsp-status': 'enable', - 'ssl-min-proto-version': 'default', - 'ssl-ocsp-option': 'certificate', - 'ssl-ocsp-status': 'enable', - 'strict-crl-check': 'enable', - 'strict-ocsp-check': 'enable', - 'subject-match': 'substring' - } - - set_method_mock.assert_called_with('vpn.certificate', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_vpn_ipsec_concentrator.py b/test/units/modules/network/fortios/test_fortios_vpn_ipsec_concentrator.py deleted file mode 100644 index fb103d3c7be..00000000000 --- a/test/units/modules/network/fortios/test_fortios_vpn_ipsec_concentrator.py +++ /dev/null @@ -1,199 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_vpn_ipsec_concentrator -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_vpn_ipsec_concentrator.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_vpn_ipsec_concentrator_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_concentrator': {'name': 'default_name_3', - 'src_check': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_concentrator.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = {'name': 'default_name_3', - 'src-check': 'disable' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'concentrator', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_ipsec_concentrator_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_concentrator': {'name': 'default_name_3', - 'src_check': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_concentrator.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = {'name': 'default_name_3', - 'src-check': 'disable' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'concentrator', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_ipsec_concentrator_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_ipsec_concentrator': {'name': 'default_name_3', - 'src_check': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_concentrator.fortios_vpn_ipsec(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.ipsec', 'concentrator', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_ipsec_concentrator_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_ipsec_concentrator': {'name': 'default_name_3', - 'src_check': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_concentrator.fortios_vpn_ipsec(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.ipsec', 'concentrator', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_ipsec_concentrator_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_concentrator': {'name': 'default_name_3', - 'src_check': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_concentrator.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = {'name': 'default_name_3', - 'src-check': 'disable' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'concentrator', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_vpn_ipsec_concentrator_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_concentrator': { - 'random_attribute_not_valid': 'tag', 'name': 'default_name_3', - 'src_check': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_concentrator.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = {'name': 'default_name_3', - 'src-check': 'disable' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'concentrator', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_vpn_ipsec_forticlient.py b/test/units/modules/network/fortios/test_fortios_vpn_ipsec_forticlient.py deleted file mode 100644 index f448f3370ba..00000000000 --- a/test/units/modules/network/fortios/test_fortios_vpn_ipsec_forticlient.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_vpn_ipsec_forticlient -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_vpn_ipsec_forticlient.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_vpn_ipsec_forticlient_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_forticlient': { - 'phase2name': 'test_value_3', - 'realm': 'test_value_4', - 'status': 'enable', - 'usergroupname': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_forticlient.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = { - 'phase2name': 'test_value_3', - 'realm': 'test_value_4', - 'status': 'enable', - 'usergroupname': 'test_value_6' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'forticlient', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_ipsec_forticlient_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_forticlient': { - 'phase2name': 'test_value_3', - 'realm': 'test_value_4', - 'status': 'enable', - 'usergroupname': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_forticlient.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = { - 'phase2name': 'test_value_3', - 'realm': 'test_value_4', - 'status': 'enable', - 'usergroupname': 'test_value_6' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'forticlient', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_ipsec_forticlient_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_ipsec_forticlient': { - 'phase2name': 'test_value_3', - 'realm': 'test_value_4', - 'status': 'enable', - 'usergroupname': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_forticlient.fortios_vpn_ipsec(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.ipsec', 'forticlient', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_ipsec_forticlient_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_ipsec_forticlient': { - 'phase2name': 'test_value_3', - 'realm': 'test_value_4', - 'status': 'enable', - 'usergroupname': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_forticlient.fortios_vpn_ipsec(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.ipsec', 'forticlient', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_ipsec_forticlient_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_forticlient': { - 'phase2name': 'test_value_3', - 'realm': 'test_value_4', - 'status': 'enable', - 'usergroupname': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_forticlient.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = { - 'phase2name': 'test_value_3', - 'realm': 'test_value_4', - 'status': 'enable', - 'usergroupname': 'test_value_6' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'forticlient', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_vpn_ipsec_forticlient_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_forticlient': { - 'random_attribute_not_valid': 'tag', - 'phase2name': 'test_value_3', - 'realm': 'test_value_4', - 'status': 'enable', - 'usergroupname': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_forticlient.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = { - 'phase2name': 'test_value_3', - 'realm': 'test_value_4', - 'status': 'enable', - 'usergroupname': 'test_value_6' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'forticlient', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_vpn_ipsec_manualkey.py b/test/units/modules/network/fortios/test_fortios_vpn_ipsec_manualkey.py deleted file mode 100644 index 0bc4787ca2d..00000000000 --- a/test/units/modules/network/fortios/test_fortios_vpn_ipsec_manualkey.py +++ /dev/null @@ -1,289 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_vpn_ipsec_manualkey -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_vpn_ipsec_manualkey.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_vpn_ipsec_manualkey_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_manualkey': { - 'authentication': 'null', - 'authkey': 'test_value_4', - 'enckey': 'test_value_5', - 'encryption': 'null', - 'interface': 'test_value_7', - 'local_gw': 'test_value_8', - 'localspi': 'test_value_9', - 'name': 'default_name_10', - 'remote_gw': 'test_value_11', - 'remotespi': 'test_value_12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_manualkey.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = { - 'authentication': 'null', - 'authkey': 'test_value_4', - 'enckey': 'test_value_5', - 'encryption': 'null', - 'interface': 'test_value_7', - 'local-gw': 'test_value_8', - 'localspi': 'test_value_9', - 'name': 'default_name_10', - 'remote-gw': 'test_value_11', - 'remotespi': 'test_value_12' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'manualkey', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_ipsec_manualkey_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_manualkey': { - 'authentication': 'null', - 'authkey': 'test_value_4', - 'enckey': 'test_value_5', - 'encryption': 'null', - 'interface': 'test_value_7', - 'local_gw': 'test_value_8', - 'localspi': 'test_value_9', - 'name': 'default_name_10', - 'remote_gw': 'test_value_11', - 'remotespi': 'test_value_12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_manualkey.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = { - 'authentication': 'null', - 'authkey': 'test_value_4', - 'enckey': 'test_value_5', - 'encryption': 'null', - 'interface': 'test_value_7', - 'local-gw': 'test_value_8', - 'localspi': 'test_value_9', - 'name': 'default_name_10', - 'remote-gw': 'test_value_11', - 'remotespi': 'test_value_12' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'manualkey', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_ipsec_manualkey_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_ipsec_manualkey': { - 'authentication': 'null', - 'authkey': 'test_value_4', - 'enckey': 'test_value_5', - 'encryption': 'null', - 'interface': 'test_value_7', - 'local_gw': 'test_value_8', - 'localspi': 'test_value_9', - 'name': 'default_name_10', - 'remote_gw': 'test_value_11', - 'remotespi': 'test_value_12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_manualkey.fortios_vpn_ipsec(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.ipsec', 'manualkey', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_ipsec_manualkey_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_ipsec_manualkey': { - 'authentication': 'null', - 'authkey': 'test_value_4', - 'enckey': 'test_value_5', - 'encryption': 'null', - 'interface': 'test_value_7', - 'local_gw': 'test_value_8', - 'localspi': 'test_value_9', - 'name': 'default_name_10', - 'remote_gw': 'test_value_11', - 'remotespi': 'test_value_12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_manualkey.fortios_vpn_ipsec(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.ipsec', 'manualkey', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_ipsec_manualkey_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_manualkey': { - 'authentication': 'null', - 'authkey': 'test_value_4', - 'enckey': 'test_value_5', - 'encryption': 'null', - 'interface': 'test_value_7', - 'local_gw': 'test_value_8', - 'localspi': 'test_value_9', - 'name': 'default_name_10', - 'remote_gw': 'test_value_11', - 'remotespi': 'test_value_12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_manualkey.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = { - 'authentication': 'null', - 'authkey': 'test_value_4', - 'enckey': 'test_value_5', - 'encryption': 'null', - 'interface': 'test_value_7', - 'local-gw': 'test_value_8', - 'localspi': 'test_value_9', - 'name': 'default_name_10', - 'remote-gw': 'test_value_11', - 'remotespi': 'test_value_12' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'manualkey', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_vpn_ipsec_manualkey_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_manualkey': { - 'random_attribute_not_valid': 'tag', - 'authentication': 'null', - 'authkey': 'test_value_4', - 'enckey': 'test_value_5', - 'encryption': 'null', - 'interface': 'test_value_7', - 'local_gw': 'test_value_8', - 'localspi': 'test_value_9', - 'name': 'default_name_10', - 'remote_gw': 'test_value_11', - 'remotespi': 'test_value_12' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_manualkey.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = { - 'authentication': 'null', - 'authkey': 'test_value_4', - 'enckey': 'test_value_5', - 'encryption': 'null', - 'interface': 'test_value_7', - 'local-gw': 'test_value_8', - 'localspi': 'test_value_9', - 'name': 'default_name_10', - 'remote-gw': 'test_value_11', - 'remotespi': 'test_value_12' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'manualkey', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_vpn_ipsec_manualkey_interface.py b/test/units/modules/network/fortios/test_fortios_vpn_ipsec_manualkey_interface.py deleted file mode 100644 index d08c4f21420..00000000000 --- a/test/units/modules/network/fortios/test_fortios_vpn_ipsec_manualkey_interface.py +++ /dev/null @@ -1,329 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_vpn_ipsec_manualkey_interface -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_vpn_ipsec_manualkey_interface.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_vpn_ipsec_manualkey_interface_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_manualkey_interface': { - 'addr_type': '4', - 'auth_alg': 'null', - 'auth_key': 'test_value_5', - 'enc_alg': 'null', - 'enc_key': 'test_value_7', - 'interface': 'test_value_8', - 'ip_version': '4', - 'local_gw': 'test_value_10', - 'local_gw6': 'test_value_11', - 'local_spi': 'test_value_12', - 'name': 'default_name_13', - 'remote_gw': 'test_value_14', - 'remote_gw6': 'test_value_15', - 'remote_spi': 'test_value_16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_manualkey_interface.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = { - 'addr-type': '4', - 'auth-alg': 'null', - 'auth-key': 'test_value_5', - 'enc-alg': 'null', - 'enc-key': 'test_value_7', - 'interface': 'test_value_8', - 'ip-version': '4', - 'local-gw': 'test_value_10', - 'local-gw6': 'test_value_11', - 'local-spi': 'test_value_12', - 'name': 'default_name_13', - 'remote-gw': 'test_value_14', - 'remote-gw6': 'test_value_15', - 'remote-spi': 'test_value_16' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'manualkey-interface', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_ipsec_manualkey_interface_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_manualkey_interface': { - 'addr_type': '4', - 'auth_alg': 'null', - 'auth_key': 'test_value_5', - 'enc_alg': 'null', - 'enc_key': 'test_value_7', - 'interface': 'test_value_8', - 'ip_version': '4', - 'local_gw': 'test_value_10', - 'local_gw6': 'test_value_11', - 'local_spi': 'test_value_12', - 'name': 'default_name_13', - 'remote_gw': 'test_value_14', - 'remote_gw6': 'test_value_15', - 'remote_spi': 'test_value_16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_manualkey_interface.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = { - 'addr-type': '4', - 'auth-alg': 'null', - 'auth-key': 'test_value_5', - 'enc-alg': 'null', - 'enc-key': 'test_value_7', - 'interface': 'test_value_8', - 'ip-version': '4', - 'local-gw': 'test_value_10', - 'local-gw6': 'test_value_11', - 'local-spi': 'test_value_12', - 'name': 'default_name_13', - 'remote-gw': 'test_value_14', - 'remote-gw6': 'test_value_15', - 'remote-spi': 'test_value_16' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'manualkey-interface', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_ipsec_manualkey_interface_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_ipsec_manualkey_interface': { - 'addr_type': '4', - 'auth_alg': 'null', - 'auth_key': 'test_value_5', - 'enc_alg': 'null', - 'enc_key': 'test_value_7', - 'interface': 'test_value_8', - 'ip_version': '4', - 'local_gw': 'test_value_10', - 'local_gw6': 'test_value_11', - 'local_spi': 'test_value_12', - 'name': 'default_name_13', - 'remote_gw': 'test_value_14', - 'remote_gw6': 'test_value_15', - 'remote_spi': 'test_value_16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_manualkey_interface.fortios_vpn_ipsec(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.ipsec', 'manualkey-interface', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_ipsec_manualkey_interface_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_ipsec_manualkey_interface': { - 'addr_type': '4', - 'auth_alg': 'null', - 'auth_key': 'test_value_5', - 'enc_alg': 'null', - 'enc_key': 'test_value_7', - 'interface': 'test_value_8', - 'ip_version': '4', - 'local_gw': 'test_value_10', - 'local_gw6': 'test_value_11', - 'local_spi': 'test_value_12', - 'name': 'default_name_13', - 'remote_gw': 'test_value_14', - 'remote_gw6': 'test_value_15', - 'remote_spi': 'test_value_16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_manualkey_interface.fortios_vpn_ipsec(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.ipsec', 'manualkey-interface', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_ipsec_manualkey_interface_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_manualkey_interface': { - 'addr_type': '4', - 'auth_alg': 'null', - 'auth_key': 'test_value_5', - 'enc_alg': 'null', - 'enc_key': 'test_value_7', - 'interface': 'test_value_8', - 'ip_version': '4', - 'local_gw': 'test_value_10', - 'local_gw6': 'test_value_11', - 'local_spi': 'test_value_12', - 'name': 'default_name_13', - 'remote_gw': 'test_value_14', - 'remote_gw6': 'test_value_15', - 'remote_spi': 'test_value_16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_manualkey_interface.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = { - 'addr-type': '4', - 'auth-alg': 'null', - 'auth-key': 'test_value_5', - 'enc-alg': 'null', - 'enc-key': 'test_value_7', - 'interface': 'test_value_8', - 'ip-version': '4', - 'local-gw': 'test_value_10', - 'local-gw6': 'test_value_11', - 'local-spi': 'test_value_12', - 'name': 'default_name_13', - 'remote-gw': 'test_value_14', - 'remote-gw6': 'test_value_15', - 'remote-spi': 'test_value_16' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'manualkey-interface', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_vpn_ipsec_manualkey_interface_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_manualkey_interface': { - 'random_attribute_not_valid': 'tag', - 'addr_type': '4', - 'auth_alg': 'null', - 'auth_key': 'test_value_5', - 'enc_alg': 'null', - 'enc_key': 'test_value_7', - 'interface': 'test_value_8', - 'ip_version': '4', - 'local_gw': 'test_value_10', - 'local_gw6': 'test_value_11', - 'local_spi': 'test_value_12', - 'name': 'default_name_13', - 'remote_gw': 'test_value_14', - 'remote_gw6': 'test_value_15', - 'remote_spi': 'test_value_16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_manualkey_interface.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = { - 'addr-type': '4', - 'auth-alg': 'null', - 'auth-key': 'test_value_5', - 'enc-alg': 'null', - 'enc-key': 'test_value_7', - 'interface': 'test_value_8', - 'ip-version': '4', - 'local-gw': 'test_value_10', - 'local-gw6': 'test_value_11', - 'local-spi': 'test_value_12', - 'name': 'default_name_13', - 'remote-gw': 'test_value_14', - 'remote-gw6': 'test_value_15', - 'remote-spi': 'test_value_16' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'manualkey-interface', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_vpn_ipsec_phase1.py b/test/units/modules/network/fortios/test_fortios_vpn_ipsec_phase1.py deleted file mode 100644 index b46caff350a..00000000000 --- a/test/units/modules/network/fortios/test_fortios_vpn_ipsec_phase1.py +++ /dev/null @@ -1,1149 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_vpn_ipsec_phase1 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_vpn_ipsec_phase1.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_vpn_ipsec_phase1_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_phase1': { - 'acct_verify': 'enable', - 'add_gw_route': 'enable', - 'add_route': 'disable', - 'assign_ip': 'disable', - 'assign_ip_from': 'range', - 'authmethod': 'psk', - 'authmethod_remote': 'psk', - 'authpasswd': 'test_value_10', - 'authusr': 'test_value_11', - 'authusrgrp': 'test_value_12', - 'auto_negotiate': 'enable', - 'banner': 'test_value_14', - 'cert_id_validation': 'enable', - 'childless_ike': 'enable', - 'client_auto_negotiate': 'disable', - 'client_keep_alive': 'disable', - 'comments': 'test_value_19', - 'dhgrp': '1', - 'digital_signature_auth': 'enable', - 'distance': '22', - 'dns_mode': 'manual', - 'domain': 'test_value_24', - 'dpd': 'disable', - 'dpd_retrycount': '26', - 'dpd_retryinterval': 'test_value_27', - 'eap': 'enable', - 'eap_identity': 'use-id-payload', - 'enforce_unique_id': 'disable', - 'forticlient_enforcement': 'enable', - 'fragmentation': 'enable', - 'fragmentation_mtu': '33', - 'group_authentication': 'enable', - 'group_authentication_secret': 'test_value_35', - 'ha_sync_esp_seqno': 'enable', - 'idle_timeout': 'enable', - 'idle_timeoutinterval': '38', - 'ike_version': '1', - 'include_local_lan': 'disable', - 'interface': 'test_value_41', - 'ipv4_dns_server1': 'test_value_42', - 'ipv4_dns_server2': 'test_value_43', - 'ipv4_dns_server3': 'test_value_44', - 'ipv4_end_ip': 'test_value_45', - 'ipv4_name': 'test_value_46', - 'ipv4_netmask': 'test_value_47', - 'ipv4_split_exclude': 'test_value_48', - 'ipv4_split_include': 'test_value_49', - 'ipv4_start_ip': 'test_value_50', - 'ipv4_wins_server1': 'test_value_51', - 'ipv4_wins_server2': 'test_value_52', - 'ipv6_dns_server1': 'test_value_53', - 'ipv6_dns_server2': 'test_value_54', - 'ipv6_dns_server3': 'test_value_55', - 'ipv6_end_ip': 'test_value_56', - 'ipv6_name': 'test_value_57', - 'ipv6_prefix': '58', - 'ipv6_split_exclude': 'test_value_59', - 'ipv6_split_include': 'test_value_60', - 'ipv6_start_ip': 'test_value_61', - 'keepalive': '62', - 'keylife': '63', - 'local_gw': 'test_value_64', - 'localid': 'test_value_65', - 'localid_type': 'auto', - 'mesh_selector_type': 'disable', - 'mode': 'aggressive', - 'mode_cfg': 'disable', - 'name': 'default_name_70', - 'nattraversal': 'enable', - 'negotiate_timeout': '72', - 'peer': 'test_value_73', - 'peergrp': 'test_value_74', - 'peerid': 'test_value_75', - 'peertype': 'any', - 'ppk': 'disable', - 'ppk_identity': 'test_value_78', - 'ppk_secret': 'test_value_79', - 'priority': '80', - 'proposal': 'des-md5', - 'psksecret': 'test_value_82', - 'psksecret_remote': 'test_value_83', - 'reauth': 'disable', - 'rekey': 'enable', - 'remote_gw': 'test_value_86', - 'remotegw_ddns': 'test_value_87', - 'rsa_signature_format': 'pkcs1', - 'save_password': 'disable', - 'send_cert_chain': 'enable', - 'signature_hash_alg': 'sha1', - 'split_include_service': 'test_value_92', - 'suite_b': 'disable', - 'type': 'static', - 'unity_support': 'disable', - 'usrgrp': 'test_value_96', - 'wizard_type': 'custom', - 'xauthtype': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_phase1.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = { - 'acct-verify': 'enable', - 'add-gw-route': 'enable', - 'add-route': 'disable', - 'assign-ip': 'disable', - 'assign-ip-from': 'range', - 'authmethod': 'psk', - 'authmethod-remote': 'psk', - 'authpasswd': 'test_value_10', - 'authusr': 'test_value_11', - 'authusrgrp': 'test_value_12', - 'auto-negotiate': 'enable', - 'banner': 'test_value_14', - 'cert-id-validation': 'enable', - 'childless-ike': 'enable', - 'client-auto-negotiate': 'disable', - 'client-keep-alive': 'disable', - 'comments': 'test_value_19', - 'dhgrp': '1', - 'digital-signature-auth': 'enable', - 'distance': '22', - 'dns-mode': 'manual', - 'domain': 'test_value_24', - 'dpd': 'disable', - 'dpd-retrycount': '26', - 'dpd-retryinterval': 'test_value_27', - 'eap': 'enable', - 'eap-identity': 'use-id-payload', - 'enforce-unique-id': 'disable', - 'forticlient-enforcement': 'enable', - 'fragmentation': 'enable', - 'fragmentation-mtu': '33', - 'group-authentication': 'enable', - 'group-authentication-secret': 'test_value_35', - 'ha-sync-esp-seqno': 'enable', - 'idle-timeout': 'enable', - 'idle-timeoutinterval': '38', - 'ike-version': '1', - 'include-local-lan': 'disable', - 'interface': 'test_value_41', - 'ipv4-dns-server1': 'test_value_42', - 'ipv4-dns-server2': 'test_value_43', - 'ipv4-dns-server3': 'test_value_44', - 'ipv4-end-ip': 'test_value_45', - 'ipv4-name': 'test_value_46', - 'ipv4-netmask': 'test_value_47', - 'ipv4-split-exclude': 'test_value_48', - 'ipv4-split-include': 'test_value_49', - 'ipv4-start-ip': 'test_value_50', - 'ipv4-wins-server1': 'test_value_51', - 'ipv4-wins-server2': 'test_value_52', - 'ipv6-dns-server1': 'test_value_53', - 'ipv6-dns-server2': 'test_value_54', - 'ipv6-dns-server3': 'test_value_55', - 'ipv6-end-ip': 'test_value_56', - 'ipv6-name': 'test_value_57', - 'ipv6-prefix': '58', - 'ipv6-split-exclude': 'test_value_59', - 'ipv6-split-include': 'test_value_60', - 'ipv6-start-ip': 'test_value_61', - 'keepalive': '62', - 'keylife': '63', - 'local-gw': 'test_value_64', - 'localid': 'test_value_65', - 'localid-type': 'auto', - 'mesh-selector-type': 'disable', - 'mode': 'aggressive', - 'mode-cfg': 'disable', - 'name': 'default_name_70', - 'nattraversal': 'enable', - 'negotiate-timeout': '72', - 'peer': 'test_value_73', - 'peergrp': 'test_value_74', - 'peerid': 'test_value_75', - 'peertype': 'any', - 'ppk': 'disable', - 'ppk-identity': 'test_value_78', - 'ppk-secret': 'test_value_79', - 'priority': '80', - 'proposal': 'des-md5', - 'psksecret': 'test_value_82', - 'psksecret-remote': 'test_value_83', - 'reauth': 'disable', - 'rekey': 'enable', - 'remote-gw': 'test_value_86', - 'remotegw-ddns': 'test_value_87', - 'rsa-signature-format': 'pkcs1', - 'save-password': 'disable', - 'send-cert-chain': 'enable', - 'signature-hash-alg': 'sha1', - 'split-include-service': 'test_value_92', - 'suite-b': 'disable', - 'type': 'static', - 'unity-support': 'disable', - 'usrgrp': 'test_value_96', - 'wizard-type': 'custom', - 'xauthtype': 'disable' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'phase1', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_ipsec_phase1_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_phase1': { - 'acct_verify': 'enable', - 'add_gw_route': 'enable', - 'add_route': 'disable', - 'assign_ip': 'disable', - 'assign_ip_from': 'range', - 'authmethod': 'psk', - 'authmethod_remote': 'psk', - 'authpasswd': 'test_value_10', - 'authusr': 'test_value_11', - 'authusrgrp': 'test_value_12', - 'auto_negotiate': 'enable', - 'banner': 'test_value_14', - 'cert_id_validation': 'enable', - 'childless_ike': 'enable', - 'client_auto_negotiate': 'disable', - 'client_keep_alive': 'disable', - 'comments': 'test_value_19', - 'dhgrp': '1', - 'digital_signature_auth': 'enable', - 'distance': '22', - 'dns_mode': 'manual', - 'domain': 'test_value_24', - 'dpd': 'disable', - 'dpd_retrycount': '26', - 'dpd_retryinterval': 'test_value_27', - 'eap': 'enable', - 'eap_identity': 'use-id-payload', - 'enforce_unique_id': 'disable', - 'forticlient_enforcement': 'enable', - 'fragmentation': 'enable', - 'fragmentation_mtu': '33', - 'group_authentication': 'enable', - 'group_authentication_secret': 'test_value_35', - 'ha_sync_esp_seqno': 'enable', - 'idle_timeout': 'enable', - 'idle_timeoutinterval': '38', - 'ike_version': '1', - 'include_local_lan': 'disable', - 'interface': 'test_value_41', - 'ipv4_dns_server1': 'test_value_42', - 'ipv4_dns_server2': 'test_value_43', - 'ipv4_dns_server3': 'test_value_44', - 'ipv4_end_ip': 'test_value_45', - 'ipv4_name': 'test_value_46', - 'ipv4_netmask': 'test_value_47', - 'ipv4_split_exclude': 'test_value_48', - 'ipv4_split_include': 'test_value_49', - 'ipv4_start_ip': 'test_value_50', - 'ipv4_wins_server1': 'test_value_51', - 'ipv4_wins_server2': 'test_value_52', - 'ipv6_dns_server1': 'test_value_53', - 'ipv6_dns_server2': 'test_value_54', - 'ipv6_dns_server3': 'test_value_55', - 'ipv6_end_ip': 'test_value_56', - 'ipv6_name': 'test_value_57', - 'ipv6_prefix': '58', - 'ipv6_split_exclude': 'test_value_59', - 'ipv6_split_include': 'test_value_60', - 'ipv6_start_ip': 'test_value_61', - 'keepalive': '62', - 'keylife': '63', - 'local_gw': 'test_value_64', - 'localid': 'test_value_65', - 'localid_type': 'auto', - 'mesh_selector_type': 'disable', - 'mode': 'aggressive', - 'mode_cfg': 'disable', - 'name': 'default_name_70', - 'nattraversal': 'enable', - 'negotiate_timeout': '72', - 'peer': 'test_value_73', - 'peergrp': 'test_value_74', - 'peerid': 'test_value_75', - 'peertype': 'any', - 'ppk': 'disable', - 'ppk_identity': 'test_value_78', - 'ppk_secret': 'test_value_79', - 'priority': '80', - 'proposal': 'des-md5', - 'psksecret': 'test_value_82', - 'psksecret_remote': 'test_value_83', - 'reauth': 'disable', - 'rekey': 'enable', - 'remote_gw': 'test_value_86', - 'remotegw_ddns': 'test_value_87', - 'rsa_signature_format': 'pkcs1', - 'save_password': 'disable', - 'send_cert_chain': 'enable', - 'signature_hash_alg': 'sha1', - 'split_include_service': 'test_value_92', - 'suite_b': 'disable', - 'type': 'static', - 'unity_support': 'disable', - 'usrgrp': 'test_value_96', - 'wizard_type': 'custom', - 'xauthtype': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_phase1.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = { - 'acct-verify': 'enable', - 'add-gw-route': 'enable', - 'add-route': 'disable', - 'assign-ip': 'disable', - 'assign-ip-from': 'range', - 'authmethod': 'psk', - 'authmethod-remote': 'psk', - 'authpasswd': 'test_value_10', - 'authusr': 'test_value_11', - 'authusrgrp': 'test_value_12', - 'auto-negotiate': 'enable', - 'banner': 'test_value_14', - 'cert-id-validation': 'enable', - 'childless-ike': 'enable', - 'client-auto-negotiate': 'disable', - 'client-keep-alive': 'disable', - 'comments': 'test_value_19', - 'dhgrp': '1', - 'digital-signature-auth': 'enable', - 'distance': '22', - 'dns-mode': 'manual', - 'domain': 'test_value_24', - 'dpd': 'disable', - 'dpd-retrycount': '26', - 'dpd-retryinterval': 'test_value_27', - 'eap': 'enable', - 'eap-identity': 'use-id-payload', - 'enforce-unique-id': 'disable', - 'forticlient-enforcement': 'enable', - 'fragmentation': 'enable', - 'fragmentation-mtu': '33', - 'group-authentication': 'enable', - 'group-authentication-secret': 'test_value_35', - 'ha-sync-esp-seqno': 'enable', - 'idle-timeout': 'enable', - 'idle-timeoutinterval': '38', - 'ike-version': '1', - 'include-local-lan': 'disable', - 'interface': 'test_value_41', - 'ipv4-dns-server1': 'test_value_42', - 'ipv4-dns-server2': 'test_value_43', - 'ipv4-dns-server3': 'test_value_44', - 'ipv4-end-ip': 'test_value_45', - 'ipv4-name': 'test_value_46', - 'ipv4-netmask': 'test_value_47', - 'ipv4-split-exclude': 'test_value_48', - 'ipv4-split-include': 'test_value_49', - 'ipv4-start-ip': 'test_value_50', - 'ipv4-wins-server1': 'test_value_51', - 'ipv4-wins-server2': 'test_value_52', - 'ipv6-dns-server1': 'test_value_53', - 'ipv6-dns-server2': 'test_value_54', - 'ipv6-dns-server3': 'test_value_55', - 'ipv6-end-ip': 'test_value_56', - 'ipv6-name': 'test_value_57', - 'ipv6-prefix': '58', - 'ipv6-split-exclude': 'test_value_59', - 'ipv6-split-include': 'test_value_60', - 'ipv6-start-ip': 'test_value_61', - 'keepalive': '62', - 'keylife': '63', - 'local-gw': 'test_value_64', - 'localid': 'test_value_65', - 'localid-type': 'auto', - 'mesh-selector-type': 'disable', - 'mode': 'aggressive', - 'mode-cfg': 'disable', - 'name': 'default_name_70', - 'nattraversal': 'enable', - 'negotiate-timeout': '72', - 'peer': 'test_value_73', - 'peergrp': 'test_value_74', - 'peerid': 'test_value_75', - 'peertype': 'any', - 'ppk': 'disable', - 'ppk-identity': 'test_value_78', - 'ppk-secret': 'test_value_79', - 'priority': '80', - 'proposal': 'des-md5', - 'psksecret': 'test_value_82', - 'psksecret-remote': 'test_value_83', - 'reauth': 'disable', - 'rekey': 'enable', - 'remote-gw': 'test_value_86', - 'remotegw-ddns': 'test_value_87', - 'rsa-signature-format': 'pkcs1', - 'save-password': 'disable', - 'send-cert-chain': 'enable', - 'signature-hash-alg': 'sha1', - 'split-include-service': 'test_value_92', - 'suite-b': 'disable', - 'type': 'static', - 'unity-support': 'disable', - 'usrgrp': 'test_value_96', - 'wizard-type': 'custom', - 'xauthtype': 'disable' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'phase1', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_ipsec_phase1_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_ipsec_phase1': { - 'acct_verify': 'enable', - 'add_gw_route': 'enable', - 'add_route': 'disable', - 'assign_ip': 'disable', - 'assign_ip_from': 'range', - 'authmethod': 'psk', - 'authmethod_remote': 'psk', - 'authpasswd': 'test_value_10', - 'authusr': 'test_value_11', - 'authusrgrp': 'test_value_12', - 'auto_negotiate': 'enable', - 'banner': 'test_value_14', - 'cert_id_validation': 'enable', - 'childless_ike': 'enable', - 'client_auto_negotiate': 'disable', - 'client_keep_alive': 'disable', - 'comments': 'test_value_19', - 'dhgrp': '1', - 'digital_signature_auth': 'enable', - 'distance': '22', - 'dns_mode': 'manual', - 'domain': 'test_value_24', - 'dpd': 'disable', - 'dpd_retrycount': '26', - 'dpd_retryinterval': 'test_value_27', - 'eap': 'enable', - 'eap_identity': 'use-id-payload', - 'enforce_unique_id': 'disable', - 'forticlient_enforcement': 'enable', - 'fragmentation': 'enable', - 'fragmentation_mtu': '33', - 'group_authentication': 'enable', - 'group_authentication_secret': 'test_value_35', - 'ha_sync_esp_seqno': 'enable', - 'idle_timeout': 'enable', - 'idle_timeoutinterval': '38', - 'ike_version': '1', - 'include_local_lan': 'disable', - 'interface': 'test_value_41', - 'ipv4_dns_server1': 'test_value_42', - 'ipv4_dns_server2': 'test_value_43', - 'ipv4_dns_server3': 'test_value_44', - 'ipv4_end_ip': 'test_value_45', - 'ipv4_name': 'test_value_46', - 'ipv4_netmask': 'test_value_47', - 'ipv4_split_exclude': 'test_value_48', - 'ipv4_split_include': 'test_value_49', - 'ipv4_start_ip': 'test_value_50', - 'ipv4_wins_server1': 'test_value_51', - 'ipv4_wins_server2': 'test_value_52', - 'ipv6_dns_server1': 'test_value_53', - 'ipv6_dns_server2': 'test_value_54', - 'ipv6_dns_server3': 'test_value_55', - 'ipv6_end_ip': 'test_value_56', - 'ipv6_name': 'test_value_57', - 'ipv6_prefix': '58', - 'ipv6_split_exclude': 'test_value_59', - 'ipv6_split_include': 'test_value_60', - 'ipv6_start_ip': 'test_value_61', - 'keepalive': '62', - 'keylife': '63', - 'local_gw': 'test_value_64', - 'localid': 'test_value_65', - 'localid_type': 'auto', - 'mesh_selector_type': 'disable', - 'mode': 'aggressive', - 'mode_cfg': 'disable', - 'name': 'default_name_70', - 'nattraversal': 'enable', - 'negotiate_timeout': '72', - 'peer': 'test_value_73', - 'peergrp': 'test_value_74', - 'peerid': 'test_value_75', - 'peertype': 'any', - 'ppk': 'disable', - 'ppk_identity': 'test_value_78', - 'ppk_secret': 'test_value_79', - 'priority': '80', - 'proposal': 'des-md5', - 'psksecret': 'test_value_82', - 'psksecret_remote': 'test_value_83', - 'reauth': 'disable', - 'rekey': 'enable', - 'remote_gw': 'test_value_86', - 'remotegw_ddns': 'test_value_87', - 'rsa_signature_format': 'pkcs1', - 'save_password': 'disable', - 'send_cert_chain': 'enable', - 'signature_hash_alg': 'sha1', - 'split_include_service': 'test_value_92', - 'suite_b': 'disable', - 'type': 'static', - 'unity_support': 'disable', - 'usrgrp': 'test_value_96', - 'wizard_type': 'custom', - 'xauthtype': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_phase1.fortios_vpn_ipsec(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.ipsec', 'phase1', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_ipsec_phase1_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_ipsec_phase1': { - 'acct_verify': 'enable', - 'add_gw_route': 'enable', - 'add_route': 'disable', - 'assign_ip': 'disable', - 'assign_ip_from': 'range', - 'authmethod': 'psk', - 'authmethod_remote': 'psk', - 'authpasswd': 'test_value_10', - 'authusr': 'test_value_11', - 'authusrgrp': 'test_value_12', - 'auto_negotiate': 'enable', - 'banner': 'test_value_14', - 'cert_id_validation': 'enable', - 'childless_ike': 'enable', - 'client_auto_negotiate': 'disable', - 'client_keep_alive': 'disable', - 'comments': 'test_value_19', - 'dhgrp': '1', - 'digital_signature_auth': 'enable', - 'distance': '22', - 'dns_mode': 'manual', - 'domain': 'test_value_24', - 'dpd': 'disable', - 'dpd_retrycount': '26', - 'dpd_retryinterval': 'test_value_27', - 'eap': 'enable', - 'eap_identity': 'use-id-payload', - 'enforce_unique_id': 'disable', - 'forticlient_enforcement': 'enable', - 'fragmentation': 'enable', - 'fragmentation_mtu': '33', - 'group_authentication': 'enable', - 'group_authentication_secret': 'test_value_35', - 'ha_sync_esp_seqno': 'enable', - 'idle_timeout': 'enable', - 'idle_timeoutinterval': '38', - 'ike_version': '1', - 'include_local_lan': 'disable', - 'interface': 'test_value_41', - 'ipv4_dns_server1': 'test_value_42', - 'ipv4_dns_server2': 'test_value_43', - 'ipv4_dns_server3': 'test_value_44', - 'ipv4_end_ip': 'test_value_45', - 'ipv4_name': 'test_value_46', - 'ipv4_netmask': 'test_value_47', - 'ipv4_split_exclude': 'test_value_48', - 'ipv4_split_include': 'test_value_49', - 'ipv4_start_ip': 'test_value_50', - 'ipv4_wins_server1': 'test_value_51', - 'ipv4_wins_server2': 'test_value_52', - 'ipv6_dns_server1': 'test_value_53', - 'ipv6_dns_server2': 'test_value_54', - 'ipv6_dns_server3': 'test_value_55', - 'ipv6_end_ip': 'test_value_56', - 'ipv6_name': 'test_value_57', - 'ipv6_prefix': '58', - 'ipv6_split_exclude': 'test_value_59', - 'ipv6_split_include': 'test_value_60', - 'ipv6_start_ip': 'test_value_61', - 'keepalive': '62', - 'keylife': '63', - 'local_gw': 'test_value_64', - 'localid': 'test_value_65', - 'localid_type': 'auto', - 'mesh_selector_type': 'disable', - 'mode': 'aggressive', - 'mode_cfg': 'disable', - 'name': 'default_name_70', - 'nattraversal': 'enable', - 'negotiate_timeout': '72', - 'peer': 'test_value_73', - 'peergrp': 'test_value_74', - 'peerid': 'test_value_75', - 'peertype': 'any', - 'ppk': 'disable', - 'ppk_identity': 'test_value_78', - 'ppk_secret': 'test_value_79', - 'priority': '80', - 'proposal': 'des-md5', - 'psksecret': 'test_value_82', - 'psksecret_remote': 'test_value_83', - 'reauth': 'disable', - 'rekey': 'enable', - 'remote_gw': 'test_value_86', - 'remotegw_ddns': 'test_value_87', - 'rsa_signature_format': 'pkcs1', - 'save_password': 'disable', - 'send_cert_chain': 'enable', - 'signature_hash_alg': 'sha1', - 'split_include_service': 'test_value_92', - 'suite_b': 'disable', - 'type': 'static', - 'unity_support': 'disable', - 'usrgrp': 'test_value_96', - 'wizard_type': 'custom', - 'xauthtype': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_phase1.fortios_vpn_ipsec(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.ipsec', 'phase1', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_ipsec_phase1_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_phase1': { - 'acct_verify': 'enable', - 'add_gw_route': 'enable', - 'add_route': 'disable', - 'assign_ip': 'disable', - 'assign_ip_from': 'range', - 'authmethod': 'psk', - 'authmethod_remote': 'psk', - 'authpasswd': 'test_value_10', - 'authusr': 'test_value_11', - 'authusrgrp': 'test_value_12', - 'auto_negotiate': 'enable', - 'banner': 'test_value_14', - 'cert_id_validation': 'enable', - 'childless_ike': 'enable', - 'client_auto_negotiate': 'disable', - 'client_keep_alive': 'disable', - 'comments': 'test_value_19', - 'dhgrp': '1', - 'digital_signature_auth': 'enable', - 'distance': '22', - 'dns_mode': 'manual', - 'domain': 'test_value_24', - 'dpd': 'disable', - 'dpd_retrycount': '26', - 'dpd_retryinterval': 'test_value_27', - 'eap': 'enable', - 'eap_identity': 'use-id-payload', - 'enforce_unique_id': 'disable', - 'forticlient_enforcement': 'enable', - 'fragmentation': 'enable', - 'fragmentation_mtu': '33', - 'group_authentication': 'enable', - 'group_authentication_secret': 'test_value_35', - 'ha_sync_esp_seqno': 'enable', - 'idle_timeout': 'enable', - 'idle_timeoutinterval': '38', - 'ike_version': '1', - 'include_local_lan': 'disable', - 'interface': 'test_value_41', - 'ipv4_dns_server1': 'test_value_42', - 'ipv4_dns_server2': 'test_value_43', - 'ipv4_dns_server3': 'test_value_44', - 'ipv4_end_ip': 'test_value_45', - 'ipv4_name': 'test_value_46', - 'ipv4_netmask': 'test_value_47', - 'ipv4_split_exclude': 'test_value_48', - 'ipv4_split_include': 'test_value_49', - 'ipv4_start_ip': 'test_value_50', - 'ipv4_wins_server1': 'test_value_51', - 'ipv4_wins_server2': 'test_value_52', - 'ipv6_dns_server1': 'test_value_53', - 'ipv6_dns_server2': 'test_value_54', - 'ipv6_dns_server3': 'test_value_55', - 'ipv6_end_ip': 'test_value_56', - 'ipv6_name': 'test_value_57', - 'ipv6_prefix': '58', - 'ipv6_split_exclude': 'test_value_59', - 'ipv6_split_include': 'test_value_60', - 'ipv6_start_ip': 'test_value_61', - 'keepalive': '62', - 'keylife': '63', - 'local_gw': 'test_value_64', - 'localid': 'test_value_65', - 'localid_type': 'auto', - 'mesh_selector_type': 'disable', - 'mode': 'aggressive', - 'mode_cfg': 'disable', - 'name': 'default_name_70', - 'nattraversal': 'enable', - 'negotiate_timeout': '72', - 'peer': 'test_value_73', - 'peergrp': 'test_value_74', - 'peerid': 'test_value_75', - 'peertype': 'any', - 'ppk': 'disable', - 'ppk_identity': 'test_value_78', - 'ppk_secret': 'test_value_79', - 'priority': '80', - 'proposal': 'des-md5', - 'psksecret': 'test_value_82', - 'psksecret_remote': 'test_value_83', - 'reauth': 'disable', - 'rekey': 'enable', - 'remote_gw': 'test_value_86', - 'remotegw_ddns': 'test_value_87', - 'rsa_signature_format': 'pkcs1', - 'save_password': 'disable', - 'send_cert_chain': 'enable', - 'signature_hash_alg': 'sha1', - 'split_include_service': 'test_value_92', - 'suite_b': 'disable', - 'type': 'static', - 'unity_support': 'disable', - 'usrgrp': 'test_value_96', - 'wizard_type': 'custom', - 'xauthtype': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_phase1.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = { - 'acct-verify': 'enable', - 'add-gw-route': 'enable', - 'add-route': 'disable', - 'assign-ip': 'disable', - 'assign-ip-from': 'range', - 'authmethod': 'psk', - 'authmethod-remote': 'psk', - 'authpasswd': 'test_value_10', - 'authusr': 'test_value_11', - 'authusrgrp': 'test_value_12', - 'auto-negotiate': 'enable', - 'banner': 'test_value_14', - 'cert-id-validation': 'enable', - 'childless-ike': 'enable', - 'client-auto-negotiate': 'disable', - 'client-keep-alive': 'disable', - 'comments': 'test_value_19', - 'dhgrp': '1', - 'digital-signature-auth': 'enable', - 'distance': '22', - 'dns-mode': 'manual', - 'domain': 'test_value_24', - 'dpd': 'disable', - 'dpd-retrycount': '26', - 'dpd-retryinterval': 'test_value_27', - 'eap': 'enable', - 'eap-identity': 'use-id-payload', - 'enforce-unique-id': 'disable', - 'forticlient-enforcement': 'enable', - 'fragmentation': 'enable', - 'fragmentation-mtu': '33', - 'group-authentication': 'enable', - 'group-authentication-secret': 'test_value_35', - 'ha-sync-esp-seqno': 'enable', - 'idle-timeout': 'enable', - 'idle-timeoutinterval': '38', - 'ike-version': '1', - 'include-local-lan': 'disable', - 'interface': 'test_value_41', - 'ipv4-dns-server1': 'test_value_42', - 'ipv4-dns-server2': 'test_value_43', - 'ipv4-dns-server3': 'test_value_44', - 'ipv4-end-ip': 'test_value_45', - 'ipv4-name': 'test_value_46', - 'ipv4-netmask': 'test_value_47', - 'ipv4-split-exclude': 'test_value_48', - 'ipv4-split-include': 'test_value_49', - 'ipv4-start-ip': 'test_value_50', - 'ipv4-wins-server1': 'test_value_51', - 'ipv4-wins-server2': 'test_value_52', - 'ipv6-dns-server1': 'test_value_53', - 'ipv6-dns-server2': 'test_value_54', - 'ipv6-dns-server3': 'test_value_55', - 'ipv6-end-ip': 'test_value_56', - 'ipv6-name': 'test_value_57', - 'ipv6-prefix': '58', - 'ipv6-split-exclude': 'test_value_59', - 'ipv6-split-include': 'test_value_60', - 'ipv6-start-ip': 'test_value_61', - 'keepalive': '62', - 'keylife': '63', - 'local-gw': 'test_value_64', - 'localid': 'test_value_65', - 'localid-type': 'auto', - 'mesh-selector-type': 'disable', - 'mode': 'aggressive', - 'mode-cfg': 'disable', - 'name': 'default_name_70', - 'nattraversal': 'enable', - 'negotiate-timeout': '72', - 'peer': 'test_value_73', - 'peergrp': 'test_value_74', - 'peerid': 'test_value_75', - 'peertype': 'any', - 'ppk': 'disable', - 'ppk-identity': 'test_value_78', - 'ppk-secret': 'test_value_79', - 'priority': '80', - 'proposal': 'des-md5', - 'psksecret': 'test_value_82', - 'psksecret-remote': 'test_value_83', - 'reauth': 'disable', - 'rekey': 'enable', - 'remote-gw': 'test_value_86', - 'remotegw-ddns': 'test_value_87', - 'rsa-signature-format': 'pkcs1', - 'save-password': 'disable', - 'send-cert-chain': 'enable', - 'signature-hash-alg': 'sha1', - 'split-include-service': 'test_value_92', - 'suite-b': 'disable', - 'type': 'static', - 'unity-support': 'disable', - 'usrgrp': 'test_value_96', - 'wizard-type': 'custom', - 'xauthtype': 'disable' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'phase1', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_vpn_ipsec_phase1_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_phase1': { - 'random_attribute_not_valid': 'tag', - 'acct_verify': 'enable', - 'add_gw_route': 'enable', - 'add_route': 'disable', - 'assign_ip': 'disable', - 'assign_ip_from': 'range', - 'authmethod': 'psk', - 'authmethod_remote': 'psk', - 'authpasswd': 'test_value_10', - 'authusr': 'test_value_11', - 'authusrgrp': 'test_value_12', - 'auto_negotiate': 'enable', - 'banner': 'test_value_14', - 'cert_id_validation': 'enable', - 'childless_ike': 'enable', - 'client_auto_negotiate': 'disable', - 'client_keep_alive': 'disable', - 'comments': 'test_value_19', - 'dhgrp': '1', - 'digital_signature_auth': 'enable', - 'distance': '22', - 'dns_mode': 'manual', - 'domain': 'test_value_24', - 'dpd': 'disable', - 'dpd_retrycount': '26', - 'dpd_retryinterval': 'test_value_27', - 'eap': 'enable', - 'eap_identity': 'use-id-payload', - 'enforce_unique_id': 'disable', - 'forticlient_enforcement': 'enable', - 'fragmentation': 'enable', - 'fragmentation_mtu': '33', - 'group_authentication': 'enable', - 'group_authentication_secret': 'test_value_35', - 'ha_sync_esp_seqno': 'enable', - 'idle_timeout': 'enable', - 'idle_timeoutinterval': '38', - 'ike_version': '1', - 'include_local_lan': 'disable', - 'interface': 'test_value_41', - 'ipv4_dns_server1': 'test_value_42', - 'ipv4_dns_server2': 'test_value_43', - 'ipv4_dns_server3': 'test_value_44', - 'ipv4_end_ip': 'test_value_45', - 'ipv4_name': 'test_value_46', - 'ipv4_netmask': 'test_value_47', - 'ipv4_split_exclude': 'test_value_48', - 'ipv4_split_include': 'test_value_49', - 'ipv4_start_ip': 'test_value_50', - 'ipv4_wins_server1': 'test_value_51', - 'ipv4_wins_server2': 'test_value_52', - 'ipv6_dns_server1': 'test_value_53', - 'ipv6_dns_server2': 'test_value_54', - 'ipv6_dns_server3': 'test_value_55', - 'ipv6_end_ip': 'test_value_56', - 'ipv6_name': 'test_value_57', - 'ipv6_prefix': '58', - 'ipv6_split_exclude': 'test_value_59', - 'ipv6_split_include': 'test_value_60', - 'ipv6_start_ip': 'test_value_61', - 'keepalive': '62', - 'keylife': '63', - 'local_gw': 'test_value_64', - 'localid': 'test_value_65', - 'localid_type': 'auto', - 'mesh_selector_type': 'disable', - 'mode': 'aggressive', - 'mode_cfg': 'disable', - 'name': 'default_name_70', - 'nattraversal': 'enable', - 'negotiate_timeout': '72', - 'peer': 'test_value_73', - 'peergrp': 'test_value_74', - 'peerid': 'test_value_75', - 'peertype': 'any', - 'ppk': 'disable', - 'ppk_identity': 'test_value_78', - 'ppk_secret': 'test_value_79', - 'priority': '80', - 'proposal': 'des-md5', - 'psksecret': 'test_value_82', - 'psksecret_remote': 'test_value_83', - 'reauth': 'disable', - 'rekey': 'enable', - 'remote_gw': 'test_value_86', - 'remotegw_ddns': 'test_value_87', - 'rsa_signature_format': 'pkcs1', - 'save_password': 'disable', - 'send_cert_chain': 'enable', - 'signature_hash_alg': 'sha1', - 'split_include_service': 'test_value_92', - 'suite_b': 'disable', - 'type': 'static', - 'unity_support': 'disable', - 'usrgrp': 'test_value_96', - 'wizard_type': 'custom', - 'xauthtype': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_phase1.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = { - 'acct-verify': 'enable', - 'add-gw-route': 'enable', - 'add-route': 'disable', - 'assign-ip': 'disable', - 'assign-ip-from': 'range', - 'authmethod': 'psk', - 'authmethod-remote': 'psk', - 'authpasswd': 'test_value_10', - 'authusr': 'test_value_11', - 'authusrgrp': 'test_value_12', - 'auto-negotiate': 'enable', - 'banner': 'test_value_14', - 'cert-id-validation': 'enable', - 'childless-ike': 'enable', - 'client-auto-negotiate': 'disable', - 'client-keep-alive': 'disable', - 'comments': 'test_value_19', - 'dhgrp': '1', - 'digital-signature-auth': 'enable', - 'distance': '22', - 'dns-mode': 'manual', - 'domain': 'test_value_24', - 'dpd': 'disable', - 'dpd-retrycount': '26', - 'dpd-retryinterval': 'test_value_27', - 'eap': 'enable', - 'eap-identity': 'use-id-payload', - 'enforce-unique-id': 'disable', - 'forticlient-enforcement': 'enable', - 'fragmentation': 'enable', - 'fragmentation-mtu': '33', - 'group-authentication': 'enable', - 'group-authentication-secret': 'test_value_35', - 'ha-sync-esp-seqno': 'enable', - 'idle-timeout': 'enable', - 'idle-timeoutinterval': '38', - 'ike-version': '1', - 'include-local-lan': 'disable', - 'interface': 'test_value_41', - 'ipv4-dns-server1': 'test_value_42', - 'ipv4-dns-server2': 'test_value_43', - 'ipv4-dns-server3': 'test_value_44', - 'ipv4-end-ip': 'test_value_45', - 'ipv4-name': 'test_value_46', - 'ipv4-netmask': 'test_value_47', - 'ipv4-split-exclude': 'test_value_48', - 'ipv4-split-include': 'test_value_49', - 'ipv4-start-ip': 'test_value_50', - 'ipv4-wins-server1': 'test_value_51', - 'ipv4-wins-server2': 'test_value_52', - 'ipv6-dns-server1': 'test_value_53', - 'ipv6-dns-server2': 'test_value_54', - 'ipv6-dns-server3': 'test_value_55', - 'ipv6-end-ip': 'test_value_56', - 'ipv6-name': 'test_value_57', - 'ipv6-prefix': '58', - 'ipv6-split-exclude': 'test_value_59', - 'ipv6-split-include': 'test_value_60', - 'ipv6-start-ip': 'test_value_61', - 'keepalive': '62', - 'keylife': '63', - 'local-gw': 'test_value_64', - 'localid': 'test_value_65', - 'localid-type': 'auto', - 'mesh-selector-type': 'disable', - 'mode': 'aggressive', - 'mode-cfg': 'disable', - 'name': 'default_name_70', - 'nattraversal': 'enable', - 'negotiate-timeout': '72', - 'peer': 'test_value_73', - 'peergrp': 'test_value_74', - 'peerid': 'test_value_75', - 'peertype': 'any', - 'ppk': 'disable', - 'ppk-identity': 'test_value_78', - 'ppk-secret': 'test_value_79', - 'priority': '80', - 'proposal': 'des-md5', - 'psksecret': 'test_value_82', - 'psksecret-remote': 'test_value_83', - 'reauth': 'disable', - 'rekey': 'enable', - 'remote-gw': 'test_value_86', - 'remotegw-ddns': 'test_value_87', - 'rsa-signature-format': 'pkcs1', - 'save-password': 'disable', - 'send-cert-chain': 'enable', - 'signature-hash-alg': 'sha1', - 'split-include-service': 'test_value_92', - 'suite-b': 'disable', - 'type': 'static', - 'unity-support': 'disable', - 'usrgrp': 'test_value_96', - 'wizard-type': 'custom', - 'xauthtype': 'disable' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'phase1', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_vpn_ipsec_phase1_interface.py b/test/units/modules/network/fortios/test_fortios_vpn_ipsec_phase1_interface.py deleted file mode 100644 index 6a422b834c2..00000000000 --- a/test/units/modules/network/fortios/test_fortios_vpn_ipsec_phase1_interface.py +++ /dev/null @@ -1,1419 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_vpn_ipsec_phase1_interface -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_vpn_ipsec_phase1_interface.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_vpn_ipsec_phase1_interface_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_phase1_interface': { - 'acct_verify': 'enable', - 'add_gw_route': 'enable', - 'add_route': 'disable', - 'assign_ip': 'disable', - 'assign_ip_from': 'range', - 'authmethod': 'psk', - 'authmethod_remote': 'psk', - 'authpasswd': 'test_value_10', - 'authusr': 'test_value_11', - 'authusrgrp': 'test_value_12', - 'auto_discovery_forwarder': 'enable', - 'auto_discovery_psk': 'enable', - 'auto_discovery_receiver': 'enable', - 'auto_discovery_sender': 'enable', - 'auto_negotiate': 'enable', - 'banner': 'test_value_18', - 'cert_id_validation': 'enable', - 'childless_ike': 'enable', - 'client_auto_negotiate': 'disable', - 'client_keep_alive': 'disable', - 'comments': 'test_value_23', - 'default_gw': 'test_value_24', - 'default_gw_priority': '25', - 'dhgrp': '1', - 'digital_signature_auth': 'enable', - 'distance': '28', - 'dns_mode': 'manual', - 'domain': 'test_value_30', - 'dpd': 'disable', - 'dpd_retrycount': '32', - 'dpd_retryinterval': 'test_value_33', - 'eap': 'enable', - 'eap_identity': 'use-id-payload', - 'encap_local_gw4': 'test_value_36', - 'encap_local_gw6': 'test_value_37', - 'encap_remote_gw4': 'test_value_38', - 'encap_remote_gw6': 'test_value_39', - 'encapsulation': 'none', - 'encapsulation_address': 'ike', - 'enforce_unique_id': 'disable', - 'exchange_interface_ip': 'enable', - 'exchange_ip_addr4': 'test_value_44', - 'exchange_ip_addr6': 'test_value_45', - 'forticlient_enforcement': 'enable', - 'fragmentation': 'enable', - 'fragmentation_mtu': '48', - 'group_authentication': 'enable', - 'group_authentication_secret': 'test_value_50', - 'ha_sync_esp_seqno': 'enable', - 'idle_timeout': 'enable', - 'idle_timeoutinterval': '53', - 'ike_version': '1', - 'include_local_lan': 'disable', - 'interface': 'test_value_56', - 'ip_version': '4', - 'ipv4_dns_server1': 'test_value_58', - 'ipv4_dns_server2': 'test_value_59', - 'ipv4_dns_server3': 'test_value_60', - 'ipv4_end_ip': 'test_value_61', - 'ipv4_name': 'test_value_62', - 'ipv4_netmask': 'test_value_63', - 'ipv4_split_exclude': 'test_value_64', - 'ipv4_split_include': 'test_value_65', - 'ipv4_start_ip': 'test_value_66', - 'ipv4_wins_server1': 'test_value_67', - 'ipv4_wins_server2': 'test_value_68', - 'ipv6_dns_server1': 'test_value_69', - 'ipv6_dns_server2': 'test_value_70', - 'ipv6_dns_server3': 'test_value_71', - 'ipv6_end_ip': 'test_value_72', - 'ipv6_name': 'test_value_73', - 'ipv6_prefix': '74', - 'ipv6_split_exclude': 'test_value_75', - 'ipv6_split_include': 'test_value_76', - 'ipv6_start_ip': 'test_value_77', - 'keepalive': '78', - 'keylife': '79', - 'local_gw': 'test_value_80', - 'local_gw6': 'test_value_81', - 'localid': 'test_value_82', - 'localid_type': 'auto', - 'mesh_selector_type': 'disable', - 'mode': 'aggressive', - 'mode_cfg': 'disable', - 'monitor': 'test_value_87', - 'monitor_hold_down_delay': '88', - 'monitor_hold_down_time': 'test_value_89', - 'monitor_hold_down_type': 'immediate', - 'monitor_hold_down_weekday': 'everyday', - 'name': 'default_name_92', - 'nattraversal': 'enable', - 'negotiate_timeout': '94', - 'net_device': 'enable', - 'passive_mode': 'enable', - 'peer': 'test_value_97', - 'peergrp': 'test_value_98', - 'peerid': 'test_value_99', - 'peertype': 'any', - 'ppk': 'disable', - 'ppk_identity': 'test_value_102', - 'ppk_secret': 'test_value_103', - 'priority': '104', - 'proposal': 'des-md5', - 'psksecret': 'test_value_106', - 'psksecret_remote': 'test_value_107', - 'reauth': 'disable', - 'rekey': 'enable', - 'remote_gw': 'test_value_110', - 'remote_gw6': 'test_value_111', - 'remotegw_ddns': 'test_value_112', - 'rsa_signature_format': 'pkcs1', - 'save_password': 'disable', - 'send_cert_chain': 'enable', - 'signature_hash_alg': 'sha1', - 'split_include_service': 'test_value_117', - 'suite_b': 'disable', - 'tunnel_search': 'selectors', - 'type': 'static', - 'unity_support': 'disable', - 'usrgrp': 'test_value_122', - 'vni': '123', - 'wizard_type': 'custom', - 'xauthtype': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_phase1_interface.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = { - 'acct-verify': 'enable', - 'add-gw-route': 'enable', - 'add-route': 'disable', - 'assign-ip': 'disable', - 'assign-ip-from': 'range', - 'authmethod': 'psk', - 'authmethod-remote': 'psk', - 'authpasswd': 'test_value_10', - 'authusr': 'test_value_11', - 'authusrgrp': 'test_value_12', - 'auto-discovery-forwarder': 'enable', - 'auto-discovery-psk': 'enable', - 'auto-discovery-receiver': 'enable', - 'auto-discovery-sender': 'enable', - 'auto-negotiate': 'enable', - 'banner': 'test_value_18', - 'cert-id-validation': 'enable', - 'childless-ike': 'enable', - 'client-auto-negotiate': 'disable', - 'client-keep-alive': 'disable', - 'comments': 'test_value_23', - 'default-gw': 'test_value_24', - 'default-gw-priority': '25', - 'dhgrp': '1', - 'digital-signature-auth': 'enable', - 'distance': '28', - 'dns-mode': 'manual', - 'domain': 'test_value_30', - 'dpd': 'disable', - 'dpd-retrycount': '32', - 'dpd-retryinterval': 'test_value_33', - 'eap': 'enable', - 'eap-identity': 'use-id-payload', - 'encap-local-gw4': 'test_value_36', - 'encap-local-gw6': 'test_value_37', - 'encap-remote-gw4': 'test_value_38', - 'encap-remote-gw6': 'test_value_39', - 'encapsulation': 'none', - 'encapsulation-address': 'ike', - 'enforce-unique-id': 'disable', - 'exchange-interface-ip': 'enable', - 'exchange-ip-addr4': 'test_value_44', - 'exchange-ip-addr6': 'test_value_45', - 'forticlient-enforcement': 'enable', - 'fragmentation': 'enable', - 'fragmentation-mtu': '48', - 'group-authentication': 'enable', - 'group-authentication-secret': 'test_value_50', - 'ha-sync-esp-seqno': 'enable', - 'idle-timeout': 'enable', - 'idle-timeoutinterval': '53', - 'ike-version': '1', - 'include-local-lan': 'disable', - 'interface': 'test_value_56', - 'ip-version': '4', - 'ipv4-dns-server1': 'test_value_58', - 'ipv4-dns-server2': 'test_value_59', - 'ipv4-dns-server3': 'test_value_60', - 'ipv4-end-ip': 'test_value_61', - 'ipv4-name': 'test_value_62', - 'ipv4-netmask': 'test_value_63', - 'ipv4-split-exclude': 'test_value_64', - 'ipv4-split-include': 'test_value_65', - 'ipv4-start-ip': 'test_value_66', - 'ipv4-wins-server1': 'test_value_67', - 'ipv4-wins-server2': 'test_value_68', - 'ipv6-dns-server1': 'test_value_69', - 'ipv6-dns-server2': 'test_value_70', - 'ipv6-dns-server3': 'test_value_71', - 'ipv6-end-ip': 'test_value_72', - 'ipv6-name': 'test_value_73', - 'ipv6-prefix': '74', - 'ipv6-split-exclude': 'test_value_75', - 'ipv6-split-include': 'test_value_76', - 'ipv6-start-ip': 'test_value_77', - 'keepalive': '78', - 'keylife': '79', - 'local-gw': 'test_value_80', - 'local-gw6': 'test_value_81', - 'localid': 'test_value_82', - 'localid-type': 'auto', - 'mesh-selector-type': 'disable', - 'mode': 'aggressive', - 'mode-cfg': 'disable', - 'monitor': 'test_value_87', - 'monitor-hold-down-delay': '88', - 'monitor-hold-down-time': 'test_value_89', - 'monitor-hold-down-type': 'immediate', - 'monitor-hold-down-weekday': 'everyday', - 'name': 'default_name_92', - 'nattraversal': 'enable', - 'negotiate-timeout': '94', - 'net-device': 'enable', - 'passive-mode': 'enable', - 'peer': 'test_value_97', - 'peergrp': 'test_value_98', - 'peerid': 'test_value_99', - 'peertype': 'any', - 'ppk': 'disable', - 'ppk-identity': 'test_value_102', - 'ppk-secret': 'test_value_103', - 'priority': '104', - 'proposal': 'des-md5', - 'psksecret': 'test_value_106', - 'psksecret-remote': 'test_value_107', - 'reauth': 'disable', - 'rekey': 'enable', - 'remote-gw': 'test_value_110', - 'remote-gw6': 'test_value_111', - 'remotegw-ddns': 'test_value_112', - 'rsa-signature-format': 'pkcs1', - 'save-password': 'disable', - 'send-cert-chain': 'enable', - 'signature-hash-alg': 'sha1', - 'split-include-service': 'test_value_117', - 'suite-b': 'disable', - 'tunnel-search': 'selectors', - 'type': 'static', - 'unity-support': 'disable', - 'usrgrp': 'test_value_122', - 'vni': '123', - 'wizard-type': 'custom', - 'xauthtype': 'disable' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'phase1-interface', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_ipsec_phase1_interface_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_phase1_interface': { - 'acct_verify': 'enable', - 'add_gw_route': 'enable', - 'add_route': 'disable', - 'assign_ip': 'disable', - 'assign_ip_from': 'range', - 'authmethod': 'psk', - 'authmethod_remote': 'psk', - 'authpasswd': 'test_value_10', - 'authusr': 'test_value_11', - 'authusrgrp': 'test_value_12', - 'auto_discovery_forwarder': 'enable', - 'auto_discovery_psk': 'enable', - 'auto_discovery_receiver': 'enable', - 'auto_discovery_sender': 'enable', - 'auto_negotiate': 'enable', - 'banner': 'test_value_18', - 'cert_id_validation': 'enable', - 'childless_ike': 'enable', - 'client_auto_negotiate': 'disable', - 'client_keep_alive': 'disable', - 'comments': 'test_value_23', - 'default_gw': 'test_value_24', - 'default_gw_priority': '25', - 'dhgrp': '1', - 'digital_signature_auth': 'enable', - 'distance': '28', - 'dns_mode': 'manual', - 'domain': 'test_value_30', - 'dpd': 'disable', - 'dpd_retrycount': '32', - 'dpd_retryinterval': 'test_value_33', - 'eap': 'enable', - 'eap_identity': 'use-id-payload', - 'encap_local_gw4': 'test_value_36', - 'encap_local_gw6': 'test_value_37', - 'encap_remote_gw4': 'test_value_38', - 'encap_remote_gw6': 'test_value_39', - 'encapsulation': 'none', - 'encapsulation_address': 'ike', - 'enforce_unique_id': 'disable', - 'exchange_interface_ip': 'enable', - 'exchange_ip_addr4': 'test_value_44', - 'exchange_ip_addr6': 'test_value_45', - 'forticlient_enforcement': 'enable', - 'fragmentation': 'enable', - 'fragmentation_mtu': '48', - 'group_authentication': 'enable', - 'group_authentication_secret': 'test_value_50', - 'ha_sync_esp_seqno': 'enable', - 'idle_timeout': 'enable', - 'idle_timeoutinterval': '53', - 'ike_version': '1', - 'include_local_lan': 'disable', - 'interface': 'test_value_56', - 'ip_version': '4', - 'ipv4_dns_server1': 'test_value_58', - 'ipv4_dns_server2': 'test_value_59', - 'ipv4_dns_server3': 'test_value_60', - 'ipv4_end_ip': 'test_value_61', - 'ipv4_name': 'test_value_62', - 'ipv4_netmask': 'test_value_63', - 'ipv4_split_exclude': 'test_value_64', - 'ipv4_split_include': 'test_value_65', - 'ipv4_start_ip': 'test_value_66', - 'ipv4_wins_server1': 'test_value_67', - 'ipv4_wins_server2': 'test_value_68', - 'ipv6_dns_server1': 'test_value_69', - 'ipv6_dns_server2': 'test_value_70', - 'ipv6_dns_server3': 'test_value_71', - 'ipv6_end_ip': 'test_value_72', - 'ipv6_name': 'test_value_73', - 'ipv6_prefix': '74', - 'ipv6_split_exclude': 'test_value_75', - 'ipv6_split_include': 'test_value_76', - 'ipv6_start_ip': 'test_value_77', - 'keepalive': '78', - 'keylife': '79', - 'local_gw': 'test_value_80', - 'local_gw6': 'test_value_81', - 'localid': 'test_value_82', - 'localid_type': 'auto', - 'mesh_selector_type': 'disable', - 'mode': 'aggressive', - 'mode_cfg': 'disable', - 'monitor': 'test_value_87', - 'monitor_hold_down_delay': '88', - 'monitor_hold_down_time': 'test_value_89', - 'monitor_hold_down_type': 'immediate', - 'monitor_hold_down_weekday': 'everyday', - 'name': 'default_name_92', - 'nattraversal': 'enable', - 'negotiate_timeout': '94', - 'net_device': 'enable', - 'passive_mode': 'enable', - 'peer': 'test_value_97', - 'peergrp': 'test_value_98', - 'peerid': 'test_value_99', - 'peertype': 'any', - 'ppk': 'disable', - 'ppk_identity': 'test_value_102', - 'ppk_secret': 'test_value_103', - 'priority': '104', - 'proposal': 'des-md5', - 'psksecret': 'test_value_106', - 'psksecret_remote': 'test_value_107', - 'reauth': 'disable', - 'rekey': 'enable', - 'remote_gw': 'test_value_110', - 'remote_gw6': 'test_value_111', - 'remotegw_ddns': 'test_value_112', - 'rsa_signature_format': 'pkcs1', - 'save_password': 'disable', - 'send_cert_chain': 'enable', - 'signature_hash_alg': 'sha1', - 'split_include_service': 'test_value_117', - 'suite_b': 'disable', - 'tunnel_search': 'selectors', - 'type': 'static', - 'unity_support': 'disable', - 'usrgrp': 'test_value_122', - 'vni': '123', - 'wizard_type': 'custom', - 'xauthtype': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_phase1_interface.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = { - 'acct-verify': 'enable', - 'add-gw-route': 'enable', - 'add-route': 'disable', - 'assign-ip': 'disable', - 'assign-ip-from': 'range', - 'authmethod': 'psk', - 'authmethod-remote': 'psk', - 'authpasswd': 'test_value_10', - 'authusr': 'test_value_11', - 'authusrgrp': 'test_value_12', - 'auto-discovery-forwarder': 'enable', - 'auto-discovery-psk': 'enable', - 'auto-discovery-receiver': 'enable', - 'auto-discovery-sender': 'enable', - 'auto-negotiate': 'enable', - 'banner': 'test_value_18', - 'cert-id-validation': 'enable', - 'childless-ike': 'enable', - 'client-auto-negotiate': 'disable', - 'client-keep-alive': 'disable', - 'comments': 'test_value_23', - 'default-gw': 'test_value_24', - 'default-gw-priority': '25', - 'dhgrp': '1', - 'digital-signature-auth': 'enable', - 'distance': '28', - 'dns-mode': 'manual', - 'domain': 'test_value_30', - 'dpd': 'disable', - 'dpd-retrycount': '32', - 'dpd-retryinterval': 'test_value_33', - 'eap': 'enable', - 'eap-identity': 'use-id-payload', - 'encap-local-gw4': 'test_value_36', - 'encap-local-gw6': 'test_value_37', - 'encap-remote-gw4': 'test_value_38', - 'encap-remote-gw6': 'test_value_39', - 'encapsulation': 'none', - 'encapsulation-address': 'ike', - 'enforce-unique-id': 'disable', - 'exchange-interface-ip': 'enable', - 'exchange-ip-addr4': 'test_value_44', - 'exchange-ip-addr6': 'test_value_45', - 'forticlient-enforcement': 'enable', - 'fragmentation': 'enable', - 'fragmentation-mtu': '48', - 'group-authentication': 'enable', - 'group-authentication-secret': 'test_value_50', - 'ha-sync-esp-seqno': 'enable', - 'idle-timeout': 'enable', - 'idle-timeoutinterval': '53', - 'ike-version': '1', - 'include-local-lan': 'disable', - 'interface': 'test_value_56', - 'ip-version': '4', - 'ipv4-dns-server1': 'test_value_58', - 'ipv4-dns-server2': 'test_value_59', - 'ipv4-dns-server3': 'test_value_60', - 'ipv4-end-ip': 'test_value_61', - 'ipv4-name': 'test_value_62', - 'ipv4-netmask': 'test_value_63', - 'ipv4-split-exclude': 'test_value_64', - 'ipv4-split-include': 'test_value_65', - 'ipv4-start-ip': 'test_value_66', - 'ipv4-wins-server1': 'test_value_67', - 'ipv4-wins-server2': 'test_value_68', - 'ipv6-dns-server1': 'test_value_69', - 'ipv6-dns-server2': 'test_value_70', - 'ipv6-dns-server3': 'test_value_71', - 'ipv6-end-ip': 'test_value_72', - 'ipv6-name': 'test_value_73', - 'ipv6-prefix': '74', - 'ipv6-split-exclude': 'test_value_75', - 'ipv6-split-include': 'test_value_76', - 'ipv6-start-ip': 'test_value_77', - 'keepalive': '78', - 'keylife': '79', - 'local-gw': 'test_value_80', - 'local-gw6': 'test_value_81', - 'localid': 'test_value_82', - 'localid-type': 'auto', - 'mesh-selector-type': 'disable', - 'mode': 'aggressive', - 'mode-cfg': 'disable', - 'monitor': 'test_value_87', - 'monitor-hold-down-delay': '88', - 'monitor-hold-down-time': 'test_value_89', - 'monitor-hold-down-type': 'immediate', - 'monitor-hold-down-weekday': 'everyday', - 'name': 'default_name_92', - 'nattraversal': 'enable', - 'negotiate-timeout': '94', - 'net-device': 'enable', - 'passive-mode': 'enable', - 'peer': 'test_value_97', - 'peergrp': 'test_value_98', - 'peerid': 'test_value_99', - 'peertype': 'any', - 'ppk': 'disable', - 'ppk-identity': 'test_value_102', - 'ppk-secret': 'test_value_103', - 'priority': '104', - 'proposal': 'des-md5', - 'psksecret': 'test_value_106', - 'psksecret-remote': 'test_value_107', - 'reauth': 'disable', - 'rekey': 'enable', - 'remote-gw': 'test_value_110', - 'remote-gw6': 'test_value_111', - 'remotegw-ddns': 'test_value_112', - 'rsa-signature-format': 'pkcs1', - 'save-password': 'disable', - 'send-cert-chain': 'enable', - 'signature-hash-alg': 'sha1', - 'split-include-service': 'test_value_117', - 'suite-b': 'disable', - 'tunnel-search': 'selectors', - 'type': 'static', - 'unity-support': 'disable', - 'usrgrp': 'test_value_122', - 'vni': '123', - 'wizard-type': 'custom', - 'xauthtype': 'disable' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'phase1-interface', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_ipsec_phase1_interface_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_ipsec_phase1_interface': { - 'acct_verify': 'enable', - 'add_gw_route': 'enable', - 'add_route': 'disable', - 'assign_ip': 'disable', - 'assign_ip_from': 'range', - 'authmethod': 'psk', - 'authmethod_remote': 'psk', - 'authpasswd': 'test_value_10', - 'authusr': 'test_value_11', - 'authusrgrp': 'test_value_12', - 'auto_discovery_forwarder': 'enable', - 'auto_discovery_psk': 'enable', - 'auto_discovery_receiver': 'enable', - 'auto_discovery_sender': 'enable', - 'auto_negotiate': 'enable', - 'banner': 'test_value_18', - 'cert_id_validation': 'enable', - 'childless_ike': 'enable', - 'client_auto_negotiate': 'disable', - 'client_keep_alive': 'disable', - 'comments': 'test_value_23', - 'default_gw': 'test_value_24', - 'default_gw_priority': '25', - 'dhgrp': '1', - 'digital_signature_auth': 'enable', - 'distance': '28', - 'dns_mode': 'manual', - 'domain': 'test_value_30', - 'dpd': 'disable', - 'dpd_retrycount': '32', - 'dpd_retryinterval': 'test_value_33', - 'eap': 'enable', - 'eap_identity': 'use-id-payload', - 'encap_local_gw4': 'test_value_36', - 'encap_local_gw6': 'test_value_37', - 'encap_remote_gw4': 'test_value_38', - 'encap_remote_gw6': 'test_value_39', - 'encapsulation': 'none', - 'encapsulation_address': 'ike', - 'enforce_unique_id': 'disable', - 'exchange_interface_ip': 'enable', - 'exchange_ip_addr4': 'test_value_44', - 'exchange_ip_addr6': 'test_value_45', - 'forticlient_enforcement': 'enable', - 'fragmentation': 'enable', - 'fragmentation_mtu': '48', - 'group_authentication': 'enable', - 'group_authentication_secret': 'test_value_50', - 'ha_sync_esp_seqno': 'enable', - 'idle_timeout': 'enable', - 'idle_timeoutinterval': '53', - 'ike_version': '1', - 'include_local_lan': 'disable', - 'interface': 'test_value_56', - 'ip_version': '4', - 'ipv4_dns_server1': 'test_value_58', - 'ipv4_dns_server2': 'test_value_59', - 'ipv4_dns_server3': 'test_value_60', - 'ipv4_end_ip': 'test_value_61', - 'ipv4_name': 'test_value_62', - 'ipv4_netmask': 'test_value_63', - 'ipv4_split_exclude': 'test_value_64', - 'ipv4_split_include': 'test_value_65', - 'ipv4_start_ip': 'test_value_66', - 'ipv4_wins_server1': 'test_value_67', - 'ipv4_wins_server2': 'test_value_68', - 'ipv6_dns_server1': 'test_value_69', - 'ipv6_dns_server2': 'test_value_70', - 'ipv6_dns_server3': 'test_value_71', - 'ipv6_end_ip': 'test_value_72', - 'ipv6_name': 'test_value_73', - 'ipv6_prefix': '74', - 'ipv6_split_exclude': 'test_value_75', - 'ipv6_split_include': 'test_value_76', - 'ipv6_start_ip': 'test_value_77', - 'keepalive': '78', - 'keylife': '79', - 'local_gw': 'test_value_80', - 'local_gw6': 'test_value_81', - 'localid': 'test_value_82', - 'localid_type': 'auto', - 'mesh_selector_type': 'disable', - 'mode': 'aggressive', - 'mode_cfg': 'disable', - 'monitor': 'test_value_87', - 'monitor_hold_down_delay': '88', - 'monitor_hold_down_time': 'test_value_89', - 'monitor_hold_down_type': 'immediate', - 'monitor_hold_down_weekday': 'everyday', - 'name': 'default_name_92', - 'nattraversal': 'enable', - 'negotiate_timeout': '94', - 'net_device': 'enable', - 'passive_mode': 'enable', - 'peer': 'test_value_97', - 'peergrp': 'test_value_98', - 'peerid': 'test_value_99', - 'peertype': 'any', - 'ppk': 'disable', - 'ppk_identity': 'test_value_102', - 'ppk_secret': 'test_value_103', - 'priority': '104', - 'proposal': 'des-md5', - 'psksecret': 'test_value_106', - 'psksecret_remote': 'test_value_107', - 'reauth': 'disable', - 'rekey': 'enable', - 'remote_gw': 'test_value_110', - 'remote_gw6': 'test_value_111', - 'remotegw_ddns': 'test_value_112', - 'rsa_signature_format': 'pkcs1', - 'save_password': 'disable', - 'send_cert_chain': 'enable', - 'signature_hash_alg': 'sha1', - 'split_include_service': 'test_value_117', - 'suite_b': 'disable', - 'tunnel_search': 'selectors', - 'type': 'static', - 'unity_support': 'disable', - 'usrgrp': 'test_value_122', - 'vni': '123', - 'wizard_type': 'custom', - 'xauthtype': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_phase1_interface.fortios_vpn_ipsec(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.ipsec', 'phase1-interface', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_ipsec_phase1_interface_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_ipsec_phase1_interface': { - 'acct_verify': 'enable', - 'add_gw_route': 'enable', - 'add_route': 'disable', - 'assign_ip': 'disable', - 'assign_ip_from': 'range', - 'authmethod': 'psk', - 'authmethod_remote': 'psk', - 'authpasswd': 'test_value_10', - 'authusr': 'test_value_11', - 'authusrgrp': 'test_value_12', - 'auto_discovery_forwarder': 'enable', - 'auto_discovery_psk': 'enable', - 'auto_discovery_receiver': 'enable', - 'auto_discovery_sender': 'enable', - 'auto_negotiate': 'enable', - 'banner': 'test_value_18', - 'cert_id_validation': 'enable', - 'childless_ike': 'enable', - 'client_auto_negotiate': 'disable', - 'client_keep_alive': 'disable', - 'comments': 'test_value_23', - 'default_gw': 'test_value_24', - 'default_gw_priority': '25', - 'dhgrp': '1', - 'digital_signature_auth': 'enable', - 'distance': '28', - 'dns_mode': 'manual', - 'domain': 'test_value_30', - 'dpd': 'disable', - 'dpd_retrycount': '32', - 'dpd_retryinterval': 'test_value_33', - 'eap': 'enable', - 'eap_identity': 'use-id-payload', - 'encap_local_gw4': 'test_value_36', - 'encap_local_gw6': 'test_value_37', - 'encap_remote_gw4': 'test_value_38', - 'encap_remote_gw6': 'test_value_39', - 'encapsulation': 'none', - 'encapsulation_address': 'ike', - 'enforce_unique_id': 'disable', - 'exchange_interface_ip': 'enable', - 'exchange_ip_addr4': 'test_value_44', - 'exchange_ip_addr6': 'test_value_45', - 'forticlient_enforcement': 'enable', - 'fragmentation': 'enable', - 'fragmentation_mtu': '48', - 'group_authentication': 'enable', - 'group_authentication_secret': 'test_value_50', - 'ha_sync_esp_seqno': 'enable', - 'idle_timeout': 'enable', - 'idle_timeoutinterval': '53', - 'ike_version': '1', - 'include_local_lan': 'disable', - 'interface': 'test_value_56', - 'ip_version': '4', - 'ipv4_dns_server1': 'test_value_58', - 'ipv4_dns_server2': 'test_value_59', - 'ipv4_dns_server3': 'test_value_60', - 'ipv4_end_ip': 'test_value_61', - 'ipv4_name': 'test_value_62', - 'ipv4_netmask': 'test_value_63', - 'ipv4_split_exclude': 'test_value_64', - 'ipv4_split_include': 'test_value_65', - 'ipv4_start_ip': 'test_value_66', - 'ipv4_wins_server1': 'test_value_67', - 'ipv4_wins_server2': 'test_value_68', - 'ipv6_dns_server1': 'test_value_69', - 'ipv6_dns_server2': 'test_value_70', - 'ipv6_dns_server3': 'test_value_71', - 'ipv6_end_ip': 'test_value_72', - 'ipv6_name': 'test_value_73', - 'ipv6_prefix': '74', - 'ipv6_split_exclude': 'test_value_75', - 'ipv6_split_include': 'test_value_76', - 'ipv6_start_ip': 'test_value_77', - 'keepalive': '78', - 'keylife': '79', - 'local_gw': 'test_value_80', - 'local_gw6': 'test_value_81', - 'localid': 'test_value_82', - 'localid_type': 'auto', - 'mesh_selector_type': 'disable', - 'mode': 'aggressive', - 'mode_cfg': 'disable', - 'monitor': 'test_value_87', - 'monitor_hold_down_delay': '88', - 'monitor_hold_down_time': 'test_value_89', - 'monitor_hold_down_type': 'immediate', - 'monitor_hold_down_weekday': 'everyday', - 'name': 'default_name_92', - 'nattraversal': 'enable', - 'negotiate_timeout': '94', - 'net_device': 'enable', - 'passive_mode': 'enable', - 'peer': 'test_value_97', - 'peergrp': 'test_value_98', - 'peerid': 'test_value_99', - 'peertype': 'any', - 'ppk': 'disable', - 'ppk_identity': 'test_value_102', - 'ppk_secret': 'test_value_103', - 'priority': '104', - 'proposal': 'des-md5', - 'psksecret': 'test_value_106', - 'psksecret_remote': 'test_value_107', - 'reauth': 'disable', - 'rekey': 'enable', - 'remote_gw': 'test_value_110', - 'remote_gw6': 'test_value_111', - 'remotegw_ddns': 'test_value_112', - 'rsa_signature_format': 'pkcs1', - 'save_password': 'disable', - 'send_cert_chain': 'enable', - 'signature_hash_alg': 'sha1', - 'split_include_service': 'test_value_117', - 'suite_b': 'disable', - 'tunnel_search': 'selectors', - 'type': 'static', - 'unity_support': 'disable', - 'usrgrp': 'test_value_122', - 'vni': '123', - 'wizard_type': 'custom', - 'xauthtype': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_phase1_interface.fortios_vpn_ipsec(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.ipsec', 'phase1-interface', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_ipsec_phase1_interface_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_phase1_interface': { - 'acct_verify': 'enable', - 'add_gw_route': 'enable', - 'add_route': 'disable', - 'assign_ip': 'disable', - 'assign_ip_from': 'range', - 'authmethod': 'psk', - 'authmethod_remote': 'psk', - 'authpasswd': 'test_value_10', - 'authusr': 'test_value_11', - 'authusrgrp': 'test_value_12', - 'auto_discovery_forwarder': 'enable', - 'auto_discovery_psk': 'enable', - 'auto_discovery_receiver': 'enable', - 'auto_discovery_sender': 'enable', - 'auto_negotiate': 'enable', - 'banner': 'test_value_18', - 'cert_id_validation': 'enable', - 'childless_ike': 'enable', - 'client_auto_negotiate': 'disable', - 'client_keep_alive': 'disable', - 'comments': 'test_value_23', - 'default_gw': 'test_value_24', - 'default_gw_priority': '25', - 'dhgrp': '1', - 'digital_signature_auth': 'enable', - 'distance': '28', - 'dns_mode': 'manual', - 'domain': 'test_value_30', - 'dpd': 'disable', - 'dpd_retrycount': '32', - 'dpd_retryinterval': 'test_value_33', - 'eap': 'enable', - 'eap_identity': 'use-id-payload', - 'encap_local_gw4': 'test_value_36', - 'encap_local_gw6': 'test_value_37', - 'encap_remote_gw4': 'test_value_38', - 'encap_remote_gw6': 'test_value_39', - 'encapsulation': 'none', - 'encapsulation_address': 'ike', - 'enforce_unique_id': 'disable', - 'exchange_interface_ip': 'enable', - 'exchange_ip_addr4': 'test_value_44', - 'exchange_ip_addr6': 'test_value_45', - 'forticlient_enforcement': 'enable', - 'fragmentation': 'enable', - 'fragmentation_mtu': '48', - 'group_authentication': 'enable', - 'group_authentication_secret': 'test_value_50', - 'ha_sync_esp_seqno': 'enable', - 'idle_timeout': 'enable', - 'idle_timeoutinterval': '53', - 'ike_version': '1', - 'include_local_lan': 'disable', - 'interface': 'test_value_56', - 'ip_version': '4', - 'ipv4_dns_server1': 'test_value_58', - 'ipv4_dns_server2': 'test_value_59', - 'ipv4_dns_server3': 'test_value_60', - 'ipv4_end_ip': 'test_value_61', - 'ipv4_name': 'test_value_62', - 'ipv4_netmask': 'test_value_63', - 'ipv4_split_exclude': 'test_value_64', - 'ipv4_split_include': 'test_value_65', - 'ipv4_start_ip': 'test_value_66', - 'ipv4_wins_server1': 'test_value_67', - 'ipv4_wins_server2': 'test_value_68', - 'ipv6_dns_server1': 'test_value_69', - 'ipv6_dns_server2': 'test_value_70', - 'ipv6_dns_server3': 'test_value_71', - 'ipv6_end_ip': 'test_value_72', - 'ipv6_name': 'test_value_73', - 'ipv6_prefix': '74', - 'ipv6_split_exclude': 'test_value_75', - 'ipv6_split_include': 'test_value_76', - 'ipv6_start_ip': 'test_value_77', - 'keepalive': '78', - 'keylife': '79', - 'local_gw': 'test_value_80', - 'local_gw6': 'test_value_81', - 'localid': 'test_value_82', - 'localid_type': 'auto', - 'mesh_selector_type': 'disable', - 'mode': 'aggressive', - 'mode_cfg': 'disable', - 'monitor': 'test_value_87', - 'monitor_hold_down_delay': '88', - 'monitor_hold_down_time': 'test_value_89', - 'monitor_hold_down_type': 'immediate', - 'monitor_hold_down_weekday': 'everyday', - 'name': 'default_name_92', - 'nattraversal': 'enable', - 'negotiate_timeout': '94', - 'net_device': 'enable', - 'passive_mode': 'enable', - 'peer': 'test_value_97', - 'peergrp': 'test_value_98', - 'peerid': 'test_value_99', - 'peertype': 'any', - 'ppk': 'disable', - 'ppk_identity': 'test_value_102', - 'ppk_secret': 'test_value_103', - 'priority': '104', - 'proposal': 'des-md5', - 'psksecret': 'test_value_106', - 'psksecret_remote': 'test_value_107', - 'reauth': 'disable', - 'rekey': 'enable', - 'remote_gw': 'test_value_110', - 'remote_gw6': 'test_value_111', - 'remotegw_ddns': 'test_value_112', - 'rsa_signature_format': 'pkcs1', - 'save_password': 'disable', - 'send_cert_chain': 'enable', - 'signature_hash_alg': 'sha1', - 'split_include_service': 'test_value_117', - 'suite_b': 'disable', - 'tunnel_search': 'selectors', - 'type': 'static', - 'unity_support': 'disable', - 'usrgrp': 'test_value_122', - 'vni': '123', - 'wizard_type': 'custom', - 'xauthtype': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_phase1_interface.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = { - 'acct-verify': 'enable', - 'add-gw-route': 'enable', - 'add-route': 'disable', - 'assign-ip': 'disable', - 'assign-ip-from': 'range', - 'authmethod': 'psk', - 'authmethod-remote': 'psk', - 'authpasswd': 'test_value_10', - 'authusr': 'test_value_11', - 'authusrgrp': 'test_value_12', - 'auto-discovery-forwarder': 'enable', - 'auto-discovery-psk': 'enable', - 'auto-discovery-receiver': 'enable', - 'auto-discovery-sender': 'enable', - 'auto-negotiate': 'enable', - 'banner': 'test_value_18', - 'cert-id-validation': 'enable', - 'childless-ike': 'enable', - 'client-auto-negotiate': 'disable', - 'client-keep-alive': 'disable', - 'comments': 'test_value_23', - 'default-gw': 'test_value_24', - 'default-gw-priority': '25', - 'dhgrp': '1', - 'digital-signature-auth': 'enable', - 'distance': '28', - 'dns-mode': 'manual', - 'domain': 'test_value_30', - 'dpd': 'disable', - 'dpd-retrycount': '32', - 'dpd-retryinterval': 'test_value_33', - 'eap': 'enable', - 'eap-identity': 'use-id-payload', - 'encap-local-gw4': 'test_value_36', - 'encap-local-gw6': 'test_value_37', - 'encap-remote-gw4': 'test_value_38', - 'encap-remote-gw6': 'test_value_39', - 'encapsulation': 'none', - 'encapsulation-address': 'ike', - 'enforce-unique-id': 'disable', - 'exchange-interface-ip': 'enable', - 'exchange-ip-addr4': 'test_value_44', - 'exchange-ip-addr6': 'test_value_45', - 'forticlient-enforcement': 'enable', - 'fragmentation': 'enable', - 'fragmentation-mtu': '48', - 'group-authentication': 'enable', - 'group-authentication-secret': 'test_value_50', - 'ha-sync-esp-seqno': 'enable', - 'idle-timeout': 'enable', - 'idle-timeoutinterval': '53', - 'ike-version': '1', - 'include-local-lan': 'disable', - 'interface': 'test_value_56', - 'ip-version': '4', - 'ipv4-dns-server1': 'test_value_58', - 'ipv4-dns-server2': 'test_value_59', - 'ipv4-dns-server3': 'test_value_60', - 'ipv4-end-ip': 'test_value_61', - 'ipv4-name': 'test_value_62', - 'ipv4-netmask': 'test_value_63', - 'ipv4-split-exclude': 'test_value_64', - 'ipv4-split-include': 'test_value_65', - 'ipv4-start-ip': 'test_value_66', - 'ipv4-wins-server1': 'test_value_67', - 'ipv4-wins-server2': 'test_value_68', - 'ipv6-dns-server1': 'test_value_69', - 'ipv6-dns-server2': 'test_value_70', - 'ipv6-dns-server3': 'test_value_71', - 'ipv6-end-ip': 'test_value_72', - 'ipv6-name': 'test_value_73', - 'ipv6-prefix': '74', - 'ipv6-split-exclude': 'test_value_75', - 'ipv6-split-include': 'test_value_76', - 'ipv6-start-ip': 'test_value_77', - 'keepalive': '78', - 'keylife': '79', - 'local-gw': 'test_value_80', - 'local-gw6': 'test_value_81', - 'localid': 'test_value_82', - 'localid-type': 'auto', - 'mesh-selector-type': 'disable', - 'mode': 'aggressive', - 'mode-cfg': 'disable', - 'monitor': 'test_value_87', - 'monitor-hold-down-delay': '88', - 'monitor-hold-down-time': 'test_value_89', - 'monitor-hold-down-type': 'immediate', - 'monitor-hold-down-weekday': 'everyday', - 'name': 'default_name_92', - 'nattraversal': 'enable', - 'negotiate-timeout': '94', - 'net-device': 'enable', - 'passive-mode': 'enable', - 'peer': 'test_value_97', - 'peergrp': 'test_value_98', - 'peerid': 'test_value_99', - 'peertype': 'any', - 'ppk': 'disable', - 'ppk-identity': 'test_value_102', - 'ppk-secret': 'test_value_103', - 'priority': '104', - 'proposal': 'des-md5', - 'psksecret': 'test_value_106', - 'psksecret-remote': 'test_value_107', - 'reauth': 'disable', - 'rekey': 'enable', - 'remote-gw': 'test_value_110', - 'remote-gw6': 'test_value_111', - 'remotegw-ddns': 'test_value_112', - 'rsa-signature-format': 'pkcs1', - 'save-password': 'disable', - 'send-cert-chain': 'enable', - 'signature-hash-alg': 'sha1', - 'split-include-service': 'test_value_117', - 'suite-b': 'disable', - 'tunnel-search': 'selectors', - 'type': 'static', - 'unity-support': 'disable', - 'usrgrp': 'test_value_122', - 'vni': '123', - 'wizard-type': 'custom', - 'xauthtype': 'disable' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'phase1-interface', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_vpn_ipsec_phase1_interface_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_phase1_interface': { - 'random_attribute_not_valid': 'tag', - 'acct_verify': 'enable', - 'add_gw_route': 'enable', - 'add_route': 'disable', - 'assign_ip': 'disable', - 'assign_ip_from': 'range', - 'authmethod': 'psk', - 'authmethod_remote': 'psk', - 'authpasswd': 'test_value_10', - 'authusr': 'test_value_11', - 'authusrgrp': 'test_value_12', - 'auto_discovery_forwarder': 'enable', - 'auto_discovery_psk': 'enable', - 'auto_discovery_receiver': 'enable', - 'auto_discovery_sender': 'enable', - 'auto_negotiate': 'enable', - 'banner': 'test_value_18', - 'cert_id_validation': 'enable', - 'childless_ike': 'enable', - 'client_auto_negotiate': 'disable', - 'client_keep_alive': 'disable', - 'comments': 'test_value_23', - 'default_gw': 'test_value_24', - 'default_gw_priority': '25', - 'dhgrp': '1', - 'digital_signature_auth': 'enable', - 'distance': '28', - 'dns_mode': 'manual', - 'domain': 'test_value_30', - 'dpd': 'disable', - 'dpd_retrycount': '32', - 'dpd_retryinterval': 'test_value_33', - 'eap': 'enable', - 'eap_identity': 'use-id-payload', - 'encap_local_gw4': 'test_value_36', - 'encap_local_gw6': 'test_value_37', - 'encap_remote_gw4': 'test_value_38', - 'encap_remote_gw6': 'test_value_39', - 'encapsulation': 'none', - 'encapsulation_address': 'ike', - 'enforce_unique_id': 'disable', - 'exchange_interface_ip': 'enable', - 'exchange_ip_addr4': 'test_value_44', - 'exchange_ip_addr6': 'test_value_45', - 'forticlient_enforcement': 'enable', - 'fragmentation': 'enable', - 'fragmentation_mtu': '48', - 'group_authentication': 'enable', - 'group_authentication_secret': 'test_value_50', - 'ha_sync_esp_seqno': 'enable', - 'idle_timeout': 'enable', - 'idle_timeoutinterval': '53', - 'ike_version': '1', - 'include_local_lan': 'disable', - 'interface': 'test_value_56', - 'ip_version': '4', - 'ipv4_dns_server1': 'test_value_58', - 'ipv4_dns_server2': 'test_value_59', - 'ipv4_dns_server3': 'test_value_60', - 'ipv4_end_ip': 'test_value_61', - 'ipv4_name': 'test_value_62', - 'ipv4_netmask': 'test_value_63', - 'ipv4_split_exclude': 'test_value_64', - 'ipv4_split_include': 'test_value_65', - 'ipv4_start_ip': 'test_value_66', - 'ipv4_wins_server1': 'test_value_67', - 'ipv4_wins_server2': 'test_value_68', - 'ipv6_dns_server1': 'test_value_69', - 'ipv6_dns_server2': 'test_value_70', - 'ipv6_dns_server3': 'test_value_71', - 'ipv6_end_ip': 'test_value_72', - 'ipv6_name': 'test_value_73', - 'ipv6_prefix': '74', - 'ipv6_split_exclude': 'test_value_75', - 'ipv6_split_include': 'test_value_76', - 'ipv6_start_ip': 'test_value_77', - 'keepalive': '78', - 'keylife': '79', - 'local_gw': 'test_value_80', - 'local_gw6': 'test_value_81', - 'localid': 'test_value_82', - 'localid_type': 'auto', - 'mesh_selector_type': 'disable', - 'mode': 'aggressive', - 'mode_cfg': 'disable', - 'monitor': 'test_value_87', - 'monitor_hold_down_delay': '88', - 'monitor_hold_down_time': 'test_value_89', - 'monitor_hold_down_type': 'immediate', - 'monitor_hold_down_weekday': 'everyday', - 'name': 'default_name_92', - 'nattraversal': 'enable', - 'negotiate_timeout': '94', - 'net_device': 'enable', - 'passive_mode': 'enable', - 'peer': 'test_value_97', - 'peergrp': 'test_value_98', - 'peerid': 'test_value_99', - 'peertype': 'any', - 'ppk': 'disable', - 'ppk_identity': 'test_value_102', - 'ppk_secret': 'test_value_103', - 'priority': '104', - 'proposal': 'des-md5', - 'psksecret': 'test_value_106', - 'psksecret_remote': 'test_value_107', - 'reauth': 'disable', - 'rekey': 'enable', - 'remote_gw': 'test_value_110', - 'remote_gw6': 'test_value_111', - 'remotegw_ddns': 'test_value_112', - 'rsa_signature_format': 'pkcs1', - 'save_password': 'disable', - 'send_cert_chain': 'enable', - 'signature_hash_alg': 'sha1', - 'split_include_service': 'test_value_117', - 'suite_b': 'disable', - 'tunnel_search': 'selectors', - 'type': 'static', - 'unity_support': 'disable', - 'usrgrp': 'test_value_122', - 'vni': '123', - 'wizard_type': 'custom', - 'xauthtype': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_phase1_interface.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = { - 'acct-verify': 'enable', - 'add-gw-route': 'enable', - 'add-route': 'disable', - 'assign-ip': 'disable', - 'assign-ip-from': 'range', - 'authmethod': 'psk', - 'authmethod-remote': 'psk', - 'authpasswd': 'test_value_10', - 'authusr': 'test_value_11', - 'authusrgrp': 'test_value_12', - 'auto-discovery-forwarder': 'enable', - 'auto-discovery-psk': 'enable', - 'auto-discovery-receiver': 'enable', - 'auto-discovery-sender': 'enable', - 'auto-negotiate': 'enable', - 'banner': 'test_value_18', - 'cert-id-validation': 'enable', - 'childless-ike': 'enable', - 'client-auto-negotiate': 'disable', - 'client-keep-alive': 'disable', - 'comments': 'test_value_23', - 'default-gw': 'test_value_24', - 'default-gw-priority': '25', - 'dhgrp': '1', - 'digital-signature-auth': 'enable', - 'distance': '28', - 'dns-mode': 'manual', - 'domain': 'test_value_30', - 'dpd': 'disable', - 'dpd-retrycount': '32', - 'dpd-retryinterval': 'test_value_33', - 'eap': 'enable', - 'eap-identity': 'use-id-payload', - 'encap-local-gw4': 'test_value_36', - 'encap-local-gw6': 'test_value_37', - 'encap-remote-gw4': 'test_value_38', - 'encap-remote-gw6': 'test_value_39', - 'encapsulation': 'none', - 'encapsulation-address': 'ike', - 'enforce-unique-id': 'disable', - 'exchange-interface-ip': 'enable', - 'exchange-ip-addr4': 'test_value_44', - 'exchange-ip-addr6': 'test_value_45', - 'forticlient-enforcement': 'enable', - 'fragmentation': 'enable', - 'fragmentation-mtu': '48', - 'group-authentication': 'enable', - 'group-authentication-secret': 'test_value_50', - 'ha-sync-esp-seqno': 'enable', - 'idle-timeout': 'enable', - 'idle-timeoutinterval': '53', - 'ike-version': '1', - 'include-local-lan': 'disable', - 'interface': 'test_value_56', - 'ip-version': '4', - 'ipv4-dns-server1': 'test_value_58', - 'ipv4-dns-server2': 'test_value_59', - 'ipv4-dns-server3': 'test_value_60', - 'ipv4-end-ip': 'test_value_61', - 'ipv4-name': 'test_value_62', - 'ipv4-netmask': 'test_value_63', - 'ipv4-split-exclude': 'test_value_64', - 'ipv4-split-include': 'test_value_65', - 'ipv4-start-ip': 'test_value_66', - 'ipv4-wins-server1': 'test_value_67', - 'ipv4-wins-server2': 'test_value_68', - 'ipv6-dns-server1': 'test_value_69', - 'ipv6-dns-server2': 'test_value_70', - 'ipv6-dns-server3': 'test_value_71', - 'ipv6-end-ip': 'test_value_72', - 'ipv6-name': 'test_value_73', - 'ipv6-prefix': '74', - 'ipv6-split-exclude': 'test_value_75', - 'ipv6-split-include': 'test_value_76', - 'ipv6-start-ip': 'test_value_77', - 'keepalive': '78', - 'keylife': '79', - 'local-gw': 'test_value_80', - 'local-gw6': 'test_value_81', - 'localid': 'test_value_82', - 'localid-type': 'auto', - 'mesh-selector-type': 'disable', - 'mode': 'aggressive', - 'mode-cfg': 'disable', - 'monitor': 'test_value_87', - 'monitor-hold-down-delay': '88', - 'monitor-hold-down-time': 'test_value_89', - 'monitor-hold-down-type': 'immediate', - 'monitor-hold-down-weekday': 'everyday', - 'name': 'default_name_92', - 'nattraversal': 'enable', - 'negotiate-timeout': '94', - 'net-device': 'enable', - 'passive-mode': 'enable', - 'peer': 'test_value_97', - 'peergrp': 'test_value_98', - 'peerid': 'test_value_99', - 'peertype': 'any', - 'ppk': 'disable', - 'ppk-identity': 'test_value_102', - 'ppk-secret': 'test_value_103', - 'priority': '104', - 'proposal': 'des-md5', - 'psksecret': 'test_value_106', - 'psksecret-remote': 'test_value_107', - 'reauth': 'disable', - 'rekey': 'enable', - 'remote-gw': 'test_value_110', - 'remote-gw6': 'test_value_111', - 'remotegw-ddns': 'test_value_112', - 'rsa-signature-format': 'pkcs1', - 'save-password': 'disable', - 'send-cert-chain': 'enable', - 'signature-hash-alg': 'sha1', - 'split-include-service': 'test_value_117', - 'suite-b': 'disable', - 'tunnel-search': 'selectors', - 'type': 'static', - 'unity-support': 'disable', - 'usrgrp': 'test_value_122', - 'vni': '123', - 'wizard-type': 'custom', - 'xauthtype': 'disable' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'phase1-interface', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_vpn_ipsec_phase2.py b/test/units/modules/network/fortios/test_fortios_vpn_ipsec_phase2.py deleted file mode 100644 index 69c8c362f75..00000000000 --- a/test/units/modules/network/fortios/test_fortios_vpn_ipsec_phase2.py +++ /dev/null @@ -1,599 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_vpn_ipsec_phase2 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_vpn_ipsec_phase2.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_vpn_ipsec_phase2_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_phase2': { - 'add_route': 'phase1', - 'auto_negotiate': 'enable', - 'comments': 'test_value_5', - 'dhcp_ipsec': 'enable', - 'dhgrp': '1', - 'dst_addr_type': 'subnet', - 'dst_end_ip': 'test_value_9', - 'dst_end_ip6': 'test_value_10', - 'dst_name': 'test_value_11', - 'dst_name6': 'test_value_12', - 'dst_port': '13', - 'dst_start_ip': 'test_value_14', - 'dst_start_ip6': 'test_value_15', - 'dst_subnet': 'test_value_16', - 'dst_subnet6': 'test_value_17', - 'encapsulation': 'tunnel-mode', - 'keepalive': 'enable', - 'keylife_type': 'seconds', - 'keylifekbs': '21', - 'keylifeseconds': '22', - 'l2tp': 'enable', - 'name': 'default_name_24', - 'pfs': 'enable', - 'phase1name': 'test_value_26', - 'proposal': 'null-md5', - 'protocol': '28', - 'replay': 'enable', - 'route_overlap': 'use-old', - 'selector_match': 'exact', - 'single_source': 'enable', - 'src_addr_type': 'subnet', - 'src_end_ip': 'test_value_34', - 'src_end_ip6': 'test_value_35', - 'src_name': 'test_value_36', - 'src_name6': 'test_value_37', - 'src_port': '38', - 'src_start_ip': 'test_value_39', - 'src_start_ip6': 'test_value_40', - 'src_subnet': 'test_value_41', - 'src_subnet6': 'test_value_42', - 'use_natip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_phase2.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = { - 'add-route': 'phase1', - 'auto-negotiate': 'enable', - 'comments': 'test_value_5', - 'dhcp-ipsec': 'enable', - 'dhgrp': '1', - 'dst-addr-type': 'subnet', - 'dst-end-ip': 'test_value_9', - 'dst-end-ip6': 'test_value_10', - 'dst-name': 'test_value_11', - 'dst-name6': 'test_value_12', - 'dst-port': '13', - 'dst-start-ip': 'test_value_14', - 'dst-start-ip6': 'test_value_15', - 'dst-subnet': 'test_value_16', - 'dst-subnet6': 'test_value_17', - 'encapsulation': 'tunnel-mode', - 'keepalive': 'enable', - 'keylife-type': 'seconds', - 'keylifekbs': '21', - 'keylifeseconds': '22', - 'l2tp': 'enable', - 'name': 'default_name_24', - 'pfs': 'enable', - 'phase1name': 'test_value_26', - 'proposal': 'null-md5', - 'protocol': '28', - 'replay': 'enable', - 'route-overlap': 'use-old', - 'selector-match': 'exact', - 'single-source': 'enable', - 'src-addr-type': 'subnet', - 'src-end-ip': 'test_value_34', - 'src-end-ip6': 'test_value_35', - 'src-name': 'test_value_36', - 'src-name6': 'test_value_37', - 'src-port': '38', - 'src-start-ip': 'test_value_39', - 'src-start-ip6': 'test_value_40', - 'src-subnet': 'test_value_41', - 'src-subnet6': 'test_value_42', - 'use-natip': 'enable' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'phase2', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_ipsec_phase2_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_phase2': { - 'add_route': 'phase1', - 'auto_negotiate': 'enable', - 'comments': 'test_value_5', - 'dhcp_ipsec': 'enable', - 'dhgrp': '1', - 'dst_addr_type': 'subnet', - 'dst_end_ip': 'test_value_9', - 'dst_end_ip6': 'test_value_10', - 'dst_name': 'test_value_11', - 'dst_name6': 'test_value_12', - 'dst_port': '13', - 'dst_start_ip': 'test_value_14', - 'dst_start_ip6': 'test_value_15', - 'dst_subnet': 'test_value_16', - 'dst_subnet6': 'test_value_17', - 'encapsulation': 'tunnel-mode', - 'keepalive': 'enable', - 'keylife_type': 'seconds', - 'keylifekbs': '21', - 'keylifeseconds': '22', - 'l2tp': 'enable', - 'name': 'default_name_24', - 'pfs': 'enable', - 'phase1name': 'test_value_26', - 'proposal': 'null-md5', - 'protocol': '28', - 'replay': 'enable', - 'route_overlap': 'use-old', - 'selector_match': 'exact', - 'single_source': 'enable', - 'src_addr_type': 'subnet', - 'src_end_ip': 'test_value_34', - 'src_end_ip6': 'test_value_35', - 'src_name': 'test_value_36', - 'src_name6': 'test_value_37', - 'src_port': '38', - 'src_start_ip': 'test_value_39', - 'src_start_ip6': 'test_value_40', - 'src_subnet': 'test_value_41', - 'src_subnet6': 'test_value_42', - 'use_natip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_phase2.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = { - 'add-route': 'phase1', - 'auto-negotiate': 'enable', - 'comments': 'test_value_5', - 'dhcp-ipsec': 'enable', - 'dhgrp': '1', - 'dst-addr-type': 'subnet', - 'dst-end-ip': 'test_value_9', - 'dst-end-ip6': 'test_value_10', - 'dst-name': 'test_value_11', - 'dst-name6': 'test_value_12', - 'dst-port': '13', - 'dst-start-ip': 'test_value_14', - 'dst-start-ip6': 'test_value_15', - 'dst-subnet': 'test_value_16', - 'dst-subnet6': 'test_value_17', - 'encapsulation': 'tunnel-mode', - 'keepalive': 'enable', - 'keylife-type': 'seconds', - 'keylifekbs': '21', - 'keylifeseconds': '22', - 'l2tp': 'enable', - 'name': 'default_name_24', - 'pfs': 'enable', - 'phase1name': 'test_value_26', - 'proposal': 'null-md5', - 'protocol': '28', - 'replay': 'enable', - 'route-overlap': 'use-old', - 'selector-match': 'exact', - 'single-source': 'enable', - 'src-addr-type': 'subnet', - 'src-end-ip': 'test_value_34', - 'src-end-ip6': 'test_value_35', - 'src-name': 'test_value_36', - 'src-name6': 'test_value_37', - 'src-port': '38', - 'src-start-ip': 'test_value_39', - 'src-start-ip6': 'test_value_40', - 'src-subnet': 'test_value_41', - 'src-subnet6': 'test_value_42', - 'use-natip': 'enable' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'phase2', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_ipsec_phase2_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_ipsec_phase2': { - 'add_route': 'phase1', - 'auto_negotiate': 'enable', - 'comments': 'test_value_5', - 'dhcp_ipsec': 'enable', - 'dhgrp': '1', - 'dst_addr_type': 'subnet', - 'dst_end_ip': 'test_value_9', - 'dst_end_ip6': 'test_value_10', - 'dst_name': 'test_value_11', - 'dst_name6': 'test_value_12', - 'dst_port': '13', - 'dst_start_ip': 'test_value_14', - 'dst_start_ip6': 'test_value_15', - 'dst_subnet': 'test_value_16', - 'dst_subnet6': 'test_value_17', - 'encapsulation': 'tunnel-mode', - 'keepalive': 'enable', - 'keylife_type': 'seconds', - 'keylifekbs': '21', - 'keylifeseconds': '22', - 'l2tp': 'enable', - 'name': 'default_name_24', - 'pfs': 'enable', - 'phase1name': 'test_value_26', - 'proposal': 'null-md5', - 'protocol': '28', - 'replay': 'enable', - 'route_overlap': 'use-old', - 'selector_match': 'exact', - 'single_source': 'enable', - 'src_addr_type': 'subnet', - 'src_end_ip': 'test_value_34', - 'src_end_ip6': 'test_value_35', - 'src_name': 'test_value_36', - 'src_name6': 'test_value_37', - 'src_port': '38', - 'src_start_ip': 'test_value_39', - 'src_start_ip6': 'test_value_40', - 'src_subnet': 'test_value_41', - 'src_subnet6': 'test_value_42', - 'use_natip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_phase2.fortios_vpn_ipsec(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.ipsec', 'phase2', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_ipsec_phase2_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_ipsec_phase2': { - 'add_route': 'phase1', - 'auto_negotiate': 'enable', - 'comments': 'test_value_5', - 'dhcp_ipsec': 'enable', - 'dhgrp': '1', - 'dst_addr_type': 'subnet', - 'dst_end_ip': 'test_value_9', - 'dst_end_ip6': 'test_value_10', - 'dst_name': 'test_value_11', - 'dst_name6': 'test_value_12', - 'dst_port': '13', - 'dst_start_ip': 'test_value_14', - 'dst_start_ip6': 'test_value_15', - 'dst_subnet': 'test_value_16', - 'dst_subnet6': 'test_value_17', - 'encapsulation': 'tunnel-mode', - 'keepalive': 'enable', - 'keylife_type': 'seconds', - 'keylifekbs': '21', - 'keylifeseconds': '22', - 'l2tp': 'enable', - 'name': 'default_name_24', - 'pfs': 'enable', - 'phase1name': 'test_value_26', - 'proposal': 'null-md5', - 'protocol': '28', - 'replay': 'enable', - 'route_overlap': 'use-old', - 'selector_match': 'exact', - 'single_source': 'enable', - 'src_addr_type': 'subnet', - 'src_end_ip': 'test_value_34', - 'src_end_ip6': 'test_value_35', - 'src_name': 'test_value_36', - 'src_name6': 'test_value_37', - 'src_port': '38', - 'src_start_ip': 'test_value_39', - 'src_start_ip6': 'test_value_40', - 'src_subnet': 'test_value_41', - 'src_subnet6': 'test_value_42', - 'use_natip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_phase2.fortios_vpn_ipsec(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.ipsec', 'phase2', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_ipsec_phase2_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_phase2': { - 'add_route': 'phase1', - 'auto_negotiate': 'enable', - 'comments': 'test_value_5', - 'dhcp_ipsec': 'enable', - 'dhgrp': '1', - 'dst_addr_type': 'subnet', - 'dst_end_ip': 'test_value_9', - 'dst_end_ip6': 'test_value_10', - 'dst_name': 'test_value_11', - 'dst_name6': 'test_value_12', - 'dst_port': '13', - 'dst_start_ip': 'test_value_14', - 'dst_start_ip6': 'test_value_15', - 'dst_subnet': 'test_value_16', - 'dst_subnet6': 'test_value_17', - 'encapsulation': 'tunnel-mode', - 'keepalive': 'enable', - 'keylife_type': 'seconds', - 'keylifekbs': '21', - 'keylifeseconds': '22', - 'l2tp': 'enable', - 'name': 'default_name_24', - 'pfs': 'enable', - 'phase1name': 'test_value_26', - 'proposal': 'null-md5', - 'protocol': '28', - 'replay': 'enable', - 'route_overlap': 'use-old', - 'selector_match': 'exact', - 'single_source': 'enable', - 'src_addr_type': 'subnet', - 'src_end_ip': 'test_value_34', - 'src_end_ip6': 'test_value_35', - 'src_name': 'test_value_36', - 'src_name6': 'test_value_37', - 'src_port': '38', - 'src_start_ip': 'test_value_39', - 'src_start_ip6': 'test_value_40', - 'src_subnet': 'test_value_41', - 'src_subnet6': 'test_value_42', - 'use_natip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_phase2.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = { - 'add-route': 'phase1', - 'auto-negotiate': 'enable', - 'comments': 'test_value_5', - 'dhcp-ipsec': 'enable', - 'dhgrp': '1', - 'dst-addr-type': 'subnet', - 'dst-end-ip': 'test_value_9', - 'dst-end-ip6': 'test_value_10', - 'dst-name': 'test_value_11', - 'dst-name6': 'test_value_12', - 'dst-port': '13', - 'dst-start-ip': 'test_value_14', - 'dst-start-ip6': 'test_value_15', - 'dst-subnet': 'test_value_16', - 'dst-subnet6': 'test_value_17', - 'encapsulation': 'tunnel-mode', - 'keepalive': 'enable', - 'keylife-type': 'seconds', - 'keylifekbs': '21', - 'keylifeseconds': '22', - 'l2tp': 'enable', - 'name': 'default_name_24', - 'pfs': 'enable', - 'phase1name': 'test_value_26', - 'proposal': 'null-md5', - 'protocol': '28', - 'replay': 'enable', - 'route-overlap': 'use-old', - 'selector-match': 'exact', - 'single-source': 'enable', - 'src-addr-type': 'subnet', - 'src-end-ip': 'test_value_34', - 'src-end-ip6': 'test_value_35', - 'src-name': 'test_value_36', - 'src-name6': 'test_value_37', - 'src-port': '38', - 'src-start-ip': 'test_value_39', - 'src-start-ip6': 'test_value_40', - 'src-subnet': 'test_value_41', - 'src-subnet6': 'test_value_42', - 'use-natip': 'enable' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'phase2', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_vpn_ipsec_phase2_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_phase2': { - 'random_attribute_not_valid': 'tag', - 'add_route': 'phase1', - 'auto_negotiate': 'enable', - 'comments': 'test_value_5', - 'dhcp_ipsec': 'enable', - 'dhgrp': '1', - 'dst_addr_type': 'subnet', - 'dst_end_ip': 'test_value_9', - 'dst_end_ip6': 'test_value_10', - 'dst_name': 'test_value_11', - 'dst_name6': 'test_value_12', - 'dst_port': '13', - 'dst_start_ip': 'test_value_14', - 'dst_start_ip6': 'test_value_15', - 'dst_subnet': 'test_value_16', - 'dst_subnet6': 'test_value_17', - 'encapsulation': 'tunnel-mode', - 'keepalive': 'enable', - 'keylife_type': 'seconds', - 'keylifekbs': '21', - 'keylifeseconds': '22', - 'l2tp': 'enable', - 'name': 'default_name_24', - 'pfs': 'enable', - 'phase1name': 'test_value_26', - 'proposal': 'null-md5', - 'protocol': '28', - 'replay': 'enable', - 'route_overlap': 'use-old', - 'selector_match': 'exact', - 'single_source': 'enable', - 'src_addr_type': 'subnet', - 'src_end_ip': 'test_value_34', - 'src_end_ip6': 'test_value_35', - 'src_name': 'test_value_36', - 'src_name6': 'test_value_37', - 'src_port': '38', - 'src_start_ip': 'test_value_39', - 'src_start_ip6': 'test_value_40', - 'src_subnet': 'test_value_41', - 'src_subnet6': 'test_value_42', - 'use_natip': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_phase2.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = { - 'add-route': 'phase1', - 'auto-negotiate': 'enable', - 'comments': 'test_value_5', - 'dhcp-ipsec': 'enable', - 'dhgrp': '1', - 'dst-addr-type': 'subnet', - 'dst-end-ip': 'test_value_9', - 'dst-end-ip6': 'test_value_10', - 'dst-name': 'test_value_11', - 'dst-name6': 'test_value_12', - 'dst-port': '13', - 'dst-start-ip': 'test_value_14', - 'dst-start-ip6': 'test_value_15', - 'dst-subnet': 'test_value_16', - 'dst-subnet6': 'test_value_17', - 'encapsulation': 'tunnel-mode', - 'keepalive': 'enable', - 'keylife-type': 'seconds', - 'keylifekbs': '21', - 'keylifeseconds': '22', - 'l2tp': 'enable', - 'name': 'default_name_24', - 'pfs': 'enable', - 'phase1name': 'test_value_26', - 'proposal': 'null-md5', - 'protocol': '28', - 'replay': 'enable', - 'route-overlap': 'use-old', - 'selector-match': 'exact', - 'single-source': 'enable', - 'src-addr-type': 'subnet', - 'src-end-ip': 'test_value_34', - 'src-end-ip6': 'test_value_35', - 'src-name': 'test_value_36', - 'src-name6': 'test_value_37', - 'src-port': '38', - 'src-start-ip': 'test_value_39', - 'src-start-ip6': 'test_value_40', - 'src-subnet': 'test_value_41', - 'src-subnet6': 'test_value_42', - 'use-natip': 'enable' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'phase2', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_vpn_ipsec_phase2_interface.py b/test/units/modules/network/fortios/test_fortios_vpn_ipsec_phase2_interface.py deleted file mode 100644 index ea6130447bf..00000000000 --- a/test/units/modules/network/fortios/test_fortios_vpn_ipsec_phase2_interface.py +++ /dev/null @@ -1,589 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_vpn_ipsec_phase2_interface -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_vpn_ipsec_phase2_interface.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_vpn_ipsec_phase2_interface_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_phase2_interface': { - 'add_route': 'phase1', - 'auto_discovery_forwarder': 'phase1', - 'auto_discovery_sender': 'phase1', - 'auto_negotiate': 'enable', - 'comments': 'test_value_7', - 'dhcp_ipsec': 'enable', - 'dhgrp': '1', - 'dst_addr_type': 'subnet', - 'dst_end_ip': 'test_value_11', - 'dst_end_ip6': 'test_value_12', - 'dst_name': 'test_value_13', - 'dst_name6': 'test_value_14', - 'dst_port': '15', - 'dst_start_ip': 'test_value_16', - 'dst_start_ip6': 'test_value_17', - 'dst_subnet': 'test_value_18', - 'dst_subnet6': 'test_value_19', - 'encapsulation': 'tunnel-mode', - 'keepalive': 'enable', - 'keylife_type': 'seconds', - 'keylifekbs': '23', - 'keylifeseconds': '24', - 'l2tp': 'enable', - 'name': 'default_name_26', - 'pfs': 'enable', - 'phase1name': 'test_value_28', - 'protocol': '29', - 'replay': 'enable', - 'route_overlap': 'use-old', - 'single_source': 'enable', - 'src_addr_type': 'subnet', - 'src_end_ip': 'test_value_34', - 'src_end_ip6': 'test_value_35', - 'src_name': 'test_value_36', - 'src_name6': 'test_value_37', - 'src_port': '38', - 'src_start_ip': 'test_value_39', - 'src_start_ip6': 'test_value_40', - 'src_subnet': 'test_value_41', - 'src_subnet6': 'test_value_42' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_phase2_interface.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = { - 'add-route': 'phase1', - 'auto-discovery-forwarder': 'phase1', - 'auto-discovery-sender': 'phase1', - 'auto-negotiate': 'enable', - 'comments': 'test_value_7', - 'dhcp-ipsec': 'enable', - 'dhgrp': '1', - 'dst-addr-type': 'subnet', - 'dst-end-ip': 'test_value_11', - 'dst-end-ip6': 'test_value_12', - 'dst-name': 'test_value_13', - 'dst-name6': 'test_value_14', - 'dst-port': '15', - 'dst-start-ip': 'test_value_16', - 'dst-start-ip6': 'test_value_17', - 'dst-subnet': 'test_value_18', - 'dst-subnet6': 'test_value_19', - 'encapsulation': 'tunnel-mode', - 'keepalive': 'enable', - 'keylife-type': 'seconds', - 'keylifekbs': '23', - 'keylifeseconds': '24', - 'l2tp': 'enable', - 'name': 'default_name_26', - 'pfs': 'enable', - 'phase1name': 'test_value_28', - 'protocol': '29', - 'replay': 'enable', - 'route-overlap': 'use-old', - 'single-source': 'enable', - 'src-addr-type': 'subnet', - 'src-end-ip': 'test_value_34', - 'src-end-ip6': 'test_value_35', - 'src-name': 'test_value_36', - 'src-name6': 'test_value_37', - 'src-port': '38', - 'src-start-ip': 'test_value_39', - 'src-start-ip6': 'test_value_40', - 'src-subnet': 'test_value_41', - 'src-subnet6': 'test_value_42' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'phase2-interface', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_ipsec_phase2_interface_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_phase2_interface': { - 'add_route': 'phase1', - 'auto_discovery_forwarder': 'phase1', - 'auto_discovery_sender': 'phase1', - 'auto_negotiate': 'enable', - 'comments': 'test_value_7', - 'dhcp_ipsec': 'enable', - 'dhgrp': '1', - 'dst_addr_type': 'subnet', - 'dst_end_ip': 'test_value_11', - 'dst_end_ip6': 'test_value_12', - 'dst_name': 'test_value_13', - 'dst_name6': 'test_value_14', - 'dst_port': '15', - 'dst_start_ip': 'test_value_16', - 'dst_start_ip6': 'test_value_17', - 'dst_subnet': 'test_value_18', - 'dst_subnet6': 'test_value_19', - 'encapsulation': 'tunnel-mode', - 'keepalive': 'enable', - 'keylife_type': 'seconds', - 'keylifekbs': '23', - 'keylifeseconds': '24', - 'l2tp': 'enable', - 'name': 'default_name_26', - 'pfs': 'enable', - 'phase1name': 'test_value_28', - 'protocol': '29', - 'replay': 'enable', - 'route_overlap': 'use-old', - 'single_source': 'enable', - 'src_addr_type': 'subnet', - 'src_end_ip': 'test_value_34', - 'src_end_ip6': 'test_value_35', - 'src_name': 'test_value_36', - 'src_name6': 'test_value_37', - 'src_port': '38', - 'src_start_ip': 'test_value_39', - 'src_start_ip6': 'test_value_40', - 'src_subnet': 'test_value_41', - 'src_subnet6': 'test_value_42' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_phase2_interface.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = { - 'add-route': 'phase1', - 'auto-discovery-forwarder': 'phase1', - 'auto-discovery-sender': 'phase1', - 'auto-negotiate': 'enable', - 'comments': 'test_value_7', - 'dhcp-ipsec': 'enable', - 'dhgrp': '1', - 'dst-addr-type': 'subnet', - 'dst-end-ip': 'test_value_11', - 'dst-end-ip6': 'test_value_12', - 'dst-name': 'test_value_13', - 'dst-name6': 'test_value_14', - 'dst-port': '15', - 'dst-start-ip': 'test_value_16', - 'dst-start-ip6': 'test_value_17', - 'dst-subnet': 'test_value_18', - 'dst-subnet6': 'test_value_19', - 'encapsulation': 'tunnel-mode', - 'keepalive': 'enable', - 'keylife-type': 'seconds', - 'keylifekbs': '23', - 'keylifeseconds': '24', - 'l2tp': 'enable', - 'name': 'default_name_26', - 'pfs': 'enable', - 'phase1name': 'test_value_28', - 'protocol': '29', - 'replay': 'enable', - 'route-overlap': 'use-old', - 'single-source': 'enable', - 'src-addr-type': 'subnet', - 'src-end-ip': 'test_value_34', - 'src-end-ip6': 'test_value_35', - 'src-name': 'test_value_36', - 'src-name6': 'test_value_37', - 'src-port': '38', - 'src-start-ip': 'test_value_39', - 'src-start-ip6': 'test_value_40', - 'src-subnet': 'test_value_41', - 'src-subnet6': 'test_value_42' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'phase2-interface', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_ipsec_phase2_interface_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_ipsec_phase2_interface': { - 'add_route': 'phase1', - 'auto_discovery_forwarder': 'phase1', - 'auto_discovery_sender': 'phase1', - 'auto_negotiate': 'enable', - 'comments': 'test_value_7', - 'dhcp_ipsec': 'enable', - 'dhgrp': '1', - 'dst_addr_type': 'subnet', - 'dst_end_ip': 'test_value_11', - 'dst_end_ip6': 'test_value_12', - 'dst_name': 'test_value_13', - 'dst_name6': 'test_value_14', - 'dst_port': '15', - 'dst_start_ip': 'test_value_16', - 'dst_start_ip6': 'test_value_17', - 'dst_subnet': 'test_value_18', - 'dst_subnet6': 'test_value_19', - 'encapsulation': 'tunnel-mode', - 'keepalive': 'enable', - 'keylife_type': 'seconds', - 'keylifekbs': '23', - 'keylifeseconds': '24', - 'l2tp': 'enable', - 'name': 'default_name_26', - 'pfs': 'enable', - 'phase1name': 'test_value_28', - 'protocol': '29', - 'replay': 'enable', - 'route_overlap': 'use-old', - 'single_source': 'enable', - 'src_addr_type': 'subnet', - 'src_end_ip': 'test_value_34', - 'src_end_ip6': 'test_value_35', - 'src_name': 'test_value_36', - 'src_name6': 'test_value_37', - 'src_port': '38', - 'src_start_ip': 'test_value_39', - 'src_start_ip6': 'test_value_40', - 'src_subnet': 'test_value_41', - 'src_subnet6': 'test_value_42' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_phase2_interface.fortios_vpn_ipsec(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.ipsec', 'phase2-interface', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_ipsec_phase2_interface_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_ipsec_phase2_interface': { - 'add_route': 'phase1', - 'auto_discovery_forwarder': 'phase1', - 'auto_discovery_sender': 'phase1', - 'auto_negotiate': 'enable', - 'comments': 'test_value_7', - 'dhcp_ipsec': 'enable', - 'dhgrp': '1', - 'dst_addr_type': 'subnet', - 'dst_end_ip': 'test_value_11', - 'dst_end_ip6': 'test_value_12', - 'dst_name': 'test_value_13', - 'dst_name6': 'test_value_14', - 'dst_port': '15', - 'dst_start_ip': 'test_value_16', - 'dst_start_ip6': 'test_value_17', - 'dst_subnet': 'test_value_18', - 'dst_subnet6': 'test_value_19', - 'encapsulation': 'tunnel-mode', - 'keepalive': 'enable', - 'keylife_type': 'seconds', - 'keylifekbs': '23', - 'keylifeseconds': '24', - 'l2tp': 'enable', - 'name': 'default_name_26', - 'pfs': 'enable', - 'phase1name': 'test_value_28', - 'protocol': '29', - 'replay': 'enable', - 'route_overlap': 'use-old', - 'single_source': 'enable', - 'src_addr_type': 'subnet', - 'src_end_ip': 'test_value_34', - 'src_end_ip6': 'test_value_35', - 'src_name': 'test_value_36', - 'src_name6': 'test_value_37', - 'src_port': '38', - 'src_start_ip': 'test_value_39', - 'src_start_ip6': 'test_value_40', - 'src_subnet': 'test_value_41', - 'src_subnet6': 'test_value_42' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_phase2_interface.fortios_vpn_ipsec(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.ipsec', 'phase2-interface', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_ipsec_phase2_interface_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_phase2_interface': { - 'add_route': 'phase1', - 'auto_discovery_forwarder': 'phase1', - 'auto_discovery_sender': 'phase1', - 'auto_negotiate': 'enable', - 'comments': 'test_value_7', - 'dhcp_ipsec': 'enable', - 'dhgrp': '1', - 'dst_addr_type': 'subnet', - 'dst_end_ip': 'test_value_11', - 'dst_end_ip6': 'test_value_12', - 'dst_name': 'test_value_13', - 'dst_name6': 'test_value_14', - 'dst_port': '15', - 'dst_start_ip': 'test_value_16', - 'dst_start_ip6': 'test_value_17', - 'dst_subnet': 'test_value_18', - 'dst_subnet6': 'test_value_19', - 'encapsulation': 'tunnel-mode', - 'keepalive': 'enable', - 'keylife_type': 'seconds', - 'keylifekbs': '23', - 'keylifeseconds': '24', - 'l2tp': 'enable', - 'name': 'default_name_26', - 'pfs': 'enable', - 'phase1name': 'test_value_28', - 'protocol': '29', - 'replay': 'enable', - 'route_overlap': 'use-old', - 'single_source': 'enable', - 'src_addr_type': 'subnet', - 'src_end_ip': 'test_value_34', - 'src_end_ip6': 'test_value_35', - 'src_name': 'test_value_36', - 'src_name6': 'test_value_37', - 'src_port': '38', - 'src_start_ip': 'test_value_39', - 'src_start_ip6': 'test_value_40', - 'src_subnet': 'test_value_41', - 'src_subnet6': 'test_value_42' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_phase2_interface.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = { - 'add-route': 'phase1', - 'auto-discovery-forwarder': 'phase1', - 'auto-discovery-sender': 'phase1', - 'auto-negotiate': 'enable', - 'comments': 'test_value_7', - 'dhcp-ipsec': 'enable', - 'dhgrp': '1', - 'dst-addr-type': 'subnet', - 'dst-end-ip': 'test_value_11', - 'dst-end-ip6': 'test_value_12', - 'dst-name': 'test_value_13', - 'dst-name6': 'test_value_14', - 'dst-port': '15', - 'dst-start-ip': 'test_value_16', - 'dst-start-ip6': 'test_value_17', - 'dst-subnet': 'test_value_18', - 'dst-subnet6': 'test_value_19', - 'encapsulation': 'tunnel-mode', - 'keepalive': 'enable', - 'keylife-type': 'seconds', - 'keylifekbs': '23', - 'keylifeseconds': '24', - 'l2tp': 'enable', - 'name': 'default_name_26', - 'pfs': 'enable', - 'phase1name': 'test_value_28', - 'protocol': '29', - 'replay': 'enable', - 'route-overlap': 'use-old', - 'single-source': 'enable', - 'src-addr-type': 'subnet', - 'src-end-ip': 'test_value_34', - 'src-end-ip6': 'test_value_35', - 'src-name': 'test_value_36', - 'src-name6': 'test_value_37', - 'src-port': '38', - 'src-start-ip': 'test_value_39', - 'src-start-ip6': 'test_value_40', - 'src-subnet': 'test_value_41', - 'src-subnet6': 'test_value_42' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'phase2-interface', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_vpn_ipsec_phase2_interface_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ipsec_phase2_interface': { - 'random_attribute_not_valid': 'tag', - 'add_route': 'phase1', - 'auto_discovery_forwarder': 'phase1', - 'auto_discovery_sender': 'phase1', - 'auto_negotiate': 'enable', - 'comments': 'test_value_7', - 'dhcp_ipsec': 'enable', - 'dhgrp': '1', - 'dst_addr_type': 'subnet', - 'dst_end_ip': 'test_value_11', - 'dst_end_ip6': 'test_value_12', - 'dst_name': 'test_value_13', - 'dst_name6': 'test_value_14', - 'dst_port': '15', - 'dst_start_ip': 'test_value_16', - 'dst_start_ip6': 'test_value_17', - 'dst_subnet': 'test_value_18', - 'dst_subnet6': 'test_value_19', - 'encapsulation': 'tunnel-mode', - 'keepalive': 'enable', - 'keylife_type': 'seconds', - 'keylifekbs': '23', - 'keylifeseconds': '24', - 'l2tp': 'enable', - 'name': 'default_name_26', - 'pfs': 'enable', - 'phase1name': 'test_value_28', - 'protocol': '29', - 'replay': 'enable', - 'route_overlap': 'use-old', - 'single_source': 'enable', - 'src_addr_type': 'subnet', - 'src_end_ip': 'test_value_34', - 'src_end_ip6': 'test_value_35', - 'src_name': 'test_value_36', - 'src_name6': 'test_value_37', - 'src_port': '38', - 'src_start_ip': 'test_value_39', - 'src_start_ip6': 'test_value_40', - 'src_subnet': 'test_value_41', - 'src_subnet6': 'test_value_42' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ipsec_phase2_interface.fortios_vpn_ipsec(input_data, fos_instance) - - expected_data = { - 'add-route': 'phase1', - 'auto-discovery-forwarder': 'phase1', - 'auto-discovery-sender': 'phase1', - 'auto-negotiate': 'enable', - 'comments': 'test_value_7', - 'dhcp-ipsec': 'enable', - 'dhgrp': '1', - 'dst-addr-type': 'subnet', - 'dst-end-ip': 'test_value_11', - 'dst-end-ip6': 'test_value_12', - 'dst-name': 'test_value_13', - 'dst-name6': 'test_value_14', - 'dst-port': '15', - 'dst-start-ip': 'test_value_16', - 'dst-start-ip6': 'test_value_17', - 'dst-subnet': 'test_value_18', - 'dst-subnet6': 'test_value_19', - 'encapsulation': 'tunnel-mode', - 'keepalive': 'enable', - 'keylife-type': 'seconds', - 'keylifekbs': '23', - 'keylifeseconds': '24', - 'l2tp': 'enable', - 'name': 'default_name_26', - 'pfs': 'enable', - 'phase1name': 'test_value_28', - 'protocol': '29', - 'replay': 'enable', - 'route-overlap': 'use-old', - 'single-source': 'enable', - 'src-addr-type': 'subnet', - 'src-end-ip': 'test_value_34', - 'src-end-ip6': 'test_value_35', - 'src-name': 'test_value_36', - 'src-name6': 'test_value_37', - 'src-port': '38', - 'src-start-ip': 'test_value_39', - 'src-start-ip6': 'test_value_40', - 'src-subnet': 'test_value_41', - 'src-subnet6': 'test_value_42' - } - - set_method_mock.assert_called_with('vpn.ipsec', 'phase2-interface', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_vpn_l2tp.py b/test/units/modules/network/fortios/test_fortios_vpn_l2tp.py deleted file mode 100644 index 6f06f10ea5d..00000000000 --- a/test/units/modules/network/fortios/test_fortios_vpn_l2tp.py +++ /dev/null @@ -1,183 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_vpn_l2tp -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_vpn_l2tp.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_vpn_l2tp_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_l2tp': { - 'eip': 'test_value_3', - 'enforce_ipsec': 'enable', - 'sip': 'test_value_5', - 'status': 'enable', - 'usrgrp': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_l2tp.fortios_vpn(input_data, fos_instance) - - expected_data = { - 'eip': 'test_value_3', - 'enforce-ipsec': 'enable', - 'sip': 'test_value_5', - 'status': 'enable', - 'usrgrp': 'test_value_7' - } - - set_method_mock.assert_called_with('vpn', 'l2tp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_l2tp_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_l2tp': { - 'eip': 'test_value_3', - 'enforce_ipsec': 'enable', - 'sip': 'test_value_5', - 'status': 'enable', - 'usrgrp': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_l2tp.fortios_vpn(input_data, fos_instance) - - expected_data = { - 'eip': 'test_value_3', - 'enforce-ipsec': 'enable', - 'sip': 'test_value_5', - 'status': 'enable', - 'usrgrp': 'test_value_7' - } - - set_method_mock.assert_called_with('vpn', 'l2tp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_l2tp_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_l2tp': { - 'eip': 'test_value_3', - 'enforce_ipsec': 'enable', - 'sip': 'test_value_5', - 'status': 'enable', - 'usrgrp': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_l2tp.fortios_vpn(input_data, fos_instance) - - expected_data = { - 'eip': 'test_value_3', - 'enforce-ipsec': 'enable', - 'sip': 'test_value_5', - 'status': 'enable', - 'usrgrp': 'test_value_7' - } - - set_method_mock.assert_called_with('vpn', 'l2tp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_vpn_l2tp_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_l2tp': { - 'random_attribute_not_valid': 'tag', - 'eip': 'test_value_3', - 'enforce_ipsec': 'enable', - 'sip': 'test_value_5', - 'status': 'enable', - 'usrgrp': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_l2tp.fortios_vpn(input_data, fos_instance) - - expected_data = { - 'eip': 'test_value_3', - 'enforce-ipsec': 'enable', - 'sip': 'test_value_5', - 'status': 'enable', - 'usrgrp': 'test_value_7' - } - - set_method_mock.assert_called_with('vpn', 'l2tp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_vpn_pptp.py b/test/units/modules/network/fortios/test_fortios_vpn_pptp.py deleted file mode 100644 index 0957218c2f6..00000000000 --- a/test/units/modules/network/fortios/test_fortios_vpn_pptp.py +++ /dev/null @@ -1,191 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_vpn_pptp -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_vpn_pptp.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_vpn_pptp_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_pptp': { - 'eip': 'test_value_3', - 'ip_mode': 'range', - 'local_ip': 'test_value_5', - 'sip': 'test_value_6', - 'status': 'enable', - 'usrgrp': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_pptp.fortios_vpn(input_data, fos_instance) - - expected_data = { - 'eip': 'test_value_3', - 'ip-mode': 'range', - 'local-ip': 'test_value_5', - 'sip': 'test_value_6', - 'status': 'enable', - 'usrgrp': 'test_value_8' - } - - set_method_mock.assert_called_with('vpn', 'pptp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_pptp_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_pptp': { - 'eip': 'test_value_3', - 'ip_mode': 'range', - 'local_ip': 'test_value_5', - 'sip': 'test_value_6', - 'status': 'enable', - 'usrgrp': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_pptp.fortios_vpn(input_data, fos_instance) - - expected_data = { - 'eip': 'test_value_3', - 'ip-mode': 'range', - 'local-ip': 'test_value_5', - 'sip': 'test_value_6', - 'status': 'enable', - 'usrgrp': 'test_value_8' - } - - set_method_mock.assert_called_with('vpn', 'pptp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_pptp_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_pptp': { - 'eip': 'test_value_3', - 'ip_mode': 'range', - 'local_ip': 'test_value_5', - 'sip': 'test_value_6', - 'status': 'enable', - 'usrgrp': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_pptp.fortios_vpn(input_data, fos_instance) - - expected_data = { - 'eip': 'test_value_3', - 'ip-mode': 'range', - 'local-ip': 'test_value_5', - 'sip': 'test_value_6', - 'status': 'enable', - 'usrgrp': 'test_value_8' - } - - set_method_mock.assert_called_with('vpn', 'pptp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_vpn_pptp_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_pptp': { - 'random_attribute_not_valid': 'tag', - 'eip': 'test_value_3', - 'ip_mode': 'range', - 'local_ip': 'test_value_5', - 'sip': 'test_value_6', - 'status': 'enable', - 'usrgrp': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_pptp.fortios_vpn(input_data, fos_instance) - - expected_data = { - 'eip': 'test_value_3', - 'ip-mode': 'range', - 'local-ip': 'test_value_5', - 'sip': 'test_value_6', - 'status': 'enable', - 'usrgrp': 'test_value_8' - } - - set_method_mock.assert_called_with('vpn', 'pptp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_vpn_ssl_settings.py b/test/units/modules/network/fortios/test_fortios_vpn_ssl_settings.py deleted file mode 100644 index 3eeca8e57a2..00000000000 --- a/test/units/modules/network/fortios/test_fortios_vpn_ssl_settings.py +++ /dev/null @@ -1,495 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_vpn_ssl_settings -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_vpn_ssl_settings.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_vpn_ssl_settings_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ssl_settings': { - 'auth_timeout': '3', - 'auto_tunnel_static_route': 'enable', - 'banned_cipher': 'RSA', - 'check_referer': 'enable', - 'default_portal': 'test_value_7', - 'deflate_compression_level': '8', - 'deflate_min_data_size': '9', - 'dns_server1': 'test_value_10', - 'dns_server2': 'test_value_11', - 'dns_suffix': 'test_value_12', - 'dtls_hello_timeout': '13', - 'dtls_tunnel': 'enable', - 'force_two_factor_auth': 'enable', - 'header_x_forwarded_for': 'pass', - 'http_compression': 'enable', - 'http_only_cookie': 'enable', - 'http_request_body_timeout': '19', - 'http_request_header_timeout': '20', - 'https_redirect': 'enable', - 'idle_timeout': '22', - 'ipv6_dns_server1': 'test_value_23', - 'ipv6_dns_server2': 'test_value_24', - 'ipv6_wins_server1': 'test_value_25', - 'ipv6_wins_server2': 'test_value_26', - 'login_attempt_limit': '27', - 'login_block_time': '28', - 'login_timeout': '29', - 'port': '30', - 'port_precedence': 'enable', - 'reqclientcert': 'enable', - 'route_source_interface': 'enable', - 'servercert': 'test_value_34', - 'source_address_negate': 'enable', - 'source_address6_negate': 'enable', - 'ssl_client_renegotiation': 'disable', - 'ssl_insert_empty_fragment': 'enable', - 'tlsv1_0': 'enable', - 'tlsv1_1': 'enable', - 'tlsv1_2': 'enable', - 'unsafe_legacy_renegotiation': 'enable', - 'url_obscuration': 'enable', - 'wins_server1': 'test_value_44', - 'wins_server2': 'test_value_45', - 'x_content_type_options': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_settings.fortios_vpn_ssl(input_data, fos_instance) - - expected_data = { - 'auth-timeout': '3', - 'auto-tunnel-static-route': 'enable', - 'banned-cipher': 'RSA', - 'check-referer': 'enable', - 'default-portal': 'test_value_7', - 'deflate-compression-level': '8', - 'deflate-min-data-size': '9', - 'dns-server1': 'test_value_10', - 'dns-server2': 'test_value_11', - 'dns-suffix': 'test_value_12', - 'dtls-hello-timeout': '13', - 'dtls-tunnel': 'enable', - 'force-two-factor-auth': 'enable', - 'header-x-forwarded-for': 'pass', - 'http-compression': 'enable', - 'http-only-cookie': 'enable', - 'http-request-body-timeout': '19', - 'http-request-header-timeout': '20', - 'https-redirect': 'enable', - 'idle-timeout': '22', - 'ipv6-dns-server1': 'test_value_23', - 'ipv6-dns-server2': 'test_value_24', - 'ipv6-wins-server1': 'test_value_25', - 'ipv6-wins-server2': 'test_value_26', - 'login-attempt-limit': '27', - 'login-block-time': '28', - 'login-timeout': '29', - 'port': '30', - 'port-precedence': 'enable', - 'reqclientcert': 'enable', - 'route-source-interface': 'enable', - 'servercert': 'test_value_34', - 'source-address-negate': 'enable', - 'source-address6-negate': 'enable', - 'ssl-client-renegotiation': 'disable', - 'ssl-insert-empty-fragment': 'enable', - 'tlsv1-0': 'enable', - 'tlsv1-1': 'enable', - 'tlsv1-2': 'enable', - 'unsafe-legacy-renegotiation': 'enable', - 'url-obscuration': 'enable', - 'wins-server1': 'test_value_44', - 'wins-server2': 'test_value_45', - 'x-content-type-options': 'enable' - } - - set_method_mock.assert_called_with('vpn.ssl', 'settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_ssl_settings_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ssl_settings': { - 'auth_timeout': '3', - 'auto_tunnel_static_route': 'enable', - 'banned_cipher': 'RSA', - 'check_referer': 'enable', - 'default_portal': 'test_value_7', - 'deflate_compression_level': '8', - 'deflate_min_data_size': '9', - 'dns_server1': 'test_value_10', - 'dns_server2': 'test_value_11', - 'dns_suffix': 'test_value_12', - 'dtls_hello_timeout': '13', - 'dtls_tunnel': 'enable', - 'force_two_factor_auth': 'enable', - 'header_x_forwarded_for': 'pass', - 'http_compression': 'enable', - 'http_only_cookie': 'enable', - 'http_request_body_timeout': '19', - 'http_request_header_timeout': '20', - 'https_redirect': 'enable', - 'idle_timeout': '22', - 'ipv6_dns_server1': 'test_value_23', - 'ipv6_dns_server2': 'test_value_24', - 'ipv6_wins_server1': 'test_value_25', - 'ipv6_wins_server2': 'test_value_26', - 'login_attempt_limit': '27', - 'login_block_time': '28', - 'login_timeout': '29', - 'port': '30', - 'port_precedence': 'enable', - 'reqclientcert': 'enable', - 'route_source_interface': 'enable', - 'servercert': 'test_value_34', - 'source_address_negate': 'enable', - 'source_address6_negate': 'enable', - 'ssl_client_renegotiation': 'disable', - 'ssl_insert_empty_fragment': 'enable', - 'tlsv1_0': 'enable', - 'tlsv1_1': 'enable', - 'tlsv1_2': 'enable', - 'unsafe_legacy_renegotiation': 'enable', - 'url_obscuration': 'enable', - 'wins_server1': 'test_value_44', - 'wins_server2': 'test_value_45', - 'x_content_type_options': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_settings.fortios_vpn_ssl(input_data, fos_instance) - - expected_data = { - 'auth-timeout': '3', - 'auto-tunnel-static-route': 'enable', - 'banned-cipher': 'RSA', - 'check-referer': 'enable', - 'default-portal': 'test_value_7', - 'deflate-compression-level': '8', - 'deflate-min-data-size': '9', - 'dns-server1': 'test_value_10', - 'dns-server2': 'test_value_11', - 'dns-suffix': 'test_value_12', - 'dtls-hello-timeout': '13', - 'dtls-tunnel': 'enable', - 'force-two-factor-auth': 'enable', - 'header-x-forwarded-for': 'pass', - 'http-compression': 'enable', - 'http-only-cookie': 'enable', - 'http-request-body-timeout': '19', - 'http-request-header-timeout': '20', - 'https-redirect': 'enable', - 'idle-timeout': '22', - 'ipv6-dns-server1': 'test_value_23', - 'ipv6-dns-server2': 'test_value_24', - 'ipv6-wins-server1': 'test_value_25', - 'ipv6-wins-server2': 'test_value_26', - 'login-attempt-limit': '27', - 'login-block-time': '28', - 'login-timeout': '29', - 'port': '30', - 'port-precedence': 'enable', - 'reqclientcert': 'enable', - 'route-source-interface': 'enable', - 'servercert': 'test_value_34', - 'source-address-negate': 'enable', - 'source-address6-negate': 'enable', - 'ssl-client-renegotiation': 'disable', - 'ssl-insert-empty-fragment': 'enable', - 'tlsv1-0': 'enable', - 'tlsv1-1': 'enable', - 'tlsv1-2': 'enable', - 'unsafe-legacy-renegotiation': 'enable', - 'url-obscuration': 'enable', - 'wins-server1': 'test_value_44', - 'wins-server2': 'test_value_45', - 'x-content-type-options': 'enable' - } - - set_method_mock.assert_called_with('vpn.ssl', 'settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_ssl_settings_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ssl_settings': { - 'auth_timeout': '3', - 'auto_tunnel_static_route': 'enable', - 'banned_cipher': 'RSA', - 'check_referer': 'enable', - 'default_portal': 'test_value_7', - 'deflate_compression_level': '8', - 'deflate_min_data_size': '9', - 'dns_server1': 'test_value_10', - 'dns_server2': 'test_value_11', - 'dns_suffix': 'test_value_12', - 'dtls_hello_timeout': '13', - 'dtls_tunnel': 'enable', - 'force_two_factor_auth': 'enable', - 'header_x_forwarded_for': 'pass', - 'http_compression': 'enable', - 'http_only_cookie': 'enable', - 'http_request_body_timeout': '19', - 'http_request_header_timeout': '20', - 'https_redirect': 'enable', - 'idle_timeout': '22', - 'ipv6_dns_server1': 'test_value_23', - 'ipv6_dns_server2': 'test_value_24', - 'ipv6_wins_server1': 'test_value_25', - 'ipv6_wins_server2': 'test_value_26', - 'login_attempt_limit': '27', - 'login_block_time': '28', - 'login_timeout': '29', - 'port': '30', - 'port_precedence': 'enable', - 'reqclientcert': 'enable', - 'route_source_interface': 'enable', - 'servercert': 'test_value_34', - 'source_address_negate': 'enable', - 'source_address6_negate': 'enable', - 'ssl_client_renegotiation': 'disable', - 'ssl_insert_empty_fragment': 'enable', - 'tlsv1_0': 'enable', - 'tlsv1_1': 'enable', - 'tlsv1_2': 'enable', - 'unsafe_legacy_renegotiation': 'enable', - 'url_obscuration': 'enable', - 'wins_server1': 'test_value_44', - 'wins_server2': 'test_value_45', - 'x_content_type_options': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_settings.fortios_vpn_ssl(input_data, fos_instance) - - expected_data = { - 'auth-timeout': '3', - 'auto-tunnel-static-route': 'enable', - 'banned-cipher': 'RSA', - 'check-referer': 'enable', - 'default-portal': 'test_value_7', - 'deflate-compression-level': '8', - 'deflate-min-data-size': '9', - 'dns-server1': 'test_value_10', - 'dns-server2': 'test_value_11', - 'dns-suffix': 'test_value_12', - 'dtls-hello-timeout': '13', - 'dtls-tunnel': 'enable', - 'force-two-factor-auth': 'enable', - 'header-x-forwarded-for': 'pass', - 'http-compression': 'enable', - 'http-only-cookie': 'enable', - 'http-request-body-timeout': '19', - 'http-request-header-timeout': '20', - 'https-redirect': 'enable', - 'idle-timeout': '22', - 'ipv6-dns-server1': 'test_value_23', - 'ipv6-dns-server2': 'test_value_24', - 'ipv6-wins-server1': 'test_value_25', - 'ipv6-wins-server2': 'test_value_26', - 'login-attempt-limit': '27', - 'login-block-time': '28', - 'login-timeout': '29', - 'port': '30', - 'port-precedence': 'enable', - 'reqclientcert': 'enable', - 'route-source-interface': 'enable', - 'servercert': 'test_value_34', - 'source-address-negate': 'enable', - 'source-address6-negate': 'enable', - 'ssl-client-renegotiation': 'disable', - 'ssl-insert-empty-fragment': 'enable', - 'tlsv1-0': 'enable', - 'tlsv1-1': 'enable', - 'tlsv1-2': 'enable', - 'unsafe-legacy-renegotiation': 'enable', - 'url-obscuration': 'enable', - 'wins-server1': 'test_value_44', - 'wins-server2': 'test_value_45', - 'x-content-type-options': 'enable' - } - - set_method_mock.assert_called_with('vpn.ssl', 'settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_vpn_ssl_settings_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ssl_settings': { - 'random_attribute_not_valid': 'tag', - 'auth_timeout': '3', - 'auto_tunnel_static_route': 'enable', - 'banned_cipher': 'RSA', - 'check_referer': 'enable', - 'default_portal': 'test_value_7', - 'deflate_compression_level': '8', - 'deflate_min_data_size': '9', - 'dns_server1': 'test_value_10', - 'dns_server2': 'test_value_11', - 'dns_suffix': 'test_value_12', - 'dtls_hello_timeout': '13', - 'dtls_tunnel': 'enable', - 'force_two_factor_auth': 'enable', - 'header_x_forwarded_for': 'pass', - 'http_compression': 'enable', - 'http_only_cookie': 'enable', - 'http_request_body_timeout': '19', - 'http_request_header_timeout': '20', - 'https_redirect': 'enable', - 'idle_timeout': '22', - 'ipv6_dns_server1': 'test_value_23', - 'ipv6_dns_server2': 'test_value_24', - 'ipv6_wins_server1': 'test_value_25', - 'ipv6_wins_server2': 'test_value_26', - 'login_attempt_limit': '27', - 'login_block_time': '28', - 'login_timeout': '29', - 'port': '30', - 'port_precedence': 'enable', - 'reqclientcert': 'enable', - 'route_source_interface': 'enable', - 'servercert': 'test_value_34', - 'source_address_negate': 'enable', - 'source_address6_negate': 'enable', - 'ssl_client_renegotiation': 'disable', - 'ssl_insert_empty_fragment': 'enable', - 'tlsv1_0': 'enable', - 'tlsv1_1': 'enable', - 'tlsv1_2': 'enable', - 'unsafe_legacy_renegotiation': 'enable', - 'url_obscuration': 'enable', - 'wins_server1': 'test_value_44', - 'wins_server2': 'test_value_45', - 'x_content_type_options': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_settings.fortios_vpn_ssl(input_data, fos_instance) - - expected_data = { - 'auth-timeout': '3', - 'auto-tunnel-static-route': 'enable', - 'banned-cipher': 'RSA', - 'check-referer': 'enable', - 'default-portal': 'test_value_7', - 'deflate-compression-level': '8', - 'deflate-min-data-size': '9', - 'dns-server1': 'test_value_10', - 'dns-server2': 'test_value_11', - 'dns-suffix': 'test_value_12', - 'dtls-hello-timeout': '13', - 'dtls-tunnel': 'enable', - 'force-two-factor-auth': 'enable', - 'header-x-forwarded-for': 'pass', - 'http-compression': 'enable', - 'http-only-cookie': 'enable', - 'http-request-body-timeout': '19', - 'http-request-header-timeout': '20', - 'https-redirect': 'enable', - 'idle-timeout': '22', - 'ipv6-dns-server1': 'test_value_23', - 'ipv6-dns-server2': 'test_value_24', - 'ipv6-wins-server1': 'test_value_25', - 'ipv6-wins-server2': 'test_value_26', - 'login-attempt-limit': '27', - 'login-block-time': '28', - 'login-timeout': '29', - 'port': '30', - 'port-precedence': 'enable', - 'reqclientcert': 'enable', - 'route-source-interface': 'enable', - 'servercert': 'test_value_34', - 'source-address-negate': 'enable', - 'source-address6-negate': 'enable', - 'ssl-client-renegotiation': 'disable', - 'ssl-insert-empty-fragment': 'enable', - 'tlsv1-0': 'enable', - 'tlsv1-1': 'enable', - 'tlsv1-2': 'enable', - 'unsafe-legacy-renegotiation': 'enable', - 'url-obscuration': 'enable', - 'wins-server1': 'test_value_44', - 'wins-server2': 'test_value_45', - 'x-content-type-options': 'enable' - } - - set_method_mock.assert_called_with('vpn.ssl', 'settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_vpn_ssl_web_host_check_software.py b/test/units/modules/network/fortios/test_fortios_vpn_ssl_web_host_check_software.py deleted file mode 100644 index 521a616945e..00000000000 --- a/test/units/modules/network/fortios/test_fortios_vpn_ssl_web_host_check_software.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_vpn_ssl_web_host_check_software -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_vpn_ssl_web_host_check_software.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_vpn_ssl_web_host_check_software_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ssl_web_host_check_software': {'guid': 'test_value_3', - 'name': 'default_name_4', - 'os_type': 'windows', - 'type': 'av', - 'version': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_host_check_software.fortios_vpn_ssl_web(input_data, fos_instance) - - expected_data = {'guid': 'test_value_3', - 'name': 'default_name_4', - 'os-type': 'windows', - 'type': 'av', - 'version': 'test_value_7' - } - - set_method_mock.assert_called_with('vpn.ssl.web', 'host-check-software', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_ssl_web_host_check_software_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ssl_web_host_check_software': {'guid': 'test_value_3', - 'name': 'default_name_4', - 'os_type': 'windows', - 'type': 'av', - 'version': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_host_check_software.fortios_vpn_ssl_web(input_data, fos_instance) - - expected_data = {'guid': 'test_value_3', - 'name': 'default_name_4', - 'os-type': 'windows', - 'type': 'av', - 'version': 'test_value_7' - } - - set_method_mock.assert_called_with('vpn.ssl.web', 'host-check-software', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_ssl_web_host_check_software_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_ssl_web_host_check_software': {'guid': 'test_value_3', - 'name': 'default_name_4', - 'os_type': 'windows', - 'type': 'av', - 'version': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_host_check_software.fortios_vpn_ssl_web(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.ssl.web', 'host-check-software', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_ssl_web_host_check_software_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_ssl_web_host_check_software': {'guid': 'test_value_3', - 'name': 'default_name_4', - 'os_type': 'windows', - 'type': 'av', - 'version': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_host_check_software.fortios_vpn_ssl_web(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.ssl.web', 'host-check-software', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_ssl_web_host_check_software_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ssl_web_host_check_software': {'guid': 'test_value_3', - 'name': 'default_name_4', - 'os_type': 'windows', - 'type': 'av', - 'version': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_host_check_software.fortios_vpn_ssl_web(input_data, fos_instance) - - expected_data = {'guid': 'test_value_3', - 'name': 'default_name_4', - 'os-type': 'windows', - 'type': 'av', - 'version': 'test_value_7' - } - - set_method_mock.assert_called_with('vpn.ssl.web', 'host-check-software', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_vpn_ssl_web_host_check_software_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ssl_web_host_check_software': { - 'random_attribute_not_valid': 'tag', 'guid': 'test_value_3', - 'name': 'default_name_4', - 'os_type': 'windows', - 'type': 'av', - 'version': 'test_value_7' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_host_check_software.fortios_vpn_ssl_web(input_data, fos_instance) - - expected_data = {'guid': 'test_value_3', - 'name': 'default_name_4', - 'os-type': 'windows', - 'type': 'av', - 'version': 'test_value_7' - } - - set_method_mock.assert_called_with('vpn.ssl.web', 'host-check-software', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_vpn_ssl_web_portal.py b/test/units/modules/network/fortios/test_fortios_vpn_ssl_web_portal.py deleted file mode 100644 index 46031edfd03..00000000000 --- a/test/units/modules/network/fortios/test_fortios_vpn_ssl_web_portal.py +++ /dev/null @@ -1,689 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_vpn_ssl_web_portal -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_vpn_ssl_web_portal.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_vpn_ssl_web_portal_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ssl_web_portal': { - 'allow_user_access': 'web', - 'auto_connect': 'enable', - 'custom_lang': 'test_value_5', - 'customize_forticlient_download_url': 'enable', - 'display_bookmark': 'enable', - 'display_connection_tools': 'enable', - 'display_history': 'enable', - 'display_status': 'enable', - 'dns_server1': 'test_value_11', - 'dns_server2': 'test_value_12', - 'dns_suffix': 'test_value_13', - 'exclusive_routing': 'enable', - 'forticlient_download': 'enable', - 'forticlient_download_method': 'direct', - 'heading': 'test_value_17', - 'hide_sso_credential': 'enable', - 'host_check': 'none', - 'host_check_interval': '20', - 'ip_mode': 'range', - 'ipv6_dns_server1': 'test_value_22', - 'ipv6_dns_server2': 'test_value_23', - 'ipv6_exclusive_routing': 'enable', - 'ipv6_service_restriction': 'enable', - 'ipv6_split_tunneling': 'enable', - 'ipv6_tunnel_mode': 'enable', - 'ipv6_wins_server1': 'test_value_28', - 'ipv6_wins_server2': 'test_value_29', - 'keep_alive': 'enable', - 'limit_user_logins': 'enable', - 'mac_addr_action': 'allow', - 'mac_addr_check': 'enable', - 'macos_forticlient_download_url': 'test_value_34', - 'name': 'default_name_35', - 'os_check': 'enable', - 'redir_url': 'test_value_37', - 'save_password': 'enable', - 'service_restriction': 'enable', - 'skip_check_for_unsupported_browser': 'enable', - 'skip_check_for_unsupported_os': 'enable', - 'smb_ntlmv1_auth': 'enable', - 'smbv1': 'enable', - 'split_tunneling': 'enable', - 'theme': 'blue', - 'tunnel_mode': 'enable', - 'user_bookmark': 'enable', - 'user_group_bookmark': 'enable', - 'web_mode': 'enable', - 'windows_forticlient_download_url': 'test_value_50', - 'wins_server1': 'test_value_51', - 'wins_server2': 'test_value_52' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_portal.fortios_vpn_ssl_web(input_data, fos_instance) - - expected_data = { - 'allow-user-access': 'web', - 'auto-connect': 'enable', - 'custom-lang': 'test_value_5', - 'customize-forticlient-download-url': 'enable', - 'display-bookmark': 'enable', - 'display-connection-tools': 'enable', - 'display-history': 'enable', - 'display-status': 'enable', - 'dns-server1': 'test_value_11', - 'dns-server2': 'test_value_12', - 'dns-suffix': 'test_value_13', - 'exclusive-routing': 'enable', - 'forticlient-download': 'enable', - 'forticlient-download-method': 'direct', - 'heading': 'test_value_17', - 'hide-sso-credential': 'enable', - 'host-check': 'none', - 'host-check-interval': '20', - 'ip-mode': 'range', - 'ipv6-dns-server1': 'test_value_22', - 'ipv6-dns-server2': 'test_value_23', - 'ipv6-exclusive-routing': 'enable', - 'ipv6-service-restriction': 'enable', - 'ipv6-split-tunneling': 'enable', - 'ipv6-tunnel-mode': 'enable', - 'ipv6-wins-server1': 'test_value_28', - 'ipv6-wins-server2': 'test_value_29', - 'keep-alive': 'enable', - 'limit-user-logins': 'enable', - 'mac-addr-action': 'allow', - 'mac-addr-check': 'enable', - 'macos-forticlient-download-url': 'test_value_34', - 'name': 'default_name_35', - 'os-check': 'enable', - 'redir-url': 'test_value_37', - 'save-password': 'enable', - 'service-restriction': 'enable', - 'skip-check-for-unsupported-browser': 'enable', - 'skip-check-for-unsupported-os': 'enable', - 'smb-ntlmv1-auth': 'enable', - 'smbv1': 'enable', - 'split-tunneling': 'enable', - 'theme': 'blue', - 'tunnel-mode': 'enable', - 'user-bookmark': 'enable', - 'user-group-bookmark': 'enable', - 'web-mode': 'enable', - 'windows-forticlient-download-url': 'test_value_50', - 'wins-server1': 'test_value_51', - 'wins-server2': 'test_value_52' - } - - set_method_mock.assert_called_with('vpn.ssl.web', 'portal', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_ssl_web_portal_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ssl_web_portal': { - 'allow_user_access': 'web', - 'auto_connect': 'enable', - 'custom_lang': 'test_value_5', - 'customize_forticlient_download_url': 'enable', - 'display_bookmark': 'enable', - 'display_connection_tools': 'enable', - 'display_history': 'enable', - 'display_status': 'enable', - 'dns_server1': 'test_value_11', - 'dns_server2': 'test_value_12', - 'dns_suffix': 'test_value_13', - 'exclusive_routing': 'enable', - 'forticlient_download': 'enable', - 'forticlient_download_method': 'direct', - 'heading': 'test_value_17', - 'hide_sso_credential': 'enable', - 'host_check': 'none', - 'host_check_interval': '20', - 'ip_mode': 'range', - 'ipv6_dns_server1': 'test_value_22', - 'ipv6_dns_server2': 'test_value_23', - 'ipv6_exclusive_routing': 'enable', - 'ipv6_service_restriction': 'enable', - 'ipv6_split_tunneling': 'enable', - 'ipv6_tunnel_mode': 'enable', - 'ipv6_wins_server1': 'test_value_28', - 'ipv6_wins_server2': 'test_value_29', - 'keep_alive': 'enable', - 'limit_user_logins': 'enable', - 'mac_addr_action': 'allow', - 'mac_addr_check': 'enable', - 'macos_forticlient_download_url': 'test_value_34', - 'name': 'default_name_35', - 'os_check': 'enable', - 'redir_url': 'test_value_37', - 'save_password': 'enable', - 'service_restriction': 'enable', - 'skip_check_for_unsupported_browser': 'enable', - 'skip_check_for_unsupported_os': 'enable', - 'smb_ntlmv1_auth': 'enable', - 'smbv1': 'enable', - 'split_tunneling': 'enable', - 'theme': 'blue', - 'tunnel_mode': 'enable', - 'user_bookmark': 'enable', - 'user_group_bookmark': 'enable', - 'web_mode': 'enable', - 'windows_forticlient_download_url': 'test_value_50', - 'wins_server1': 'test_value_51', - 'wins_server2': 'test_value_52' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_portal.fortios_vpn_ssl_web(input_data, fos_instance) - - expected_data = { - 'allow-user-access': 'web', - 'auto-connect': 'enable', - 'custom-lang': 'test_value_5', - 'customize-forticlient-download-url': 'enable', - 'display-bookmark': 'enable', - 'display-connection-tools': 'enable', - 'display-history': 'enable', - 'display-status': 'enable', - 'dns-server1': 'test_value_11', - 'dns-server2': 'test_value_12', - 'dns-suffix': 'test_value_13', - 'exclusive-routing': 'enable', - 'forticlient-download': 'enable', - 'forticlient-download-method': 'direct', - 'heading': 'test_value_17', - 'hide-sso-credential': 'enable', - 'host-check': 'none', - 'host-check-interval': '20', - 'ip-mode': 'range', - 'ipv6-dns-server1': 'test_value_22', - 'ipv6-dns-server2': 'test_value_23', - 'ipv6-exclusive-routing': 'enable', - 'ipv6-service-restriction': 'enable', - 'ipv6-split-tunneling': 'enable', - 'ipv6-tunnel-mode': 'enable', - 'ipv6-wins-server1': 'test_value_28', - 'ipv6-wins-server2': 'test_value_29', - 'keep-alive': 'enable', - 'limit-user-logins': 'enable', - 'mac-addr-action': 'allow', - 'mac-addr-check': 'enable', - 'macos-forticlient-download-url': 'test_value_34', - 'name': 'default_name_35', - 'os-check': 'enable', - 'redir-url': 'test_value_37', - 'save-password': 'enable', - 'service-restriction': 'enable', - 'skip-check-for-unsupported-browser': 'enable', - 'skip-check-for-unsupported-os': 'enable', - 'smb-ntlmv1-auth': 'enable', - 'smbv1': 'enable', - 'split-tunneling': 'enable', - 'theme': 'blue', - 'tunnel-mode': 'enable', - 'user-bookmark': 'enable', - 'user-group-bookmark': 'enable', - 'web-mode': 'enable', - 'windows-forticlient-download-url': 'test_value_50', - 'wins-server1': 'test_value_51', - 'wins-server2': 'test_value_52' - } - - set_method_mock.assert_called_with('vpn.ssl.web', 'portal', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_ssl_web_portal_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_ssl_web_portal': { - 'allow_user_access': 'web', - 'auto_connect': 'enable', - 'custom_lang': 'test_value_5', - 'customize_forticlient_download_url': 'enable', - 'display_bookmark': 'enable', - 'display_connection_tools': 'enable', - 'display_history': 'enable', - 'display_status': 'enable', - 'dns_server1': 'test_value_11', - 'dns_server2': 'test_value_12', - 'dns_suffix': 'test_value_13', - 'exclusive_routing': 'enable', - 'forticlient_download': 'enable', - 'forticlient_download_method': 'direct', - 'heading': 'test_value_17', - 'hide_sso_credential': 'enable', - 'host_check': 'none', - 'host_check_interval': '20', - 'ip_mode': 'range', - 'ipv6_dns_server1': 'test_value_22', - 'ipv6_dns_server2': 'test_value_23', - 'ipv6_exclusive_routing': 'enable', - 'ipv6_service_restriction': 'enable', - 'ipv6_split_tunneling': 'enable', - 'ipv6_tunnel_mode': 'enable', - 'ipv6_wins_server1': 'test_value_28', - 'ipv6_wins_server2': 'test_value_29', - 'keep_alive': 'enable', - 'limit_user_logins': 'enable', - 'mac_addr_action': 'allow', - 'mac_addr_check': 'enable', - 'macos_forticlient_download_url': 'test_value_34', - 'name': 'default_name_35', - 'os_check': 'enable', - 'redir_url': 'test_value_37', - 'save_password': 'enable', - 'service_restriction': 'enable', - 'skip_check_for_unsupported_browser': 'enable', - 'skip_check_for_unsupported_os': 'enable', - 'smb_ntlmv1_auth': 'enable', - 'smbv1': 'enable', - 'split_tunneling': 'enable', - 'theme': 'blue', - 'tunnel_mode': 'enable', - 'user_bookmark': 'enable', - 'user_group_bookmark': 'enable', - 'web_mode': 'enable', - 'windows_forticlient_download_url': 'test_value_50', - 'wins_server1': 'test_value_51', - 'wins_server2': 'test_value_52' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_portal.fortios_vpn_ssl_web(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.ssl.web', 'portal', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_ssl_web_portal_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_ssl_web_portal': { - 'allow_user_access': 'web', - 'auto_connect': 'enable', - 'custom_lang': 'test_value_5', - 'customize_forticlient_download_url': 'enable', - 'display_bookmark': 'enable', - 'display_connection_tools': 'enable', - 'display_history': 'enable', - 'display_status': 'enable', - 'dns_server1': 'test_value_11', - 'dns_server2': 'test_value_12', - 'dns_suffix': 'test_value_13', - 'exclusive_routing': 'enable', - 'forticlient_download': 'enable', - 'forticlient_download_method': 'direct', - 'heading': 'test_value_17', - 'hide_sso_credential': 'enable', - 'host_check': 'none', - 'host_check_interval': '20', - 'ip_mode': 'range', - 'ipv6_dns_server1': 'test_value_22', - 'ipv6_dns_server2': 'test_value_23', - 'ipv6_exclusive_routing': 'enable', - 'ipv6_service_restriction': 'enable', - 'ipv6_split_tunneling': 'enable', - 'ipv6_tunnel_mode': 'enable', - 'ipv6_wins_server1': 'test_value_28', - 'ipv6_wins_server2': 'test_value_29', - 'keep_alive': 'enable', - 'limit_user_logins': 'enable', - 'mac_addr_action': 'allow', - 'mac_addr_check': 'enable', - 'macos_forticlient_download_url': 'test_value_34', - 'name': 'default_name_35', - 'os_check': 'enable', - 'redir_url': 'test_value_37', - 'save_password': 'enable', - 'service_restriction': 'enable', - 'skip_check_for_unsupported_browser': 'enable', - 'skip_check_for_unsupported_os': 'enable', - 'smb_ntlmv1_auth': 'enable', - 'smbv1': 'enable', - 'split_tunneling': 'enable', - 'theme': 'blue', - 'tunnel_mode': 'enable', - 'user_bookmark': 'enable', - 'user_group_bookmark': 'enable', - 'web_mode': 'enable', - 'windows_forticlient_download_url': 'test_value_50', - 'wins_server1': 'test_value_51', - 'wins_server2': 'test_value_52' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_portal.fortios_vpn_ssl_web(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.ssl.web', 'portal', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_ssl_web_portal_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ssl_web_portal': { - 'allow_user_access': 'web', - 'auto_connect': 'enable', - 'custom_lang': 'test_value_5', - 'customize_forticlient_download_url': 'enable', - 'display_bookmark': 'enable', - 'display_connection_tools': 'enable', - 'display_history': 'enable', - 'display_status': 'enable', - 'dns_server1': 'test_value_11', - 'dns_server2': 'test_value_12', - 'dns_suffix': 'test_value_13', - 'exclusive_routing': 'enable', - 'forticlient_download': 'enable', - 'forticlient_download_method': 'direct', - 'heading': 'test_value_17', - 'hide_sso_credential': 'enable', - 'host_check': 'none', - 'host_check_interval': '20', - 'ip_mode': 'range', - 'ipv6_dns_server1': 'test_value_22', - 'ipv6_dns_server2': 'test_value_23', - 'ipv6_exclusive_routing': 'enable', - 'ipv6_service_restriction': 'enable', - 'ipv6_split_tunneling': 'enable', - 'ipv6_tunnel_mode': 'enable', - 'ipv6_wins_server1': 'test_value_28', - 'ipv6_wins_server2': 'test_value_29', - 'keep_alive': 'enable', - 'limit_user_logins': 'enable', - 'mac_addr_action': 'allow', - 'mac_addr_check': 'enable', - 'macos_forticlient_download_url': 'test_value_34', - 'name': 'default_name_35', - 'os_check': 'enable', - 'redir_url': 'test_value_37', - 'save_password': 'enable', - 'service_restriction': 'enable', - 'skip_check_for_unsupported_browser': 'enable', - 'skip_check_for_unsupported_os': 'enable', - 'smb_ntlmv1_auth': 'enable', - 'smbv1': 'enable', - 'split_tunneling': 'enable', - 'theme': 'blue', - 'tunnel_mode': 'enable', - 'user_bookmark': 'enable', - 'user_group_bookmark': 'enable', - 'web_mode': 'enable', - 'windows_forticlient_download_url': 'test_value_50', - 'wins_server1': 'test_value_51', - 'wins_server2': 'test_value_52' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_portal.fortios_vpn_ssl_web(input_data, fos_instance) - - expected_data = { - 'allow-user-access': 'web', - 'auto-connect': 'enable', - 'custom-lang': 'test_value_5', - 'customize-forticlient-download-url': 'enable', - 'display-bookmark': 'enable', - 'display-connection-tools': 'enable', - 'display-history': 'enable', - 'display-status': 'enable', - 'dns-server1': 'test_value_11', - 'dns-server2': 'test_value_12', - 'dns-suffix': 'test_value_13', - 'exclusive-routing': 'enable', - 'forticlient-download': 'enable', - 'forticlient-download-method': 'direct', - 'heading': 'test_value_17', - 'hide-sso-credential': 'enable', - 'host-check': 'none', - 'host-check-interval': '20', - 'ip-mode': 'range', - 'ipv6-dns-server1': 'test_value_22', - 'ipv6-dns-server2': 'test_value_23', - 'ipv6-exclusive-routing': 'enable', - 'ipv6-service-restriction': 'enable', - 'ipv6-split-tunneling': 'enable', - 'ipv6-tunnel-mode': 'enable', - 'ipv6-wins-server1': 'test_value_28', - 'ipv6-wins-server2': 'test_value_29', - 'keep-alive': 'enable', - 'limit-user-logins': 'enable', - 'mac-addr-action': 'allow', - 'mac-addr-check': 'enable', - 'macos-forticlient-download-url': 'test_value_34', - 'name': 'default_name_35', - 'os-check': 'enable', - 'redir-url': 'test_value_37', - 'save-password': 'enable', - 'service-restriction': 'enable', - 'skip-check-for-unsupported-browser': 'enable', - 'skip-check-for-unsupported-os': 'enable', - 'smb-ntlmv1-auth': 'enable', - 'smbv1': 'enable', - 'split-tunneling': 'enable', - 'theme': 'blue', - 'tunnel-mode': 'enable', - 'user-bookmark': 'enable', - 'user-group-bookmark': 'enable', - 'web-mode': 'enable', - 'windows-forticlient-download-url': 'test_value_50', - 'wins-server1': 'test_value_51', - 'wins-server2': 'test_value_52' - } - - set_method_mock.assert_called_with('vpn.ssl.web', 'portal', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_vpn_ssl_web_portal_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ssl_web_portal': { - 'random_attribute_not_valid': 'tag', - 'allow_user_access': 'web', - 'auto_connect': 'enable', - 'custom_lang': 'test_value_5', - 'customize_forticlient_download_url': 'enable', - 'display_bookmark': 'enable', - 'display_connection_tools': 'enable', - 'display_history': 'enable', - 'display_status': 'enable', - 'dns_server1': 'test_value_11', - 'dns_server2': 'test_value_12', - 'dns_suffix': 'test_value_13', - 'exclusive_routing': 'enable', - 'forticlient_download': 'enable', - 'forticlient_download_method': 'direct', - 'heading': 'test_value_17', - 'hide_sso_credential': 'enable', - 'host_check': 'none', - 'host_check_interval': '20', - 'ip_mode': 'range', - 'ipv6_dns_server1': 'test_value_22', - 'ipv6_dns_server2': 'test_value_23', - 'ipv6_exclusive_routing': 'enable', - 'ipv6_service_restriction': 'enable', - 'ipv6_split_tunneling': 'enable', - 'ipv6_tunnel_mode': 'enable', - 'ipv6_wins_server1': 'test_value_28', - 'ipv6_wins_server2': 'test_value_29', - 'keep_alive': 'enable', - 'limit_user_logins': 'enable', - 'mac_addr_action': 'allow', - 'mac_addr_check': 'enable', - 'macos_forticlient_download_url': 'test_value_34', - 'name': 'default_name_35', - 'os_check': 'enable', - 'redir_url': 'test_value_37', - 'save_password': 'enable', - 'service_restriction': 'enable', - 'skip_check_for_unsupported_browser': 'enable', - 'skip_check_for_unsupported_os': 'enable', - 'smb_ntlmv1_auth': 'enable', - 'smbv1': 'enable', - 'split_tunneling': 'enable', - 'theme': 'blue', - 'tunnel_mode': 'enable', - 'user_bookmark': 'enable', - 'user_group_bookmark': 'enable', - 'web_mode': 'enable', - 'windows_forticlient_download_url': 'test_value_50', - 'wins_server1': 'test_value_51', - 'wins_server2': 'test_value_52' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_portal.fortios_vpn_ssl_web(input_data, fos_instance) - - expected_data = { - 'allow-user-access': 'web', - 'auto-connect': 'enable', - 'custom-lang': 'test_value_5', - 'customize-forticlient-download-url': 'enable', - 'display-bookmark': 'enable', - 'display-connection-tools': 'enable', - 'display-history': 'enable', - 'display-status': 'enable', - 'dns-server1': 'test_value_11', - 'dns-server2': 'test_value_12', - 'dns-suffix': 'test_value_13', - 'exclusive-routing': 'enable', - 'forticlient-download': 'enable', - 'forticlient-download-method': 'direct', - 'heading': 'test_value_17', - 'hide-sso-credential': 'enable', - 'host-check': 'none', - 'host-check-interval': '20', - 'ip-mode': 'range', - 'ipv6-dns-server1': 'test_value_22', - 'ipv6-dns-server2': 'test_value_23', - 'ipv6-exclusive-routing': 'enable', - 'ipv6-service-restriction': 'enable', - 'ipv6-split-tunneling': 'enable', - 'ipv6-tunnel-mode': 'enable', - 'ipv6-wins-server1': 'test_value_28', - 'ipv6-wins-server2': 'test_value_29', - 'keep-alive': 'enable', - 'limit-user-logins': 'enable', - 'mac-addr-action': 'allow', - 'mac-addr-check': 'enable', - 'macos-forticlient-download-url': 'test_value_34', - 'name': 'default_name_35', - 'os-check': 'enable', - 'redir-url': 'test_value_37', - 'save-password': 'enable', - 'service-restriction': 'enable', - 'skip-check-for-unsupported-browser': 'enable', - 'skip-check-for-unsupported-os': 'enable', - 'smb-ntlmv1-auth': 'enable', - 'smbv1': 'enable', - 'split-tunneling': 'enable', - 'theme': 'blue', - 'tunnel-mode': 'enable', - 'user-bookmark': 'enable', - 'user-group-bookmark': 'enable', - 'web-mode': 'enable', - 'windows-forticlient-download-url': 'test_value_50', - 'wins-server1': 'test_value_51', - 'wins-server2': 'test_value_52' - } - - set_method_mock.assert_called_with('vpn.ssl.web', 'portal', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_vpn_ssl_web_realm.py b/test/units/modules/network/fortios/test_fortios_vpn_ssl_web_realm.py deleted file mode 100644 index bc254f4b5d2..00000000000 --- a/test/units/modules/network/fortios/test_fortios_vpn_ssl_web_realm.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_vpn_ssl_web_realm -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_vpn_ssl_web_realm.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_vpn_ssl_web_realm_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ssl_web_realm': { - 'login_page': 'test_value_3', - 'max_concurrent_user': '4', - 'url_path': 'test_value_5', - 'virtual_host': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_realm.fortios_vpn_ssl_web(input_data, fos_instance) - - expected_data = { - 'login-page': 'test_value_3', - 'max-concurrent-user': '4', - 'url-path': 'test_value_5', - 'virtual-host': 'test_value_6' - } - - set_method_mock.assert_called_with('vpn.ssl.web', 'realm', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_ssl_web_realm_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ssl_web_realm': { - 'login_page': 'test_value_3', - 'max_concurrent_user': '4', - 'url_path': 'test_value_5', - 'virtual_host': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_realm.fortios_vpn_ssl_web(input_data, fos_instance) - - expected_data = { - 'login-page': 'test_value_3', - 'max-concurrent-user': '4', - 'url-path': 'test_value_5', - 'virtual-host': 'test_value_6' - } - - set_method_mock.assert_called_with('vpn.ssl.web', 'realm', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_ssl_web_realm_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_ssl_web_realm': { - 'login_page': 'test_value_3', - 'max_concurrent_user': '4', - 'url_path': 'test_value_5', - 'virtual_host': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_realm.fortios_vpn_ssl_web(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.ssl.web', 'realm', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_ssl_web_realm_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_ssl_web_realm': { - 'login_page': 'test_value_3', - 'max_concurrent_user': '4', - 'url_path': 'test_value_5', - 'virtual_host': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_realm.fortios_vpn_ssl_web(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.ssl.web', 'realm', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_ssl_web_realm_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ssl_web_realm': { - 'login_page': 'test_value_3', - 'max_concurrent_user': '4', - 'url_path': 'test_value_5', - 'virtual_host': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_realm.fortios_vpn_ssl_web(input_data, fos_instance) - - expected_data = { - 'login-page': 'test_value_3', - 'max-concurrent-user': '4', - 'url-path': 'test_value_5', - 'virtual-host': 'test_value_6' - } - - set_method_mock.assert_called_with('vpn.ssl.web', 'realm', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_vpn_ssl_web_realm_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ssl_web_realm': { - 'random_attribute_not_valid': 'tag', - 'login_page': 'test_value_3', - 'max_concurrent_user': '4', - 'url_path': 'test_value_5', - 'virtual_host': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_realm.fortios_vpn_ssl_web(input_data, fos_instance) - - expected_data = { - 'login-page': 'test_value_3', - 'max-concurrent-user': '4', - 'url-path': 'test_value_5', - 'virtual-host': 'test_value_6' - } - - set_method_mock.assert_called_with('vpn.ssl.web', 'realm', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_vpn_ssl_web_user_bookmark.py b/test/units/modules/network/fortios/test_fortios_vpn_ssl_web_user_bookmark.py deleted file mode 100644 index 072492463c2..00000000000 --- a/test/units/modules/network/fortios/test_fortios_vpn_ssl_web_user_bookmark.py +++ /dev/null @@ -1,199 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_vpn_ssl_web_user_bookmark -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_vpn_ssl_web_user_bookmark.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_vpn_ssl_web_user_bookmark_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ssl_web_user_bookmark': {'custom_lang': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_user_bookmark.fortios_vpn_ssl_web(input_data, fos_instance) - - expected_data = {'custom-lang': 'test_value_3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('vpn.ssl.web', 'user-bookmark', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_ssl_web_user_bookmark_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ssl_web_user_bookmark': {'custom_lang': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_user_bookmark.fortios_vpn_ssl_web(input_data, fos_instance) - - expected_data = {'custom-lang': 'test_value_3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('vpn.ssl.web', 'user-bookmark', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_ssl_web_user_bookmark_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_ssl_web_user_bookmark': {'custom_lang': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_user_bookmark.fortios_vpn_ssl_web(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.ssl.web', 'user-bookmark', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_ssl_web_user_bookmark_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_ssl_web_user_bookmark': {'custom_lang': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_user_bookmark.fortios_vpn_ssl_web(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.ssl.web', 'user-bookmark', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_ssl_web_user_bookmark_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ssl_web_user_bookmark': {'custom_lang': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_user_bookmark.fortios_vpn_ssl_web(input_data, fos_instance) - - expected_data = {'custom-lang': 'test_value_3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('vpn.ssl.web', 'user-bookmark', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_vpn_ssl_web_user_bookmark_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ssl_web_user_bookmark': { - 'random_attribute_not_valid': 'tag', 'custom_lang': 'test_value_3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_user_bookmark.fortios_vpn_ssl_web(input_data, fos_instance) - - expected_data = {'custom-lang': 'test_value_3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('vpn.ssl.web', 'user-bookmark', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_vpn_ssl_web_user_group_bookmark.py b/test/units/modules/network/fortios/test_fortios_vpn_ssl_web_user_group_bookmark.py deleted file mode 100644 index 96972565938..00000000000 --- a/test/units/modules/network/fortios/test_fortios_vpn_ssl_web_user_group_bookmark.py +++ /dev/null @@ -1,189 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_vpn_ssl_web_user_group_bookmark -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_vpn_ssl_web_user_group_bookmark.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_vpn_ssl_web_user_group_bookmark_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ssl_web_user_group_bookmark': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_user_group_bookmark.fortios_vpn_ssl_web(input_data, fos_instance) - - expected_data = {'name': 'default_name_3' - } - - set_method_mock.assert_called_with('vpn.ssl.web', 'user-group-bookmark', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_ssl_web_user_group_bookmark_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ssl_web_user_group_bookmark': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_user_group_bookmark.fortios_vpn_ssl_web(input_data, fos_instance) - - expected_data = {'name': 'default_name_3' - } - - set_method_mock.assert_called_with('vpn.ssl.web', 'user-group-bookmark', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_ssl_web_user_group_bookmark_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_ssl_web_user_group_bookmark': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_user_group_bookmark.fortios_vpn_ssl_web(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.ssl.web', 'user-group-bookmark', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_vpn_ssl_web_user_group_bookmark_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'vpn_ssl_web_user_group_bookmark': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_user_group_bookmark.fortios_vpn_ssl_web(input_data, fos_instance) - - delete_method_mock.assert_called_with('vpn.ssl.web', 'user-group-bookmark', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_vpn_ssl_web_user_group_bookmark_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ssl_web_user_group_bookmark': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_user_group_bookmark.fortios_vpn_ssl_web(input_data, fos_instance) - - expected_data = {'name': 'default_name_3' - } - - set_method_mock.assert_called_with('vpn.ssl.web', 'user-group-bookmark', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_vpn_ssl_web_user_group_bookmark_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'vpn_ssl_web_user_group_bookmark': { - 'random_attribute_not_valid': 'tag', 'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_vpn_ssl_web_user_group_bookmark.fortios_vpn_ssl_web(input_data, fos_instance) - - expected_data = {'name': 'default_name_3' - } - - set_method_mock.assert_called_with('vpn.ssl.web', 'user-group-bookmark', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_waf_main_class.py b/test/units/modules/network/fortios/test_fortios_waf_main_class.py deleted file mode 100644 index 7bacc320278..00000000000 --- a/test/units/modules/network/fortios/test_fortios_waf_main_class.py +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_waf_main_class -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_waf_main_class.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_waf_main_class_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'waf_main_class': { - 'id': '3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_waf_main_class.fortios_waf(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('waf', 'main-class', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_waf_main_class_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'waf_main_class': { - 'id': '3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_waf_main_class.fortios_waf(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('waf', 'main-class', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_waf_main_class_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'waf_main_class': { - 'id': '3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_waf_main_class.fortios_waf(input_data, fos_instance) - - delete_method_mock.assert_called_with('waf', 'main-class', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_waf_main_class_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'waf_main_class': { - 'id': '3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_waf_main_class.fortios_waf(input_data, fos_instance) - - delete_method_mock.assert_called_with('waf', 'main-class', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_waf_main_class_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'waf_main_class': { - 'id': '3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_waf_main_class.fortios_waf(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('waf', 'main-class', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_waf_main_class_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'waf_main_class': { - 'random_attribute_not_valid': 'tag', - 'id': '3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_waf_main_class.fortios_waf(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('waf', 'main-class', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_waf_profile.py b/test/units/modules/network/fortios/test_fortios_waf_profile.py deleted file mode 100644 index c31da795517..00000000000 --- a/test/units/modules/network/fortios/test_fortios_waf_profile.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_waf_profile -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_waf_profile.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_waf_profile_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'waf_profile': {'comment': 'Comment.', - 'extended_log': 'enable', - 'external': 'disable', - 'name': 'default_name_6', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_waf_profile.fortios_waf(input_data, fos_instance) - - expected_data = {'comment': 'Comment.', - 'extended-log': 'enable', - 'external': 'disable', - 'name': 'default_name_6', - - } - - set_method_mock.assert_called_with('waf', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_waf_profile_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'waf_profile': {'comment': 'Comment.', - 'extended_log': 'enable', - 'external': 'disable', - 'name': 'default_name_6', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_waf_profile.fortios_waf(input_data, fos_instance) - - expected_data = {'comment': 'Comment.', - 'extended-log': 'enable', - 'external': 'disable', - 'name': 'default_name_6', - - } - - set_method_mock.assert_called_with('waf', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_waf_profile_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'waf_profile': {'comment': 'Comment.', - 'extended_log': 'enable', - 'external': 'disable', - 'name': 'default_name_6', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_waf_profile.fortios_waf(input_data, fos_instance) - - delete_method_mock.assert_called_with('waf', 'profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_waf_profile_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'waf_profile': {'comment': 'Comment.', - 'extended_log': 'enable', - 'external': 'disable', - 'name': 'default_name_6', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_waf_profile.fortios_waf(input_data, fos_instance) - - delete_method_mock.assert_called_with('waf', 'profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_waf_profile_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'waf_profile': {'comment': 'Comment.', - 'extended_log': 'enable', - 'external': 'disable', - 'name': 'default_name_6', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_waf_profile.fortios_waf(input_data, fos_instance) - - expected_data = {'comment': 'Comment.', - 'extended-log': 'enable', - 'external': 'disable', - 'name': 'default_name_6', - - } - - set_method_mock.assert_called_with('waf', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_waf_profile_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'waf_profile': { - 'random_attribute_not_valid': 'tag', 'comment': 'Comment.', - 'extended_log': 'enable', - 'external': 'disable', - 'name': 'default_name_6', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_waf_profile.fortios_waf(input_data, fos_instance) - - expected_data = {'comment': 'Comment.', - 'extended-log': 'enable', - 'external': 'disable', - 'name': 'default_name_6', - - } - - set_method_mock.assert_called_with('waf', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_waf_signature.py b/test/units/modules/network/fortios/test_fortios_waf_signature.py deleted file mode 100644 index 2dfefd26262..00000000000 --- a/test/units/modules/network/fortios/test_fortios_waf_signature.py +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_waf_signature -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_waf_signature.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_waf_signature_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'waf_signature': { - 'desc': 'test_value_3', - 'id': '4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_waf_signature.fortios_waf(input_data, fos_instance) - - expected_data = { - 'desc': 'test_value_3', - 'id': '4' - } - - set_method_mock.assert_called_with('waf', 'signature', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_waf_signature_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'waf_signature': { - 'desc': 'test_value_3', - 'id': '4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_waf_signature.fortios_waf(input_data, fos_instance) - - expected_data = { - 'desc': 'test_value_3', - 'id': '4' - } - - set_method_mock.assert_called_with('waf', 'signature', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_waf_signature_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'waf_signature': { - 'desc': 'test_value_3', - 'id': '4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_waf_signature.fortios_waf(input_data, fos_instance) - - delete_method_mock.assert_called_with('waf', 'signature', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_waf_signature_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'waf_signature': { - 'desc': 'test_value_3', - 'id': '4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_waf_signature.fortios_waf(input_data, fos_instance) - - delete_method_mock.assert_called_with('waf', 'signature', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_waf_signature_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'waf_signature': { - 'desc': 'test_value_3', - 'id': '4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_waf_signature.fortios_waf(input_data, fos_instance) - - expected_data = { - 'desc': 'test_value_3', - 'id': '4' - } - - set_method_mock.assert_called_with('waf', 'signature', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_waf_signature_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'waf_signature': { - 'random_attribute_not_valid': 'tag', - 'desc': 'test_value_3', - 'id': '4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_waf_signature.fortios_waf(input_data, fos_instance) - - expected_data = { - 'desc': 'test_value_3', - 'id': '4' - } - - set_method_mock.assert_called_with('waf', 'signature', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_waf_sub_class.py b/test/units/modules/network/fortios/test_fortios_waf_sub_class.py deleted file mode 100644 index bb72047c247..00000000000 --- a/test/units/modules/network/fortios/test_fortios_waf_sub_class.py +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_waf_sub_class -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_waf_sub_class.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_waf_sub_class_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'waf_sub_class': { - 'id': '3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_waf_sub_class.fortios_waf(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('waf', 'sub-class', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_waf_sub_class_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'waf_sub_class': { - 'id': '3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_waf_sub_class.fortios_waf(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('waf', 'sub-class', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_waf_sub_class_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'waf_sub_class': { - 'id': '3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_waf_sub_class.fortios_waf(input_data, fos_instance) - - delete_method_mock.assert_called_with('waf', 'sub-class', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_waf_sub_class_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'waf_sub_class': { - 'id': '3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_waf_sub_class.fortios_waf(input_data, fos_instance) - - delete_method_mock.assert_called_with('waf', 'sub-class', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_waf_sub_class_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'waf_sub_class': { - 'id': '3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_waf_sub_class.fortios_waf(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('waf', 'sub-class', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_waf_sub_class_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'waf_sub_class': { - 'random_attribute_not_valid': 'tag', - 'id': '3', - 'name': 'default_name_4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_waf_sub_class.fortios_waf(input_data, fos_instance) - - expected_data = { - 'id': '3', - 'name': 'default_name_4' - } - - set_method_mock.assert_called_with('waf', 'sub-class', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wanopt_auth_group.py b/test/units/modules/network/fortios/test_fortios_wanopt_auth_group.py deleted file mode 100644 index 03474439021..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wanopt_auth_group.py +++ /dev/null @@ -1,249 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wanopt_auth_group -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wanopt_auth_group.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wanopt_auth_group_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_auth_group': { - 'auth_method': 'cert', - 'cert': 'test_value_4', - 'name': 'default_name_5', - 'peer': 'test_value_6', - 'peer_accept': 'any', - 'psk': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_auth_group.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'auth-method': 'cert', - 'cert': 'test_value_4', - 'name': 'default_name_5', - 'peer': 'test_value_6', - 'peer-accept': 'any', - 'psk': 'test_value_8' - } - - set_method_mock.assert_called_with('wanopt', 'auth-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wanopt_auth_group_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_auth_group': { - 'auth_method': 'cert', - 'cert': 'test_value_4', - 'name': 'default_name_5', - 'peer': 'test_value_6', - 'peer_accept': 'any', - 'psk': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_auth_group.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'auth-method': 'cert', - 'cert': 'test_value_4', - 'name': 'default_name_5', - 'peer': 'test_value_6', - 'peer-accept': 'any', - 'psk': 'test_value_8' - } - - set_method_mock.assert_called_with('wanopt', 'auth-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wanopt_auth_group_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wanopt_auth_group': { - 'auth_method': 'cert', - 'cert': 'test_value_4', - 'name': 'default_name_5', - 'peer': 'test_value_6', - 'peer_accept': 'any', - 'psk': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_auth_group.fortios_wanopt(input_data, fos_instance) - - delete_method_mock.assert_called_with('wanopt', 'auth-group', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wanopt_auth_group_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wanopt_auth_group': { - 'auth_method': 'cert', - 'cert': 'test_value_4', - 'name': 'default_name_5', - 'peer': 'test_value_6', - 'peer_accept': 'any', - 'psk': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_auth_group.fortios_wanopt(input_data, fos_instance) - - delete_method_mock.assert_called_with('wanopt', 'auth-group', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wanopt_auth_group_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_auth_group': { - 'auth_method': 'cert', - 'cert': 'test_value_4', - 'name': 'default_name_5', - 'peer': 'test_value_6', - 'peer_accept': 'any', - 'psk': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_auth_group.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'auth-method': 'cert', - 'cert': 'test_value_4', - 'name': 'default_name_5', - 'peer': 'test_value_6', - 'peer-accept': 'any', - 'psk': 'test_value_8' - } - - set_method_mock.assert_called_with('wanopt', 'auth-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wanopt_auth_group_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_auth_group': { - 'random_attribute_not_valid': 'tag', - 'auth_method': 'cert', - 'cert': 'test_value_4', - 'name': 'default_name_5', - 'peer': 'test_value_6', - 'peer_accept': 'any', - 'psk': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_auth_group.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'auth-method': 'cert', - 'cert': 'test_value_4', - 'name': 'default_name_5', - 'peer': 'test_value_6', - 'peer-accept': 'any', - 'psk': 'test_value_8' - } - - set_method_mock.assert_called_with('wanopt', 'auth-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wanopt_cache_service.py b/test/units/modules/network/fortios/test_fortios_wanopt_cache_service.py deleted file mode 100644 index b95db689f01..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wanopt_cache_service.py +++ /dev/null @@ -1,183 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wanopt_cache_service -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wanopt_cache_service.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wanopt_cache_service_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_cache_service': { - 'acceptable_connections': 'any', - 'collaboration': 'enable', - 'device_id': 'test_value_5', - 'prefer_scenario': 'balance', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_cache_service.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'acceptable-connections': 'any', - 'collaboration': 'enable', - 'device-id': 'test_value_5', - 'prefer-scenario': 'balance', - - } - - set_method_mock.assert_called_with('wanopt', 'cache-service', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wanopt_cache_service_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_cache_service': { - 'acceptable_connections': 'any', - 'collaboration': 'enable', - 'device_id': 'test_value_5', - 'prefer_scenario': 'balance', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_cache_service.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'acceptable-connections': 'any', - 'collaboration': 'enable', - 'device-id': 'test_value_5', - 'prefer-scenario': 'balance', - - } - - set_method_mock.assert_called_with('wanopt', 'cache-service', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wanopt_cache_service_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_cache_service': { - 'acceptable_connections': 'any', - 'collaboration': 'enable', - 'device_id': 'test_value_5', - 'prefer_scenario': 'balance', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_cache_service.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'acceptable-connections': 'any', - 'collaboration': 'enable', - 'device-id': 'test_value_5', - 'prefer-scenario': 'balance', - - } - - set_method_mock.assert_called_with('wanopt', 'cache-service', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wanopt_cache_service_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_cache_service': { - 'random_attribute_not_valid': 'tag', - 'acceptable_connections': 'any', - 'collaboration': 'enable', - 'device_id': 'test_value_5', - 'prefer_scenario': 'balance', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_cache_service.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'acceptable-connections': 'any', - 'collaboration': 'enable', - 'device-id': 'test_value_5', - 'prefer-scenario': 'balance', - - } - - set_method_mock.assert_called_with('wanopt', 'cache-service', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wanopt_content_delivery_network_rule.py b/test/units/modules/network/fortios/test_fortios_wanopt_content_delivery_network_rule.py deleted file mode 100644 index 7d444104f9a..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wanopt_content_delivery_network_rule.py +++ /dev/null @@ -1,279 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wanopt_content_delivery_network_rule -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wanopt_content_delivery_network_rule.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wanopt_content_delivery_network_rule_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_content_delivery_network_rule': { - 'category': 'vcache', - 'comment': 'Comment about this CDN-rule.', - 'name': 'default_name_5', - 'request_cache_control': 'enable', - 'response_cache_control': 'enable', - 'response_expires': 'enable', - 'status': 'enable', - 'text_response_vcache': 'enable', - 'updateserver': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_content_delivery_network_rule.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'category': 'vcache', - 'comment': 'Comment about this CDN-rule.', - 'name': 'default_name_5', - 'request-cache-control': 'enable', - 'response-cache-control': 'enable', - 'response-expires': 'enable', - 'status': 'enable', - 'text-response-vcache': 'enable', - 'updateserver': 'enable' - } - - set_method_mock.assert_called_with('wanopt', 'content-delivery-network-rule', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wanopt_content_delivery_network_rule_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_content_delivery_network_rule': { - 'category': 'vcache', - 'comment': 'Comment about this CDN-rule.', - 'name': 'default_name_5', - 'request_cache_control': 'enable', - 'response_cache_control': 'enable', - 'response_expires': 'enable', - 'status': 'enable', - 'text_response_vcache': 'enable', - 'updateserver': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_content_delivery_network_rule.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'category': 'vcache', - 'comment': 'Comment about this CDN-rule.', - 'name': 'default_name_5', - 'request-cache-control': 'enable', - 'response-cache-control': 'enable', - 'response-expires': 'enable', - 'status': 'enable', - 'text-response-vcache': 'enable', - 'updateserver': 'enable' - } - - set_method_mock.assert_called_with('wanopt', 'content-delivery-network-rule', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wanopt_content_delivery_network_rule_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wanopt_content_delivery_network_rule': { - 'category': 'vcache', - 'comment': 'Comment about this CDN-rule.', - 'name': 'default_name_5', - 'request_cache_control': 'enable', - 'response_cache_control': 'enable', - 'response_expires': 'enable', - 'status': 'enable', - 'text_response_vcache': 'enable', - 'updateserver': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_content_delivery_network_rule.fortios_wanopt(input_data, fos_instance) - - delete_method_mock.assert_called_with('wanopt', 'content-delivery-network-rule', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wanopt_content_delivery_network_rule_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wanopt_content_delivery_network_rule': { - 'category': 'vcache', - 'comment': 'Comment about this CDN-rule.', - 'name': 'default_name_5', - 'request_cache_control': 'enable', - 'response_cache_control': 'enable', - 'response_expires': 'enable', - 'status': 'enable', - 'text_response_vcache': 'enable', - 'updateserver': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_content_delivery_network_rule.fortios_wanopt(input_data, fos_instance) - - delete_method_mock.assert_called_with('wanopt', 'content-delivery-network-rule', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wanopt_content_delivery_network_rule_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_content_delivery_network_rule': { - 'category': 'vcache', - 'comment': 'Comment about this CDN-rule.', - 'name': 'default_name_5', - 'request_cache_control': 'enable', - 'response_cache_control': 'enable', - 'response_expires': 'enable', - 'status': 'enable', - 'text_response_vcache': 'enable', - 'updateserver': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_content_delivery_network_rule.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'category': 'vcache', - 'comment': 'Comment about this CDN-rule.', - 'name': 'default_name_5', - 'request-cache-control': 'enable', - 'response-cache-control': 'enable', - 'response-expires': 'enable', - 'status': 'enable', - 'text-response-vcache': 'enable', - 'updateserver': 'enable' - } - - set_method_mock.assert_called_with('wanopt', 'content-delivery-network-rule', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wanopt_content_delivery_network_rule_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_content_delivery_network_rule': { - 'random_attribute_not_valid': 'tag', - 'category': 'vcache', - 'comment': 'Comment about this CDN-rule.', - 'name': 'default_name_5', - 'request_cache_control': 'enable', - 'response_cache_control': 'enable', - 'response_expires': 'enable', - 'status': 'enable', - 'text_response_vcache': 'enable', - 'updateserver': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_content_delivery_network_rule.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'category': 'vcache', - 'comment': 'Comment about this CDN-rule.', - 'name': 'default_name_5', - 'request-cache-control': 'enable', - 'response-cache-control': 'enable', - 'response-expires': 'enable', - 'status': 'enable', - 'text-response-vcache': 'enable', - 'updateserver': 'enable' - } - - set_method_mock.assert_called_with('wanopt', 'content-delivery-network-rule', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wanopt_peer.py b/test/units/modules/network/fortios/test_fortios_wanopt_peer.py deleted file mode 100644 index e247137dc81..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wanopt_peer.py +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wanopt_peer -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wanopt_peer.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wanopt_peer_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_peer': { - 'ip': 'test_value_3', - 'peer_host_id': 'myhostname4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_peer.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'ip': 'test_value_3', - 'peer-host-id': 'myhostname4' - } - - set_method_mock.assert_called_with('wanopt', 'peer', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wanopt_peer_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_peer': { - 'ip': 'test_value_3', - 'peer_host_id': 'myhostname4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_peer.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'ip': 'test_value_3', - 'peer-host-id': 'myhostname4' - } - - set_method_mock.assert_called_with('wanopt', 'peer', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wanopt_peer_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wanopt_peer': { - 'ip': 'test_value_3', - 'peer_host_id': 'myhostname4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_peer.fortios_wanopt(input_data, fos_instance) - - delete_method_mock.assert_called_with('wanopt', 'peer', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wanopt_peer_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wanopt_peer': { - 'ip': 'test_value_3', - 'peer_host_id': 'myhostname4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_peer.fortios_wanopt(input_data, fos_instance) - - delete_method_mock.assert_called_with('wanopt', 'peer', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wanopt_peer_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_peer': { - 'ip': 'test_value_3', - 'peer_host_id': 'myhostname4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_peer.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'ip': 'test_value_3', - 'peer-host-id': 'myhostname4' - } - - set_method_mock.assert_called_with('wanopt', 'peer', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wanopt_peer_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_peer': { - 'random_attribute_not_valid': 'tag', - 'ip': 'test_value_3', - 'peer_host_id': 'myhostname4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_peer.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'ip': 'test_value_3', - 'peer-host-id': 'myhostname4' - } - - set_method_mock.assert_called_with('wanopt', 'peer', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wanopt_profile.py b/test/units/modules/network/fortios/test_fortios_wanopt_profile.py deleted file mode 100644 index 7d149512e80..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wanopt_profile.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wanopt_profile -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wanopt_profile.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wanopt_profile_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_profile': { - 'auth_group': 'test_value_3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'transparent': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_profile.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'auth-group': 'test_value_3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'transparent': 'enable' - } - - set_method_mock.assert_called_with('wanopt', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wanopt_profile_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_profile': { - 'auth_group': 'test_value_3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'transparent': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_profile.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'auth-group': 'test_value_3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'transparent': 'enable' - } - - set_method_mock.assert_called_with('wanopt', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wanopt_profile_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wanopt_profile': { - 'auth_group': 'test_value_3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'transparent': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_profile.fortios_wanopt(input_data, fos_instance) - - delete_method_mock.assert_called_with('wanopt', 'profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wanopt_profile_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wanopt_profile': { - 'auth_group': 'test_value_3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'transparent': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_profile.fortios_wanopt(input_data, fos_instance) - - delete_method_mock.assert_called_with('wanopt', 'profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wanopt_profile_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_profile': { - 'auth_group': 'test_value_3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'transparent': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_profile.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'auth-group': 'test_value_3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'transparent': 'enable' - } - - set_method_mock.assert_called_with('wanopt', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wanopt_profile_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_profile': { - 'random_attribute_not_valid': 'tag', - 'auth_group': 'test_value_3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'transparent': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_profile.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'auth-group': 'test_value_3', - 'comments': 'test_value_4', - 'name': 'default_name_5', - 'transparent': 'enable' - } - - set_method_mock.assert_called_with('wanopt', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wanopt_remote_storage.py b/test/units/modules/network/fortios/test_fortios_wanopt_remote_storage.py deleted file mode 100644 index 004bf8c551a..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wanopt_remote_storage.py +++ /dev/null @@ -1,175 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wanopt_remote_storage -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wanopt_remote_storage.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wanopt_remote_storage_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_remote_storage': { - 'local_cache_id': 'test_value_3', - 'remote_cache_id': 'test_value_4', - 'remote_cache_ip': 'test_value_5', - 'status': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_remote_storage.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'local-cache-id': 'test_value_3', - 'remote-cache-id': 'test_value_4', - 'remote-cache-ip': 'test_value_5', - 'status': 'disable' - } - - set_method_mock.assert_called_with('wanopt', 'remote-storage', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wanopt_remote_storage_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_remote_storage': { - 'local_cache_id': 'test_value_3', - 'remote_cache_id': 'test_value_4', - 'remote_cache_ip': 'test_value_5', - 'status': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_remote_storage.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'local-cache-id': 'test_value_3', - 'remote-cache-id': 'test_value_4', - 'remote-cache-ip': 'test_value_5', - 'status': 'disable' - } - - set_method_mock.assert_called_with('wanopt', 'remote-storage', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wanopt_remote_storage_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_remote_storage': { - 'local_cache_id': 'test_value_3', - 'remote_cache_id': 'test_value_4', - 'remote_cache_ip': 'test_value_5', - 'status': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_remote_storage.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'local-cache-id': 'test_value_3', - 'remote-cache-id': 'test_value_4', - 'remote-cache-ip': 'test_value_5', - 'status': 'disable' - } - - set_method_mock.assert_called_with('wanopt', 'remote-storage', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wanopt_remote_storage_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_remote_storage': { - 'random_attribute_not_valid': 'tag', - 'local_cache_id': 'test_value_3', - 'remote_cache_id': 'test_value_4', - 'remote_cache_ip': 'test_value_5', - 'status': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_remote_storage.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'local-cache-id': 'test_value_3', - 'remote-cache-id': 'test_value_4', - 'remote-cache-ip': 'test_value_5', - 'status': 'disable' - } - - set_method_mock.assert_called_with('wanopt', 'remote-storage', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wanopt_settings.py b/test/units/modules/network/fortios/test_fortios_wanopt_settings.py deleted file mode 100644 index fc61a2eeeaa..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wanopt_settings.py +++ /dev/null @@ -1,167 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wanopt_settings -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wanopt_settings.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wanopt_settings_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_settings': { - 'auto_detect_algorithm': 'simple', - 'host_id': 'myhostname4', - 'tunnel_ssl_algorithm': 'low' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_settings.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'auto-detect-algorithm': 'simple', - 'host-id': 'myhostname4', - 'tunnel-ssl-algorithm': 'low' - } - - set_method_mock.assert_called_with('wanopt', 'settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wanopt_settings_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_settings': { - 'auto_detect_algorithm': 'simple', - 'host_id': 'myhostname4', - 'tunnel_ssl_algorithm': 'low' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_settings.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'auto-detect-algorithm': 'simple', - 'host-id': 'myhostname4', - 'tunnel-ssl-algorithm': 'low' - } - - set_method_mock.assert_called_with('wanopt', 'settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wanopt_settings_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_settings': { - 'auto_detect_algorithm': 'simple', - 'host_id': 'myhostname4', - 'tunnel_ssl_algorithm': 'low' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_settings.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'auto-detect-algorithm': 'simple', - 'host-id': 'myhostname4', - 'tunnel-ssl-algorithm': 'low' - } - - set_method_mock.assert_called_with('wanopt', 'settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wanopt_settings_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_settings': { - 'random_attribute_not_valid': 'tag', - 'auto_detect_algorithm': 'simple', - 'host_id': 'myhostname4', - 'tunnel_ssl_algorithm': 'low' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_settings.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'auto-detect-algorithm': 'simple', - 'host-id': 'myhostname4', - 'tunnel-ssl-algorithm': 'low' - } - - set_method_mock.assert_called_with('wanopt', 'settings', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wanopt_webcache.py b/test/units/modules/network/fortios/test_fortios_wanopt_webcache.py deleted file mode 100644 index c2b4e421fe5..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wanopt_webcache.py +++ /dev/null @@ -1,279 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wanopt_webcache -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wanopt_webcache.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wanopt_webcache_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_webcache': { - 'always_revalidate': 'enable', - 'cache_by_default': 'enable', - 'cache_cookie': 'enable', - 'cache_expired': 'enable', - 'default_ttl': '7', - 'external': 'enable', - 'fresh_factor': '9', - 'host_validate': 'enable', - 'ignore_conditional': 'enable', - 'ignore_ie_reload': 'enable', - 'ignore_ims': 'enable', - 'ignore_pnc': 'enable', - 'max_object_size': '15', - 'max_ttl': '16', - 'min_ttl': '17', - 'neg_resp_time': '18', - 'reval_pnc': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_webcache.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'always-revalidate': 'enable', - 'cache-by-default': 'enable', - 'cache-cookie': 'enable', - 'cache-expired': 'enable', - 'default-ttl': '7', - 'external': 'enable', - 'fresh-factor': '9', - 'host-validate': 'enable', - 'ignore-conditional': 'enable', - 'ignore-ie-reload': 'enable', - 'ignore-ims': 'enable', - 'ignore-pnc': 'enable', - 'max-object-size': '15', - 'max-ttl': '16', - 'min-ttl': '17', - 'neg-resp-time': '18', - 'reval-pnc': 'enable' - } - - set_method_mock.assert_called_with('wanopt', 'webcache', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wanopt_webcache_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_webcache': { - 'always_revalidate': 'enable', - 'cache_by_default': 'enable', - 'cache_cookie': 'enable', - 'cache_expired': 'enable', - 'default_ttl': '7', - 'external': 'enable', - 'fresh_factor': '9', - 'host_validate': 'enable', - 'ignore_conditional': 'enable', - 'ignore_ie_reload': 'enable', - 'ignore_ims': 'enable', - 'ignore_pnc': 'enable', - 'max_object_size': '15', - 'max_ttl': '16', - 'min_ttl': '17', - 'neg_resp_time': '18', - 'reval_pnc': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_webcache.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'always-revalidate': 'enable', - 'cache-by-default': 'enable', - 'cache-cookie': 'enable', - 'cache-expired': 'enable', - 'default-ttl': '7', - 'external': 'enable', - 'fresh-factor': '9', - 'host-validate': 'enable', - 'ignore-conditional': 'enable', - 'ignore-ie-reload': 'enable', - 'ignore-ims': 'enable', - 'ignore-pnc': 'enable', - 'max-object-size': '15', - 'max-ttl': '16', - 'min-ttl': '17', - 'neg-resp-time': '18', - 'reval-pnc': 'enable' - } - - set_method_mock.assert_called_with('wanopt', 'webcache', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wanopt_webcache_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_webcache': { - 'always_revalidate': 'enable', - 'cache_by_default': 'enable', - 'cache_cookie': 'enable', - 'cache_expired': 'enable', - 'default_ttl': '7', - 'external': 'enable', - 'fresh_factor': '9', - 'host_validate': 'enable', - 'ignore_conditional': 'enable', - 'ignore_ie_reload': 'enable', - 'ignore_ims': 'enable', - 'ignore_pnc': 'enable', - 'max_object_size': '15', - 'max_ttl': '16', - 'min_ttl': '17', - 'neg_resp_time': '18', - 'reval_pnc': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_webcache.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'always-revalidate': 'enable', - 'cache-by-default': 'enable', - 'cache-cookie': 'enable', - 'cache-expired': 'enable', - 'default-ttl': '7', - 'external': 'enable', - 'fresh-factor': '9', - 'host-validate': 'enable', - 'ignore-conditional': 'enable', - 'ignore-ie-reload': 'enable', - 'ignore-ims': 'enable', - 'ignore-pnc': 'enable', - 'max-object-size': '15', - 'max-ttl': '16', - 'min-ttl': '17', - 'neg-resp-time': '18', - 'reval-pnc': 'enable' - } - - set_method_mock.assert_called_with('wanopt', 'webcache', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wanopt_webcache_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wanopt_webcache': { - 'random_attribute_not_valid': 'tag', - 'always_revalidate': 'enable', - 'cache_by_default': 'enable', - 'cache_cookie': 'enable', - 'cache_expired': 'enable', - 'default_ttl': '7', - 'external': 'enable', - 'fresh_factor': '9', - 'host_validate': 'enable', - 'ignore_conditional': 'enable', - 'ignore_ie_reload': 'enable', - 'ignore_ims': 'enable', - 'ignore_pnc': 'enable', - 'max_object_size': '15', - 'max_ttl': '16', - 'min_ttl': '17', - 'neg_resp_time': '18', - 'reval_pnc': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wanopt_webcache.fortios_wanopt(input_data, fos_instance) - - expected_data = { - 'always-revalidate': 'enable', - 'cache-by-default': 'enable', - 'cache-cookie': 'enable', - 'cache-expired': 'enable', - 'default-ttl': '7', - 'external': 'enable', - 'fresh-factor': '9', - 'host-validate': 'enable', - 'ignore-conditional': 'enable', - 'ignore-ie-reload': 'enable', - 'ignore-ims': 'enable', - 'ignore-pnc': 'enable', - 'max-object-size': '15', - 'max-ttl': '16', - 'min-ttl': '17', - 'neg-resp-time': '18', - 'reval-pnc': 'enable' - } - - set_method_mock.assert_called_with('wanopt', 'webcache', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_web_proxy_debug_url.py b/test/units/modules/network/fortios/test_fortios_web_proxy_debug_url.py deleted file mode 100644 index 75247b23a9c..00000000000 --- a/test/units/modules/network/fortios/test_fortios_web_proxy_debug_url.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_web_proxy_debug_url -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_web_proxy_debug_url.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_web_proxy_debug_url_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_debug_url': { - 'exact': 'enable', - 'name': 'default_name_4', - 'status': 'enable', - 'url_pattern': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_debug_url.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'exact': 'enable', - 'name': 'default_name_4', - 'status': 'enable', - 'url-pattern': 'test_value_6' - } - - set_method_mock.assert_called_with('web-proxy', 'debug-url', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_web_proxy_debug_url_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_debug_url': { - 'exact': 'enable', - 'name': 'default_name_4', - 'status': 'enable', - 'url_pattern': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_debug_url.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'exact': 'enable', - 'name': 'default_name_4', - 'status': 'enable', - 'url-pattern': 'test_value_6' - } - - set_method_mock.assert_called_with('web-proxy', 'debug-url', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_web_proxy_debug_url_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'web_proxy_debug_url': { - 'exact': 'enable', - 'name': 'default_name_4', - 'status': 'enable', - 'url_pattern': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_debug_url.fortios_web_proxy(input_data, fos_instance) - - delete_method_mock.assert_called_with('web-proxy', 'debug-url', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_web_proxy_debug_url_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'web_proxy_debug_url': { - 'exact': 'enable', - 'name': 'default_name_4', - 'status': 'enable', - 'url_pattern': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_debug_url.fortios_web_proxy(input_data, fos_instance) - - delete_method_mock.assert_called_with('web-proxy', 'debug-url', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_web_proxy_debug_url_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_debug_url': { - 'exact': 'enable', - 'name': 'default_name_4', - 'status': 'enable', - 'url_pattern': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_debug_url.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'exact': 'enable', - 'name': 'default_name_4', - 'status': 'enable', - 'url-pattern': 'test_value_6' - } - - set_method_mock.assert_called_with('web-proxy', 'debug-url', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_web_proxy_debug_url_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_debug_url': { - 'random_attribute_not_valid': 'tag', - 'exact': 'enable', - 'name': 'default_name_4', - 'status': 'enable', - 'url_pattern': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_debug_url.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'exact': 'enable', - 'name': 'default_name_4', - 'status': 'enable', - 'url-pattern': 'test_value_6' - } - - set_method_mock.assert_called_with('web-proxy', 'debug-url', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_web_proxy_explicit.py b/test/units/modules/network/fortios/test_fortios_web_proxy_explicit.py deleted file mode 100644 index 013fa3a52cc..00000000000 --- a/test/units/modules/network/fortios/test_fortios_web_proxy_explicit.py +++ /dev/null @@ -1,351 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_web_proxy_explicit -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_web_proxy_explicit.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_web_proxy_explicit_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_explicit': { - 'ftp_incoming_port': 'test_value_3', - 'ftp_over_http': 'enable', - 'http_incoming_port': 'test_value_5', - 'https_incoming_port': 'test_value_6', - 'https_replacement_message': 'enable', - 'incoming_ip': 'test_value_8', - 'incoming_ip6': 'test_value_9', - 'ipv6_status': 'enable', - 'message_upon_server_error': 'enable', - 'outgoing_ip': 'test_value_12', - 'outgoing_ip6': 'test_value_13', - 'pac_file_data': 'test_value_14', - 'pac_file_name': 'test_value_15', - 'pac_file_server_port': 'test_value_16', - 'pac_file_server_status': 'enable', - 'pac_file_url': 'test_value_18', - 'pref_dns_result': 'ipv4', - 'realm': 'test_value_20', - 'sec_default_action': 'accept', - 'socks': 'enable', - 'socks_incoming_port': 'test_value_23', - 'ssl_algorithm': 'low', - 'status': 'enable', - 'strict_guest': 'enable', - 'trace_auth_no_rsp': 'enable', - 'unknown_http_version': 'reject' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_explicit.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'ftp-incoming-port': 'test_value_3', - 'ftp-over-http': 'enable', - 'http-incoming-port': 'test_value_5', - 'https-incoming-port': 'test_value_6', - 'https-replacement-message': 'enable', - 'incoming-ip': 'test_value_8', - 'incoming-ip6': 'test_value_9', - 'ipv6-status': 'enable', - 'message-upon-server-error': 'enable', - 'outgoing-ip': 'test_value_12', - 'outgoing-ip6': 'test_value_13', - 'pac-file-data': 'test_value_14', - 'pac-file-name': 'test_value_15', - 'pac-file-server-port': 'test_value_16', - 'pac-file-server-status': 'enable', - 'pac-file-url': 'test_value_18', - 'pref-dns-result': 'ipv4', - 'realm': 'test_value_20', - 'sec-default-action': 'accept', - 'socks': 'enable', - 'socks-incoming-port': 'test_value_23', - 'ssl-algorithm': 'low', - 'status': 'enable', - 'strict-guest': 'enable', - 'trace-auth-no-rsp': 'enable', - 'unknown-http-version': 'reject' - } - - set_method_mock.assert_called_with('web-proxy', 'explicit', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_web_proxy_explicit_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_explicit': { - 'ftp_incoming_port': 'test_value_3', - 'ftp_over_http': 'enable', - 'http_incoming_port': 'test_value_5', - 'https_incoming_port': 'test_value_6', - 'https_replacement_message': 'enable', - 'incoming_ip': 'test_value_8', - 'incoming_ip6': 'test_value_9', - 'ipv6_status': 'enable', - 'message_upon_server_error': 'enable', - 'outgoing_ip': 'test_value_12', - 'outgoing_ip6': 'test_value_13', - 'pac_file_data': 'test_value_14', - 'pac_file_name': 'test_value_15', - 'pac_file_server_port': 'test_value_16', - 'pac_file_server_status': 'enable', - 'pac_file_url': 'test_value_18', - 'pref_dns_result': 'ipv4', - 'realm': 'test_value_20', - 'sec_default_action': 'accept', - 'socks': 'enable', - 'socks_incoming_port': 'test_value_23', - 'ssl_algorithm': 'low', - 'status': 'enable', - 'strict_guest': 'enable', - 'trace_auth_no_rsp': 'enable', - 'unknown_http_version': 'reject' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_explicit.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'ftp-incoming-port': 'test_value_3', - 'ftp-over-http': 'enable', - 'http-incoming-port': 'test_value_5', - 'https-incoming-port': 'test_value_6', - 'https-replacement-message': 'enable', - 'incoming-ip': 'test_value_8', - 'incoming-ip6': 'test_value_9', - 'ipv6-status': 'enable', - 'message-upon-server-error': 'enable', - 'outgoing-ip': 'test_value_12', - 'outgoing-ip6': 'test_value_13', - 'pac-file-data': 'test_value_14', - 'pac-file-name': 'test_value_15', - 'pac-file-server-port': 'test_value_16', - 'pac-file-server-status': 'enable', - 'pac-file-url': 'test_value_18', - 'pref-dns-result': 'ipv4', - 'realm': 'test_value_20', - 'sec-default-action': 'accept', - 'socks': 'enable', - 'socks-incoming-port': 'test_value_23', - 'ssl-algorithm': 'low', - 'status': 'enable', - 'strict-guest': 'enable', - 'trace-auth-no-rsp': 'enable', - 'unknown-http-version': 'reject' - } - - set_method_mock.assert_called_with('web-proxy', 'explicit', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_web_proxy_explicit_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_explicit': { - 'ftp_incoming_port': 'test_value_3', - 'ftp_over_http': 'enable', - 'http_incoming_port': 'test_value_5', - 'https_incoming_port': 'test_value_6', - 'https_replacement_message': 'enable', - 'incoming_ip': 'test_value_8', - 'incoming_ip6': 'test_value_9', - 'ipv6_status': 'enable', - 'message_upon_server_error': 'enable', - 'outgoing_ip': 'test_value_12', - 'outgoing_ip6': 'test_value_13', - 'pac_file_data': 'test_value_14', - 'pac_file_name': 'test_value_15', - 'pac_file_server_port': 'test_value_16', - 'pac_file_server_status': 'enable', - 'pac_file_url': 'test_value_18', - 'pref_dns_result': 'ipv4', - 'realm': 'test_value_20', - 'sec_default_action': 'accept', - 'socks': 'enable', - 'socks_incoming_port': 'test_value_23', - 'ssl_algorithm': 'low', - 'status': 'enable', - 'strict_guest': 'enable', - 'trace_auth_no_rsp': 'enable', - 'unknown_http_version': 'reject' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_explicit.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'ftp-incoming-port': 'test_value_3', - 'ftp-over-http': 'enable', - 'http-incoming-port': 'test_value_5', - 'https-incoming-port': 'test_value_6', - 'https-replacement-message': 'enable', - 'incoming-ip': 'test_value_8', - 'incoming-ip6': 'test_value_9', - 'ipv6-status': 'enable', - 'message-upon-server-error': 'enable', - 'outgoing-ip': 'test_value_12', - 'outgoing-ip6': 'test_value_13', - 'pac-file-data': 'test_value_14', - 'pac-file-name': 'test_value_15', - 'pac-file-server-port': 'test_value_16', - 'pac-file-server-status': 'enable', - 'pac-file-url': 'test_value_18', - 'pref-dns-result': 'ipv4', - 'realm': 'test_value_20', - 'sec-default-action': 'accept', - 'socks': 'enable', - 'socks-incoming-port': 'test_value_23', - 'ssl-algorithm': 'low', - 'status': 'enable', - 'strict-guest': 'enable', - 'trace-auth-no-rsp': 'enable', - 'unknown-http-version': 'reject' - } - - set_method_mock.assert_called_with('web-proxy', 'explicit', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_web_proxy_explicit_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_explicit': { - 'random_attribute_not_valid': 'tag', - 'ftp_incoming_port': 'test_value_3', - 'ftp_over_http': 'enable', - 'http_incoming_port': 'test_value_5', - 'https_incoming_port': 'test_value_6', - 'https_replacement_message': 'enable', - 'incoming_ip': 'test_value_8', - 'incoming_ip6': 'test_value_9', - 'ipv6_status': 'enable', - 'message_upon_server_error': 'enable', - 'outgoing_ip': 'test_value_12', - 'outgoing_ip6': 'test_value_13', - 'pac_file_data': 'test_value_14', - 'pac_file_name': 'test_value_15', - 'pac_file_server_port': 'test_value_16', - 'pac_file_server_status': 'enable', - 'pac_file_url': 'test_value_18', - 'pref_dns_result': 'ipv4', - 'realm': 'test_value_20', - 'sec_default_action': 'accept', - 'socks': 'enable', - 'socks_incoming_port': 'test_value_23', - 'ssl_algorithm': 'low', - 'status': 'enable', - 'strict_guest': 'enable', - 'trace_auth_no_rsp': 'enable', - 'unknown_http_version': 'reject' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_explicit.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'ftp-incoming-port': 'test_value_3', - 'ftp-over-http': 'enable', - 'http-incoming-port': 'test_value_5', - 'https-incoming-port': 'test_value_6', - 'https-replacement-message': 'enable', - 'incoming-ip': 'test_value_8', - 'incoming-ip6': 'test_value_9', - 'ipv6-status': 'enable', - 'message-upon-server-error': 'enable', - 'outgoing-ip': 'test_value_12', - 'outgoing-ip6': 'test_value_13', - 'pac-file-data': 'test_value_14', - 'pac-file-name': 'test_value_15', - 'pac-file-server-port': 'test_value_16', - 'pac-file-server-status': 'enable', - 'pac-file-url': 'test_value_18', - 'pref-dns-result': 'ipv4', - 'realm': 'test_value_20', - 'sec-default-action': 'accept', - 'socks': 'enable', - 'socks-incoming-port': 'test_value_23', - 'ssl-algorithm': 'low', - 'status': 'enable', - 'strict-guest': 'enable', - 'trace-auth-no-rsp': 'enable', - 'unknown-http-version': 'reject' - } - - set_method_mock.assert_called_with('web-proxy', 'explicit', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_web_proxy_forward_server.py b/test/units/modules/network/fortios/test_fortios_web_proxy_forward_server.py deleted file mode 100644 index 9fd70e615f7..00000000000 --- a/test/units/modules/network/fortios/test_fortios_web_proxy_forward_server.py +++ /dev/null @@ -1,279 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_web_proxy_forward_server -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_web_proxy_forward_server.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_web_proxy_forward_server_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_forward_server': { - 'addr_type': 'ip', - 'comment': 'Comment.', - 'fqdn': 'test_value_5', - 'healthcheck': 'disable', - 'ip': 'test_value_7', - 'monitor': 'test_value_8', - 'name': 'default_name_9', - 'port': '10', - 'server_down_option': 'block' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_forward_server.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'addr-type': 'ip', - 'comment': 'Comment.', - 'fqdn': 'test_value_5', - 'healthcheck': 'disable', - 'ip': 'test_value_7', - 'monitor': 'test_value_8', - 'name': 'default_name_9', - 'port': '10', - 'server-down-option': 'block' - } - - set_method_mock.assert_called_with('web-proxy', 'forward-server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_web_proxy_forward_server_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_forward_server': { - 'addr_type': 'ip', - 'comment': 'Comment.', - 'fqdn': 'test_value_5', - 'healthcheck': 'disable', - 'ip': 'test_value_7', - 'monitor': 'test_value_8', - 'name': 'default_name_9', - 'port': '10', - 'server_down_option': 'block' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_forward_server.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'addr-type': 'ip', - 'comment': 'Comment.', - 'fqdn': 'test_value_5', - 'healthcheck': 'disable', - 'ip': 'test_value_7', - 'monitor': 'test_value_8', - 'name': 'default_name_9', - 'port': '10', - 'server-down-option': 'block' - } - - set_method_mock.assert_called_with('web-proxy', 'forward-server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_web_proxy_forward_server_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'web_proxy_forward_server': { - 'addr_type': 'ip', - 'comment': 'Comment.', - 'fqdn': 'test_value_5', - 'healthcheck': 'disable', - 'ip': 'test_value_7', - 'monitor': 'test_value_8', - 'name': 'default_name_9', - 'port': '10', - 'server_down_option': 'block' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_forward_server.fortios_web_proxy(input_data, fos_instance) - - delete_method_mock.assert_called_with('web-proxy', 'forward-server', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_web_proxy_forward_server_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'web_proxy_forward_server': { - 'addr_type': 'ip', - 'comment': 'Comment.', - 'fqdn': 'test_value_5', - 'healthcheck': 'disable', - 'ip': 'test_value_7', - 'monitor': 'test_value_8', - 'name': 'default_name_9', - 'port': '10', - 'server_down_option': 'block' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_forward_server.fortios_web_proxy(input_data, fos_instance) - - delete_method_mock.assert_called_with('web-proxy', 'forward-server', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_web_proxy_forward_server_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_forward_server': { - 'addr_type': 'ip', - 'comment': 'Comment.', - 'fqdn': 'test_value_5', - 'healthcheck': 'disable', - 'ip': 'test_value_7', - 'monitor': 'test_value_8', - 'name': 'default_name_9', - 'port': '10', - 'server_down_option': 'block' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_forward_server.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'addr-type': 'ip', - 'comment': 'Comment.', - 'fqdn': 'test_value_5', - 'healthcheck': 'disable', - 'ip': 'test_value_7', - 'monitor': 'test_value_8', - 'name': 'default_name_9', - 'port': '10', - 'server-down-option': 'block' - } - - set_method_mock.assert_called_with('web-proxy', 'forward-server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_web_proxy_forward_server_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_forward_server': { - 'random_attribute_not_valid': 'tag', - 'addr_type': 'ip', - 'comment': 'Comment.', - 'fqdn': 'test_value_5', - 'healthcheck': 'disable', - 'ip': 'test_value_7', - 'monitor': 'test_value_8', - 'name': 'default_name_9', - 'port': '10', - 'server_down_option': 'block' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_forward_server.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'addr-type': 'ip', - 'comment': 'Comment.', - 'fqdn': 'test_value_5', - 'healthcheck': 'disable', - 'ip': 'test_value_7', - 'monitor': 'test_value_8', - 'name': 'default_name_9', - 'port': '10', - 'server-down-option': 'block' - } - - set_method_mock.assert_called_with('web-proxy', 'forward-server', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_web_proxy_forward_server_group.py b/test/units/modules/network/fortios/test_fortios_web_proxy_forward_server_group.py deleted file mode 100644 index 21e15b88edd..00000000000 --- a/test/units/modules/network/fortios/test_fortios_web_proxy_forward_server_group.py +++ /dev/null @@ -1,239 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_web_proxy_forward_server_group -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_web_proxy_forward_server_group.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_web_proxy_forward_server_group_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_forward_server_group': { - 'affinity': 'enable', - 'group_down_option': 'block', - 'ldb_method': 'weighted', - 'name': 'default_name_6', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_forward_server_group.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'affinity': 'enable', - 'group-down-option': 'block', - 'ldb-method': 'weighted', - 'name': 'default_name_6', - - } - - set_method_mock.assert_called_with('web-proxy', 'forward-server-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_web_proxy_forward_server_group_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_forward_server_group': { - 'affinity': 'enable', - 'group_down_option': 'block', - 'ldb_method': 'weighted', - 'name': 'default_name_6', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_forward_server_group.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'affinity': 'enable', - 'group-down-option': 'block', - 'ldb-method': 'weighted', - 'name': 'default_name_6', - - } - - set_method_mock.assert_called_with('web-proxy', 'forward-server-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_web_proxy_forward_server_group_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'web_proxy_forward_server_group': { - 'affinity': 'enable', - 'group_down_option': 'block', - 'ldb_method': 'weighted', - 'name': 'default_name_6', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_forward_server_group.fortios_web_proxy(input_data, fos_instance) - - delete_method_mock.assert_called_with('web-proxy', 'forward-server-group', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_web_proxy_forward_server_group_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'web_proxy_forward_server_group': { - 'affinity': 'enable', - 'group_down_option': 'block', - 'ldb_method': 'weighted', - 'name': 'default_name_6', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_forward_server_group.fortios_web_proxy(input_data, fos_instance) - - delete_method_mock.assert_called_with('web-proxy', 'forward-server-group', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_web_proxy_forward_server_group_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_forward_server_group': { - 'affinity': 'enable', - 'group_down_option': 'block', - 'ldb_method': 'weighted', - 'name': 'default_name_6', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_forward_server_group.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'affinity': 'enable', - 'group-down-option': 'block', - 'ldb-method': 'weighted', - 'name': 'default_name_6', - - } - - set_method_mock.assert_called_with('web-proxy', 'forward-server-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_web_proxy_forward_server_group_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_forward_server_group': { - 'random_attribute_not_valid': 'tag', - 'affinity': 'enable', - 'group_down_option': 'block', - 'ldb_method': 'weighted', - 'name': 'default_name_6', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_forward_server_group.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'affinity': 'enable', - 'group-down-option': 'block', - 'ldb-method': 'weighted', - 'name': 'default_name_6', - - } - - set_method_mock.assert_called_with('web-proxy', 'forward-server-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_web_proxy_global.py b/test/units/modules/network/fortios/test_fortios_web_proxy_global.py deleted file mode 100644 index 24d4236eea3..00000000000 --- a/test/units/modules/network/fortios/test_fortios_web_proxy_global.py +++ /dev/null @@ -1,247 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_web_proxy_global -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_web_proxy_global.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_web_proxy_global_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_global': { - 'fast_policy_match': 'enable', - 'forward_proxy_auth': 'enable', - 'forward_server_affinity_timeout': '5', - 'learn_client_ip': 'enable', - 'learn_client_ip_from_header': 'true-client-ip', - 'max_message_length': '8', - 'max_request_length': '9', - 'max_waf_body_cache_length': '10', - 'proxy_fqdn': 'test_value_11', - 'strict_web_check': 'enable', - 'tunnel_non_http': 'enable', - 'unknown_http_version': 'reject', - 'webproxy_profile': 'test_value_15' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_global.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'fast-policy-match': 'enable', - 'forward-proxy-auth': 'enable', - 'forward-server-affinity-timeout': '5', - 'learn-client-ip': 'enable', - 'learn-client-ip-from-header': 'true-client-ip', - 'max-message-length': '8', - 'max-request-length': '9', - 'max-waf-body-cache-length': '10', - 'proxy-fqdn': 'test_value_11', - 'strict-web-check': 'enable', - 'tunnel-non-http': 'enable', - 'unknown-http-version': 'reject', - 'webproxy-profile': 'test_value_15' - } - - set_method_mock.assert_called_with('web-proxy', 'global', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_web_proxy_global_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_global': { - 'fast_policy_match': 'enable', - 'forward_proxy_auth': 'enable', - 'forward_server_affinity_timeout': '5', - 'learn_client_ip': 'enable', - 'learn_client_ip_from_header': 'true-client-ip', - 'max_message_length': '8', - 'max_request_length': '9', - 'max_waf_body_cache_length': '10', - 'proxy_fqdn': 'test_value_11', - 'strict_web_check': 'enable', - 'tunnel_non_http': 'enable', - 'unknown_http_version': 'reject', - 'webproxy_profile': 'test_value_15' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_global.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'fast-policy-match': 'enable', - 'forward-proxy-auth': 'enable', - 'forward-server-affinity-timeout': '5', - 'learn-client-ip': 'enable', - 'learn-client-ip-from-header': 'true-client-ip', - 'max-message-length': '8', - 'max-request-length': '9', - 'max-waf-body-cache-length': '10', - 'proxy-fqdn': 'test_value_11', - 'strict-web-check': 'enable', - 'tunnel-non-http': 'enable', - 'unknown-http-version': 'reject', - 'webproxy-profile': 'test_value_15' - } - - set_method_mock.assert_called_with('web-proxy', 'global', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_web_proxy_global_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_global': { - 'fast_policy_match': 'enable', - 'forward_proxy_auth': 'enable', - 'forward_server_affinity_timeout': '5', - 'learn_client_ip': 'enable', - 'learn_client_ip_from_header': 'true-client-ip', - 'max_message_length': '8', - 'max_request_length': '9', - 'max_waf_body_cache_length': '10', - 'proxy_fqdn': 'test_value_11', - 'strict_web_check': 'enable', - 'tunnel_non_http': 'enable', - 'unknown_http_version': 'reject', - 'webproxy_profile': 'test_value_15' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_global.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'fast-policy-match': 'enable', - 'forward-proxy-auth': 'enable', - 'forward-server-affinity-timeout': '5', - 'learn-client-ip': 'enable', - 'learn-client-ip-from-header': 'true-client-ip', - 'max-message-length': '8', - 'max-request-length': '9', - 'max-waf-body-cache-length': '10', - 'proxy-fqdn': 'test_value_11', - 'strict-web-check': 'enable', - 'tunnel-non-http': 'enable', - 'unknown-http-version': 'reject', - 'webproxy-profile': 'test_value_15' - } - - set_method_mock.assert_called_with('web-proxy', 'global', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_web_proxy_global_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_global': { - 'random_attribute_not_valid': 'tag', - 'fast_policy_match': 'enable', - 'forward_proxy_auth': 'enable', - 'forward_server_affinity_timeout': '5', - 'learn_client_ip': 'enable', - 'learn_client_ip_from_header': 'true-client-ip', - 'max_message_length': '8', - 'max_request_length': '9', - 'max_waf_body_cache_length': '10', - 'proxy_fqdn': 'test_value_11', - 'strict_web_check': 'enable', - 'tunnel_non_http': 'enable', - 'unknown_http_version': 'reject', - 'webproxy_profile': 'test_value_15' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_global.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'fast-policy-match': 'enable', - 'forward-proxy-auth': 'enable', - 'forward-server-affinity-timeout': '5', - 'learn-client-ip': 'enable', - 'learn-client-ip-from-header': 'true-client-ip', - 'max-message-length': '8', - 'max-request-length': '9', - 'max-waf-body-cache-length': '10', - 'proxy-fqdn': 'test_value_11', - 'strict-web-check': 'enable', - 'tunnel-non-http': 'enable', - 'unknown-http-version': 'reject', - 'webproxy-profile': 'test_value_15' - } - - set_method_mock.assert_called_with('web-proxy', 'global', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_web_proxy_profile.py b/test/units/modules/network/fortios/test_fortios_web_proxy_profile.py deleted file mode 100644 index d401b301161..00000000000 --- a/test/units/modules/network/fortios/test_fortios_web_proxy_profile.py +++ /dev/null @@ -1,289 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_web_proxy_profile -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_web_proxy_profile.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_web_proxy_profile_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_profile': { - 'header_client_ip': 'pass', - 'header_front_end_https': 'pass', - 'header_via_request': 'pass', - 'header_via_response': 'pass', - 'header_x_authenticated_groups': 'pass', - 'header_x_authenticated_user': 'pass', - 'header_x_forwarded_for': 'pass', - 'log_header_change': 'enable', - 'name': 'default_name_11', - 'strip_encoding': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_profile.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'header-client-ip': 'pass', - 'header-front-end-https': 'pass', - 'header-via-request': 'pass', - 'header-via-response': 'pass', - 'header-x-authenticated-groups': 'pass', - 'header-x-authenticated-user': 'pass', - 'header-x-forwarded-for': 'pass', - 'log-header-change': 'enable', - 'name': 'default_name_11', - 'strip-encoding': 'enable' - } - - set_method_mock.assert_called_with('web-proxy', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_web_proxy_profile_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_profile': { - 'header_client_ip': 'pass', - 'header_front_end_https': 'pass', - 'header_via_request': 'pass', - 'header_via_response': 'pass', - 'header_x_authenticated_groups': 'pass', - 'header_x_authenticated_user': 'pass', - 'header_x_forwarded_for': 'pass', - 'log_header_change': 'enable', - 'name': 'default_name_11', - 'strip_encoding': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_profile.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'header-client-ip': 'pass', - 'header-front-end-https': 'pass', - 'header-via-request': 'pass', - 'header-via-response': 'pass', - 'header-x-authenticated-groups': 'pass', - 'header-x-authenticated-user': 'pass', - 'header-x-forwarded-for': 'pass', - 'log-header-change': 'enable', - 'name': 'default_name_11', - 'strip-encoding': 'enable' - } - - set_method_mock.assert_called_with('web-proxy', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_web_proxy_profile_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'web_proxy_profile': { - 'header_client_ip': 'pass', - 'header_front_end_https': 'pass', - 'header_via_request': 'pass', - 'header_via_response': 'pass', - 'header_x_authenticated_groups': 'pass', - 'header_x_authenticated_user': 'pass', - 'header_x_forwarded_for': 'pass', - 'log_header_change': 'enable', - 'name': 'default_name_11', - 'strip_encoding': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_profile.fortios_web_proxy(input_data, fos_instance) - - delete_method_mock.assert_called_with('web-proxy', 'profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_web_proxy_profile_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'web_proxy_profile': { - 'header_client_ip': 'pass', - 'header_front_end_https': 'pass', - 'header_via_request': 'pass', - 'header_via_response': 'pass', - 'header_x_authenticated_groups': 'pass', - 'header_x_authenticated_user': 'pass', - 'header_x_forwarded_for': 'pass', - 'log_header_change': 'enable', - 'name': 'default_name_11', - 'strip_encoding': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_profile.fortios_web_proxy(input_data, fos_instance) - - delete_method_mock.assert_called_with('web-proxy', 'profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_web_proxy_profile_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_profile': { - 'header_client_ip': 'pass', - 'header_front_end_https': 'pass', - 'header_via_request': 'pass', - 'header_via_response': 'pass', - 'header_x_authenticated_groups': 'pass', - 'header_x_authenticated_user': 'pass', - 'header_x_forwarded_for': 'pass', - 'log_header_change': 'enable', - 'name': 'default_name_11', - 'strip_encoding': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_profile.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'header-client-ip': 'pass', - 'header-front-end-https': 'pass', - 'header-via-request': 'pass', - 'header-via-response': 'pass', - 'header-x-authenticated-groups': 'pass', - 'header-x-authenticated-user': 'pass', - 'header-x-forwarded-for': 'pass', - 'log-header-change': 'enable', - 'name': 'default_name_11', - 'strip-encoding': 'enable' - } - - set_method_mock.assert_called_with('web-proxy', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_web_proxy_profile_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_profile': { - 'random_attribute_not_valid': 'tag', - 'header_client_ip': 'pass', - 'header_front_end_https': 'pass', - 'header_via_request': 'pass', - 'header_via_response': 'pass', - 'header_x_authenticated_groups': 'pass', - 'header_x_authenticated_user': 'pass', - 'header_x_forwarded_for': 'pass', - 'log_header_change': 'enable', - 'name': 'default_name_11', - 'strip_encoding': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_profile.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'header-client-ip': 'pass', - 'header-front-end-https': 'pass', - 'header-via-request': 'pass', - 'header-via-response': 'pass', - 'header-x-authenticated-groups': 'pass', - 'header-x-authenticated-user': 'pass', - 'header-x-forwarded-for': 'pass', - 'log-header-change': 'enable', - 'name': 'default_name_11', - 'strip-encoding': 'enable' - } - - set_method_mock.assert_called_with('web-proxy', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_web_proxy_url_match.py b/test/units/modules/network/fortios/test_fortios_web_proxy_url_match.py deleted file mode 100644 index c3f6a666723..00000000000 --- a/test/units/modules/network/fortios/test_fortios_web_proxy_url_match.py +++ /dev/null @@ -1,249 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_web_proxy_url_match -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_web_proxy_url_match.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_web_proxy_url_match_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_url_match': { - 'cache_exemption': 'enable', - 'comment': 'Comment.', - 'forward_server': 'test_value_5', - 'name': 'default_name_6', - 'status': 'enable', - 'url_pattern': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_url_match.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'cache-exemption': 'enable', - 'comment': 'Comment.', - 'forward-server': 'test_value_5', - 'name': 'default_name_6', - 'status': 'enable', - 'url-pattern': 'test_value_8' - } - - set_method_mock.assert_called_with('web-proxy', 'url-match', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_web_proxy_url_match_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_url_match': { - 'cache_exemption': 'enable', - 'comment': 'Comment.', - 'forward_server': 'test_value_5', - 'name': 'default_name_6', - 'status': 'enable', - 'url_pattern': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_url_match.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'cache-exemption': 'enable', - 'comment': 'Comment.', - 'forward-server': 'test_value_5', - 'name': 'default_name_6', - 'status': 'enable', - 'url-pattern': 'test_value_8' - } - - set_method_mock.assert_called_with('web-proxy', 'url-match', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_web_proxy_url_match_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'web_proxy_url_match': { - 'cache_exemption': 'enable', - 'comment': 'Comment.', - 'forward_server': 'test_value_5', - 'name': 'default_name_6', - 'status': 'enable', - 'url_pattern': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_url_match.fortios_web_proxy(input_data, fos_instance) - - delete_method_mock.assert_called_with('web-proxy', 'url-match', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_web_proxy_url_match_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'web_proxy_url_match': { - 'cache_exemption': 'enable', - 'comment': 'Comment.', - 'forward_server': 'test_value_5', - 'name': 'default_name_6', - 'status': 'enable', - 'url_pattern': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_url_match.fortios_web_proxy(input_data, fos_instance) - - delete_method_mock.assert_called_with('web-proxy', 'url-match', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_web_proxy_url_match_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_url_match': { - 'cache_exemption': 'enable', - 'comment': 'Comment.', - 'forward_server': 'test_value_5', - 'name': 'default_name_6', - 'status': 'enable', - 'url_pattern': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_url_match.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'cache-exemption': 'enable', - 'comment': 'Comment.', - 'forward-server': 'test_value_5', - 'name': 'default_name_6', - 'status': 'enable', - 'url-pattern': 'test_value_8' - } - - set_method_mock.assert_called_with('web-proxy', 'url-match', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_web_proxy_url_match_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_url_match': { - 'random_attribute_not_valid': 'tag', - 'cache_exemption': 'enable', - 'comment': 'Comment.', - 'forward_server': 'test_value_5', - 'name': 'default_name_6', - 'status': 'enable', - 'url_pattern': 'test_value_8' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_url_match.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'cache-exemption': 'enable', - 'comment': 'Comment.', - 'forward-server': 'test_value_5', - 'name': 'default_name_6', - 'status': 'enable', - 'url-pattern': 'test_value_8' - } - - set_method_mock.assert_called_with('web-proxy', 'url-match', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_web_proxy_wisp.py b/test/units/modules/network/fortios/test_fortios_web_proxy_wisp.py deleted file mode 100644 index 3630a314e09..00000000000 --- a/test/units/modules/network/fortios/test_fortios_web_proxy_wisp.py +++ /dev/null @@ -1,259 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_web_proxy_wisp -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_web_proxy_wisp.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_web_proxy_wisp_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_wisp': { - 'comment': 'Comment.', - 'max_connections': '4', - 'name': 'default_name_5', - 'outgoing_ip': 'test_value_6', - 'server_ip': 'test_value_7', - 'server_port': '8', - 'timeout': '9' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_wisp.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'max-connections': '4', - 'name': 'default_name_5', - 'outgoing-ip': 'test_value_6', - 'server-ip': 'test_value_7', - 'server-port': '8', - 'timeout': '9' - } - - set_method_mock.assert_called_with('web-proxy', 'wisp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_web_proxy_wisp_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_wisp': { - 'comment': 'Comment.', - 'max_connections': '4', - 'name': 'default_name_5', - 'outgoing_ip': 'test_value_6', - 'server_ip': 'test_value_7', - 'server_port': '8', - 'timeout': '9' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_wisp.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'max-connections': '4', - 'name': 'default_name_5', - 'outgoing-ip': 'test_value_6', - 'server-ip': 'test_value_7', - 'server-port': '8', - 'timeout': '9' - } - - set_method_mock.assert_called_with('web-proxy', 'wisp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_web_proxy_wisp_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'web_proxy_wisp': { - 'comment': 'Comment.', - 'max_connections': '4', - 'name': 'default_name_5', - 'outgoing_ip': 'test_value_6', - 'server_ip': 'test_value_7', - 'server_port': '8', - 'timeout': '9' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_wisp.fortios_web_proxy(input_data, fos_instance) - - delete_method_mock.assert_called_with('web-proxy', 'wisp', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_web_proxy_wisp_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'web_proxy_wisp': { - 'comment': 'Comment.', - 'max_connections': '4', - 'name': 'default_name_5', - 'outgoing_ip': 'test_value_6', - 'server_ip': 'test_value_7', - 'server_port': '8', - 'timeout': '9' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_wisp.fortios_web_proxy(input_data, fos_instance) - - delete_method_mock.assert_called_with('web-proxy', 'wisp', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_web_proxy_wisp_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_wisp': { - 'comment': 'Comment.', - 'max_connections': '4', - 'name': 'default_name_5', - 'outgoing_ip': 'test_value_6', - 'server_ip': 'test_value_7', - 'server_port': '8', - 'timeout': '9' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_wisp.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'max-connections': '4', - 'name': 'default_name_5', - 'outgoing-ip': 'test_value_6', - 'server-ip': 'test_value_7', - 'server-port': '8', - 'timeout': '9' - } - - set_method_mock.assert_called_with('web-proxy', 'wisp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_web_proxy_wisp_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'web_proxy_wisp': { - 'random_attribute_not_valid': 'tag', - 'comment': 'Comment.', - 'max_connections': '4', - 'name': 'default_name_5', - 'outgoing_ip': 'test_value_6', - 'server_ip': 'test_value_7', - 'server_port': '8', - 'timeout': '9' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_web_proxy_wisp.fortios_web_proxy(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'max-connections': '4', - 'name': 'default_name_5', - 'outgoing-ip': 'test_value_6', - 'server-ip': 'test_value_7', - 'server-port': '8', - 'timeout': '9' - } - - set_method_mock.assert_called_with('web-proxy', 'wisp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_webfilter_content.py b/test/units/modules/network/fortios/test_fortios_webfilter_content.py deleted file mode 100644 index 65e66a27424..00000000000 --- a/test/units/modules/network/fortios/test_fortios_webfilter_content.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_webfilter_content -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_webfilter_content.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_webfilter_content_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_content': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_content.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('webfilter', 'content', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_webfilter_content_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_content': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_content.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('webfilter', 'content', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_webfilter_content_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'webfilter_content': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_content.fortios_webfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('webfilter', 'content', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_webfilter_content_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'webfilter_content': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_content.fortios_webfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('webfilter', 'content', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_webfilter_content_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_content': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_content.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('webfilter', 'content', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_webfilter_content_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_content': { - 'random_attribute_not_valid': 'tag', - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_content.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('webfilter', 'content', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_webfilter_content_header.py b/test/units/modules/network/fortios/test_fortios_webfilter_content_header.py deleted file mode 100644 index ba937476f55..00000000000 --- a/test/units/modules/network/fortios/test_fortios_webfilter_content_header.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_webfilter_content_header -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_webfilter_content_header.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_webfilter_content_header_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_content_header': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_content_header.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('webfilter', 'content-header', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_webfilter_content_header_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_content_header': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_content_header.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('webfilter', 'content-header', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_webfilter_content_header_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'webfilter_content_header': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_content_header.fortios_webfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('webfilter', 'content-header', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_webfilter_content_header_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'webfilter_content_header': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_content_header.fortios_webfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('webfilter', 'content-header', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_webfilter_content_header_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_content_header': { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_content_header.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('webfilter', 'content-header', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_webfilter_content_header_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_content_header': { - 'random_attribute_not_valid': 'tag', - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_content_header.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('webfilter', 'content-header', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_webfilter_fortiguard.py b/test/units/modules/network/fortios/test_fortios_webfilter_fortiguard.py deleted file mode 100644 index f46455ec2ef..00000000000 --- a/test/units/modules/network/fortios/test_fortios_webfilter_fortiguard.py +++ /dev/null @@ -1,231 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_webfilter_fortiguard -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_webfilter_fortiguard.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_webfilter_fortiguard_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_fortiguard': { - 'cache_mem_percent': '3', - 'cache_mode': 'ttl', - 'cache_prefix_match': 'enable', - 'close_ports': 'enable', - 'ovrd_auth_https': 'enable', - 'ovrd_auth_port': '8', - 'ovrd_auth_port_http': '9', - 'ovrd_auth_port_https': '10', - 'ovrd_auth_port_warning': '11', - 'request_packet_size_limit': '12', - 'warn_auth_https': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_fortiguard.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'cache-mem-percent': '3', - 'cache-mode': 'ttl', - 'cache-prefix-match': 'enable', - 'close-ports': 'enable', - 'ovrd-auth-https': 'enable', - 'ovrd-auth-port': '8', - 'ovrd-auth-port-http': '9', - 'ovrd-auth-port-https': '10', - 'ovrd-auth-port-warning': '11', - 'request-packet-size-limit': '12', - 'warn-auth-https': 'enable' - } - - set_method_mock.assert_called_with('webfilter', 'fortiguard', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_webfilter_fortiguard_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_fortiguard': { - 'cache_mem_percent': '3', - 'cache_mode': 'ttl', - 'cache_prefix_match': 'enable', - 'close_ports': 'enable', - 'ovrd_auth_https': 'enable', - 'ovrd_auth_port': '8', - 'ovrd_auth_port_http': '9', - 'ovrd_auth_port_https': '10', - 'ovrd_auth_port_warning': '11', - 'request_packet_size_limit': '12', - 'warn_auth_https': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_fortiguard.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'cache-mem-percent': '3', - 'cache-mode': 'ttl', - 'cache-prefix-match': 'enable', - 'close-ports': 'enable', - 'ovrd-auth-https': 'enable', - 'ovrd-auth-port': '8', - 'ovrd-auth-port-http': '9', - 'ovrd-auth-port-https': '10', - 'ovrd-auth-port-warning': '11', - 'request-packet-size-limit': '12', - 'warn-auth-https': 'enable' - } - - set_method_mock.assert_called_with('webfilter', 'fortiguard', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_webfilter_fortiguard_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_fortiguard': { - 'cache_mem_percent': '3', - 'cache_mode': 'ttl', - 'cache_prefix_match': 'enable', - 'close_ports': 'enable', - 'ovrd_auth_https': 'enable', - 'ovrd_auth_port': '8', - 'ovrd_auth_port_http': '9', - 'ovrd_auth_port_https': '10', - 'ovrd_auth_port_warning': '11', - 'request_packet_size_limit': '12', - 'warn_auth_https': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_fortiguard.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'cache-mem-percent': '3', - 'cache-mode': 'ttl', - 'cache-prefix-match': 'enable', - 'close-ports': 'enable', - 'ovrd-auth-https': 'enable', - 'ovrd-auth-port': '8', - 'ovrd-auth-port-http': '9', - 'ovrd-auth-port-https': '10', - 'ovrd-auth-port-warning': '11', - 'request-packet-size-limit': '12', - 'warn-auth-https': 'enable' - } - - set_method_mock.assert_called_with('webfilter', 'fortiguard', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_webfilter_fortiguard_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_fortiguard': { - 'random_attribute_not_valid': 'tag', - 'cache_mem_percent': '3', - 'cache_mode': 'ttl', - 'cache_prefix_match': 'enable', - 'close_ports': 'enable', - 'ovrd_auth_https': 'enable', - 'ovrd_auth_port': '8', - 'ovrd_auth_port_http': '9', - 'ovrd_auth_port_https': '10', - 'ovrd_auth_port_warning': '11', - 'request_packet_size_limit': '12', - 'warn_auth_https': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_fortiguard.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'cache-mem-percent': '3', - 'cache-mode': 'ttl', - 'cache-prefix-match': 'enable', - 'close-ports': 'enable', - 'ovrd-auth-https': 'enable', - 'ovrd-auth-port': '8', - 'ovrd-auth-port-http': '9', - 'ovrd-auth-port-https': '10', - 'ovrd-auth-port-warning': '11', - 'request-packet-size-limit': '12', - 'warn-auth-https': 'enable' - } - - set_method_mock.assert_called_with('webfilter', 'fortiguard', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_webfilter_ftgd_local_cat.py b/test/units/modules/network/fortios/test_fortios_webfilter_ftgd_local_cat.py deleted file mode 100644 index ae1374a4009..00000000000 --- a/test/units/modules/network/fortios/test_fortios_webfilter_ftgd_local_cat.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_webfilter_ftgd_local_cat -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_webfilter_ftgd_local_cat.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_webfilter_ftgd_local_cat_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_ftgd_local_cat': { - 'desc': 'test_value_3', - 'id': '4', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_ftgd_local_cat.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'desc': 'test_value_3', - 'id': '4', - 'status': 'enable' - } - - set_method_mock.assert_called_with('webfilter', 'ftgd-local-cat', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_webfilter_ftgd_local_cat_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_ftgd_local_cat': { - 'desc': 'test_value_3', - 'id': '4', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_ftgd_local_cat.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'desc': 'test_value_3', - 'id': '4', - 'status': 'enable' - } - - set_method_mock.assert_called_with('webfilter', 'ftgd-local-cat', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_webfilter_ftgd_local_cat_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'webfilter_ftgd_local_cat': { - 'desc': 'test_value_3', - 'id': '4', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_ftgd_local_cat.fortios_webfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('webfilter', 'ftgd-local-cat', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_webfilter_ftgd_local_cat_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'webfilter_ftgd_local_cat': { - 'desc': 'test_value_3', - 'id': '4', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_ftgd_local_cat.fortios_webfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('webfilter', 'ftgd-local-cat', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_webfilter_ftgd_local_cat_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_ftgd_local_cat': { - 'desc': 'test_value_3', - 'id': '4', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_ftgd_local_cat.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'desc': 'test_value_3', - 'id': '4', - 'status': 'enable' - } - - set_method_mock.assert_called_with('webfilter', 'ftgd-local-cat', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_webfilter_ftgd_local_cat_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_ftgd_local_cat': { - 'random_attribute_not_valid': 'tag', - 'desc': 'test_value_3', - 'id': '4', - 'status': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_ftgd_local_cat.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'desc': 'test_value_3', - 'id': '4', - 'status': 'enable' - } - - set_method_mock.assert_called_with('webfilter', 'ftgd-local-cat', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_webfilter_ftgd_local_rating.py b/test/units/modules/network/fortios/test_fortios_webfilter_ftgd_local_rating.py deleted file mode 100644 index 377ada09587..00000000000 --- a/test/units/modules/network/fortios/test_fortios_webfilter_ftgd_local_rating.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_webfilter_ftgd_local_rating -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_webfilter_ftgd_local_rating.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_webfilter_ftgd_local_rating_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_ftgd_local_rating': { - 'rating': 'test_value_3', - 'status': 'enable', - 'url': 'myurl_5.com' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_ftgd_local_rating.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'rating': 'test_value_3', - 'status': 'enable', - 'url': 'myurl_5.com' - } - - set_method_mock.assert_called_with('webfilter', 'ftgd-local-rating', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_webfilter_ftgd_local_rating_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_ftgd_local_rating': { - 'rating': 'test_value_3', - 'status': 'enable', - 'url': 'myurl_5.com' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_ftgd_local_rating.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'rating': 'test_value_3', - 'status': 'enable', - 'url': 'myurl_5.com' - } - - set_method_mock.assert_called_with('webfilter', 'ftgd-local-rating', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_webfilter_ftgd_local_rating_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'webfilter_ftgd_local_rating': { - 'rating': 'test_value_3', - 'status': 'enable', - 'url': 'myurl_5.com' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_ftgd_local_rating.fortios_webfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('webfilter', 'ftgd-local-rating', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_webfilter_ftgd_local_rating_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'webfilter_ftgd_local_rating': { - 'rating': 'test_value_3', - 'status': 'enable', - 'url': 'myurl_5.com' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_ftgd_local_rating.fortios_webfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('webfilter', 'ftgd-local-rating', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_webfilter_ftgd_local_rating_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_ftgd_local_rating': { - 'rating': 'test_value_3', - 'status': 'enable', - 'url': 'myurl_5.com' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_ftgd_local_rating.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'rating': 'test_value_3', - 'status': 'enable', - 'url': 'myurl_5.com' - } - - set_method_mock.assert_called_with('webfilter', 'ftgd-local-rating', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_webfilter_ftgd_local_rating_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_ftgd_local_rating': { - 'random_attribute_not_valid': 'tag', - 'rating': 'test_value_3', - 'status': 'enable', - 'url': 'myurl_5.com' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_ftgd_local_rating.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'rating': 'test_value_3', - 'status': 'enable', - 'url': 'myurl_5.com' - } - - set_method_mock.assert_called_with('webfilter', 'ftgd-local-rating', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_webfilter_ips_urlfilter_cache_setting.py b/test/units/modules/network/fortios/test_fortios_webfilter_ips_urlfilter_cache_setting.py deleted file mode 100644 index 688afd3eddc..00000000000 --- a/test/units/modules/network/fortios/test_fortios_webfilter_ips_urlfilter_cache_setting.py +++ /dev/null @@ -1,159 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_webfilter_ips_urlfilter_cache_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_webfilter_ips_urlfilter_cache_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_webfilter_ips_urlfilter_cache_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_ips_urlfilter_cache_setting': { - 'dns_retry_interval': '3', - 'extended_ttl': '4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_ips_urlfilter_cache_setting.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'dns-retry-interval': '3', - 'extended-ttl': '4' - } - - set_method_mock.assert_called_with('webfilter', 'ips-urlfilter-cache-setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_webfilter_ips_urlfilter_cache_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_ips_urlfilter_cache_setting': { - 'dns_retry_interval': '3', - 'extended_ttl': '4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_ips_urlfilter_cache_setting.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'dns-retry-interval': '3', - 'extended-ttl': '4' - } - - set_method_mock.assert_called_with('webfilter', 'ips-urlfilter-cache-setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_webfilter_ips_urlfilter_cache_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_ips_urlfilter_cache_setting': { - 'dns_retry_interval': '3', - 'extended_ttl': '4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_ips_urlfilter_cache_setting.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'dns-retry-interval': '3', - 'extended-ttl': '4' - } - - set_method_mock.assert_called_with('webfilter', 'ips-urlfilter-cache-setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_webfilter_ips_urlfilter_cache_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_ips_urlfilter_cache_setting': { - 'random_attribute_not_valid': 'tag', - 'dns_retry_interval': '3', - 'extended_ttl': '4' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_ips_urlfilter_cache_setting.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'dns-retry-interval': '3', - 'extended-ttl': '4' - } - - set_method_mock.assert_called_with('webfilter', 'ips-urlfilter-cache-setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_webfilter_ips_urlfilter_setting.py b/test/units/modules/network/fortios/test_fortios_webfilter_ips_urlfilter_setting.py deleted file mode 100644 index d79a65760c6..00000000000 --- a/test/units/modules/network/fortios/test_fortios_webfilter_ips_urlfilter_setting.py +++ /dev/null @@ -1,175 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_webfilter_ips_urlfilter_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_webfilter_ips_urlfilter_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_webfilter_ips_urlfilter_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_ips_urlfilter_setting': { - 'device': 'test_value_3', - 'distance': '4', - 'gateway': 'test_value_5', - 'geo_filter': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_ips_urlfilter_setting.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'device': 'test_value_3', - 'distance': '4', - 'gateway': 'test_value_5', - 'geo-filter': 'test_value_6' - } - - set_method_mock.assert_called_with('webfilter', 'ips-urlfilter-setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_webfilter_ips_urlfilter_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_ips_urlfilter_setting': { - 'device': 'test_value_3', - 'distance': '4', - 'gateway': 'test_value_5', - 'geo_filter': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_ips_urlfilter_setting.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'device': 'test_value_3', - 'distance': '4', - 'gateway': 'test_value_5', - 'geo-filter': 'test_value_6' - } - - set_method_mock.assert_called_with('webfilter', 'ips-urlfilter-setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_webfilter_ips_urlfilter_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_ips_urlfilter_setting': { - 'device': 'test_value_3', - 'distance': '4', - 'gateway': 'test_value_5', - 'geo_filter': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_ips_urlfilter_setting.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'device': 'test_value_3', - 'distance': '4', - 'gateway': 'test_value_5', - 'geo-filter': 'test_value_6' - } - - set_method_mock.assert_called_with('webfilter', 'ips-urlfilter-setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_webfilter_ips_urlfilter_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_ips_urlfilter_setting': { - 'random_attribute_not_valid': 'tag', - 'device': 'test_value_3', - 'distance': '4', - 'gateway': 'test_value_5', - 'geo_filter': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_ips_urlfilter_setting.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'device': 'test_value_3', - 'distance': '4', - 'gateway': 'test_value_5', - 'geo-filter': 'test_value_6' - } - - set_method_mock.assert_called_with('webfilter', 'ips-urlfilter-setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_webfilter_ips_urlfilter_setting6.py b/test/units/modules/network/fortios/test_fortios_webfilter_ips_urlfilter_setting6.py deleted file mode 100644 index 32b70063918..00000000000 --- a/test/units/modules/network/fortios/test_fortios_webfilter_ips_urlfilter_setting6.py +++ /dev/null @@ -1,175 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_webfilter_ips_urlfilter_setting6 -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_webfilter_ips_urlfilter_setting6.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_webfilter_ips_urlfilter_setting6_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_ips_urlfilter_setting6': { - 'device': 'test_value_3', - 'distance': '4', - 'gateway6': 'test_value_5', - 'geo_filter': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_ips_urlfilter_setting6.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'device': 'test_value_3', - 'distance': '4', - 'gateway6': 'test_value_5', - 'geo-filter': 'test_value_6' - } - - set_method_mock.assert_called_with('webfilter', 'ips-urlfilter-setting6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_webfilter_ips_urlfilter_setting6_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_ips_urlfilter_setting6': { - 'device': 'test_value_3', - 'distance': '4', - 'gateway6': 'test_value_5', - 'geo_filter': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_ips_urlfilter_setting6.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'device': 'test_value_3', - 'distance': '4', - 'gateway6': 'test_value_5', - 'geo-filter': 'test_value_6' - } - - set_method_mock.assert_called_with('webfilter', 'ips-urlfilter-setting6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_webfilter_ips_urlfilter_setting6_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_ips_urlfilter_setting6': { - 'device': 'test_value_3', - 'distance': '4', - 'gateway6': 'test_value_5', - 'geo_filter': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_ips_urlfilter_setting6.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'device': 'test_value_3', - 'distance': '4', - 'gateway6': 'test_value_5', - 'geo-filter': 'test_value_6' - } - - set_method_mock.assert_called_with('webfilter', 'ips-urlfilter-setting6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_webfilter_ips_urlfilter_setting6_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_ips_urlfilter_setting6': { - 'random_attribute_not_valid': 'tag', - 'device': 'test_value_3', - 'distance': '4', - 'gateway6': 'test_value_5', - 'geo_filter': 'test_value_6' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_ips_urlfilter_setting6.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'device': 'test_value_3', - 'distance': '4', - 'gateway6': 'test_value_5', - 'geo-filter': 'test_value_6' - } - - set_method_mock.assert_called_with('webfilter', 'ips-urlfilter-setting6', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_webfilter_override.py b/test/units/modules/network/fortios/test_fortios_webfilter_override.py deleted file mode 100644 index 0594217dc71..00000000000 --- a/test/units/modules/network/fortios/test_fortios_webfilter_override.py +++ /dev/null @@ -1,299 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_webfilter_override -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_webfilter_override.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_webfilter_override_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_override': { - 'expires': 'test_value_3', - 'id': '4', - 'initiator': 'test_value_5', - 'ip': 'test_value_6', - 'ip6': 'test_value_7', - 'new_profile': 'test_value_8', - 'old_profile': 'test_value_9', - 'scope': 'user', - 'status': 'enable', - 'user': 'test_value_12', - 'user_group': 'test_value_13' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_override.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'expires': 'test_value_3', - 'id': '4', - 'initiator': 'test_value_5', - 'ip': 'test_value_6', - 'ip6': 'test_value_7', - 'new-profile': 'test_value_8', - 'old-profile': 'test_value_9', - 'scope': 'user', - 'status': 'enable', - 'user': 'test_value_12', - 'user-group': 'test_value_13' - } - - set_method_mock.assert_called_with('webfilter', 'override', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_webfilter_override_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_override': { - 'expires': 'test_value_3', - 'id': '4', - 'initiator': 'test_value_5', - 'ip': 'test_value_6', - 'ip6': 'test_value_7', - 'new_profile': 'test_value_8', - 'old_profile': 'test_value_9', - 'scope': 'user', - 'status': 'enable', - 'user': 'test_value_12', - 'user_group': 'test_value_13' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_override.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'expires': 'test_value_3', - 'id': '4', - 'initiator': 'test_value_5', - 'ip': 'test_value_6', - 'ip6': 'test_value_7', - 'new-profile': 'test_value_8', - 'old-profile': 'test_value_9', - 'scope': 'user', - 'status': 'enable', - 'user': 'test_value_12', - 'user-group': 'test_value_13' - } - - set_method_mock.assert_called_with('webfilter', 'override', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_webfilter_override_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'webfilter_override': { - 'expires': 'test_value_3', - 'id': '4', - 'initiator': 'test_value_5', - 'ip': 'test_value_6', - 'ip6': 'test_value_7', - 'new_profile': 'test_value_8', - 'old_profile': 'test_value_9', - 'scope': 'user', - 'status': 'enable', - 'user': 'test_value_12', - 'user_group': 'test_value_13' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_override.fortios_webfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('webfilter', 'override', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_webfilter_override_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'webfilter_override': { - 'expires': 'test_value_3', - 'id': '4', - 'initiator': 'test_value_5', - 'ip': 'test_value_6', - 'ip6': 'test_value_7', - 'new_profile': 'test_value_8', - 'old_profile': 'test_value_9', - 'scope': 'user', - 'status': 'enable', - 'user': 'test_value_12', - 'user_group': 'test_value_13' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_override.fortios_webfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('webfilter', 'override', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_webfilter_override_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_override': { - 'expires': 'test_value_3', - 'id': '4', - 'initiator': 'test_value_5', - 'ip': 'test_value_6', - 'ip6': 'test_value_7', - 'new_profile': 'test_value_8', - 'old_profile': 'test_value_9', - 'scope': 'user', - 'status': 'enable', - 'user': 'test_value_12', - 'user_group': 'test_value_13' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_override.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'expires': 'test_value_3', - 'id': '4', - 'initiator': 'test_value_5', - 'ip': 'test_value_6', - 'ip6': 'test_value_7', - 'new-profile': 'test_value_8', - 'old-profile': 'test_value_9', - 'scope': 'user', - 'status': 'enable', - 'user': 'test_value_12', - 'user-group': 'test_value_13' - } - - set_method_mock.assert_called_with('webfilter', 'override', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_webfilter_override_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_override': { - 'random_attribute_not_valid': 'tag', - 'expires': 'test_value_3', - 'id': '4', - 'initiator': 'test_value_5', - 'ip': 'test_value_6', - 'ip6': 'test_value_7', - 'new_profile': 'test_value_8', - 'old_profile': 'test_value_9', - 'scope': 'user', - 'status': 'enable', - 'user': 'test_value_12', - 'user_group': 'test_value_13' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_override.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'expires': 'test_value_3', - 'id': '4', - 'initiator': 'test_value_5', - 'ip': 'test_value_6', - 'ip6': 'test_value_7', - 'new-profile': 'test_value_8', - 'old-profile': 'test_value_9', - 'scope': 'user', - 'status': 'enable', - 'user': 'test_value_12', - 'user-group': 'test_value_13' - } - - set_method_mock.assert_called_with('webfilter', 'override', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_webfilter_profile.py b/test/units/modules/network/fortios/test_fortios_webfilter_profile.py deleted file mode 100644 index 07efbfcbd52..00000000000 --- a/test/units/modules/network/fortios/test_fortios_webfilter_profile.py +++ /dev/null @@ -1,479 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_webfilter_profile -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_webfilter_profile.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_webfilter_profile_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_profile': { - 'comment': 'Optional comments.', - 'extended_log': 'enable', - 'https_replacemsg': 'enable', - 'inspection_mode': 'proxy', - 'log_all_url': 'enable', - 'name': 'default_name_8', - 'options': 'activexfilter', - 'ovrd_perm': 'bannedword-override', - 'post_action': 'normal', - 'replacemsg_group': 'test_value_12', - 'web_content_log': 'enable', - 'web_extended_all_action_log': 'enable', - 'web_filter_activex_log': 'enable', - 'web_filter_applet_log': 'enable', - 'web_filter_command_block_log': 'enable', - 'web_filter_cookie_log': 'enable', - 'web_filter_cookie_removal_log': 'enable', - 'web_filter_js_log': 'enable', - 'web_filter_jscript_log': 'enable', - 'web_filter_referer_log': 'enable', - 'web_filter_unknown_log': 'enable', - 'web_filter_vbs_log': 'enable', - 'web_ftgd_err_log': 'enable', - 'web_ftgd_quota_usage': 'enable', - 'web_invalid_domain_log': 'enable', - 'web_url_log': 'enable', - 'wisp': 'enable', - 'wisp_algorithm': 'primary-secondary', - 'youtube_channel_status': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_profile.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'extended-log': 'enable', - 'https-replacemsg': 'enable', - 'inspection-mode': 'proxy', - 'log-all-url': 'enable', - 'name': 'default_name_8', - 'options': 'activexfilter', - 'ovrd-perm': 'bannedword-override', - 'post-action': 'normal', - 'replacemsg-group': 'test_value_12', - 'web-content-log': 'enable', - 'web-extended-all-action-log': 'enable', - 'web-filter-activex-log': 'enable', - 'web-filter-applet-log': 'enable', - 'web-filter-command-block-log': 'enable', - 'web-filter-cookie-log': 'enable', - 'web-filter-cookie-removal-log': 'enable', - 'web-filter-js-log': 'enable', - 'web-filter-jscript-log': 'enable', - 'web-filter-referer-log': 'enable', - 'web-filter-unknown-log': 'enable', - 'web-filter-vbs-log': 'enable', - 'web-ftgd-err-log': 'enable', - 'web-ftgd-quota-usage': 'enable', - 'web-invalid-domain-log': 'enable', - 'web-url-log': 'enable', - 'wisp': 'enable', - 'wisp-algorithm': 'primary-secondary', - 'youtube-channel-status': 'disable' - } - - set_method_mock.assert_called_with('webfilter', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_webfilter_profile_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_profile': { - 'comment': 'Optional comments.', - 'extended_log': 'enable', - 'https_replacemsg': 'enable', - 'inspection_mode': 'proxy', - 'log_all_url': 'enable', - 'name': 'default_name_8', - 'options': 'activexfilter', - 'ovrd_perm': 'bannedword-override', - 'post_action': 'normal', - 'replacemsg_group': 'test_value_12', - 'web_content_log': 'enable', - 'web_extended_all_action_log': 'enable', - 'web_filter_activex_log': 'enable', - 'web_filter_applet_log': 'enable', - 'web_filter_command_block_log': 'enable', - 'web_filter_cookie_log': 'enable', - 'web_filter_cookie_removal_log': 'enable', - 'web_filter_js_log': 'enable', - 'web_filter_jscript_log': 'enable', - 'web_filter_referer_log': 'enable', - 'web_filter_unknown_log': 'enable', - 'web_filter_vbs_log': 'enable', - 'web_ftgd_err_log': 'enable', - 'web_ftgd_quota_usage': 'enable', - 'web_invalid_domain_log': 'enable', - 'web_url_log': 'enable', - 'wisp': 'enable', - 'wisp_algorithm': 'primary-secondary', - 'youtube_channel_status': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_profile.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'extended-log': 'enable', - 'https-replacemsg': 'enable', - 'inspection-mode': 'proxy', - 'log-all-url': 'enable', - 'name': 'default_name_8', - 'options': 'activexfilter', - 'ovrd-perm': 'bannedword-override', - 'post-action': 'normal', - 'replacemsg-group': 'test_value_12', - 'web-content-log': 'enable', - 'web-extended-all-action-log': 'enable', - 'web-filter-activex-log': 'enable', - 'web-filter-applet-log': 'enable', - 'web-filter-command-block-log': 'enable', - 'web-filter-cookie-log': 'enable', - 'web-filter-cookie-removal-log': 'enable', - 'web-filter-js-log': 'enable', - 'web-filter-jscript-log': 'enable', - 'web-filter-referer-log': 'enable', - 'web-filter-unknown-log': 'enable', - 'web-filter-vbs-log': 'enable', - 'web-ftgd-err-log': 'enable', - 'web-ftgd-quota-usage': 'enable', - 'web-invalid-domain-log': 'enable', - 'web-url-log': 'enable', - 'wisp': 'enable', - 'wisp-algorithm': 'primary-secondary', - 'youtube-channel-status': 'disable' - } - - set_method_mock.assert_called_with('webfilter', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_webfilter_profile_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'webfilter_profile': { - 'comment': 'Optional comments.', - 'extended_log': 'enable', - 'https_replacemsg': 'enable', - 'inspection_mode': 'proxy', - 'log_all_url': 'enable', - 'name': 'default_name_8', - 'options': 'activexfilter', - 'ovrd_perm': 'bannedword-override', - 'post_action': 'normal', - 'replacemsg_group': 'test_value_12', - 'web_content_log': 'enable', - 'web_extended_all_action_log': 'enable', - 'web_filter_activex_log': 'enable', - 'web_filter_applet_log': 'enable', - 'web_filter_command_block_log': 'enable', - 'web_filter_cookie_log': 'enable', - 'web_filter_cookie_removal_log': 'enable', - 'web_filter_js_log': 'enable', - 'web_filter_jscript_log': 'enable', - 'web_filter_referer_log': 'enable', - 'web_filter_unknown_log': 'enable', - 'web_filter_vbs_log': 'enable', - 'web_ftgd_err_log': 'enable', - 'web_ftgd_quota_usage': 'enable', - 'web_invalid_domain_log': 'enable', - 'web_url_log': 'enable', - 'wisp': 'enable', - 'wisp_algorithm': 'primary-secondary', - 'youtube_channel_status': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_profile.fortios_webfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('webfilter', 'profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_webfilter_profile_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'webfilter_profile': { - 'comment': 'Optional comments.', - 'extended_log': 'enable', - 'https_replacemsg': 'enable', - 'inspection_mode': 'proxy', - 'log_all_url': 'enable', - 'name': 'default_name_8', - 'options': 'activexfilter', - 'ovrd_perm': 'bannedword-override', - 'post_action': 'normal', - 'replacemsg_group': 'test_value_12', - 'web_content_log': 'enable', - 'web_extended_all_action_log': 'enable', - 'web_filter_activex_log': 'enable', - 'web_filter_applet_log': 'enable', - 'web_filter_command_block_log': 'enable', - 'web_filter_cookie_log': 'enable', - 'web_filter_cookie_removal_log': 'enable', - 'web_filter_js_log': 'enable', - 'web_filter_jscript_log': 'enable', - 'web_filter_referer_log': 'enable', - 'web_filter_unknown_log': 'enable', - 'web_filter_vbs_log': 'enable', - 'web_ftgd_err_log': 'enable', - 'web_ftgd_quota_usage': 'enable', - 'web_invalid_domain_log': 'enable', - 'web_url_log': 'enable', - 'wisp': 'enable', - 'wisp_algorithm': 'primary-secondary', - 'youtube_channel_status': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_profile.fortios_webfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('webfilter', 'profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_webfilter_profile_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_profile': { - 'comment': 'Optional comments.', - 'extended_log': 'enable', - 'https_replacemsg': 'enable', - 'inspection_mode': 'proxy', - 'log_all_url': 'enable', - 'name': 'default_name_8', - 'options': 'activexfilter', - 'ovrd_perm': 'bannedword-override', - 'post_action': 'normal', - 'replacemsg_group': 'test_value_12', - 'web_content_log': 'enable', - 'web_extended_all_action_log': 'enable', - 'web_filter_activex_log': 'enable', - 'web_filter_applet_log': 'enable', - 'web_filter_command_block_log': 'enable', - 'web_filter_cookie_log': 'enable', - 'web_filter_cookie_removal_log': 'enable', - 'web_filter_js_log': 'enable', - 'web_filter_jscript_log': 'enable', - 'web_filter_referer_log': 'enable', - 'web_filter_unknown_log': 'enable', - 'web_filter_vbs_log': 'enable', - 'web_ftgd_err_log': 'enable', - 'web_ftgd_quota_usage': 'enable', - 'web_invalid_domain_log': 'enable', - 'web_url_log': 'enable', - 'wisp': 'enable', - 'wisp_algorithm': 'primary-secondary', - 'youtube_channel_status': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_profile.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'extended-log': 'enable', - 'https-replacemsg': 'enable', - 'inspection-mode': 'proxy', - 'log-all-url': 'enable', - 'name': 'default_name_8', - 'options': 'activexfilter', - 'ovrd-perm': 'bannedword-override', - 'post-action': 'normal', - 'replacemsg-group': 'test_value_12', - 'web-content-log': 'enable', - 'web-extended-all-action-log': 'enable', - 'web-filter-activex-log': 'enable', - 'web-filter-applet-log': 'enable', - 'web-filter-command-block-log': 'enable', - 'web-filter-cookie-log': 'enable', - 'web-filter-cookie-removal-log': 'enable', - 'web-filter-js-log': 'enable', - 'web-filter-jscript-log': 'enable', - 'web-filter-referer-log': 'enable', - 'web-filter-unknown-log': 'enable', - 'web-filter-vbs-log': 'enable', - 'web-ftgd-err-log': 'enable', - 'web-ftgd-quota-usage': 'enable', - 'web-invalid-domain-log': 'enable', - 'web-url-log': 'enable', - 'wisp': 'enable', - 'wisp-algorithm': 'primary-secondary', - 'youtube-channel-status': 'disable' - } - - set_method_mock.assert_called_with('webfilter', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_webfilter_profile_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_profile': { - 'random_attribute_not_valid': 'tag', - 'comment': 'Optional comments.', - 'extended_log': 'enable', - 'https_replacemsg': 'enable', - 'inspection_mode': 'proxy', - 'log_all_url': 'enable', - 'name': 'default_name_8', - 'options': 'activexfilter', - 'ovrd_perm': 'bannedword-override', - 'post_action': 'normal', - 'replacemsg_group': 'test_value_12', - 'web_content_log': 'enable', - 'web_extended_all_action_log': 'enable', - 'web_filter_activex_log': 'enable', - 'web_filter_applet_log': 'enable', - 'web_filter_command_block_log': 'enable', - 'web_filter_cookie_log': 'enable', - 'web_filter_cookie_removal_log': 'enable', - 'web_filter_js_log': 'enable', - 'web_filter_jscript_log': 'enable', - 'web_filter_referer_log': 'enable', - 'web_filter_unknown_log': 'enable', - 'web_filter_vbs_log': 'enable', - 'web_ftgd_err_log': 'enable', - 'web_ftgd_quota_usage': 'enable', - 'web_invalid_domain_log': 'enable', - 'web_url_log': 'enable', - 'wisp': 'enable', - 'wisp_algorithm': 'primary-secondary', - 'youtube_channel_status': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_profile.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'extended-log': 'enable', - 'https-replacemsg': 'enable', - 'inspection-mode': 'proxy', - 'log-all-url': 'enable', - 'name': 'default_name_8', - 'options': 'activexfilter', - 'ovrd-perm': 'bannedword-override', - 'post-action': 'normal', - 'replacemsg-group': 'test_value_12', - 'web-content-log': 'enable', - 'web-extended-all-action-log': 'enable', - 'web-filter-activex-log': 'enable', - 'web-filter-applet-log': 'enable', - 'web-filter-command-block-log': 'enable', - 'web-filter-cookie-log': 'enable', - 'web-filter-cookie-removal-log': 'enable', - 'web-filter-js-log': 'enable', - 'web-filter-jscript-log': 'enable', - 'web-filter-referer-log': 'enable', - 'web-filter-unknown-log': 'enable', - 'web-filter-vbs-log': 'enable', - 'web-ftgd-err-log': 'enable', - 'web-ftgd-quota-usage': 'enable', - 'web-invalid-domain-log': 'enable', - 'web-url-log': 'enable', - 'wisp': 'enable', - 'wisp-algorithm': 'primary-secondary', - 'youtube-channel-status': 'disable' - } - - set_method_mock.assert_called_with('webfilter', 'profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_webfilter_search_engine.py b/test/units/modules/network/fortios/test_fortios_webfilter_search_engine.py deleted file mode 100644 index ef6cd8a47a0..00000000000 --- a/test/units/modules/network/fortios/test_fortios_webfilter_search_engine.py +++ /dev/null @@ -1,259 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_webfilter_search_engine -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_webfilter_search_engine.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_webfilter_search_engine_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_search_engine': { - 'charset': 'utf-8', - 'hostname': 'myhostname4', - 'name': 'default_name_5', - 'query': 'test_value_6', - 'safesearch': 'disable', - 'safesearch_str': 'test_value_8', - 'url': 'myurl_9.com' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_search_engine.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'charset': 'utf-8', - 'hostname': 'myhostname4', - 'name': 'default_name_5', - 'query': 'test_value_6', - 'safesearch': 'disable', - 'safesearch-str': 'test_value_8', - 'url': 'myurl_9.com' - } - - set_method_mock.assert_called_with('webfilter', 'search-engine', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_webfilter_search_engine_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_search_engine': { - 'charset': 'utf-8', - 'hostname': 'myhostname4', - 'name': 'default_name_5', - 'query': 'test_value_6', - 'safesearch': 'disable', - 'safesearch_str': 'test_value_8', - 'url': 'myurl_9.com' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_search_engine.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'charset': 'utf-8', - 'hostname': 'myhostname4', - 'name': 'default_name_5', - 'query': 'test_value_6', - 'safesearch': 'disable', - 'safesearch-str': 'test_value_8', - 'url': 'myurl_9.com' - } - - set_method_mock.assert_called_with('webfilter', 'search-engine', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_webfilter_search_engine_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'webfilter_search_engine': { - 'charset': 'utf-8', - 'hostname': 'myhostname4', - 'name': 'default_name_5', - 'query': 'test_value_6', - 'safesearch': 'disable', - 'safesearch_str': 'test_value_8', - 'url': 'myurl_9.com' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_search_engine.fortios_webfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('webfilter', 'search-engine', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_webfilter_search_engine_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'webfilter_search_engine': { - 'charset': 'utf-8', - 'hostname': 'myhostname4', - 'name': 'default_name_5', - 'query': 'test_value_6', - 'safesearch': 'disable', - 'safesearch_str': 'test_value_8', - 'url': 'myurl_9.com' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_search_engine.fortios_webfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('webfilter', 'search-engine', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_webfilter_search_engine_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_search_engine': { - 'charset': 'utf-8', - 'hostname': 'myhostname4', - 'name': 'default_name_5', - 'query': 'test_value_6', - 'safesearch': 'disable', - 'safesearch_str': 'test_value_8', - 'url': 'myurl_9.com' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_search_engine.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'charset': 'utf-8', - 'hostname': 'myhostname4', - 'name': 'default_name_5', - 'query': 'test_value_6', - 'safesearch': 'disable', - 'safesearch-str': 'test_value_8', - 'url': 'myurl_9.com' - } - - set_method_mock.assert_called_with('webfilter', 'search-engine', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_webfilter_search_engine_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_search_engine': { - 'random_attribute_not_valid': 'tag', - 'charset': 'utf-8', - 'hostname': 'myhostname4', - 'name': 'default_name_5', - 'query': 'test_value_6', - 'safesearch': 'disable', - 'safesearch_str': 'test_value_8', - 'url': 'myurl_9.com' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_search_engine.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'charset': 'utf-8', - 'hostname': 'myhostname4', - 'name': 'default_name_5', - 'query': 'test_value_6', - 'safesearch': 'disable', - 'safesearch-str': 'test_value_8', - 'url': 'myurl_9.com' - } - - set_method_mock.assert_called_with('webfilter', 'search-engine', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_webfilter_urlfilter.py b/test/units/modules/network/fortios/test_fortios_webfilter_urlfilter.py deleted file mode 100644 index 2272b0af7c2..00000000000 --- a/test/units/modules/network/fortios/test_fortios_webfilter_urlfilter.py +++ /dev/null @@ -1,239 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_webfilter_urlfilter -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_webfilter_urlfilter.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_webfilter_urlfilter_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_urlfilter': { - 'comment': 'Optional comments.', - 'id': '4', - 'ip_addr_block': 'enable', - 'name': 'default_name_6', - 'one_arm_ips_urlfilter': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_urlfilter.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'ip-addr-block': 'enable', - 'name': 'default_name_6', - 'one-arm-ips-urlfilter': 'enable' - } - - set_method_mock.assert_called_with('webfilter', 'urlfilter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_webfilter_urlfilter_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_urlfilter': { - 'comment': 'Optional comments.', - 'id': '4', - 'ip_addr_block': 'enable', - 'name': 'default_name_6', - 'one_arm_ips_urlfilter': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_urlfilter.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'ip-addr-block': 'enable', - 'name': 'default_name_6', - 'one-arm-ips-urlfilter': 'enable' - } - - set_method_mock.assert_called_with('webfilter', 'urlfilter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_webfilter_urlfilter_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'webfilter_urlfilter': { - 'comment': 'Optional comments.', - 'id': '4', - 'ip_addr_block': 'enable', - 'name': 'default_name_6', - 'one_arm_ips_urlfilter': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_urlfilter.fortios_webfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('webfilter', 'urlfilter', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_webfilter_urlfilter_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'webfilter_urlfilter': { - 'comment': 'Optional comments.', - 'id': '4', - 'ip_addr_block': 'enable', - 'name': 'default_name_6', - 'one_arm_ips_urlfilter': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_urlfilter.fortios_webfilter(input_data, fos_instance) - - delete_method_mock.assert_called_with('webfilter', 'urlfilter', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_webfilter_urlfilter_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_urlfilter': { - 'comment': 'Optional comments.', - 'id': '4', - 'ip_addr_block': 'enable', - 'name': 'default_name_6', - 'one_arm_ips_urlfilter': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_urlfilter.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'ip-addr-block': 'enable', - 'name': 'default_name_6', - 'one-arm-ips-urlfilter': 'enable' - } - - set_method_mock.assert_called_with('webfilter', 'urlfilter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_webfilter_urlfilter_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'webfilter_urlfilter': { - 'random_attribute_not_valid': 'tag', - 'comment': 'Optional comments.', - 'id': '4', - 'ip_addr_block': 'enable', - 'name': 'default_name_6', - 'one_arm_ips_urlfilter': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_webfilter_urlfilter.fortios_webfilter(input_data, fos_instance) - - expected_data = { - 'comment': 'Optional comments.', - 'id': '4', - 'ip-addr-block': 'enable', - 'name': 'default_name_6', - 'one-arm-ips-urlfilter': 'enable' - } - - set_method_mock.assert_called_with('webfilter', 'urlfilter', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wireless_controller_ap_status.py b/test/units/modules/network/fortios/test_fortios_wireless_controller_ap_status.py deleted file mode 100644 index a19f7c21d6d..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wireless_controller_ap_status.py +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wireless_controller_ap_status -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wireless_controller_ap_status.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wireless_controller_ap_status_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_ap_status': { - 'bssid': 'test_value_3', - 'id': '4', - 'ssid': 'test_value_5', - 'status': 'rogue' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_ap_status.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'bssid': 'test_value_3', - 'id': '4', - 'ssid': 'test_value_5', - 'status': 'rogue' - } - - set_method_mock.assert_called_with('wireless-controller', 'ap-status', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_ap_status_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_ap_status': { - 'bssid': 'test_value_3', - 'id': '4', - 'ssid': 'test_value_5', - 'status': 'rogue' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_ap_status.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'bssid': 'test_value_3', - 'id': '4', - 'ssid': 'test_value_5', - 'status': 'rogue' - } - - set_method_mock.assert_called_with('wireless-controller', 'ap-status', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_ap_status_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_ap_status': { - 'bssid': 'test_value_3', - 'id': '4', - 'ssid': 'test_value_5', - 'status': 'rogue' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_ap_status.fortios_wireless_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller', 'ap-status', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_ap_status_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_ap_status': { - 'bssid': 'test_value_3', - 'id': '4', - 'ssid': 'test_value_5', - 'status': 'rogue' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_ap_status.fortios_wireless_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller', 'ap-status', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_ap_status_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_ap_status': { - 'bssid': 'test_value_3', - 'id': '4', - 'ssid': 'test_value_5', - 'status': 'rogue' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_ap_status.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'bssid': 'test_value_3', - 'id': '4', - 'ssid': 'test_value_5', - 'status': 'rogue' - } - - set_method_mock.assert_called_with('wireless-controller', 'ap-status', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wireless_controller_ap_status_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_ap_status': { - 'random_attribute_not_valid': 'tag', - 'bssid': 'test_value_3', - 'id': '4', - 'ssid': 'test_value_5', - 'status': 'rogue' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_ap_status.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'bssid': 'test_value_3', - 'id': '4', - 'ssid': 'test_value_5', - 'status': 'rogue' - } - - set_method_mock.assert_called_with('wireless-controller', 'ap-status', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wireless_controller_ble_profile.py b/test/units/modules/network/fortios/test_fortios_wireless_controller_ble_profile.py deleted file mode 100644 index 075d52af994..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wireless_controller_ble_profile.py +++ /dev/null @@ -1,319 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wireless_controller_ble_profile -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wireless_controller_ble_profile.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wireless_controller_ble_profile_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_ble_profile': { - 'advertising': 'ibeacon', - 'beacon_interval': '4', - 'ble_scanning': 'enable', - 'comment': 'Comment.', - 'eddystone_instance': 'test_value_7', - 'eddystone_namespace': 'test_value_8', - 'eddystone_url': 'test_value_9', - 'eddystone_url_encode_hex': 'test_value_10', - 'ibeacon_uuid': 'test_value_11', - 'major_id': '12', - 'minor_id': '13', - 'name': 'default_name_14', - 'txpower': '0' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_ble_profile.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'advertising': 'ibeacon', - 'beacon-interval': '4', - 'ble-scanning': 'enable', - 'comment': 'Comment.', - 'eddystone-instance': 'test_value_7', - 'eddystone-namespace': 'test_value_8', - 'eddystone-url': 'test_value_9', - 'eddystone-url-encode-hex': 'test_value_10', - 'ibeacon-uuid': 'test_value_11', - 'major-id': '12', - 'minor-id': '13', - 'name': 'default_name_14', - 'txpower': '0' - } - - set_method_mock.assert_called_with('wireless-controller', 'ble-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_ble_profile_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_ble_profile': { - 'advertising': 'ibeacon', - 'beacon_interval': '4', - 'ble_scanning': 'enable', - 'comment': 'Comment.', - 'eddystone_instance': 'test_value_7', - 'eddystone_namespace': 'test_value_8', - 'eddystone_url': 'test_value_9', - 'eddystone_url_encode_hex': 'test_value_10', - 'ibeacon_uuid': 'test_value_11', - 'major_id': '12', - 'minor_id': '13', - 'name': 'default_name_14', - 'txpower': '0' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_ble_profile.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'advertising': 'ibeacon', - 'beacon-interval': '4', - 'ble-scanning': 'enable', - 'comment': 'Comment.', - 'eddystone-instance': 'test_value_7', - 'eddystone-namespace': 'test_value_8', - 'eddystone-url': 'test_value_9', - 'eddystone-url-encode-hex': 'test_value_10', - 'ibeacon-uuid': 'test_value_11', - 'major-id': '12', - 'minor-id': '13', - 'name': 'default_name_14', - 'txpower': '0' - } - - set_method_mock.assert_called_with('wireless-controller', 'ble-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_ble_profile_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_ble_profile': { - 'advertising': 'ibeacon', - 'beacon_interval': '4', - 'ble_scanning': 'enable', - 'comment': 'Comment.', - 'eddystone_instance': 'test_value_7', - 'eddystone_namespace': 'test_value_8', - 'eddystone_url': 'test_value_9', - 'eddystone_url_encode_hex': 'test_value_10', - 'ibeacon_uuid': 'test_value_11', - 'major_id': '12', - 'minor_id': '13', - 'name': 'default_name_14', - 'txpower': '0' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_ble_profile.fortios_wireless_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller', 'ble-profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_ble_profile_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_ble_profile': { - 'advertising': 'ibeacon', - 'beacon_interval': '4', - 'ble_scanning': 'enable', - 'comment': 'Comment.', - 'eddystone_instance': 'test_value_7', - 'eddystone_namespace': 'test_value_8', - 'eddystone_url': 'test_value_9', - 'eddystone_url_encode_hex': 'test_value_10', - 'ibeacon_uuid': 'test_value_11', - 'major_id': '12', - 'minor_id': '13', - 'name': 'default_name_14', - 'txpower': '0' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_ble_profile.fortios_wireless_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller', 'ble-profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_ble_profile_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_ble_profile': { - 'advertising': 'ibeacon', - 'beacon_interval': '4', - 'ble_scanning': 'enable', - 'comment': 'Comment.', - 'eddystone_instance': 'test_value_7', - 'eddystone_namespace': 'test_value_8', - 'eddystone_url': 'test_value_9', - 'eddystone_url_encode_hex': 'test_value_10', - 'ibeacon_uuid': 'test_value_11', - 'major_id': '12', - 'minor_id': '13', - 'name': 'default_name_14', - 'txpower': '0' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_ble_profile.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'advertising': 'ibeacon', - 'beacon-interval': '4', - 'ble-scanning': 'enable', - 'comment': 'Comment.', - 'eddystone-instance': 'test_value_7', - 'eddystone-namespace': 'test_value_8', - 'eddystone-url': 'test_value_9', - 'eddystone-url-encode-hex': 'test_value_10', - 'ibeacon-uuid': 'test_value_11', - 'major-id': '12', - 'minor-id': '13', - 'name': 'default_name_14', - 'txpower': '0' - } - - set_method_mock.assert_called_with('wireless-controller', 'ble-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wireless_controller_ble_profile_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_ble_profile': { - 'random_attribute_not_valid': 'tag', - 'advertising': 'ibeacon', - 'beacon_interval': '4', - 'ble_scanning': 'enable', - 'comment': 'Comment.', - 'eddystone_instance': 'test_value_7', - 'eddystone_namespace': 'test_value_8', - 'eddystone_url': 'test_value_9', - 'eddystone_url_encode_hex': 'test_value_10', - 'ibeacon_uuid': 'test_value_11', - 'major_id': '12', - 'minor_id': '13', - 'name': 'default_name_14', - 'txpower': '0' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_ble_profile.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'advertising': 'ibeacon', - 'beacon-interval': '4', - 'ble-scanning': 'enable', - 'comment': 'Comment.', - 'eddystone-instance': 'test_value_7', - 'eddystone-namespace': 'test_value_8', - 'eddystone-url': 'test_value_9', - 'eddystone-url-encode-hex': 'test_value_10', - 'ibeacon-uuid': 'test_value_11', - 'major-id': '12', - 'minor-id': '13', - 'name': 'default_name_14', - 'txpower': '0' - } - - set_method_mock.assert_called_with('wireless-controller', 'ble-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wireless_controller_bonjour_profile.py b/test/units/modules/network/fortios/test_fortios_wireless_controller_bonjour_profile.py deleted file mode 100644 index b3aa0ab6ef2..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wireless_controller_bonjour_profile.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wireless_controller_bonjour_profile -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wireless_controller_bonjour_profile.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wireless_controller_bonjour_profile_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_bonjour_profile': { - 'comment': 'Comment.', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_bonjour_profile.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('wireless-controller', 'bonjour-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_bonjour_profile_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_bonjour_profile': { - 'comment': 'Comment.', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_bonjour_profile.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('wireless-controller', 'bonjour-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_bonjour_profile_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_bonjour_profile': { - 'comment': 'Comment.', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_bonjour_profile.fortios_wireless_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller', 'bonjour-profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_bonjour_profile_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_bonjour_profile': { - 'comment': 'Comment.', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_bonjour_profile.fortios_wireless_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller', 'bonjour-profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_bonjour_profile_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_bonjour_profile': { - 'comment': 'Comment.', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_bonjour_profile.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('wireless-controller', 'bonjour-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wireless_controller_bonjour_profile_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_bonjour_profile': { - 'random_attribute_not_valid': 'tag', - 'comment': 'Comment.', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_bonjour_profile.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('wireless-controller', 'bonjour-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wireless_controller_global.py b/test/units/modules/network/fortios/test_fortios_wireless_controller_global.py deleted file mode 100644 index 50cc5898235..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wireless_controller_global.py +++ /dev/null @@ -1,279 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wireless_controller_global -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wireless_controller_global.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wireless_controller_global_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_global': { - 'ap_log_server': 'enable', - 'ap_log_server_ip': 'test_value_4', - 'ap_log_server_port': '5', - 'control_message_offload': 'ebp-frame', - 'data_ethernet_II': 'enable', - 'discovery_mc_addr': 'test_value_8', - 'fiapp_eth_type': '9', - 'image_download': 'enable', - 'ipsec_base_ip': 'test_value_11', - 'link_aggregation': 'enable', - 'location': 'test_value_13', - 'max_clients': '14', - 'max_retransmit': '15', - 'mesh_eth_type': '16', - 'name': 'default_name_17', - 'rogue_scan_mac_adjacency': '18', - 'wtp_share': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_global.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'ap-log-server': 'enable', - 'ap-log-server-ip': 'test_value_4', - 'ap-log-server-port': '5', - 'control-message-offload': 'ebp-frame', - 'data-ethernet-II': 'enable', - 'discovery-mc-addr': 'test_value_8', - 'fiapp-eth-type': '9', - 'image-download': 'enable', - 'ipsec-base-ip': 'test_value_11', - 'link-aggregation': 'enable', - 'location': 'test_value_13', - 'max-clients': '14', - 'max-retransmit': '15', - 'mesh-eth-type': '16', - 'name': 'default_name_17', - 'rogue-scan-mac-adjacency': '18', - 'wtp-share': 'enable' - } - - set_method_mock.assert_called_with('wireless-controller', 'global', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_global_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_global': { - 'ap_log_server': 'enable', - 'ap_log_server_ip': 'test_value_4', - 'ap_log_server_port': '5', - 'control_message_offload': 'ebp-frame', - 'data_ethernet_II': 'enable', - 'discovery_mc_addr': 'test_value_8', - 'fiapp_eth_type': '9', - 'image_download': 'enable', - 'ipsec_base_ip': 'test_value_11', - 'link_aggregation': 'enable', - 'location': 'test_value_13', - 'max_clients': '14', - 'max_retransmit': '15', - 'mesh_eth_type': '16', - 'name': 'default_name_17', - 'rogue_scan_mac_adjacency': '18', - 'wtp_share': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_global.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'ap-log-server': 'enable', - 'ap-log-server-ip': 'test_value_4', - 'ap-log-server-port': '5', - 'control-message-offload': 'ebp-frame', - 'data-ethernet-II': 'enable', - 'discovery-mc-addr': 'test_value_8', - 'fiapp-eth-type': '9', - 'image-download': 'enable', - 'ipsec-base-ip': 'test_value_11', - 'link-aggregation': 'enable', - 'location': 'test_value_13', - 'max-clients': '14', - 'max-retransmit': '15', - 'mesh-eth-type': '16', - 'name': 'default_name_17', - 'rogue-scan-mac-adjacency': '18', - 'wtp-share': 'enable' - } - - set_method_mock.assert_called_with('wireless-controller', 'global', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_global_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_global': { - 'ap_log_server': 'enable', - 'ap_log_server_ip': 'test_value_4', - 'ap_log_server_port': '5', - 'control_message_offload': 'ebp-frame', - 'data_ethernet_II': 'enable', - 'discovery_mc_addr': 'test_value_8', - 'fiapp_eth_type': '9', - 'image_download': 'enable', - 'ipsec_base_ip': 'test_value_11', - 'link_aggregation': 'enable', - 'location': 'test_value_13', - 'max_clients': '14', - 'max_retransmit': '15', - 'mesh_eth_type': '16', - 'name': 'default_name_17', - 'rogue_scan_mac_adjacency': '18', - 'wtp_share': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_global.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'ap-log-server': 'enable', - 'ap-log-server-ip': 'test_value_4', - 'ap-log-server-port': '5', - 'control-message-offload': 'ebp-frame', - 'data-ethernet-II': 'enable', - 'discovery-mc-addr': 'test_value_8', - 'fiapp-eth-type': '9', - 'image-download': 'enable', - 'ipsec-base-ip': 'test_value_11', - 'link-aggregation': 'enable', - 'location': 'test_value_13', - 'max-clients': '14', - 'max-retransmit': '15', - 'mesh-eth-type': '16', - 'name': 'default_name_17', - 'rogue-scan-mac-adjacency': '18', - 'wtp-share': 'enable' - } - - set_method_mock.assert_called_with('wireless-controller', 'global', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wireless_controller_global_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_global': { - 'random_attribute_not_valid': 'tag', - 'ap_log_server': 'enable', - 'ap_log_server_ip': 'test_value_4', - 'ap_log_server_port': '5', - 'control_message_offload': 'ebp-frame', - 'data_ethernet_II': 'enable', - 'discovery_mc_addr': 'test_value_8', - 'fiapp_eth_type': '9', - 'image_download': 'enable', - 'ipsec_base_ip': 'test_value_11', - 'link_aggregation': 'enable', - 'location': 'test_value_13', - 'max_clients': '14', - 'max_retransmit': '15', - 'mesh_eth_type': '16', - 'name': 'default_name_17', - 'rogue_scan_mac_adjacency': '18', - 'wtp_share': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_global.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'ap-log-server': 'enable', - 'ap-log-server-ip': 'test_value_4', - 'ap-log-server-port': '5', - 'control-message-offload': 'ebp-frame', - 'data-ethernet-II': 'enable', - 'discovery-mc-addr': 'test_value_8', - 'fiapp-eth-type': '9', - 'image-download': 'enable', - 'ipsec-base-ip': 'test_value_11', - 'link-aggregation': 'enable', - 'location': 'test_value_13', - 'max-clients': '14', - 'max-retransmit': '15', - 'mesh-eth-type': '16', - 'name': 'default_name_17', - 'rogue-scan-mac-adjacency': '18', - 'wtp-share': 'enable' - } - - set_method_mock.assert_called_with('wireless-controller', 'global', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_anqp_3gpp_cellular.py b/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_anqp_3gpp_cellular.py deleted file mode 100644 index 57d36cd1b02..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_anqp_3gpp_cellular.py +++ /dev/null @@ -1,189 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wireless_controller_hotspot20_anqp_3gpp_cellular -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wireless_controller_hotspot20_anqp_3gpp_cellular.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wireless_controller_hotspot20_anqp_3gpp_cellular_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_anqp_3gpp_cellular': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_3gpp_cellular.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = {'name': 'default_name_3' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-3gpp-cellular', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_hotspot20_anqp_3gpp_cellular_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_anqp_3gpp_cellular': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_3gpp_cellular.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = {'name': 'default_name_3' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-3gpp-cellular', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_hotspot20_anqp_3gpp_cellular_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_hotspot20_anqp_3gpp_cellular': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_3gpp_cellular.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-3gpp-cellular', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_hotspot20_anqp_3gpp_cellular_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_hotspot20_anqp_3gpp_cellular': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_3gpp_cellular.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-3gpp-cellular', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_hotspot20_anqp_3gpp_cellular_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_anqp_3gpp_cellular': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_3gpp_cellular.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = {'name': 'default_name_3' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-3gpp-cellular', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wireless_controller_hotspot20_anqp_3gpp_cellular_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_anqp_3gpp_cellular': { - 'random_attribute_not_valid': 'tag', 'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_3gpp_cellular.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = {'name': 'default_name_3' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-3gpp-cellular', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_anqp_ip_address_type.py b/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_anqp_ip_address_type.py deleted file mode 100644 index 75777d15634..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_anqp_ip_address_type.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wireless_controller_hotspot20_anqp_ip_address_type -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wireless_controller_hotspot20_anqp_ip_address_type.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wireless_controller_hotspot20_anqp_ip_address_type_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_anqp_ip_address_type': { - 'ipv4_address_type': 'not-available', - 'ipv6_address_type': 'not-available', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_ip_address_type.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'ipv4-address-type': 'not-available', - 'ipv6-address-type': 'not-available', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-ip-address-type', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_hotspot20_anqp_ip_address_type_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_anqp_ip_address_type': { - 'ipv4_address_type': 'not-available', - 'ipv6_address_type': 'not-available', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_ip_address_type.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'ipv4-address-type': 'not-available', - 'ipv6-address-type': 'not-available', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-ip-address-type', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_hotspot20_anqp_ip_address_type_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_hotspot20_anqp_ip_address_type': { - 'ipv4_address_type': 'not-available', - 'ipv6_address_type': 'not-available', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_ip_address_type.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-ip-address-type', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_hotspot20_anqp_ip_address_type_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_hotspot20_anqp_ip_address_type': { - 'ipv4_address_type': 'not-available', - 'ipv6_address_type': 'not-available', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_ip_address_type.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-ip-address-type', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_hotspot20_anqp_ip_address_type_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_anqp_ip_address_type': { - 'ipv4_address_type': 'not-available', - 'ipv6_address_type': 'not-available', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_ip_address_type.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'ipv4-address-type': 'not-available', - 'ipv6-address-type': 'not-available', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-ip-address-type', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wireless_controller_hotspot20_anqp_ip_address_type_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_anqp_ip_address_type': { - 'random_attribute_not_valid': 'tag', - 'ipv4_address_type': 'not-available', - 'ipv6_address_type': 'not-available', - 'name': 'default_name_5' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_ip_address_type.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'ipv4-address-type': 'not-available', - 'ipv6-address-type': 'not-available', - 'name': 'default_name_5' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-ip-address-type', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_anqp_nai_realm.py b/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_anqp_nai_realm.py deleted file mode 100644 index 12e833d9f34..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_anqp_nai_realm.py +++ /dev/null @@ -1,189 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wireless_controller_hotspot20_anqp_nai_realm -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wireless_controller_hotspot20_anqp_nai_realm.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wireless_controller_hotspot20_anqp_nai_realm_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_anqp_nai_realm': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_nai_realm.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = {'name': 'default_name_3' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-nai-realm', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_hotspot20_anqp_nai_realm_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_anqp_nai_realm': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_nai_realm.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = {'name': 'default_name_3' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-nai-realm', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_hotspot20_anqp_nai_realm_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_hotspot20_anqp_nai_realm': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_nai_realm.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-nai-realm', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_hotspot20_anqp_nai_realm_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_hotspot20_anqp_nai_realm': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_nai_realm.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-nai-realm', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_hotspot20_anqp_nai_realm_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_anqp_nai_realm': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_nai_realm.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = {'name': 'default_name_3' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-nai-realm', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wireless_controller_hotspot20_anqp_nai_realm_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_anqp_nai_realm': { - 'random_attribute_not_valid': 'tag', 'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_nai_realm.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = {'name': 'default_name_3' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-nai-realm', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_anqp_network_auth_type.py b/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_anqp_network_auth_type.py deleted file mode 100644 index 42318f14da8..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_anqp_network_auth_type.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wireless_controller_hotspot20_anqp_network_auth_type -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wireless_controller_hotspot20_anqp_network_auth_type.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wireless_controller_hotspot20_anqp_network_auth_type_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_anqp_network_auth_type': { - 'auth_type': 'acceptance-of-terms', - 'name': 'default_name_4', - 'url': 'myurl_5.com' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_network_auth_type.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'auth-type': 'acceptance-of-terms', - 'name': 'default_name_4', - 'url': 'myurl_5.com' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-network-auth-type', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_hotspot20_anqp_network_auth_type_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_anqp_network_auth_type': { - 'auth_type': 'acceptance-of-terms', - 'name': 'default_name_4', - 'url': 'myurl_5.com' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_network_auth_type.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'auth-type': 'acceptance-of-terms', - 'name': 'default_name_4', - 'url': 'myurl_5.com' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-network-auth-type', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_hotspot20_anqp_network_auth_type_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_hotspot20_anqp_network_auth_type': { - 'auth_type': 'acceptance-of-terms', - 'name': 'default_name_4', - 'url': 'myurl_5.com' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_network_auth_type.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-network-auth-type', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_hotspot20_anqp_network_auth_type_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_hotspot20_anqp_network_auth_type': { - 'auth_type': 'acceptance-of-terms', - 'name': 'default_name_4', - 'url': 'myurl_5.com' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_network_auth_type.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-network-auth-type', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_hotspot20_anqp_network_auth_type_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_anqp_network_auth_type': { - 'auth_type': 'acceptance-of-terms', - 'name': 'default_name_4', - 'url': 'myurl_5.com' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_network_auth_type.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'auth-type': 'acceptance-of-terms', - 'name': 'default_name_4', - 'url': 'myurl_5.com' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-network-auth-type', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wireless_controller_hotspot20_anqp_network_auth_type_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_anqp_network_auth_type': { - 'random_attribute_not_valid': 'tag', - 'auth_type': 'acceptance-of-terms', - 'name': 'default_name_4', - 'url': 'myurl_5.com' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_network_auth_type.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'auth-type': 'acceptance-of-terms', - 'name': 'default_name_4', - 'url': 'myurl_5.com' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-network-auth-type', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_anqp_roaming_consortium.py b/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_anqp_roaming_consortium.py deleted file mode 100644 index 903a60a3fab..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_anqp_roaming_consortium.py +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wireless_controller_hotspot20_anqp_roaming_consortium -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wireless_controller_hotspot20_anqp_roaming_consortium.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wireless_controller_hotspot20_anqp_roaming_consortium_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_anqp_roaming_consortium': { - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_roaming_consortium.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-roaming-consortium', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_hotspot20_anqp_roaming_consortium_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_anqp_roaming_consortium': { - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_roaming_consortium.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-roaming-consortium', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_hotspot20_anqp_roaming_consortium_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_hotspot20_anqp_roaming_consortium': { - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_roaming_consortium.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-roaming-consortium', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_hotspot20_anqp_roaming_consortium_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_hotspot20_anqp_roaming_consortium': { - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_roaming_consortium.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-roaming-consortium', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_hotspot20_anqp_roaming_consortium_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_anqp_roaming_consortium': { - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_roaming_consortium.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-roaming-consortium', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wireless_controller_hotspot20_anqp_roaming_consortium_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_anqp_roaming_consortium': { - 'random_attribute_not_valid': 'tag', - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_roaming_consortium.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-roaming-consortium', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_anqp_venue_name.py b/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_anqp_venue_name.py deleted file mode 100644 index dcd794e8532..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_anqp_venue_name.py +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wireless_controller_hotspot20_anqp_venue_name -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wireless_controller_hotspot20_anqp_venue_name.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wireless_controller_hotspot20_anqp_venue_name_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_anqp_venue_name': { - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_venue_name.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-venue-name', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_hotspot20_anqp_venue_name_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_anqp_venue_name': { - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_venue_name.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-venue-name', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_hotspot20_anqp_venue_name_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_hotspot20_anqp_venue_name': { - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_venue_name.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-venue-name', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_hotspot20_anqp_venue_name_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_hotspot20_anqp_venue_name': { - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_venue_name.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-venue-name', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_hotspot20_anqp_venue_name_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_anqp_venue_name': { - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_venue_name.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-venue-name', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wireless_controller_hotspot20_anqp_venue_name_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_anqp_venue_name': { - 'random_attribute_not_valid': 'tag', - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_anqp_venue_name.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'anqp-venue-name', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_h2qp_conn_capability.py b/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_h2qp_conn_capability.py deleted file mode 100644 index 11adad60913..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_h2qp_conn_capability.py +++ /dev/null @@ -1,309 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wireless_controller_hotspot20_h2qp_conn_capability -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wireless_controller_hotspot20_h2qp_conn_capability.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wireless_controller_hotspot20_h2qp_conn_capability_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_h2qp_conn_capability': { - 'esp_port': 'closed', - 'ftp_port': 'closed', - 'http_port': 'closed', - 'icmp_port': 'closed', - 'ikev2_port': 'closed', - 'ikev2_xx_port': 'closed', - 'name': 'default_name_9', - 'pptp_vpn_port': 'closed', - 'ssh_port': 'closed', - 'tls_port': 'closed', - 'voip_tcp_port': 'closed', - 'voip_udp_port': 'closed' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_h2qp_conn_capability.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'esp-port': 'closed', - 'ftp-port': 'closed', - 'http-port': 'closed', - 'icmp-port': 'closed', - 'ikev2-port': 'closed', - 'ikev2-xx-port': 'closed', - 'name': 'default_name_9', - 'pptp-vpn-port': 'closed', - 'ssh-port': 'closed', - 'tls-port': 'closed', - 'voip-tcp-port': 'closed', - 'voip-udp-port': 'closed' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'h2qp-conn-capability', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_hotspot20_h2qp_conn_capability_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_h2qp_conn_capability': { - 'esp_port': 'closed', - 'ftp_port': 'closed', - 'http_port': 'closed', - 'icmp_port': 'closed', - 'ikev2_port': 'closed', - 'ikev2_xx_port': 'closed', - 'name': 'default_name_9', - 'pptp_vpn_port': 'closed', - 'ssh_port': 'closed', - 'tls_port': 'closed', - 'voip_tcp_port': 'closed', - 'voip_udp_port': 'closed' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_h2qp_conn_capability.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'esp-port': 'closed', - 'ftp-port': 'closed', - 'http-port': 'closed', - 'icmp-port': 'closed', - 'ikev2-port': 'closed', - 'ikev2-xx-port': 'closed', - 'name': 'default_name_9', - 'pptp-vpn-port': 'closed', - 'ssh-port': 'closed', - 'tls-port': 'closed', - 'voip-tcp-port': 'closed', - 'voip-udp-port': 'closed' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'h2qp-conn-capability', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_hotspot20_h2qp_conn_capability_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_hotspot20_h2qp_conn_capability': { - 'esp_port': 'closed', - 'ftp_port': 'closed', - 'http_port': 'closed', - 'icmp_port': 'closed', - 'ikev2_port': 'closed', - 'ikev2_xx_port': 'closed', - 'name': 'default_name_9', - 'pptp_vpn_port': 'closed', - 'ssh_port': 'closed', - 'tls_port': 'closed', - 'voip_tcp_port': 'closed', - 'voip_udp_port': 'closed' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_h2qp_conn_capability.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller.hotspot20', 'h2qp-conn-capability', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_hotspot20_h2qp_conn_capability_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_hotspot20_h2qp_conn_capability': { - 'esp_port': 'closed', - 'ftp_port': 'closed', - 'http_port': 'closed', - 'icmp_port': 'closed', - 'ikev2_port': 'closed', - 'ikev2_xx_port': 'closed', - 'name': 'default_name_9', - 'pptp_vpn_port': 'closed', - 'ssh_port': 'closed', - 'tls_port': 'closed', - 'voip_tcp_port': 'closed', - 'voip_udp_port': 'closed' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_h2qp_conn_capability.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller.hotspot20', 'h2qp-conn-capability', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_hotspot20_h2qp_conn_capability_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_h2qp_conn_capability': { - 'esp_port': 'closed', - 'ftp_port': 'closed', - 'http_port': 'closed', - 'icmp_port': 'closed', - 'ikev2_port': 'closed', - 'ikev2_xx_port': 'closed', - 'name': 'default_name_9', - 'pptp_vpn_port': 'closed', - 'ssh_port': 'closed', - 'tls_port': 'closed', - 'voip_tcp_port': 'closed', - 'voip_udp_port': 'closed' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_h2qp_conn_capability.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'esp-port': 'closed', - 'ftp-port': 'closed', - 'http-port': 'closed', - 'icmp-port': 'closed', - 'ikev2-port': 'closed', - 'ikev2-xx-port': 'closed', - 'name': 'default_name_9', - 'pptp-vpn-port': 'closed', - 'ssh-port': 'closed', - 'tls-port': 'closed', - 'voip-tcp-port': 'closed', - 'voip-udp-port': 'closed' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'h2qp-conn-capability', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wireless_controller_hotspot20_h2qp_conn_capability_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_h2qp_conn_capability': { - 'random_attribute_not_valid': 'tag', - 'esp_port': 'closed', - 'ftp_port': 'closed', - 'http_port': 'closed', - 'icmp_port': 'closed', - 'ikev2_port': 'closed', - 'ikev2_xx_port': 'closed', - 'name': 'default_name_9', - 'pptp_vpn_port': 'closed', - 'ssh_port': 'closed', - 'tls_port': 'closed', - 'voip_tcp_port': 'closed', - 'voip_udp_port': 'closed' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_h2qp_conn_capability.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'esp-port': 'closed', - 'ftp-port': 'closed', - 'http-port': 'closed', - 'icmp-port': 'closed', - 'ikev2-port': 'closed', - 'ikev2-xx-port': 'closed', - 'name': 'default_name_9', - 'pptp-vpn-port': 'closed', - 'ssh-port': 'closed', - 'tls-port': 'closed', - 'voip-tcp-port': 'closed', - 'voip-udp-port': 'closed' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'h2qp-conn-capability', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_h2qp_operator_name.py b/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_h2qp_operator_name.py deleted file mode 100644 index 2783ec48b12..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_h2qp_operator_name.py +++ /dev/null @@ -1,209 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wireless_controller_hotspot20_h2qp_operator_name -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wireless_controller_hotspot20_h2qp_operator_name.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wireless_controller_hotspot20_h2qp_operator_name_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_h2qp_operator_name': { - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_h2qp_operator_name.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'h2qp-operator-name', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_hotspot20_h2qp_operator_name_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_h2qp_operator_name': { - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_h2qp_operator_name.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'h2qp-operator-name', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_hotspot20_h2qp_operator_name_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_hotspot20_h2qp_operator_name': { - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_h2qp_operator_name.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller.hotspot20', 'h2qp-operator-name', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_hotspot20_h2qp_operator_name_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_hotspot20_h2qp_operator_name': { - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_h2qp_operator_name.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller.hotspot20', 'h2qp-operator-name', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_hotspot20_h2qp_operator_name_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_h2qp_operator_name': { - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_h2qp_operator_name.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'h2qp-operator-name', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wireless_controller_hotspot20_h2qp_operator_name_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_h2qp_operator_name': { - 'random_attribute_not_valid': 'tag', - 'name': 'default_name_3', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_h2qp_operator_name.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'h2qp-operator-name', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_h2qp_osu_provider.py b/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_h2qp_osu_provider.py deleted file mode 100644 index 3b9af5f164a..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_h2qp_osu_provider.py +++ /dev/null @@ -1,239 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wireless_controller_hotspot20_h2qp_osu_provider -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wireless_controller_hotspot20_h2qp_osu_provider.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wireless_controller_hotspot20_h2qp_osu_provider_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_h2qp_osu_provider': {'icon': 'test_value_3', - 'name': 'default_name_4', - 'osu_method': 'oma-dm', - 'osu_nai': 'test_value_6', - 'server_uri': 'test_value_7', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_h2qp_osu_provider.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = {'icon': 'test_value_3', - 'name': 'default_name_4', - 'osu-method': 'oma-dm', - 'osu-nai': 'test_value_6', - 'server-uri': 'test_value_7', - - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'h2qp-osu-provider', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_hotspot20_h2qp_osu_provider_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_h2qp_osu_provider': {'icon': 'test_value_3', - 'name': 'default_name_4', - 'osu_method': 'oma-dm', - 'osu_nai': 'test_value_6', - 'server_uri': 'test_value_7', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_h2qp_osu_provider.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = {'icon': 'test_value_3', - 'name': 'default_name_4', - 'osu-method': 'oma-dm', - 'osu-nai': 'test_value_6', - 'server-uri': 'test_value_7', - - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'h2qp-osu-provider', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_hotspot20_h2qp_osu_provider_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_hotspot20_h2qp_osu_provider': {'icon': 'test_value_3', - 'name': 'default_name_4', - 'osu_method': 'oma-dm', - 'osu_nai': 'test_value_6', - 'server_uri': 'test_value_7', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_h2qp_osu_provider.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller.hotspot20', 'h2qp-osu-provider', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_hotspot20_h2qp_osu_provider_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_hotspot20_h2qp_osu_provider': {'icon': 'test_value_3', - 'name': 'default_name_4', - 'osu_method': 'oma-dm', - 'osu_nai': 'test_value_6', - 'server_uri': 'test_value_7', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_h2qp_osu_provider.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller.hotspot20', 'h2qp-osu-provider', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_hotspot20_h2qp_osu_provider_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_h2qp_osu_provider': {'icon': 'test_value_3', - 'name': 'default_name_4', - 'osu_method': 'oma-dm', - 'osu_nai': 'test_value_6', - 'server_uri': 'test_value_7', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_h2qp_osu_provider.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = {'icon': 'test_value_3', - 'name': 'default_name_4', - 'osu-method': 'oma-dm', - 'osu-nai': 'test_value_6', - 'server-uri': 'test_value_7', - - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'h2qp-osu-provider', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wireless_controller_hotspot20_h2qp_osu_provider_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_h2qp_osu_provider': { - 'random_attribute_not_valid': 'tag', 'icon': 'test_value_3', - 'name': 'default_name_4', - 'osu_method': 'oma-dm', - 'osu_nai': 'test_value_6', - 'server_uri': 'test_value_7', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_h2qp_osu_provider.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = {'icon': 'test_value_3', - 'name': 'default_name_4', - 'osu-method': 'oma-dm', - 'osu-nai': 'test_value_6', - 'server-uri': 'test_value_7', - - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'h2qp-osu-provider', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_h2qp_wan_metric.py b/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_h2qp_wan_metric.py deleted file mode 100644 index 9218c092808..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_h2qp_wan_metric.py +++ /dev/null @@ -1,279 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wireless_controller_hotspot20_h2qp_wan_metric -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wireless_controller_hotspot20_h2qp_wan_metric.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wireless_controller_hotspot20_h2qp_wan_metric_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_h2qp_wan_metric': { - 'downlink_load': '3', - 'downlink_speed': '4', - 'link_at_capacity': 'enable', - 'link_status': 'up', - 'load_measurement_duration': '7', - 'name': 'default_name_8', - 'symmetric_wan_link': 'symmetric', - 'uplink_load': '10', - 'uplink_speed': '11' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_h2qp_wan_metric.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'downlink-load': '3', - 'downlink-speed': '4', - 'link-at-capacity': 'enable', - 'link-status': 'up', - 'load-measurement-duration': '7', - 'name': 'default_name_8', - 'symmetric-wan-link': 'symmetric', - 'uplink-load': '10', - 'uplink-speed': '11' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'h2qp-wan-metric', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_hotspot20_h2qp_wan_metric_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_h2qp_wan_metric': { - 'downlink_load': '3', - 'downlink_speed': '4', - 'link_at_capacity': 'enable', - 'link_status': 'up', - 'load_measurement_duration': '7', - 'name': 'default_name_8', - 'symmetric_wan_link': 'symmetric', - 'uplink_load': '10', - 'uplink_speed': '11' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_h2qp_wan_metric.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'downlink-load': '3', - 'downlink-speed': '4', - 'link-at-capacity': 'enable', - 'link-status': 'up', - 'load-measurement-duration': '7', - 'name': 'default_name_8', - 'symmetric-wan-link': 'symmetric', - 'uplink-load': '10', - 'uplink-speed': '11' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'h2qp-wan-metric', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_hotspot20_h2qp_wan_metric_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_hotspot20_h2qp_wan_metric': { - 'downlink_load': '3', - 'downlink_speed': '4', - 'link_at_capacity': 'enable', - 'link_status': 'up', - 'load_measurement_duration': '7', - 'name': 'default_name_8', - 'symmetric_wan_link': 'symmetric', - 'uplink_load': '10', - 'uplink_speed': '11' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_h2qp_wan_metric.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller.hotspot20', 'h2qp-wan-metric', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_hotspot20_h2qp_wan_metric_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_hotspot20_h2qp_wan_metric': { - 'downlink_load': '3', - 'downlink_speed': '4', - 'link_at_capacity': 'enable', - 'link_status': 'up', - 'load_measurement_duration': '7', - 'name': 'default_name_8', - 'symmetric_wan_link': 'symmetric', - 'uplink_load': '10', - 'uplink_speed': '11' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_h2qp_wan_metric.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller.hotspot20', 'h2qp-wan-metric', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_hotspot20_h2qp_wan_metric_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_h2qp_wan_metric': { - 'downlink_load': '3', - 'downlink_speed': '4', - 'link_at_capacity': 'enable', - 'link_status': 'up', - 'load_measurement_duration': '7', - 'name': 'default_name_8', - 'symmetric_wan_link': 'symmetric', - 'uplink_load': '10', - 'uplink_speed': '11' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_h2qp_wan_metric.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'downlink-load': '3', - 'downlink-speed': '4', - 'link-at-capacity': 'enable', - 'link-status': 'up', - 'load-measurement-duration': '7', - 'name': 'default_name_8', - 'symmetric-wan-link': 'symmetric', - 'uplink-load': '10', - 'uplink-speed': '11' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'h2qp-wan-metric', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wireless_controller_hotspot20_h2qp_wan_metric_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_h2qp_wan_metric': { - 'random_attribute_not_valid': 'tag', - 'downlink_load': '3', - 'downlink_speed': '4', - 'link_at_capacity': 'enable', - 'link_status': 'up', - 'load_measurement_duration': '7', - 'name': 'default_name_8', - 'symmetric_wan_link': 'symmetric', - 'uplink_load': '10', - 'uplink_speed': '11' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_h2qp_wan_metric.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'downlink-load': '3', - 'downlink-speed': '4', - 'link-at-capacity': 'enable', - 'link-status': 'up', - 'load-measurement-duration': '7', - 'name': 'default_name_8', - 'symmetric-wan-link': 'symmetric', - 'uplink-load': '10', - 'uplink-speed': '11' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'h2qp-wan-metric', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_hs_profile.py b/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_hs_profile.py deleted file mode 100644 index 1257e1180f0..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_hs_profile.py +++ /dev/null @@ -1,489 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wireless_controller_hotspot20_hs_profile -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wireless_controller_hotspot20_hs_profile.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wireless_controller_hotspot20_hs_profile_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_hs_profile': { - 'access_network_asra': 'enable', - 'access_network_esr': 'enable', - 'access_network_internet': 'enable', - 'access_network_type': 'private-network', - 'access_network_uesa': 'enable', - 'anqp_domain_id': '9', - 'bss_transition': 'enable', - 'conn_cap': 'test_value_11', - 'deauth_request_timeout': '12', - 'dgaf': 'enable', - 'domain_name': 'test_value_14', - 'gas_comeback_delay': '15', - 'gas_fragmentation_limit': '16', - 'hessid': 'test_value_17', - 'ip_addr_type': 'test_value_18', - 'l2tif': 'enable', - 'nai_realm': 'test_value_20', - 'name': 'default_name_21', - 'network_auth': 'test_value_22', - 'oper_friendly_name': 'test_value_23', - 'osu_ssid': 'test_value_24', - 'pame_bi': 'disable', - 'proxy_arp': 'enable', - 'qos_map': 'test_value_27', - 'roaming_consortium': 'test_value_28', - 'venue_group': 'unspecified', - 'venue_name': 'test_value_30', - 'venue_type': 'unspecified', - 'wan_metrics': 'test_value_32', - 'wnm_sleep_mode': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_hs_profile.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'access-network-asra': 'enable', - 'access-network-esr': 'enable', - 'access-network-internet': 'enable', - 'access-network-type': 'private-network', - 'access-network-uesa': 'enable', - 'anqp-domain-id': '9', - 'bss-transition': 'enable', - 'conn-cap': 'test_value_11', - 'deauth-request-timeout': '12', - 'dgaf': 'enable', - 'domain-name': 'test_value_14', - 'gas-comeback-delay': '15', - 'gas-fragmentation-limit': '16', - 'hessid': 'test_value_17', - 'ip-addr-type': 'test_value_18', - 'l2tif': 'enable', - 'nai-realm': 'test_value_20', - 'name': 'default_name_21', - 'network-auth': 'test_value_22', - 'oper-friendly-name': 'test_value_23', - 'osu-ssid': 'test_value_24', - 'pame-bi': 'disable', - 'proxy-arp': 'enable', - 'qos-map': 'test_value_27', - 'roaming-consortium': 'test_value_28', - 'venue-group': 'unspecified', - 'venue-name': 'test_value_30', - 'venue-type': 'unspecified', - 'wan-metrics': 'test_value_32', - 'wnm-sleep-mode': 'enable' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'hs-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_hotspot20_hs_profile_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_hs_profile': { - 'access_network_asra': 'enable', - 'access_network_esr': 'enable', - 'access_network_internet': 'enable', - 'access_network_type': 'private-network', - 'access_network_uesa': 'enable', - 'anqp_domain_id': '9', - 'bss_transition': 'enable', - 'conn_cap': 'test_value_11', - 'deauth_request_timeout': '12', - 'dgaf': 'enable', - 'domain_name': 'test_value_14', - 'gas_comeback_delay': '15', - 'gas_fragmentation_limit': '16', - 'hessid': 'test_value_17', - 'ip_addr_type': 'test_value_18', - 'l2tif': 'enable', - 'nai_realm': 'test_value_20', - 'name': 'default_name_21', - 'network_auth': 'test_value_22', - 'oper_friendly_name': 'test_value_23', - 'osu_ssid': 'test_value_24', - 'pame_bi': 'disable', - 'proxy_arp': 'enable', - 'qos_map': 'test_value_27', - 'roaming_consortium': 'test_value_28', - 'venue_group': 'unspecified', - 'venue_name': 'test_value_30', - 'venue_type': 'unspecified', - 'wan_metrics': 'test_value_32', - 'wnm_sleep_mode': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_hs_profile.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'access-network-asra': 'enable', - 'access-network-esr': 'enable', - 'access-network-internet': 'enable', - 'access-network-type': 'private-network', - 'access-network-uesa': 'enable', - 'anqp-domain-id': '9', - 'bss-transition': 'enable', - 'conn-cap': 'test_value_11', - 'deauth-request-timeout': '12', - 'dgaf': 'enable', - 'domain-name': 'test_value_14', - 'gas-comeback-delay': '15', - 'gas-fragmentation-limit': '16', - 'hessid': 'test_value_17', - 'ip-addr-type': 'test_value_18', - 'l2tif': 'enable', - 'nai-realm': 'test_value_20', - 'name': 'default_name_21', - 'network-auth': 'test_value_22', - 'oper-friendly-name': 'test_value_23', - 'osu-ssid': 'test_value_24', - 'pame-bi': 'disable', - 'proxy-arp': 'enable', - 'qos-map': 'test_value_27', - 'roaming-consortium': 'test_value_28', - 'venue-group': 'unspecified', - 'venue-name': 'test_value_30', - 'venue-type': 'unspecified', - 'wan-metrics': 'test_value_32', - 'wnm-sleep-mode': 'enable' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'hs-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_hotspot20_hs_profile_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_hotspot20_hs_profile': { - 'access_network_asra': 'enable', - 'access_network_esr': 'enable', - 'access_network_internet': 'enable', - 'access_network_type': 'private-network', - 'access_network_uesa': 'enable', - 'anqp_domain_id': '9', - 'bss_transition': 'enable', - 'conn_cap': 'test_value_11', - 'deauth_request_timeout': '12', - 'dgaf': 'enable', - 'domain_name': 'test_value_14', - 'gas_comeback_delay': '15', - 'gas_fragmentation_limit': '16', - 'hessid': 'test_value_17', - 'ip_addr_type': 'test_value_18', - 'l2tif': 'enable', - 'nai_realm': 'test_value_20', - 'name': 'default_name_21', - 'network_auth': 'test_value_22', - 'oper_friendly_name': 'test_value_23', - 'osu_ssid': 'test_value_24', - 'pame_bi': 'disable', - 'proxy_arp': 'enable', - 'qos_map': 'test_value_27', - 'roaming_consortium': 'test_value_28', - 'venue_group': 'unspecified', - 'venue_name': 'test_value_30', - 'venue_type': 'unspecified', - 'wan_metrics': 'test_value_32', - 'wnm_sleep_mode': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_hs_profile.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller.hotspot20', 'hs-profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_hotspot20_hs_profile_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_hotspot20_hs_profile': { - 'access_network_asra': 'enable', - 'access_network_esr': 'enable', - 'access_network_internet': 'enable', - 'access_network_type': 'private-network', - 'access_network_uesa': 'enable', - 'anqp_domain_id': '9', - 'bss_transition': 'enable', - 'conn_cap': 'test_value_11', - 'deauth_request_timeout': '12', - 'dgaf': 'enable', - 'domain_name': 'test_value_14', - 'gas_comeback_delay': '15', - 'gas_fragmentation_limit': '16', - 'hessid': 'test_value_17', - 'ip_addr_type': 'test_value_18', - 'l2tif': 'enable', - 'nai_realm': 'test_value_20', - 'name': 'default_name_21', - 'network_auth': 'test_value_22', - 'oper_friendly_name': 'test_value_23', - 'osu_ssid': 'test_value_24', - 'pame_bi': 'disable', - 'proxy_arp': 'enable', - 'qos_map': 'test_value_27', - 'roaming_consortium': 'test_value_28', - 'venue_group': 'unspecified', - 'venue_name': 'test_value_30', - 'venue_type': 'unspecified', - 'wan_metrics': 'test_value_32', - 'wnm_sleep_mode': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_hs_profile.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller.hotspot20', 'hs-profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_hotspot20_hs_profile_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_hs_profile': { - 'access_network_asra': 'enable', - 'access_network_esr': 'enable', - 'access_network_internet': 'enable', - 'access_network_type': 'private-network', - 'access_network_uesa': 'enable', - 'anqp_domain_id': '9', - 'bss_transition': 'enable', - 'conn_cap': 'test_value_11', - 'deauth_request_timeout': '12', - 'dgaf': 'enable', - 'domain_name': 'test_value_14', - 'gas_comeback_delay': '15', - 'gas_fragmentation_limit': '16', - 'hessid': 'test_value_17', - 'ip_addr_type': 'test_value_18', - 'l2tif': 'enable', - 'nai_realm': 'test_value_20', - 'name': 'default_name_21', - 'network_auth': 'test_value_22', - 'oper_friendly_name': 'test_value_23', - 'osu_ssid': 'test_value_24', - 'pame_bi': 'disable', - 'proxy_arp': 'enable', - 'qos_map': 'test_value_27', - 'roaming_consortium': 'test_value_28', - 'venue_group': 'unspecified', - 'venue_name': 'test_value_30', - 'venue_type': 'unspecified', - 'wan_metrics': 'test_value_32', - 'wnm_sleep_mode': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_hs_profile.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'access-network-asra': 'enable', - 'access-network-esr': 'enable', - 'access-network-internet': 'enable', - 'access-network-type': 'private-network', - 'access-network-uesa': 'enable', - 'anqp-domain-id': '9', - 'bss-transition': 'enable', - 'conn-cap': 'test_value_11', - 'deauth-request-timeout': '12', - 'dgaf': 'enable', - 'domain-name': 'test_value_14', - 'gas-comeback-delay': '15', - 'gas-fragmentation-limit': '16', - 'hessid': 'test_value_17', - 'ip-addr-type': 'test_value_18', - 'l2tif': 'enable', - 'nai-realm': 'test_value_20', - 'name': 'default_name_21', - 'network-auth': 'test_value_22', - 'oper-friendly-name': 'test_value_23', - 'osu-ssid': 'test_value_24', - 'pame-bi': 'disable', - 'proxy-arp': 'enable', - 'qos-map': 'test_value_27', - 'roaming-consortium': 'test_value_28', - 'venue-group': 'unspecified', - 'venue-name': 'test_value_30', - 'venue-type': 'unspecified', - 'wan-metrics': 'test_value_32', - 'wnm-sleep-mode': 'enable' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'hs-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wireless_controller_hotspot20_hs_profile_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_hs_profile': { - 'random_attribute_not_valid': 'tag', - 'access_network_asra': 'enable', - 'access_network_esr': 'enable', - 'access_network_internet': 'enable', - 'access_network_type': 'private-network', - 'access_network_uesa': 'enable', - 'anqp_domain_id': '9', - 'bss_transition': 'enable', - 'conn_cap': 'test_value_11', - 'deauth_request_timeout': '12', - 'dgaf': 'enable', - 'domain_name': 'test_value_14', - 'gas_comeback_delay': '15', - 'gas_fragmentation_limit': '16', - 'hessid': 'test_value_17', - 'ip_addr_type': 'test_value_18', - 'l2tif': 'enable', - 'nai_realm': 'test_value_20', - 'name': 'default_name_21', - 'network_auth': 'test_value_22', - 'oper_friendly_name': 'test_value_23', - 'osu_ssid': 'test_value_24', - 'pame_bi': 'disable', - 'proxy_arp': 'enable', - 'qos_map': 'test_value_27', - 'roaming_consortium': 'test_value_28', - 'venue_group': 'unspecified', - 'venue_name': 'test_value_30', - 'venue_type': 'unspecified', - 'wan_metrics': 'test_value_32', - 'wnm_sleep_mode': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_hs_profile.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = { - 'access-network-asra': 'enable', - 'access-network-esr': 'enable', - 'access-network-internet': 'enable', - 'access-network-type': 'private-network', - 'access-network-uesa': 'enable', - 'anqp-domain-id': '9', - 'bss-transition': 'enable', - 'conn-cap': 'test_value_11', - 'deauth-request-timeout': '12', - 'dgaf': 'enable', - 'domain-name': 'test_value_14', - 'gas-comeback-delay': '15', - 'gas-fragmentation-limit': '16', - 'hessid': 'test_value_17', - 'ip-addr-type': 'test_value_18', - 'l2tif': 'enable', - 'nai-realm': 'test_value_20', - 'name': 'default_name_21', - 'network-auth': 'test_value_22', - 'oper-friendly-name': 'test_value_23', - 'osu-ssid': 'test_value_24', - 'pame-bi': 'disable', - 'proxy-arp': 'enable', - 'qos-map': 'test_value_27', - 'roaming-consortium': 'test_value_28', - 'venue-group': 'unspecified', - 'venue-name': 'test_value_30', - 'venue-type': 'unspecified', - 'wan-metrics': 'test_value_32', - 'wnm-sleep-mode': 'enable' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'hs-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_icon.py b/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_icon.py deleted file mode 100644 index c4aac05c807..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_icon.py +++ /dev/null @@ -1,189 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wireless_controller_hotspot20_icon -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wireless_controller_hotspot20_icon.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wireless_controller_hotspot20_icon_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_icon': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_icon.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = {'name': 'default_name_3' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'icon', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_hotspot20_icon_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_icon': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_icon.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = {'name': 'default_name_3' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'icon', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_hotspot20_icon_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_hotspot20_icon': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_icon.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller.hotspot20', 'icon', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_hotspot20_icon_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_hotspot20_icon': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_icon.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller.hotspot20', 'icon', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_hotspot20_icon_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_icon': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_icon.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = {'name': 'default_name_3' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'icon', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wireless_controller_hotspot20_icon_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_icon': { - 'random_attribute_not_valid': 'tag', 'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_icon.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = {'name': 'default_name_3' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'icon', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_qos_map.py b/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_qos_map.py deleted file mode 100644 index 9114faedf32..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wireless_controller_hotspot20_qos_map.py +++ /dev/null @@ -1,189 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wireless_controller_hotspot20_qos_map -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wireless_controller_hotspot20_qos_map.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wireless_controller_hotspot20_qos_map_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_qos_map': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_qos_map.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = {'name': 'default_name_3' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'qos-map', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_hotspot20_qos_map_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_qos_map': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_qos_map.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = {'name': 'default_name_3' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'qos-map', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_hotspot20_qos_map_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_hotspot20_qos_map': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_qos_map.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller.hotspot20', 'qos-map', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_hotspot20_qos_map_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_hotspot20_qos_map': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_qos_map.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller.hotspot20', 'qos-map', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_hotspot20_qos_map_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_qos_map': {'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_qos_map.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = {'name': 'default_name_3' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'qos-map', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wireless_controller_hotspot20_qos_map_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_hotspot20_qos_map': { - 'random_attribute_not_valid': 'tag', 'name': 'default_name_3' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_hotspot20_qos_map.fortios_wireless_controller_hotspot20(input_data, fos_instance) - - expected_data = {'name': 'default_name_3' - } - - set_method_mock.assert_called_with('wireless-controller.hotspot20', 'qos-map', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wireless_controller_inter_controller.py b/test/units/modules/network/fortios/test_fortios_wireless_controller_inter_controller.py deleted file mode 100644 index 4e4476930e2..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wireless_controller_inter_controller.py +++ /dev/null @@ -1,183 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wireless_controller_inter_controller -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wireless_controller_inter_controller.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wireless_controller_inter_controller_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_inter_controller': { - 'fast_failover_max': '3', - 'fast_failover_wait': '4', - 'inter_controller_key': 'test_value_5', - 'inter_controller_mode': 'disable', - 'inter_controller_pri': 'primary' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_inter_controller.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'fast-failover-max': '3', - 'fast-failover-wait': '4', - 'inter-controller-key': 'test_value_5', - 'inter-controller-mode': 'disable', - 'inter-controller-pri': 'primary' - } - - set_method_mock.assert_called_with('wireless-controller', 'inter-controller', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_inter_controller_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_inter_controller': { - 'fast_failover_max': '3', - 'fast_failover_wait': '4', - 'inter_controller_key': 'test_value_5', - 'inter_controller_mode': 'disable', - 'inter_controller_pri': 'primary' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_inter_controller.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'fast-failover-max': '3', - 'fast-failover-wait': '4', - 'inter-controller-key': 'test_value_5', - 'inter-controller-mode': 'disable', - 'inter-controller-pri': 'primary' - } - - set_method_mock.assert_called_with('wireless-controller', 'inter-controller', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_inter_controller_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_inter_controller': { - 'fast_failover_max': '3', - 'fast_failover_wait': '4', - 'inter_controller_key': 'test_value_5', - 'inter_controller_mode': 'disable', - 'inter_controller_pri': 'primary' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_inter_controller.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'fast-failover-max': '3', - 'fast-failover-wait': '4', - 'inter-controller-key': 'test_value_5', - 'inter-controller-mode': 'disable', - 'inter-controller-pri': 'primary' - } - - set_method_mock.assert_called_with('wireless-controller', 'inter-controller', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wireless_controller_inter_controller_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_inter_controller': { - 'random_attribute_not_valid': 'tag', - 'fast_failover_max': '3', - 'fast_failover_wait': '4', - 'inter_controller_key': 'test_value_5', - 'inter_controller_mode': 'disable', - 'inter_controller_pri': 'primary' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_inter_controller.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'fast-failover-max': '3', - 'fast-failover-wait': '4', - 'inter-controller-key': 'test_value_5', - 'inter-controller-mode': 'disable', - 'inter-controller-pri': 'primary' - } - - set_method_mock.assert_called_with('wireless-controller', 'inter-controller', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wireless_controller_qos_profile.py b/test/units/modules/network/fortios/test_fortios_wireless_controller_qos_profile.py deleted file mode 100644 index cbb3d1aff0a..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wireless_controller_qos_profile.py +++ /dev/null @@ -1,329 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wireless_controller_qos_profile -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wireless_controller_qos_profile.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wireless_controller_qos_profile_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_qos_profile': { - 'bandwidth_admission_control': 'enable', - 'bandwidth_capacity': '4', - 'burst': 'enable', - 'call_admission_control': 'enable', - 'call_capacity': '7', - 'comment': 'Comment.', - 'downlink': '9', - 'downlink_sta': '10', - 'dscp_wmm_mapping': 'enable', - 'name': 'default_name_12', - 'uplink': '13', - 'uplink_sta': '14', - 'wmm': 'enable', - 'wmm_uapsd': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_qos_profile.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'bandwidth-admission-control': 'enable', - 'bandwidth-capacity': '4', - 'burst': 'enable', - 'call-admission-control': 'enable', - 'call-capacity': '7', - 'comment': 'Comment.', - 'downlink': '9', - 'downlink-sta': '10', - 'dscp-wmm-mapping': 'enable', - 'name': 'default_name_12', - 'uplink': '13', - 'uplink-sta': '14', - 'wmm': 'enable', - 'wmm-uapsd': 'enable' - } - - set_method_mock.assert_called_with('wireless-controller', 'qos-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_qos_profile_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_qos_profile': { - 'bandwidth_admission_control': 'enable', - 'bandwidth_capacity': '4', - 'burst': 'enable', - 'call_admission_control': 'enable', - 'call_capacity': '7', - 'comment': 'Comment.', - 'downlink': '9', - 'downlink_sta': '10', - 'dscp_wmm_mapping': 'enable', - 'name': 'default_name_12', - 'uplink': '13', - 'uplink_sta': '14', - 'wmm': 'enable', - 'wmm_uapsd': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_qos_profile.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'bandwidth-admission-control': 'enable', - 'bandwidth-capacity': '4', - 'burst': 'enable', - 'call-admission-control': 'enable', - 'call-capacity': '7', - 'comment': 'Comment.', - 'downlink': '9', - 'downlink-sta': '10', - 'dscp-wmm-mapping': 'enable', - 'name': 'default_name_12', - 'uplink': '13', - 'uplink-sta': '14', - 'wmm': 'enable', - 'wmm-uapsd': 'enable' - } - - set_method_mock.assert_called_with('wireless-controller', 'qos-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_qos_profile_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_qos_profile': { - 'bandwidth_admission_control': 'enable', - 'bandwidth_capacity': '4', - 'burst': 'enable', - 'call_admission_control': 'enable', - 'call_capacity': '7', - 'comment': 'Comment.', - 'downlink': '9', - 'downlink_sta': '10', - 'dscp_wmm_mapping': 'enable', - 'name': 'default_name_12', - 'uplink': '13', - 'uplink_sta': '14', - 'wmm': 'enable', - 'wmm_uapsd': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_qos_profile.fortios_wireless_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller', 'qos-profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_qos_profile_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_qos_profile': { - 'bandwidth_admission_control': 'enable', - 'bandwidth_capacity': '4', - 'burst': 'enable', - 'call_admission_control': 'enable', - 'call_capacity': '7', - 'comment': 'Comment.', - 'downlink': '9', - 'downlink_sta': '10', - 'dscp_wmm_mapping': 'enable', - 'name': 'default_name_12', - 'uplink': '13', - 'uplink_sta': '14', - 'wmm': 'enable', - 'wmm_uapsd': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_qos_profile.fortios_wireless_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller', 'qos-profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_qos_profile_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_qos_profile': { - 'bandwidth_admission_control': 'enable', - 'bandwidth_capacity': '4', - 'burst': 'enable', - 'call_admission_control': 'enable', - 'call_capacity': '7', - 'comment': 'Comment.', - 'downlink': '9', - 'downlink_sta': '10', - 'dscp_wmm_mapping': 'enable', - 'name': 'default_name_12', - 'uplink': '13', - 'uplink_sta': '14', - 'wmm': 'enable', - 'wmm_uapsd': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_qos_profile.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'bandwidth-admission-control': 'enable', - 'bandwidth-capacity': '4', - 'burst': 'enable', - 'call-admission-control': 'enable', - 'call-capacity': '7', - 'comment': 'Comment.', - 'downlink': '9', - 'downlink-sta': '10', - 'dscp-wmm-mapping': 'enable', - 'name': 'default_name_12', - 'uplink': '13', - 'uplink-sta': '14', - 'wmm': 'enable', - 'wmm-uapsd': 'enable' - } - - set_method_mock.assert_called_with('wireless-controller', 'qos-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wireless_controller_qos_profile_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_qos_profile': { - 'random_attribute_not_valid': 'tag', - 'bandwidth_admission_control': 'enable', - 'bandwidth_capacity': '4', - 'burst': 'enable', - 'call_admission_control': 'enable', - 'call_capacity': '7', - 'comment': 'Comment.', - 'downlink': '9', - 'downlink_sta': '10', - 'dscp_wmm_mapping': 'enable', - 'name': 'default_name_12', - 'uplink': '13', - 'uplink_sta': '14', - 'wmm': 'enable', - 'wmm_uapsd': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_qos_profile.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'bandwidth-admission-control': 'enable', - 'bandwidth-capacity': '4', - 'burst': 'enable', - 'call-admission-control': 'enable', - 'call-capacity': '7', - 'comment': 'Comment.', - 'downlink': '9', - 'downlink-sta': '10', - 'dscp-wmm-mapping': 'enable', - 'name': 'default_name_12', - 'uplink': '13', - 'uplink-sta': '14', - 'wmm': 'enable', - 'wmm-uapsd': 'enable' - } - - set_method_mock.assert_called_with('wireless-controller', 'qos-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wireless_controller_setting.py b/test/units/modules/network/fortios/test_fortios_wireless_controller_setting.py deleted file mode 100644 index 5be01593a26..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wireless_controller_setting.py +++ /dev/null @@ -1,175 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wireless_controller_setting -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wireless_controller_setting.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wireless_controller_setting_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_setting': { - 'account_id': 'test_value_3', - 'country': 'NA', - 'duplicate_ssid': 'enable', - 'fapc_compatibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_setting.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'account-id': 'test_value_3', - 'country': 'NA', - 'duplicate-ssid': 'enable', - 'fapc-compatibility': 'enable' - } - - set_method_mock.assert_called_with('wireless-controller', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_setting_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_setting': { - 'account_id': 'test_value_3', - 'country': 'NA', - 'duplicate_ssid': 'enable', - 'fapc_compatibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_setting.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'account-id': 'test_value_3', - 'country': 'NA', - 'duplicate-ssid': 'enable', - 'fapc-compatibility': 'enable' - } - - set_method_mock.assert_called_with('wireless-controller', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_setting_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_setting': { - 'account_id': 'test_value_3', - 'country': 'NA', - 'duplicate_ssid': 'enable', - 'fapc_compatibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_setting.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'account-id': 'test_value_3', - 'country': 'NA', - 'duplicate-ssid': 'enable', - 'fapc-compatibility': 'enable' - } - - set_method_mock.assert_called_with('wireless-controller', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wireless_controller_setting_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_setting': { - 'random_attribute_not_valid': 'tag', - 'account_id': 'test_value_3', - 'country': 'NA', - 'duplicate_ssid': 'enable', - 'fapc_compatibility': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_setting.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'account-id': 'test_value_3', - 'country': 'NA', - 'duplicate-ssid': 'enable', - 'fapc-compatibility': 'enable' - } - - set_method_mock.assert_called_with('wireless-controller', 'setting', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wireless_controller_timers.py b/test/units/modules/network/fortios/test_fortios_wireless_controller_timers.py deleted file mode 100644 index 8f5a418119a..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wireless_controller_timers.py +++ /dev/null @@ -1,255 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wireless_controller_timers -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wireless_controller_timers.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wireless_controller_timers_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_timers': { - 'ble_scan_report_intv': '3', - 'client_idle_timeout': '4', - 'darrp_day': 'sunday', - 'darrp_optimize': '6', - 'discovery_interval': '7', - 'echo_interval': '8', - 'fake_ap_log': '9', - 'ipsec_intf_cleanup': '10', - 'radio_stats_interval': '11', - 'rogue_ap_log': '12', - 'sta_capability_interval': '13', - 'sta_locate_timer': '14', - 'sta_stats_interval': '15', - 'vap_stats_interval': '16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_timers.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'ble-scan-report-intv': '3', - 'client-idle-timeout': '4', - 'darrp-day': 'sunday', - 'darrp-optimize': '6', - 'discovery-interval': '7', - 'echo-interval': '8', - 'fake-ap-log': '9', - 'ipsec-intf-cleanup': '10', - 'radio-stats-interval': '11', - 'rogue-ap-log': '12', - 'sta-capability-interval': '13', - 'sta-locate-timer': '14', - 'sta-stats-interval': '15', - 'vap-stats-interval': '16' - } - - set_method_mock.assert_called_with('wireless-controller', 'timers', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_timers_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_timers': { - 'ble_scan_report_intv': '3', - 'client_idle_timeout': '4', - 'darrp_day': 'sunday', - 'darrp_optimize': '6', - 'discovery_interval': '7', - 'echo_interval': '8', - 'fake_ap_log': '9', - 'ipsec_intf_cleanup': '10', - 'radio_stats_interval': '11', - 'rogue_ap_log': '12', - 'sta_capability_interval': '13', - 'sta_locate_timer': '14', - 'sta_stats_interval': '15', - 'vap_stats_interval': '16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_timers.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'ble-scan-report-intv': '3', - 'client-idle-timeout': '4', - 'darrp-day': 'sunday', - 'darrp-optimize': '6', - 'discovery-interval': '7', - 'echo-interval': '8', - 'fake-ap-log': '9', - 'ipsec-intf-cleanup': '10', - 'radio-stats-interval': '11', - 'rogue-ap-log': '12', - 'sta-capability-interval': '13', - 'sta-locate-timer': '14', - 'sta-stats-interval': '15', - 'vap-stats-interval': '16' - } - - set_method_mock.assert_called_with('wireless-controller', 'timers', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_timers_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_timers': { - 'ble_scan_report_intv': '3', - 'client_idle_timeout': '4', - 'darrp_day': 'sunday', - 'darrp_optimize': '6', - 'discovery_interval': '7', - 'echo_interval': '8', - 'fake_ap_log': '9', - 'ipsec_intf_cleanup': '10', - 'radio_stats_interval': '11', - 'rogue_ap_log': '12', - 'sta_capability_interval': '13', - 'sta_locate_timer': '14', - 'sta_stats_interval': '15', - 'vap_stats_interval': '16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_timers.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'ble-scan-report-intv': '3', - 'client-idle-timeout': '4', - 'darrp-day': 'sunday', - 'darrp-optimize': '6', - 'discovery-interval': '7', - 'echo-interval': '8', - 'fake-ap-log': '9', - 'ipsec-intf-cleanup': '10', - 'radio-stats-interval': '11', - 'rogue-ap-log': '12', - 'sta-capability-interval': '13', - 'sta-locate-timer': '14', - 'sta-stats-interval': '15', - 'vap-stats-interval': '16' - } - - set_method_mock.assert_called_with('wireless-controller', 'timers', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wireless_controller_timers_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_timers': { - 'random_attribute_not_valid': 'tag', - 'ble_scan_report_intv': '3', - 'client_idle_timeout': '4', - 'darrp_day': 'sunday', - 'darrp_optimize': '6', - 'discovery_interval': '7', - 'echo_interval': '8', - 'fake_ap_log': '9', - 'ipsec_intf_cleanup': '10', - 'radio_stats_interval': '11', - 'rogue_ap_log': '12', - 'sta_capability_interval': '13', - 'sta_locate_timer': '14', - 'sta_stats_interval': '15', - 'vap_stats_interval': '16' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_timers.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'ble-scan-report-intv': '3', - 'client-idle-timeout': '4', - 'darrp-day': 'sunday', - 'darrp-optimize': '6', - 'discovery-interval': '7', - 'echo-interval': '8', - 'fake-ap-log': '9', - 'ipsec-intf-cleanup': '10', - 'radio-stats-interval': '11', - 'rogue-ap-log': '12', - 'sta-capability-interval': '13', - 'sta-locate-timer': '14', - 'sta-stats-interval': '15', - 'vap-stats-interval': '16' - } - - set_method_mock.assert_called_with('wireless-controller', 'timers', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wireless_controller_utm_profile.py b/test/units/modules/network/fortios/test_fortios_wireless_controller_utm_profile.py deleted file mode 100644 index 6af88cad6a9..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wireless_controller_utm_profile.py +++ /dev/null @@ -1,269 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wireless_controller_utm_profile -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wireless_controller_utm_profile.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wireless_controller_utm_profile_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_utm_profile': { - 'antivirus_profile': 'test_value_3', - 'application_list': 'test_value_4', - 'comment': 'Comment.', - 'ips_sensor': 'test_value_6', - 'name': 'default_name_7', - 'scan_botnet_connections': 'disable', - 'utm_log': 'enable', - 'webfilter_profile': 'test_value_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_utm_profile.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'antivirus-profile': 'test_value_3', - 'application-list': 'test_value_4', - 'comment': 'Comment.', - 'ips-sensor': 'test_value_6', - 'name': 'default_name_7', - 'scan-botnet-connections': 'disable', - 'utm-log': 'enable', - 'webfilter-profile': 'test_value_10' - } - - set_method_mock.assert_called_with('wireless-controller', 'utm-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_utm_profile_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_utm_profile': { - 'antivirus_profile': 'test_value_3', - 'application_list': 'test_value_4', - 'comment': 'Comment.', - 'ips_sensor': 'test_value_6', - 'name': 'default_name_7', - 'scan_botnet_connections': 'disable', - 'utm_log': 'enable', - 'webfilter_profile': 'test_value_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_utm_profile.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'antivirus-profile': 'test_value_3', - 'application-list': 'test_value_4', - 'comment': 'Comment.', - 'ips-sensor': 'test_value_6', - 'name': 'default_name_7', - 'scan-botnet-connections': 'disable', - 'utm-log': 'enable', - 'webfilter-profile': 'test_value_10' - } - - set_method_mock.assert_called_with('wireless-controller', 'utm-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_utm_profile_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_utm_profile': { - 'antivirus_profile': 'test_value_3', - 'application_list': 'test_value_4', - 'comment': 'Comment.', - 'ips_sensor': 'test_value_6', - 'name': 'default_name_7', - 'scan_botnet_connections': 'disable', - 'utm_log': 'enable', - 'webfilter_profile': 'test_value_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_utm_profile.fortios_wireless_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller', 'utm-profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_utm_profile_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_utm_profile': { - 'antivirus_profile': 'test_value_3', - 'application_list': 'test_value_4', - 'comment': 'Comment.', - 'ips_sensor': 'test_value_6', - 'name': 'default_name_7', - 'scan_botnet_connections': 'disable', - 'utm_log': 'enable', - 'webfilter_profile': 'test_value_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_utm_profile.fortios_wireless_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller', 'utm-profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_utm_profile_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_utm_profile': { - 'antivirus_profile': 'test_value_3', - 'application_list': 'test_value_4', - 'comment': 'Comment.', - 'ips_sensor': 'test_value_6', - 'name': 'default_name_7', - 'scan_botnet_connections': 'disable', - 'utm_log': 'enable', - 'webfilter_profile': 'test_value_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_utm_profile.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'antivirus-profile': 'test_value_3', - 'application-list': 'test_value_4', - 'comment': 'Comment.', - 'ips-sensor': 'test_value_6', - 'name': 'default_name_7', - 'scan-botnet-connections': 'disable', - 'utm-log': 'enable', - 'webfilter-profile': 'test_value_10' - } - - set_method_mock.assert_called_with('wireless-controller', 'utm-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wireless_controller_utm_profile_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_utm_profile': { - 'random_attribute_not_valid': 'tag', - 'antivirus_profile': 'test_value_3', - 'application_list': 'test_value_4', - 'comment': 'Comment.', - 'ips_sensor': 'test_value_6', - 'name': 'default_name_7', - 'scan_botnet_connections': 'disable', - 'utm_log': 'enable', - 'webfilter_profile': 'test_value_10' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_utm_profile.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'antivirus-profile': 'test_value_3', - 'application-list': 'test_value_4', - 'comment': 'Comment.', - 'ips-sensor': 'test_value_6', - 'name': 'default_name_7', - 'scan-botnet-connections': 'disable', - 'utm-log': 'enable', - 'webfilter-profile': 'test_value_10' - } - - set_method_mock.assert_called_with('wireless-controller', 'utm-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wireless_controller_vap.py b/test/units/modules/network/fortios/test_fortios_wireless_controller_vap.py deleted file mode 100644 index fcfc7ce0942..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wireless_controller_vap.py +++ /dev/null @@ -1,1109 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wireless_controller_vap -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wireless_controller_vap.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wireless_controller_vap_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_vap': { - 'acct_interim_interval': '3', - 'alias': 'test_value_4', - 'auth': 'psk', - 'broadcast_ssid': 'enable', - 'broadcast_suppression': 'dhcp-up', - 'captive_portal_ac_name': 'test_value_8', - 'captive_portal_macauth_radius_secret': 'test_value_9', - 'captive_portal_macauth_radius_server': 'test_value_10', - 'captive_portal_radius_secret': 'test_value_11', - 'captive_portal_radius_server': 'test_value_12', - 'captive_portal_session_timeout_interval': '13', - 'dhcp_lease_time': '14', - 'dhcp_option82_circuit_id_insertion': 'style-1', - 'dhcp_option82_insertion': 'enable', - 'dhcp_option82_remote_id_insertion': 'style-1', - 'dynamic_vlan': 'enable', - 'eap_reauth': 'enable', - 'eap_reauth_intv': '20', - 'eapol_key_retries': 'disable', - 'encrypt': 'TKIP', - 'external_fast_roaming': 'enable', - 'external_logout': 'test_value_24', - 'external_web': 'test_value_25', - 'fast_bss_transition': 'disable', - 'fast_roaming': 'enable', - 'ft_mobility_domain': '28', - 'ft_over_ds': 'disable', - 'ft_r0_key_lifetime': '30', - 'gtk_rekey': 'enable', - 'gtk_rekey_intv': '32', - 'hotspot20_profile': 'test_value_33', - 'intra_vap_privacy': 'enable', - 'ip': 'test_value_35', - 'key': 'test_value_36', - 'keyindex': '37', - 'ldpc': 'disable', - 'local_authentication': 'enable', - 'local_bridging': 'enable', - 'local_lan': 'allow', - 'local_standalone': 'enable', - 'local_standalone_nat': 'enable', - 'mac_auth_bypass': 'enable', - 'mac_filter': 'enable', - 'mac_filter_policy_other': 'allow', - 'max_clients': '47', - 'max_clients_ap': '48', - 'me_disable_thresh': '49', - 'mesh_backhaul': 'enable', - 'mpsk': 'enable', - 'mpsk_concurrent_clients': '52', - 'multicast_enhance': 'enable', - 'multicast_rate': '0', - 'name': 'default_name_55', - 'okc': 'disable', - 'passphrase': 'test_value_57', - 'pmf': 'disable', - 'pmf_assoc_comeback_timeout': '59', - 'pmf_sa_query_retry_timeout': '60', - 'portal_message_override_group': 'test_value_61', - 'portal_type': 'auth', - 'probe_resp_suppression': 'enable', - 'probe_resp_threshold': 'test_value_64', - 'ptk_rekey': 'enable', - 'ptk_rekey_intv': '66', - 'qos_profile': 'test_value_67', - 'quarantine': 'enable', - 'radio_2g_threshold': 'test_value_69', - 'radio_5g_threshold': 'test_value_70', - 'radio_sensitivity': 'enable', - 'radius_mac_auth': 'enable', - 'radius_mac_auth_server': 'test_value_73', - 'radius_server': 'test_value_74', - 'rates_11a': '1', - 'rates_11ac_ss12': 'mcs0/1', - 'rates_11ac_ss34': 'mcs0/3', - 'rates_11bg': '1', - 'rates_11n_ss12': 'mcs0/1', - 'rates_11n_ss34': 'mcs16/3', - 'schedule': 'test_value_81', - 'security': 'open', - 'security_exempt_list': 'test_value_83', - 'security_obsolete_option': 'enable', - 'security_redirect_url': 'test_value_85', - 'split_tunneling': 'enable', - 'ssid': 'test_value_87', - 'tkip_counter_measure': 'enable', - 'utm_profile': 'test_value_89', - 'vdom': 'test_value_90', - 'vlan_auto': 'enable', - 'vlan_pooling': 'wtp-group', - 'vlanid': '93', - 'voice_enterprise': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_vap.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'acct-interim-interval': '3', - 'alias': 'test_value_4', - 'auth': 'psk', - 'broadcast-ssid': 'enable', - 'broadcast-suppression': 'dhcp-up', - 'captive-portal-ac-name': 'test_value_8', - 'captive-portal-macauth-radius-secret': 'test_value_9', - 'captive-portal-macauth-radius-server': 'test_value_10', - 'captive-portal-radius-secret': 'test_value_11', - 'captive-portal-radius-server': 'test_value_12', - 'captive-portal-session-timeout-interval': '13', - 'dhcp-lease-time': '14', - 'dhcp-option82-circuit-id-insertion': 'style-1', - 'dhcp-option82-insertion': 'enable', - 'dhcp-option82-remote-id-insertion': 'style-1', - 'dynamic-vlan': 'enable', - 'eap-reauth': 'enable', - 'eap-reauth-intv': '20', - 'eapol-key-retries': 'disable', - 'encrypt': 'TKIP', - 'external-fast-roaming': 'enable', - 'external-logout': 'test_value_24', - 'external-web': 'test_value_25', - 'fast-bss-transition': 'disable', - 'fast-roaming': 'enable', - 'ft-mobility-domain': '28', - 'ft-over-ds': 'disable', - 'ft-r0-key-lifetime': '30', - 'gtk-rekey': 'enable', - 'gtk-rekey-intv': '32', - 'hotspot20-profile': 'test_value_33', - 'intra-vap-privacy': 'enable', - 'ip': 'test_value_35', - 'key': 'test_value_36', - 'keyindex': '37', - 'ldpc': 'disable', - 'local-authentication': 'enable', - 'local-bridging': 'enable', - 'local-lan': 'allow', - 'local-standalone': 'enable', - 'local-standalone-nat': 'enable', - 'mac-auth-bypass': 'enable', - 'mac-filter': 'enable', - 'mac-filter-policy-other': 'allow', - 'max-clients': '47', - 'max-clients-ap': '48', - 'me-disable-thresh': '49', - 'mesh-backhaul': 'enable', - 'mpsk': 'enable', - 'mpsk-concurrent-clients': '52', - 'multicast-enhance': 'enable', - 'multicast-rate': '0', - 'name': 'default_name_55', - 'okc': 'disable', - 'passphrase': 'test_value_57', - 'pmf': 'disable', - 'pmf-assoc-comeback-timeout': '59', - 'pmf-sa-query-retry-timeout': '60', - 'portal-message-override-group': 'test_value_61', - 'portal-type': 'auth', - 'probe-resp-suppression': 'enable', - 'probe-resp-threshold': 'test_value_64', - 'ptk-rekey': 'enable', - 'ptk-rekey-intv': '66', - 'qos-profile': 'test_value_67', - 'quarantine': 'enable', - 'radio-2g-threshold': 'test_value_69', - 'radio-5g-threshold': 'test_value_70', - 'radio-sensitivity': 'enable', - 'radius-mac-auth': 'enable', - 'radius-mac-auth-server': 'test_value_73', - 'radius-server': 'test_value_74', - 'rates-11a': '1', - 'rates-11ac-ss12': 'mcs0/1', - 'rates-11ac-ss34': 'mcs0/3', - 'rates-11bg': '1', - 'rates-11n-ss12': 'mcs0/1', - 'rates-11n-ss34': 'mcs16/3', - 'schedule': 'test_value_81', - 'security': 'open', - 'security-exempt-list': 'test_value_83', - 'security-obsolete-option': 'enable', - 'security-redirect-url': 'test_value_85', - 'split-tunneling': 'enable', - 'ssid': 'test_value_87', - 'tkip-counter-measure': 'enable', - 'utm-profile': 'test_value_89', - 'vdom': 'test_value_90', - 'vlan-auto': 'enable', - 'vlan-pooling': 'wtp-group', - 'vlanid': '93', - 'voice-enterprise': 'disable' - } - - set_method_mock.assert_called_with('wireless-controller', 'vap', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_vap_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_vap': { - 'acct_interim_interval': '3', - 'alias': 'test_value_4', - 'auth': 'psk', - 'broadcast_ssid': 'enable', - 'broadcast_suppression': 'dhcp-up', - 'captive_portal_ac_name': 'test_value_8', - 'captive_portal_macauth_radius_secret': 'test_value_9', - 'captive_portal_macauth_radius_server': 'test_value_10', - 'captive_portal_radius_secret': 'test_value_11', - 'captive_portal_radius_server': 'test_value_12', - 'captive_portal_session_timeout_interval': '13', - 'dhcp_lease_time': '14', - 'dhcp_option82_circuit_id_insertion': 'style-1', - 'dhcp_option82_insertion': 'enable', - 'dhcp_option82_remote_id_insertion': 'style-1', - 'dynamic_vlan': 'enable', - 'eap_reauth': 'enable', - 'eap_reauth_intv': '20', - 'eapol_key_retries': 'disable', - 'encrypt': 'TKIP', - 'external_fast_roaming': 'enable', - 'external_logout': 'test_value_24', - 'external_web': 'test_value_25', - 'fast_bss_transition': 'disable', - 'fast_roaming': 'enable', - 'ft_mobility_domain': '28', - 'ft_over_ds': 'disable', - 'ft_r0_key_lifetime': '30', - 'gtk_rekey': 'enable', - 'gtk_rekey_intv': '32', - 'hotspot20_profile': 'test_value_33', - 'intra_vap_privacy': 'enable', - 'ip': 'test_value_35', - 'key': 'test_value_36', - 'keyindex': '37', - 'ldpc': 'disable', - 'local_authentication': 'enable', - 'local_bridging': 'enable', - 'local_lan': 'allow', - 'local_standalone': 'enable', - 'local_standalone_nat': 'enable', - 'mac_auth_bypass': 'enable', - 'mac_filter': 'enable', - 'mac_filter_policy_other': 'allow', - 'max_clients': '47', - 'max_clients_ap': '48', - 'me_disable_thresh': '49', - 'mesh_backhaul': 'enable', - 'mpsk': 'enable', - 'mpsk_concurrent_clients': '52', - 'multicast_enhance': 'enable', - 'multicast_rate': '0', - 'name': 'default_name_55', - 'okc': 'disable', - 'passphrase': 'test_value_57', - 'pmf': 'disable', - 'pmf_assoc_comeback_timeout': '59', - 'pmf_sa_query_retry_timeout': '60', - 'portal_message_override_group': 'test_value_61', - 'portal_type': 'auth', - 'probe_resp_suppression': 'enable', - 'probe_resp_threshold': 'test_value_64', - 'ptk_rekey': 'enable', - 'ptk_rekey_intv': '66', - 'qos_profile': 'test_value_67', - 'quarantine': 'enable', - 'radio_2g_threshold': 'test_value_69', - 'radio_5g_threshold': 'test_value_70', - 'radio_sensitivity': 'enable', - 'radius_mac_auth': 'enable', - 'radius_mac_auth_server': 'test_value_73', - 'radius_server': 'test_value_74', - 'rates_11a': '1', - 'rates_11ac_ss12': 'mcs0/1', - 'rates_11ac_ss34': 'mcs0/3', - 'rates_11bg': '1', - 'rates_11n_ss12': 'mcs0/1', - 'rates_11n_ss34': 'mcs16/3', - 'schedule': 'test_value_81', - 'security': 'open', - 'security_exempt_list': 'test_value_83', - 'security_obsolete_option': 'enable', - 'security_redirect_url': 'test_value_85', - 'split_tunneling': 'enable', - 'ssid': 'test_value_87', - 'tkip_counter_measure': 'enable', - 'utm_profile': 'test_value_89', - 'vdom': 'test_value_90', - 'vlan_auto': 'enable', - 'vlan_pooling': 'wtp-group', - 'vlanid': '93', - 'voice_enterprise': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_vap.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'acct-interim-interval': '3', - 'alias': 'test_value_4', - 'auth': 'psk', - 'broadcast-ssid': 'enable', - 'broadcast-suppression': 'dhcp-up', - 'captive-portal-ac-name': 'test_value_8', - 'captive-portal-macauth-radius-secret': 'test_value_9', - 'captive-portal-macauth-radius-server': 'test_value_10', - 'captive-portal-radius-secret': 'test_value_11', - 'captive-portal-radius-server': 'test_value_12', - 'captive-portal-session-timeout-interval': '13', - 'dhcp-lease-time': '14', - 'dhcp-option82-circuit-id-insertion': 'style-1', - 'dhcp-option82-insertion': 'enable', - 'dhcp-option82-remote-id-insertion': 'style-1', - 'dynamic-vlan': 'enable', - 'eap-reauth': 'enable', - 'eap-reauth-intv': '20', - 'eapol-key-retries': 'disable', - 'encrypt': 'TKIP', - 'external-fast-roaming': 'enable', - 'external-logout': 'test_value_24', - 'external-web': 'test_value_25', - 'fast-bss-transition': 'disable', - 'fast-roaming': 'enable', - 'ft-mobility-domain': '28', - 'ft-over-ds': 'disable', - 'ft-r0-key-lifetime': '30', - 'gtk-rekey': 'enable', - 'gtk-rekey-intv': '32', - 'hotspot20-profile': 'test_value_33', - 'intra-vap-privacy': 'enable', - 'ip': 'test_value_35', - 'key': 'test_value_36', - 'keyindex': '37', - 'ldpc': 'disable', - 'local-authentication': 'enable', - 'local-bridging': 'enable', - 'local-lan': 'allow', - 'local-standalone': 'enable', - 'local-standalone-nat': 'enable', - 'mac-auth-bypass': 'enable', - 'mac-filter': 'enable', - 'mac-filter-policy-other': 'allow', - 'max-clients': '47', - 'max-clients-ap': '48', - 'me-disable-thresh': '49', - 'mesh-backhaul': 'enable', - 'mpsk': 'enable', - 'mpsk-concurrent-clients': '52', - 'multicast-enhance': 'enable', - 'multicast-rate': '0', - 'name': 'default_name_55', - 'okc': 'disable', - 'passphrase': 'test_value_57', - 'pmf': 'disable', - 'pmf-assoc-comeback-timeout': '59', - 'pmf-sa-query-retry-timeout': '60', - 'portal-message-override-group': 'test_value_61', - 'portal-type': 'auth', - 'probe-resp-suppression': 'enable', - 'probe-resp-threshold': 'test_value_64', - 'ptk-rekey': 'enable', - 'ptk-rekey-intv': '66', - 'qos-profile': 'test_value_67', - 'quarantine': 'enable', - 'radio-2g-threshold': 'test_value_69', - 'radio-5g-threshold': 'test_value_70', - 'radio-sensitivity': 'enable', - 'radius-mac-auth': 'enable', - 'radius-mac-auth-server': 'test_value_73', - 'radius-server': 'test_value_74', - 'rates-11a': '1', - 'rates-11ac-ss12': 'mcs0/1', - 'rates-11ac-ss34': 'mcs0/3', - 'rates-11bg': '1', - 'rates-11n-ss12': 'mcs0/1', - 'rates-11n-ss34': 'mcs16/3', - 'schedule': 'test_value_81', - 'security': 'open', - 'security-exempt-list': 'test_value_83', - 'security-obsolete-option': 'enable', - 'security-redirect-url': 'test_value_85', - 'split-tunneling': 'enable', - 'ssid': 'test_value_87', - 'tkip-counter-measure': 'enable', - 'utm-profile': 'test_value_89', - 'vdom': 'test_value_90', - 'vlan-auto': 'enable', - 'vlan-pooling': 'wtp-group', - 'vlanid': '93', - 'voice-enterprise': 'disable' - } - - set_method_mock.assert_called_with('wireless-controller', 'vap', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_vap_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_vap': { - 'acct_interim_interval': '3', - 'alias': 'test_value_4', - 'auth': 'psk', - 'broadcast_ssid': 'enable', - 'broadcast_suppression': 'dhcp-up', - 'captive_portal_ac_name': 'test_value_8', - 'captive_portal_macauth_radius_secret': 'test_value_9', - 'captive_portal_macauth_radius_server': 'test_value_10', - 'captive_portal_radius_secret': 'test_value_11', - 'captive_portal_radius_server': 'test_value_12', - 'captive_portal_session_timeout_interval': '13', - 'dhcp_lease_time': '14', - 'dhcp_option82_circuit_id_insertion': 'style-1', - 'dhcp_option82_insertion': 'enable', - 'dhcp_option82_remote_id_insertion': 'style-1', - 'dynamic_vlan': 'enable', - 'eap_reauth': 'enable', - 'eap_reauth_intv': '20', - 'eapol_key_retries': 'disable', - 'encrypt': 'TKIP', - 'external_fast_roaming': 'enable', - 'external_logout': 'test_value_24', - 'external_web': 'test_value_25', - 'fast_bss_transition': 'disable', - 'fast_roaming': 'enable', - 'ft_mobility_domain': '28', - 'ft_over_ds': 'disable', - 'ft_r0_key_lifetime': '30', - 'gtk_rekey': 'enable', - 'gtk_rekey_intv': '32', - 'hotspot20_profile': 'test_value_33', - 'intra_vap_privacy': 'enable', - 'ip': 'test_value_35', - 'key': 'test_value_36', - 'keyindex': '37', - 'ldpc': 'disable', - 'local_authentication': 'enable', - 'local_bridging': 'enable', - 'local_lan': 'allow', - 'local_standalone': 'enable', - 'local_standalone_nat': 'enable', - 'mac_auth_bypass': 'enable', - 'mac_filter': 'enable', - 'mac_filter_policy_other': 'allow', - 'max_clients': '47', - 'max_clients_ap': '48', - 'me_disable_thresh': '49', - 'mesh_backhaul': 'enable', - 'mpsk': 'enable', - 'mpsk_concurrent_clients': '52', - 'multicast_enhance': 'enable', - 'multicast_rate': '0', - 'name': 'default_name_55', - 'okc': 'disable', - 'passphrase': 'test_value_57', - 'pmf': 'disable', - 'pmf_assoc_comeback_timeout': '59', - 'pmf_sa_query_retry_timeout': '60', - 'portal_message_override_group': 'test_value_61', - 'portal_type': 'auth', - 'probe_resp_suppression': 'enable', - 'probe_resp_threshold': 'test_value_64', - 'ptk_rekey': 'enable', - 'ptk_rekey_intv': '66', - 'qos_profile': 'test_value_67', - 'quarantine': 'enable', - 'radio_2g_threshold': 'test_value_69', - 'radio_5g_threshold': 'test_value_70', - 'radio_sensitivity': 'enable', - 'radius_mac_auth': 'enable', - 'radius_mac_auth_server': 'test_value_73', - 'radius_server': 'test_value_74', - 'rates_11a': '1', - 'rates_11ac_ss12': 'mcs0/1', - 'rates_11ac_ss34': 'mcs0/3', - 'rates_11bg': '1', - 'rates_11n_ss12': 'mcs0/1', - 'rates_11n_ss34': 'mcs16/3', - 'schedule': 'test_value_81', - 'security': 'open', - 'security_exempt_list': 'test_value_83', - 'security_obsolete_option': 'enable', - 'security_redirect_url': 'test_value_85', - 'split_tunneling': 'enable', - 'ssid': 'test_value_87', - 'tkip_counter_measure': 'enable', - 'utm_profile': 'test_value_89', - 'vdom': 'test_value_90', - 'vlan_auto': 'enable', - 'vlan_pooling': 'wtp-group', - 'vlanid': '93', - 'voice_enterprise': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_vap.fortios_wireless_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller', 'vap', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_vap_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_vap': { - 'acct_interim_interval': '3', - 'alias': 'test_value_4', - 'auth': 'psk', - 'broadcast_ssid': 'enable', - 'broadcast_suppression': 'dhcp-up', - 'captive_portal_ac_name': 'test_value_8', - 'captive_portal_macauth_radius_secret': 'test_value_9', - 'captive_portal_macauth_radius_server': 'test_value_10', - 'captive_portal_radius_secret': 'test_value_11', - 'captive_portal_radius_server': 'test_value_12', - 'captive_portal_session_timeout_interval': '13', - 'dhcp_lease_time': '14', - 'dhcp_option82_circuit_id_insertion': 'style-1', - 'dhcp_option82_insertion': 'enable', - 'dhcp_option82_remote_id_insertion': 'style-1', - 'dynamic_vlan': 'enable', - 'eap_reauth': 'enable', - 'eap_reauth_intv': '20', - 'eapol_key_retries': 'disable', - 'encrypt': 'TKIP', - 'external_fast_roaming': 'enable', - 'external_logout': 'test_value_24', - 'external_web': 'test_value_25', - 'fast_bss_transition': 'disable', - 'fast_roaming': 'enable', - 'ft_mobility_domain': '28', - 'ft_over_ds': 'disable', - 'ft_r0_key_lifetime': '30', - 'gtk_rekey': 'enable', - 'gtk_rekey_intv': '32', - 'hotspot20_profile': 'test_value_33', - 'intra_vap_privacy': 'enable', - 'ip': 'test_value_35', - 'key': 'test_value_36', - 'keyindex': '37', - 'ldpc': 'disable', - 'local_authentication': 'enable', - 'local_bridging': 'enable', - 'local_lan': 'allow', - 'local_standalone': 'enable', - 'local_standalone_nat': 'enable', - 'mac_auth_bypass': 'enable', - 'mac_filter': 'enable', - 'mac_filter_policy_other': 'allow', - 'max_clients': '47', - 'max_clients_ap': '48', - 'me_disable_thresh': '49', - 'mesh_backhaul': 'enable', - 'mpsk': 'enable', - 'mpsk_concurrent_clients': '52', - 'multicast_enhance': 'enable', - 'multicast_rate': '0', - 'name': 'default_name_55', - 'okc': 'disable', - 'passphrase': 'test_value_57', - 'pmf': 'disable', - 'pmf_assoc_comeback_timeout': '59', - 'pmf_sa_query_retry_timeout': '60', - 'portal_message_override_group': 'test_value_61', - 'portal_type': 'auth', - 'probe_resp_suppression': 'enable', - 'probe_resp_threshold': 'test_value_64', - 'ptk_rekey': 'enable', - 'ptk_rekey_intv': '66', - 'qos_profile': 'test_value_67', - 'quarantine': 'enable', - 'radio_2g_threshold': 'test_value_69', - 'radio_5g_threshold': 'test_value_70', - 'radio_sensitivity': 'enable', - 'radius_mac_auth': 'enable', - 'radius_mac_auth_server': 'test_value_73', - 'radius_server': 'test_value_74', - 'rates_11a': '1', - 'rates_11ac_ss12': 'mcs0/1', - 'rates_11ac_ss34': 'mcs0/3', - 'rates_11bg': '1', - 'rates_11n_ss12': 'mcs0/1', - 'rates_11n_ss34': 'mcs16/3', - 'schedule': 'test_value_81', - 'security': 'open', - 'security_exempt_list': 'test_value_83', - 'security_obsolete_option': 'enable', - 'security_redirect_url': 'test_value_85', - 'split_tunneling': 'enable', - 'ssid': 'test_value_87', - 'tkip_counter_measure': 'enable', - 'utm_profile': 'test_value_89', - 'vdom': 'test_value_90', - 'vlan_auto': 'enable', - 'vlan_pooling': 'wtp-group', - 'vlanid': '93', - 'voice_enterprise': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_vap.fortios_wireless_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller', 'vap', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_vap_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_vap': { - 'acct_interim_interval': '3', - 'alias': 'test_value_4', - 'auth': 'psk', - 'broadcast_ssid': 'enable', - 'broadcast_suppression': 'dhcp-up', - 'captive_portal_ac_name': 'test_value_8', - 'captive_portal_macauth_radius_secret': 'test_value_9', - 'captive_portal_macauth_radius_server': 'test_value_10', - 'captive_portal_radius_secret': 'test_value_11', - 'captive_portal_radius_server': 'test_value_12', - 'captive_portal_session_timeout_interval': '13', - 'dhcp_lease_time': '14', - 'dhcp_option82_circuit_id_insertion': 'style-1', - 'dhcp_option82_insertion': 'enable', - 'dhcp_option82_remote_id_insertion': 'style-1', - 'dynamic_vlan': 'enable', - 'eap_reauth': 'enable', - 'eap_reauth_intv': '20', - 'eapol_key_retries': 'disable', - 'encrypt': 'TKIP', - 'external_fast_roaming': 'enable', - 'external_logout': 'test_value_24', - 'external_web': 'test_value_25', - 'fast_bss_transition': 'disable', - 'fast_roaming': 'enable', - 'ft_mobility_domain': '28', - 'ft_over_ds': 'disable', - 'ft_r0_key_lifetime': '30', - 'gtk_rekey': 'enable', - 'gtk_rekey_intv': '32', - 'hotspot20_profile': 'test_value_33', - 'intra_vap_privacy': 'enable', - 'ip': 'test_value_35', - 'key': 'test_value_36', - 'keyindex': '37', - 'ldpc': 'disable', - 'local_authentication': 'enable', - 'local_bridging': 'enable', - 'local_lan': 'allow', - 'local_standalone': 'enable', - 'local_standalone_nat': 'enable', - 'mac_auth_bypass': 'enable', - 'mac_filter': 'enable', - 'mac_filter_policy_other': 'allow', - 'max_clients': '47', - 'max_clients_ap': '48', - 'me_disable_thresh': '49', - 'mesh_backhaul': 'enable', - 'mpsk': 'enable', - 'mpsk_concurrent_clients': '52', - 'multicast_enhance': 'enable', - 'multicast_rate': '0', - 'name': 'default_name_55', - 'okc': 'disable', - 'passphrase': 'test_value_57', - 'pmf': 'disable', - 'pmf_assoc_comeback_timeout': '59', - 'pmf_sa_query_retry_timeout': '60', - 'portal_message_override_group': 'test_value_61', - 'portal_type': 'auth', - 'probe_resp_suppression': 'enable', - 'probe_resp_threshold': 'test_value_64', - 'ptk_rekey': 'enable', - 'ptk_rekey_intv': '66', - 'qos_profile': 'test_value_67', - 'quarantine': 'enable', - 'radio_2g_threshold': 'test_value_69', - 'radio_5g_threshold': 'test_value_70', - 'radio_sensitivity': 'enable', - 'radius_mac_auth': 'enable', - 'radius_mac_auth_server': 'test_value_73', - 'radius_server': 'test_value_74', - 'rates_11a': '1', - 'rates_11ac_ss12': 'mcs0/1', - 'rates_11ac_ss34': 'mcs0/3', - 'rates_11bg': '1', - 'rates_11n_ss12': 'mcs0/1', - 'rates_11n_ss34': 'mcs16/3', - 'schedule': 'test_value_81', - 'security': 'open', - 'security_exempt_list': 'test_value_83', - 'security_obsolete_option': 'enable', - 'security_redirect_url': 'test_value_85', - 'split_tunneling': 'enable', - 'ssid': 'test_value_87', - 'tkip_counter_measure': 'enable', - 'utm_profile': 'test_value_89', - 'vdom': 'test_value_90', - 'vlan_auto': 'enable', - 'vlan_pooling': 'wtp-group', - 'vlanid': '93', - 'voice_enterprise': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_vap.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'acct-interim-interval': '3', - 'alias': 'test_value_4', - 'auth': 'psk', - 'broadcast-ssid': 'enable', - 'broadcast-suppression': 'dhcp-up', - 'captive-portal-ac-name': 'test_value_8', - 'captive-portal-macauth-radius-secret': 'test_value_9', - 'captive-portal-macauth-radius-server': 'test_value_10', - 'captive-portal-radius-secret': 'test_value_11', - 'captive-portal-radius-server': 'test_value_12', - 'captive-portal-session-timeout-interval': '13', - 'dhcp-lease-time': '14', - 'dhcp-option82-circuit-id-insertion': 'style-1', - 'dhcp-option82-insertion': 'enable', - 'dhcp-option82-remote-id-insertion': 'style-1', - 'dynamic-vlan': 'enable', - 'eap-reauth': 'enable', - 'eap-reauth-intv': '20', - 'eapol-key-retries': 'disable', - 'encrypt': 'TKIP', - 'external-fast-roaming': 'enable', - 'external-logout': 'test_value_24', - 'external-web': 'test_value_25', - 'fast-bss-transition': 'disable', - 'fast-roaming': 'enable', - 'ft-mobility-domain': '28', - 'ft-over-ds': 'disable', - 'ft-r0-key-lifetime': '30', - 'gtk-rekey': 'enable', - 'gtk-rekey-intv': '32', - 'hotspot20-profile': 'test_value_33', - 'intra-vap-privacy': 'enable', - 'ip': 'test_value_35', - 'key': 'test_value_36', - 'keyindex': '37', - 'ldpc': 'disable', - 'local-authentication': 'enable', - 'local-bridging': 'enable', - 'local-lan': 'allow', - 'local-standalone': 'enable', - 'local-standalone-nat': 'enable', - 'mac-auth-bypass': 'enable', - 'mac-filter': 'enable', - 'mac-filter-policy-other': 'allow', - 'max-clients': '47', - 'max-clients-ap': '48', - 'me-disable-thresh': '49', - 'mesh-backhaul': 'enable', - 'mpsk': 'enable', - 'mpsk-concurrent-clients': '52', - 'multicast-enhance': 'enable', - 'multicast-rate': '0', - 'name': 'default_name_55', - 'okc': 'disable', - 'passphrase': 'test_value_57', - 'pmf': 'disable', - 'pmf-assoc-comeback-timeout': '59', - 'pmf-sa-query-retry-timeout': '60', - 'portal-message-override-group': 'test_value_61', - 'portal-type': 'auth', - 'probe-resp-suppression': 'enable', - 'probe-resp-threshold': 'test_value_64', - 'ptk-rekey': 'enable', - 'ptk-rekey-intv': '66', - 'qos-profile': 'test_value_67', - 'quarantine': 'enable', - 'radio-2g-threshold': 'test_value_69', - 'radio-5g-threshold': 'test_value_70', - 'radio-sensitivity': 'enable', - 'radius-mac-auth': 'enable', - 'radius-mac-auth-server': 'test_value_73', - 'radius-server': 'test_value_74', - 'rates-11a': '1', - 'rates-11ac-ss12': 'mcs0/1', - 'rates-11ac-ss34': 'mcs0/3', - 'rates-11bg': '1', - 'rates-11n-ss12': 'mcs0/1', - 'rates-11n-ss34': 'mcs16/3', - 'schedule': 'test_value_81', - 'security': 'open', - 'security-exempt-list': 'test_value_83', - 'security-obsolete-option': 'enable', - 'security-redirect-url': 'test_value_85', - 'split-tunneling': 'enable', - 'ssid': 'test_value_87', - 'tkip-counter-measure': 'enable', - 'utm-profile': 'test_value_89', - 'vdom': 'test_value_90', - 'vlan-auto': 'enable', - 'vlan-pooling': 'wtp-group', - 'vlanid': '93', - 'voice-enterprise': 'disable' - } - - set_method_mock.assert_called_with('wireless-controller', 'vap', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wireless_controller_vap_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_vap': { - 'random_attribute_not_valid': 'tag', - 'acct_interim_interval': '3', - 'alias': 'test_value_4', - 'auth': 'psk', - 'broadcast_ssid': 'enable', - 'broadcast_suppression': 'dhcp-up', - 'captive_portal_ac_name': 'test_value_8', - 'captive_portal_macauth_radius_secret': 'test_value_9', - 'captive_portal_macauth_radius_server': 'test_value_10', - 'captive_portal_radius_secret': 'test_value_11', - 'captive_portal_radius_server': 'test_value_12', - 'captive_portal_session_timeout_interval': '13', - 'dhcp_lease_time': '14', - 'dhcp_option82_circuit_id_insertion': 'style-1', - 'dhcp_option82_insertion': 'enable', - 'dhcp_option82_remote_id_insertion': 'style-1', - 'dynamic_vlan': 'enable', - 'eap_reauth': 'enable', - 'eap_reauth_intv': '20', - 'eapol_key_retries': 'disable', - 'encrypt': 'TKIP', - 'external_fast_roaming': 'enable', - 'external_logout': 'test_value_24', - 'external_web': 'test_value_25', - 'fast_bss_transition': 'disable', - 'fast_roaming': 'enable', - 'ft_mobility_domain': '28', - 'ft_over_ds': 'disable', - 'ft_r0_key_lifetime': '30', - 'gtk_rekey': 'enable', - 'gtk_rekey_intv': '32', - 'hotspot20_profile': 'test_value_33', - 'intra_vap_privacy': 'enable', - 'ip': 'test_value_35', - 'key': 'test_value_36', - 'keyindex': '37', - 'ldpc': 'disable', - 'local_authentication': 'enable', - 'local_bridging': 'enable', - 'local_lan': 'allow', - 'local_standalone': 'enable', - 'local_standalone_nat': 'enable', - 'mac_auth_bypass': 'enable', - 'mac_filter': 'enable', - 'mac_filter_policy_other': 'allow', - 'max_clients': '47', - 'max_clients_ap': '48', - 'me_disable_thresh': '49', - 'mesh_backhaul': 'enable', - 'mpsk': 'enable', - 'mpsk_concurrent_clients': '52', - 'multicast_enhance': 'enable', - 'multicast_rate': '0', - 'name': 'default_name_55', - 'okc': 'disable', - 'passphrase': 'test_value_57', - 'pmf': 'disable', - 'pmf_assoc_comeback_timeout': '59', - 'pmf_sa_query_retry_timeout': '60', - 'portal_message_override_group': 'test_value_61', - 'portal_type': 'auth', - 'probe_resp_suppression': 'enable', - 'probe_resp_threshold': 'test_value_64', - 'ptk_rekey': 'enable', - 'ptk_rekey_intv': '66', - 'qos_profile': 'test_value_67', - 'quarantine': 'enable', - 'radio_2g_threshold': 'test_value_69', - 'radio_5g_threshold': 'test_value_70', - 'radio_sensitivity': 'enable', - 'radius_mac_auth': 'enable', - 'radius_mac_auth_server': 'test_value_73', - 'radius_server': 'test_value_74', - 'rates_11a': '1', - 'rates_11ac_ss12': 'mcs0/1', - 'rates_11ac_ss34': 'mcs0/3', - 'rates_11bg': '1', - 'rates_11n_ss12': 'mcs0/1', - 'rates_11n_ss34': 'mcs16/3', - 'schedule': 'test_value_81', - 'security': 'open', - 'security_exempt_list': 'test_value_83', - 'security_obsolete_option': 'enable', - 'security_redirect_url': 'test_value_85', - 'split_tunneling': 'enable', - 'ssid': 'test_value_87', - 'tkip_counter_measure': 'enable', - 'utm_profile': 'test_value_89', - 'vdom': 'test_value_90', - 'vlan_auto': 'enable', - 'vlan_pooling': 'wtp-group', - 'vlanid': '93', - 'voice_enterprise': 'disable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_vap.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'acct-interim-interval': '3', - 'alias': 'test_value_4', - 'auth': 'psk', - 'broadcast-ssid': 'enable', - 'broadcast-suppression': 'dhcp-up', - 'captive-portal-ac-name': 'test_value_8', - 'captive-portal-macauth-radius-secret': 'test_value_9', - 'captive-portal-macauth-radius-server': 'test_value_10', - 'captive-portal-radius-secret': 'test_value_11', - 'captive-portal-radius-server': 'test_value_12', - 'captive-portal-session-timeout-interval': '13', - 'dhcp-lease-time': '14', - 'dhcp-option82-circuit-id-insertion': 'style-1', - 'dhcp-option82-insertion': 'enable', - 'dhcp-option82-remote-id-insertion': 'style-1', - 'dynamic-vlan': 'enable', - 'eap-reauth': 'enable', - 'eap-reauth-intv': '20', - 'eapol-key-retries': 'disable', - 'encrypt': 'TKIP', - 'external-fast-roaming': 'enable', - 'external-logout': 'test_value_24', - 'external-web': 'test_value_25', - 'fast-bss-transition': 'disable', - 'fast-roaming': 'enable', - 'ft-mobility-domain': '28', - 'ft-over-ds': 'disable', - 'ft-r0-key-lifetime': '30', - 'gtk-rekey': 'enable', - 'gtk-rekey-intv': '32', - 'hotspot20-profile': 'test_value_33', - 'intra-vap-privacy': 'enable', - 'ip': 'test_value_35', - 'key': 'test_value_36', - 'keyindex': '37', - 'ldpc': 'disable', - 'local-authentication': 'enable', - 'local-bridging': 'enable', - 'local-lan': 'allow', - 'local-standalone': 'enable', - 'local-standalone-nat': 'enable', - 'mac-auth-bypass': 'enable', - 'mac-filter': 'enable', - 'mac-filter-policy-other': 'allow', - 'max-clients': '47', - 'max-clients-ap': '48', - 'me-disable-thresh': '49', - 'mesh-backhaul': 'enable', - 'mpsk': 'enable', - 'mpsk-concurrent-clients': '52', - 'multicast-enhance': 'enable', - 'multicast-rate': '0', - 'name': 'default_name_55', - 'okc': 'disable', - 'passphrase': 'test_value_57', - 'pmf': 'disable', - 'pmf-assoc-comeback-timeout': '59', - 'pmf-sa-query-retry-timeout': '60', - 'portal-message-override-group': 'test_value_61', - 'portal-type': 'auth', - 'probe-resp-suppression': 'enable', - 'probe-resp-threshold': 'test_value_64', - 'ptk-rekey': 'enable', - 'ptk-rekey-intv': '66', - 'qos-profile': 'test_value_67', - 'quarantine': 'enable', - 'radio-2g-threshold': 'test_value_69', - 'radio-5g-threshold': 'test_value_70', - 'radio-sensitivity': 'enable', - 'radius-mac-auth': 'enable', - 'radius-mac-auth-server': 'test_value_73', - 'radius-server': 'test_value_74', - 'rates-11a': '1', - 'rates-11ac-ss12': 'mcs0/1', - 'rates-11ac-ss34': 'mcs0/3', - 'rates-11bg': '1', - 'rates-11n-ss12': 'mcs0/1', - 'rates-11n-ss34': 'mcs16/3', - 'schedule': 'test_value_81', - 'security': 'open', - 'security-exempt-list': 'test_value_83', - 'security-obsolete-option': 'enable', - 'security-redirect-url': 'test_value_85', - 'split-tunneling': 'enable', - 'ssid': 'test_value_87', - 'tkip-counter-measure': 'enable', - 'utm-profile': 'test_value_89', - 'vdom': 'test_value_90', - 'vlan-auto': 'enable', - 'vlan-pooling': 'wtp-group', - 'vlanid': '93', - 'voice-enterprise': 'disable' - } - - set_method_mock.assert_called_with('wireless-controller', 'vap', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wireless_controller_vap_group.py b/test/units/modules/network/fortios/test_fortios_wireless_controller_vap_group.py deleted file mode 100644 index 14c101737ec..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wireless_controller_vap_group.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wireless_controller_vap_group -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wireless_controller_vap_group.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wireless_controller_vap_group_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_vap_group': { - 'comment': 'Comment.', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_vap_group.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('wireless-controller', 'vap-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_vap_group_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_vap_group': { - 'comment': 'Comment.', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_vap_group.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('wireless-controller', 'vap-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_vap_group_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_vap_group': { - 'comment': 'Comment.', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_vap_group.fortios_wireless_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller', 'vap-group', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_vap_group_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_vap_group': { - 'comment': 'Comment.', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_vap_group.fortios_wireless_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller', 'vap-group', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_vap_group_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_vap_group': { - 'comment': 'Comment.', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_vap_group.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('wireless-controller', 'vap-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wireless_controller_vap_group_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_vap_group': { - 'random_attribute_not_valid': 'tag', - 'comment': 'Comment.', - 'name': 'default_name_4', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_vap_group.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'comment': 'Comment.', - 'name': 'default_name_4', - - } - - set_method_mock.assert_called_with('wireless-controller', 'vap-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wireless_controller_wids_profile.py b/test/units/modules/network/fortios/test_fortios_wireless_controller_wids_profile.py deleted file mode 100644 index 622dbef72e2..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wireless_controller_wids_profile.py +++ /dev/null @@ -1,679 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wireless_controller_wids_profile -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wireless_controller_wids_profile.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wireless_controller_wids_profile_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_wids_profile': { - 'ap_auto_suppress': 'enable', - 'ap_bgscan_disable_day': 'sunday', - 'ap_bgscan_disable_end': 'test_value_5', - 'ap_bgscan_disable_start': 'test_value_6', - 'ap_bgscan_duration': '7', - 'ap_bgscan_idle': '8', - 'ap_bgscan_intv': '9', - 'ap_bgscan_period': '10', - 'ap_bgscan_report_intv': '11', - 'ap_fgscan_report_intv': '12', - 'ap_scan': 'disable', - 'ap_scan_passive': 'enable', - 'asleap_attack': 'enable', - 'assoc_flood_thresh': '16', - 'assoc_flood_time': '17', - 'assoc_frame_flood': 'enable', - 'auth_flood_thresh': '19', - 'auth_flood_time': '20', - 'auth_frame_flood': 'enable', - 'comment': 'Comment.', - 'deauth_broadcast': 'enable', - 'deauth_unknown_src_thresh': '24', - 'eapol_fail_flood': 'enable', - 'eapol_fail_intv': '26', - 'eapol_fail_thresh': '27', - 'eapol_logoff_flood': 'enable', - 'eapol_logoff_intv': '29', - 'eapol_logoff_thresh': '30', - 'eapol_pre_fail_flood': 'enable', - 'eapol_pre_fail_intv': '32', - 'eapol_pre_fail_thresh': '33', - 'eapol_pre_succ_flood': 'enable', - 'eapol_pre_succ_intv': '35', - 'eapol_pre_succ_thresh': '36', - 'eapol_start_flood': 'enable', - 'eapol_start_intv': '38', - 'eapol_start_thresh': '39', - 'eapol_succ_flood': 'enable', - 'eapol_succ_intv': '41', - 'eapol_succ_thresh': '42', - 'invalid_mac_oui': 'enable', - 'long_duration_attack': 'enable', - 'long_duration_thresh': '45', - 'name': 'default_name_46', - 'null_ssid_probe_resp': 'enable', - 'sensor_mode': 'disable', - 'spoofed_deauth': 'enable', - 'weak_wep_iv': 'enable', - 'wireless_bridge': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_wids_profile.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'ap-auto-suppress': 'enable', - 'ap-bgscan-disable-day': 'sunday', - 'ap-bgscan-disable-end': 'test_value_5', - 'ap-bgscan-disable-start': 'test_value_6', - 'ap-bgscan-duration': '7', - 'ap-bgscan-idle': '8', - 'ap-bgscan-intv': '9', - 'ap-bgscan-period': '10', - 'ap-bgscan-report-intv': '11', - 'ap-fgscan-report-intv': '12', - 'ap-scan': 'disable', - 'ap-scan-passive': 'enable', - 'asleap-attack': 'enable', - 'assoc-flood-thresh': '16', - 'assoc-flood-time': '17', - 'assoc-frame-flood': 'enable', - 'auth-flood-thresh': '19', - 'auth-flood-time': '20', - 'auth-frame-flood': 'enable', - 'comment': 'Comment.', - 'deauth-broadcast': 'enable', - 'deauth-unknown-src-thresh': '24', - 'eapol-fail-flood': 'enable', - 'eapol-fail-intv': '26', - 'eapol-fail-thresh': '27', - 'eapol-logoff-flood': 'enable', - 'eapol-logoff-intv': '29', - 'eapol-logoff-thresh': '30', - 'eapol-pre-fail-flood': 'enable', - 'eapol-pre-fail-intv': '32', - 'eapol-pre-fail-thresh': '33', - 'eapol-pre-succ-flood': 'enable', - 'eapol-pre-succ-intv': '35', - 'eapol-pre-succ-thresh': '36', - 'eapol-start-flood': 'enable', - 'eapol-start-intv': '38', - 'eapol-start-thresh': '39', - 'eapol-succ-flood': 'enable', - 'eapol-succ-intv': '41', - 'eapol-succ-thresh': '42', - 'invalid-mac-oui': 'enable', - 'long-duration-attack': 'enable', - 'long-duration-thresh': '45', - 'name': 'default_name_46', - 'null-ssid-probe-resp': 'enable', - 'sensor-mode': 'disable', - 'spoofed-deauth': 'enable', - 'weak-wep-iv': 'enable', - 'wireless-bridge': 'enable' - } - - set_method_mock.assert_called_with('wireless-controller', 'wids-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_wids_profile_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_wids_profile': { - 'ap_auto_suppress': 'enable', - 'ap_bgscan_disable_day': 'sunday', - 'ap_bgscan_disable_end': 'test_value_5', - 'ap_bgscan_disable_start': 'test_value_6', - 'ap_bgscan_duration': '7', - 'ap_bgscan_idle': '8', - 'ap_bgscan_intv': '9', - 'ap_bgscan_period': '10', - 'ap_bgscan_report_intv': '11', - 'ap_fgscan_report_intv': '12', - 'ap_scan': 'disable', - 'ap_scan_passive': 'enable', - 'asleap_attack': 'enable', - 'assoc_flood_thresh': '16', - 'assoc_flood_time': '17', - 'assoc_frame_flood': 'enable', - 'auth_flood_thresh': '19', - 'auth_flood_time': '20', - 'auth_frame_flood': 'enable', - 'comment': 'Comment.', - 'deauth_broadcast': 'enable', - 'deauth_unknown_src_thresh': '24', - 'eapol_fail_flood': 'enable', - 'eapol_fail_intv': '26', - 'eapol_fail_thresh': '27', - 'eapol_logoff_flood': 'enable', - 'eapol_logoff_intv': '29', - 'eapol_logoff_thresh': '30', - 'eapol_pre_fail_flood': 'enable', - 'eapol_pre_fail_intv': '32', - 'eapol_pre_fail_thresh': '33', - 'eapol_pre_succ_flood': 'enable', - 'eapol_pre_succ_intv': '35', - 'eapol_pre_succ_thresh': '36', - 'eapol_start_flood': 'enable', - 'eapol_start_intv': '38', - 'eapol_start_thresh': '39', - 'eapol_succ_flood': 'enable', - 'eapol_succ_intv': '41', - 'eapol_succ_thresh': '42', - 'invalid_mac_oui': 'enable', - 'long_duration_attack': 'enable', - 'long_duration_thresh': '45', - 'name': 'default_name_46', - 'null_ssid_probe_resp': 'enable', - 'sensor_mode': 'disable', - 'spoofed_deauth': 'enable', - 'weak_wep_iv': 'enable', - 'wireless_bridge': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_wids_profile.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'ap-auto-suppress': 'enable', - 'ap-bgscan-disable-day': 'sunday', - 'ap-bgscan-disable-end': 'test_value_5', - 'ap-bgscan-disable-start': 'test_value_6', - 'ap-bgscan-duration': '7', - 'ap-bgscan-idle': '8', - 'ap-bgscan-intv': '9', - 'ap-bgscan-period': '10', - 'ap-bgscan-report-intv': '11', - 'ap-fgscan-report-intv': '12', - 'ap-scan': 'disable', - 'ap-scan-passive': 'enable', - 'asleap-attack': 'enable', - 'assoc-flood-thresh': '16', - 'assoc-flood-time': '17', - 'assoc-frame-flood': 'enable', - 'auth-flood-thresh': '19', - 'auth-flood-time': '20', - 'auth-frame-flood': 'enable', - 'comment': 'Comment.', - 'deauth-broadcast': 'enable', - 'deauth-unknown-src-thresh': '24', - 'eapol-fail-flood': 'enable', - 'eapol-fail-intv': '26', - 'eapol-fail-thresh': '27', - 'eapol-logoff-flood': 'enable', - 'eapol-logoff-intv': '29', - 'eapol-logoff-thresh': '30', - 'eapol-pre-fail-flood': 'enable', - 'eapol-pre-fail-intv': '32', - 'eapol-pre-fail-thresh': '33', - 'eapol-pre-succ-flood': 'enable', - 'eapol-pre-succ-intv': '35', - 'eapol-pre-succ-thresh': '36', - 'eapol-start-flood': 'enable', - 'eapol-start-intv': '38', - 'eapol-start-thresh': '39', - 'eapol-succ-flood': 'enable', - 'eapol-succ-intv': '41', - 'eapol-succ-thresh': '42', - 'invalid-mac-oui': 'enable', - 'long-duration-attack': 'enable', - 'long-duration-thresh': '45', - 'name': 'default_name_46', - 'null-ssid-probe-resp': 'enable', - 'sensor-mode': 'disable', - 'spoofed-deauth': 'enable', - 'weak-wep-iv': 'enable', - 'wireless-bridge': 'enable' - } - - set_method_mock.assert_called_with('wireless-controller', 'wids-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_wids_profile_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_wids_profile': { - 'ap_auto_suppress': 'enable', - 'ap_bgscan_disable_day': 'sunday', - 'ap_bgscan_disable_end': 'test_value_5', - 'ap_bgscan_disable_start': 'test_value_6', - 'ap_bgscan_duration': '7', - 'ap_bgscan_idle': '8', - 'ap_bgscan_intv': '9', - 'ap_bgscan_period': '10', - 'ap_bgscan_report_intv': '11', - 'ap_fgscan_report_intv': '12', - 'ap_scan': 'disable', - 'ap_scan_passive': 'enable', - 'asleap_attack': 'enable', - 'assoc_flood_thresh': '16', - 'assoc_flood_time': '17', - 'assoc_frame_flood': 'enable', - 'auth_flood_thresh': '19', - 'auth_flood_time': '20', - 'auth_frame_flood': 'enable', - 'comment': 'Comment.', - 'deauth_broadcast': 'enable', - 'deauth_unknown_src_thresh': '24', - 'eapol_fail_flood': 'enable', - 'eapol_fail_intv': '26', - 'eapol_fail_thresh': '27', - 'eapol_logoff_flood': 'enable', - 'eapol_logoff_intv': '29', - 'eapol_logoff_thresh': '30', - 'eapol_pre_fail_flood': 'enable', - 'eapol_pre_fail_intv': '32', - 'eapol_pre_fail_thresh': '33', - 'eapol_pre_succ_flood': 'enable', - 'eapol_pre_succ_intv': '35', - 'eapol_pre_succ_thresh': '36', - 'eapol_start_flood': 'enable', - 'eapol_start_intv': '38', - 'eapol_start_thresh': '39', - 'eapol_succ_flood': 'enable', - 'eapol_succ_intv': '41', - 'eapol_succ_thresh': '42', - 'invalid_mac_oui': 'enable', - 'long_duration_attack': 'enable', - 'long_duration_thresh': '45', - 'name': 'default_name_46', - 'null_ssid_probe_resp': 'enable', - 'sensor_mode': 'disable', - 'spoofed_deauth': 'enable', - 'weak_wep_iv': 'enable', - 'wireless_bridge': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_wids_profile.fortios_wireless_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller', 'wids-profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_wids_profile_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_wids_profile': { - 'ap_auto_suppress': 'enable', - 'ap_bgscan_disable_day': 'sunday', - 'ap_bgscan_disable_end': 'test_value_5', - 'ap_bgscan_disable_start': 'test_value_6', - 'ap_bgscan_duration': '7', - 'ap_bgscan_idle': '8', - 'ap_bgscan_intv': '9', - 'ap_bgscan_period': '10', - 'ap_bgscan_report_intv': '11', - 'ap_fgscan_report_intv': '12', - 'ap_scan': 'disable', - 'ap_scan_passive': 'enable', - 'asleap_attack': 'enable', - 'assoc_flood_thresh': '16', - 'assoc_flood_time': '17', - 'assoc_frame_flood': 'enable', - 'auth_flood_thresh': '19', - 'auth_flood_time': '20', - 'auth_frame_flood': 'enable', - 'comment': 'Comment.', - 'deauth_broadcast': 'enable', - 'deauth_unknown_src_thresh': '24', - 'eapol_fail_flood': 'enable', - 'eapol_fail_intv': '26', - 'eapol_fail_thresh': '27', - 'eapol_logoff_flood': 'enable', - 'eapol_logoff_intv': '29', - 'eapol_logoff_thresh': '30', - 'eapol_pre_fail_flood': 'enable', - 'eapol_pre_fail_intv': '32', - 'eapol_pre_fail_thresh': '33', - 'eapol_pre_succ_flood': 'enable', - 'eapol_pre_succ_intv': '35', - 'eapol_pre_succ_thresh': '36', - 'eapol_start_flood': 'enable', - 'eapol_start_intv': '38', - 'eapol_start_thresh': '39', - 'eapol_succ_flood': 'enable', - 'eapol_succ_intv': '41', - 'eapol_succ_thresh': '42', - 'invalid_mac_oui': 'enable', - 'long_duration_attack': 'enable', - 'long_duration_thresh': '45', - 'name': 'default_name_46', - 'null_ssid_probe_resp': 'enable', - 'sensor_mode': 'disable', - 'spoofed_deauth': 'enable', - 'weak_wep_iv': 'enable', - 'wireless_bridge': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_wids_profile.fortios_wireless_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller', 'wids-profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_wids_profile_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_wids_profile': { - 'ap_auto_suppress': 'enable', - 'ap_bgscan_disable_day': 'sunday', - 'ap_bgscan_disable_end': 'test_value_5', - 'ap_bgscan_disable_start': 'test_value_6', - 'ap_bgscan_duration': '7', - 'ap_bgscan_idle': '8', - 'ap_bgscan_intv': '9', - 'ap_bgscan_period': '10', - 'ap_bgscan_report_intv': '11', - 'ap_fgscan_report_intv': '12', - 'ap_scan': 'disable', - 'ap_scan_passive': 'enable', - 'asleap_attack': 'enable', - 'assoc_flood_thresh': '16', - 'assoc_flood_time': '17', - 'assoc_frame_flood': 'enable', - 'auth_flood_thresh': '19', - 'auth_flood_time': '20', - 'auth_frame_flood': 'enable', - 'comment': 'Comment.', - 'deauth_broadcast': 'enable', - 'deauth_unknown_src_thresh': '24', - 'eapol_fail_flood': 'enable', - 'eapol_fail_intv': '26', - 'eapol_fail_thresh': '27', - 'eapol_logoff_flood': 'enable', - 'eapol_logoff_intv': '29', - 'eapol_logoff_thresh': '30', - 'eapol_pre_fail_flood': 'enable', - 'eapol_pre_fail_intv': '32', - 'eapol_pre_fail_thresh': '33', - 'eapol_pre_succ_flood': 'enable', - 'eapol_pre_succ_intv': '35', - 'eapol_pre_succ_thresh': '36', - 'eapol_start_flood': 'enable', - 'eapol_start_intv': '38', - 'eapol_start_thresh': '39', - 'eapol_succ_flood': 'enable', - 'eapol_succ_intv': '41', - 'eapol_succ_thresh': '42', - 'invalid_mac_oui': 'enable', - 'long_duration_attack': 'enable', - 'long_duration_thresh': '45', - 'name': 'default_name_46', - 'null_ssid_probe_resp': 'enable', - 'sensor_mode': 'disable', - 'spoofed_deauth': 'enable', - 'weak_wep_iv': 'enable', - 'wireless_bridge': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_wids_profile.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'ap-auto-suppress': 'enable', - 'ap-bgscan-disable-day': 'sunday', - 'ap-bgscan-disable-end': 'test_value_5', - 'ap-bgscan-disable-start': 'test_value_6', - 'ap-bgscan-duration': '7', - 'ap-bgscan-idle': '8', - 'ap-bgscan-intv': '9', - 'ap-bgscan-period': '10', - 'ap-bgscan-report-intv': '11', - 'ap-fgscan-report-intv': '12', - 'ap-scan': 'disable', - 'ap-scan-passive': 'enable', - 'asleap-attack': 'enable', - 'assoc-flood-thresh': '16', - 'assoc-flood-time': '17', - 'assoc-frame-flood': 'enable', - 'auth-flood-thresh': '19', - 'auth-flood-time': '20', - 'auth-frame-flood': 'enable', - 'comment': 'Comment.', - 'deauth-broadcast': 'enable', - 'deauth-unknown-src-thresh': '24', - 'eapol-fail-flood': 'enable', - 'eapol-fail-intv': '26', - 'eapol-fail-thresh': '27', - 'eapol-logoff-flood': 'enable', - 'eapol-logoff-intv': '29', - 'eapol-logoff-thresh': '30', - 'eapol-pre-fail-flood': 'enable', - 'eapol-pre-fail-intv': '32', - 'eapol-pre-fail-thresh': '33', - 'eapol-pre-succ-flood': 'enable', - 'eapol-pre-succ-intv': '35', - 'eapol-pre-succ-thresh': '36', - 'eapol-start-flood': 'enable', - 'eapol-start-intv': '38', - 'eapol-start-thresh': '39', - 'eapol-succ-flood': 'enable', - 'eapol-succ-intv': '41', - 'eapol-succ-thresh': '42', - 'invalid-mac-oui': 'enable', - 'long-duration-attack': 'enable', - 'long-duration-thresh': '45', - 'name': 'default_name_46', - 'null-ssid-probe-resp': 'enable', - 'sensor-mode': 'disable', - 'spoofed-deauth': 'enable', - 'weak-wep-iv': 'enable', - 'wireless-bridge': 'enable' - } - - set_method_mock.assert_called_with('wireless-controller', 'wids-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wireless_controller_wids_profile_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_wids_profile': { - 'random_attribute_not_valid': 'tag', - 'ap_auto_suppress': 'enable', - 'ap_bgscan_disable_day': 'sunday', - 'ap_bgscan_disable_end': 'test_value_5', - 'ap_bgscan_disable_start': 'test_value_6', - 'ap_bgscan_duration': '7', - 'ap_bgscan_idle': '8', - 'ap_bgscan_intv': '9', - 'ap_bgscan_period': '10', - 'ap_bgscan_report_intv': '11', - 'ap_fgscan_report_intv': '12', - 'ap_scan': 'disable', - 'ap_scan_passive': 'enable', - 'asleap_attack': 'enable', - 'assoc_flood_thresh': '16', - 'assoc_flood_time': '17', - 'assoc_frame_flood': 'enable', - 'auth_flood_thresh': '19', - 'auth_flood_time': '20', - 'auth_frame_flood': 'enable', - 'comment': 'Comment.', - 'deauth_broadcast': 'enable', - 'deauth_unknown_src_thresh': '24', - 'eapol_fail_flood': 'enable', - 'eapol_fail_intv': '26', - 'eapol_fail_thresh': '27', - 'eapol_logoff_flood': 'enable', - 'eapol_logoff_intv': '29', - 'eapol_logoff_thresh': '30', - 'eapol_pre_fail_flood': 'enable', - 'eapol_pre_fail_intv': '32', - 'eapol_pre_fail_thresh': '33', - 'eapol_pre_succ_flood': 'enable', - 'eapol_pre_succ_intv': '35', - 'eapol_pre_succ_thresh': '36', - 'eapol_start_flood': 'enable', - 'eapol_start_intv': '38', - 'eapol_start_thresh': '39', - 'eapol_succ_flood': 'enable', - 'eapol_succ_intv': '41', - 'eapol_succ_thresh': '42', - 'invalid_mac_oui': 'enable', - 'long_duration_attack': 'enable', - 'long_duration_thresh': '45', - 'name': 'default_name_46', - 'null_ssid_probe_resp': 'enable', - 'sensor_mode': 'disable', - 'spoofed_deauth': 'enable', - 'weak_wep_iv': 'enable', - 'wireless_bridge': 'enable' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_wids_profile.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'ap-auto-suppress': 'enable', - 'ap-bgscan-disable-day': 'sunday', - 'ap-bgscan-disable-end': 'test_value_5', - 'ap-bgscan-disable-start': 'test_value_6', - 'ap-bgscan-duration': '7', - 'ap-bgscan-idle': '8', - 'ap-bgscan-intv': '9', - 'ap-bgscan-period': '10', - 'ap-bgscan-report-intv': '11', - 'ap-fgscan-report-intv': '12', - 'ap-scan': 'disable', - 'ap-scan-passive': 'enable', - 'asleap-attack': 'enable', - 'assoc-flood-thresh': '16', - 'assoc-flood-time': '17', - 'assoc-frame-flood': 'enable', - 'auth-flood-thresh': '19', - 'auth-flood-time': '20', - 'auth-frame-flood': 'enable', - 'comment': 'Comment.', - 'deauth-broadcast': 'enable', - 'deauth-unknown-src-thresh': '24', - 'eapol-fail-flood': 'enable', - 'eapol-fail-intv': '26', - 'eapol-fail-thresh': '27', - 'eapol-logoff-flood': 'enable', - 'eapol-logoff-intv': '29', - 'eapol-logoff-thresh': '30', - 'eapol-pre-fail-flood': 'enable', - 'eapol-pre-fail-intv': '32', - 'eapol-pre-fail-thresh': '33', - 'eapol-pre-succ-flood': 'enable', - 'eapol-pre-succ-intv': '35', - 'eapol-pre-succ-thresh': '36', - 'eapol-start-flood': 'enable', - 'eapol-start-intv': '38', - 'eapol-start-thresh': '39', - 'eapol-succ-flood': 'enable', - 'eapol-succ-intv': '41', - 'eapol-succ-thresh': '42', - 'invalid-mac-oui': 'enable', - 'long-duration-attack': 'enable', - 'long-duration-thresh': '45', - 'name': 'default_name_46', - 'null-ssid-probe-resp': 'enable', - 'sensor-mode': 'disable', - 'spoofed-deauth': 'enable', - 'weak-wep-iv': 'enable', - 'wireless-bridge': 'enable' - } - - set_method_mock.assert_called_with('wireless-controller', 'wids-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wireless_controller_wtp.py b/test/units/modules/network/fortios/test_fortios_wireless_controller_wtp.py deleted file mode 100644 index aea02faba54..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wireless_controller_wtp.py +++ /dev/null @@ -1,509 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wireless_controller_wtp -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wireless_controller_wtp.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wireless_controller_wtp_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_wtp': { - 'admin': 'discovered', - 'allowaccess': 'telnet', - 'bonjour_profile': 'test_value_5', - 'coordinate_enable': 'enable', - 'coordinate_latitude': 'test_value_7', - 'coordinate_longitude': 'test_value_8', - 'coordinate_x': 'test_value_9', - 'coordinate_y': 'test_value_10', - 'image_download': 'enable', - 'index': '12', - 'ip_fragment_preventing': 'tcp-mss-adjust', - 'led_state': 'enable', - 'location': 'test_value_15', - 'login_passwd': 'test_value_16', - 'login_passwd_change': 'yes', - 'mesh_bridge_enable': 'default', - 'name': 'default_name_19', - 'override_allowaccess': 'enable', - 'override_ip_fragment': 'enable', - 'override_lan': 'enable', - 'override_led_state': 'enable', - 'override_login_passwd_change': 'enable', - 'override_split_tunnel': 'enable', - 'override_wan_port_mode': 'enable', - 'split_tunneling_acl_local_ap_subnet': 'enable', - 'split_tunneling_acl_path': 'tunnel', - 'tun_mtu_downlink': '29', - 'tun_mtu_uplink': '30', - 'wan_port_mode': 'wan-lan', - 'wtp_id': 'test_value_32', - 'wtp_mode': 'normal', - 'wtp_profile': 'test_value_34' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_wtp.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'admin': 'discovered', - 'allowaccess': 'telnet', - 'bonjour-profile': 'test_value_5', - 'coordinate-enable': 'enable', - 'coordinate-latitude': 'test_value_7', - 'coordinate-longitude': 'test_value_8', - 'coordinate-x': 'test_value_9', - 'coordinate-y': 'test_value_10', - 'image-download': 'enable', - 'index': '12', - 'ip-fragment-preventing': 'tcp-mss-adjust', - 'led-state': 'enable', - 'location': 'test_value_15', - 'login-passwd': 'test_value_16', - 'login-passwd-change': 'yes', - 'mesh-bridge-enable': 'default', - 'name': 'default_name_19', - 'override-allowaccess': 'enable', - 'override-ip-fragment': 'enable', - 'override-lan': 'enable', - 'override-led-state': 'enable', - 'override-login-passwd-change': 'enable', - 'override-split-tunnel': 'enable', - 'override-wan-port-mode': 'enable', - 'split-tunneling-acl-local-ap-subnet': 'enable', - 'split-tunneling-acl-path': 'tunnel', - 'tun-mtu-downlink': '29', - 'tun-mtu-uplink': '30', - 'wan-port-mode': 'wan-lan', - 'wtp-id': 'test_value_32', - 'wtp-mode': 'normal', - 'wtp-profile': 'test_value_34' - } - - set_method_mock.assert_called_with('wireless-controller', 'wtp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_wtp_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_wtp': { - 'admin': 'discovered', - 'allowaccess': 'telnet', - 'bonjour_profile': 'test_value_5', - 'coordinate_enable': 'enable', - 'coordinate_latitude': 'test_value_7', - 'coordinate_longitude': 'test_value_8', - 'coordinate_x': 'test_value_9', - 'coordinate_y': 'test_value_10', - 'image_download': 'enable', - 'index': '12', - 'ip_fragment_preventing': 'tcp-mss-adjust', - 'led_state': 'enable', - 'location': 'test_value_15', - 'login_passwd': 'test_value_16', - 'login_passwd_change': 'yes', - 'mesh_bridge_enable': 'default', - 'name': 'default_name_19', - 'override_allowaccess': 'enable', - 'override_ip_fragment': 'enable', - 'override_lan': 'enable', - 'override_led_state': 'enable', - 'override_login_passwd_change': 'enable', - 'override_split_tunnel': 'enable', - 'override_wan_port_mode': 'enable', - 'split_tunneling_acl_local_ap_subnet': 'enable', - 'split_tunneling_acl_path': 'tunnel', - 'tun_mtu_downlink': '29', - 'tun_mtu_uplink': '30', - 'wan_port_mode': 'wan-lan', - 'wtp_id': 'test_value_32', - 'wtp_mode': 'normal', - 'wtp_profile': 'test_value_34' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_wtp.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'admin': 'discovered', - 'allowaccess': 'telnet', - 'bonjour-profile': 'test_value_5', - 'coordinate-enable': 'enable', - 'coordinate-latitude': 'test_value_7', - 'coordinate-longitude': 'test_value_8', - 'coordinate-x': 'test_value_9', - 'coordinate-y': 'test_value_10', - 'image-download': 'enable', - 'index': '12', - 'ip-fragment-preventing': 'tcp-mss-adjust', - 'led-state': 'enable', - 'location': 'test_value_15', - 'login-passwd': 'test_value_16', - 'login-passwd-change': 'yes', - 'mesh-bridge-enable': 'default', - 'name': 'default_name_19', - 'override-allowaccess': 'enable', - 'override-ip-fragment': 'enable', - 'override-lan': 'enable', - 'override-led-state': 'enable', - 'override-login-passwd-change': 'enable', - 'override-split-tunnel': 'enable', - 'override-wan-port-mode': 'enable', - 'split-tunneling-acl-local-ap-subnet': 'enable', - 'split-tunneling-acl-path': 'tunnel', - 'tun-mtu-downlink': '29', - 'tun-mtu-uplink': '30', - 'wan-port-mode': 'wan-lan', - 'wtp-id': 'test_value_32', - 'wtp-mode': 'normal', - 'wtp-profile': 'test_value_34' - } - - set_method_mock.assert_called_with('wireless-controller', 'wtp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_wtp_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_wtp': { - 'admin': 'discovered', - 'allowaccess': 'telnet', - 'bonjour_profile': 'test_value_5', - 'coordinate_enable': 'enable', - 'coordinate_latitude': 'test_value_7', - 'coordinate_longitude': 'test_value_8', - 'coordinate_x': 'test_value_9', - 'coordinate_y': 'test_value_10', - 'image_download': 'enable', - 'index': '12', - 'ip_fragment_preventing': 'tcp-mss-adjust', - 'led_state': 'enable', - 'location': 'test_value_15', - 'login_passwd': 'test_value_16', - 'login_passwd_change': 'yes', - 'mesh_bridge_enable': 'default', - 'name': 'default_name_19', - 'override_allowaccess': 'enable', - 'override_ip_fragment': 'enable', - 'override_lan': 'enable', - 'override_led_state': 'enable', - 'override_login_passwd_change': 'enable', - 'override_split_tunnel': 'enable', - 'override_wan_port_mode': 'enable', - 'split_tunneling_acl_local_ap_subnet': 'enable', - 'split_tunneling_acl_path': 'tunnel', - 'tun_mtu_downlink': '29', - 'tun_mtu_uplink': '30', - 'wan_port_mode': 'wan-lan', - 'wtp_id': 'test_value_32', - 'wtp_mode': 'normal', - 'wtp_profile': 'test_value_34' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_wtp.fortios_wireless_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller', 'wtp', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_wtp_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_wtp': { - 'admin': 'discovered', - 'allowaccess': 'telnet', - 'bonjour_profile': 'test_value_5', - 'coordinate_enable': 'enable', - 'coordinate_latitude': 'test_value_7', - 'coordinate_longitude': 'test_value_8', - 'coordinate_x': 'test_value_9', - 'coordinate_y': 'test_value_10', - 'image_download': 'enable', - 'index': '12', - 'ip_fragment_preventing': 'tcp-mss-adjust', - 'led_state': 'enable', - 'location': 'test_value_15', - 'login_passwd': 'test_value_16', - 'login_passwd_change': 'yes', - 'mesh_bridge_enable': 'default', - 'name': 'default_name_19', - 'override_allowaccess': 'enable', - 'override_ip_fragment': 'enable', - 'override_lan': 'enable', - 'override_led_state': 'enable', - 'override_login_passwd_change': 'enable', - 'override_split_tunnel': 'enable', - 'override_wan_port_mode': 'enable', - 'split_tunneling_acl_local_ap_subnet': 'enable', - 'split_tunneling_acl_path': 'tunnel', - 'tun_mtu_downlink': '29', - 'tun_mtu_uplink': '30', - 'wan_port_mode': 'wan-lan', - 'wtp_id': 'test_value_32', - 'wtp_mode': 'normal', - 'wtp_profile': 'test_value_34' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_wtp.fortios_wireless_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller', 'wtp', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_wtp_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_wtp': { - 'admin': 'discovered', - 'allowaccess': 'telnet', - 'bonjour_profile': 'test_value_5', - 'coordinate_enable': 'enable', - 'coordinate_latitude': 'test_value_7', - 'coordinate_longitude': 'test_value_8', - 'coordinate_x': 'test_value_9', - 'coordinate_y': 'test_value_10', - 'image_download': 'enable', - 'index': '12', - 'ip_fragment_preventing': 'tcp-mss-adjust', - 'led_state': 'enable', - 'location': 'test_value_15', - 'login_passwd': 'test_value_16', - 'login_passwd_change': 'yes', - 'mesh_bridge_enable': 'default', - 'name': 'default_name_19', - 'override_allowaccess': 'enable', - 'override_ip_fragment': 'enable', - 'override_lan': 'enable', - 'override_led_state': 'enable', - 'override_login_passwd_change': 'enable', - 'override_split_tunnel': 'enable', - 'override_wan_port_mode': 'enable', - 'split_tunneling_acl_local_ap_subnet': 'enable', - 'split_tunneling_acl_path': 'tunnel', - 'tun_mtu_downlink': '29', - 'tun_mtu_uplink': '30', - 'wan_port_mode': 'wan-lan', - 'wtp_id': 'test_value_32', - 'wtp_mode': 'normal', - 'wtp_profile': 'test_value_34' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_wtp.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'admin': 'discovered', - 'allowaccess': 'telnet', - 'bonjour-profile': 'test_value_5', - 'coordinate-enable': 'enable', - 'coordinate-latitude': 'test_value_7', - 'coordinate-longitude': 'test_value_8', - 'coordinate-x': 'test_value_9', - 'coordinate-y': 'test_value_10', - 'image-download': 'enable', - 'index': '12', - 'ip-fragment-preventing': 'tcp-mss-adjust', - 'led-state': 'enable', - 'location': 'test_value_15', - 'login-passwd': 'test_value_16', - 'login-passwd-change': 'yes', - 'mesh-bridge-enable': 'default', - 'name': 'default_name_19', - 'override-allowaccess': 'enable', - 'override-ip-fragment': 'enable', - 'override-lan': 'enable', - 'override-led-state': 'enable', - 'override-login-passwd-change': 'enable', - 'override-split-tunnel': 'enable', - 'override-wan-port-mode': 'enable', - 'split-tunneling-acl-local-ap-subnet': 'enable', - 'split-tunneling-acl-path': 'tunnel', - 'tun-mtu-downlink': '29', - 'tun-mtu-uplink': '30', - 'wan-port-mode': 'wan-lan', - 'wtp-id': 'test_value_32', - 'wtp-mode': 'normal', - 'wtp-profile': 'test_value_34' - } - - set_method_mock.assert_called_with('wireless-controller', 'wtp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wireless_controller_wtp_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_wtp': { - 'random_attribute_not_valid': 'tag', - 'admin': 'discovered', - 'allowaccess': 'telnet', - 'bonjour_profile': 'test_value_5', - 'coordinate_enable': 'enable', - 'coordinate_latitude': 'test_value_7', - 'coordinate_longitude': 'test_value_8', - 'coordinate_x': 'test_value_9', - 'coordinate_y': 'test_value_10', - 'image_download': 'enable', - 'index': '12', - 'ip_fragment_preventing': 'tcp-mss-adjust', - 'led_state': 'enable', - 'location': 'test_value_15', - 'login_passwd': 'test_value_16', - 'login_passwd_change': 'yes', - 'mesh_bridge_enable': 'default', - 'name': 'default_name_19', - 'override_allowaccess': 'enable', - 'override_ip_fragment': 'enable', - 'override_lan': 'enable', - 'override_led_state': 'enable', - 'override_login_passwd_change': 'enable', - 'override_split_tunnel': 'enable', - 'override_wan_port_mode': 'enable', - 'split_tunneling_acl_local_ap_subnet': 'enable', - 'split_tunneling_acl_path': 'tunnel', - 'tun_mtu_downlink': '29', - 'tun_mtu_uplink': '30', - 'wan_port_mode': 'wan-lan', - 'wtp_id': 'test_value_32', - 'wtp_mode': 'normal', - 'wtp_profile': 'test_value_34' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_wtp.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'admin': 'discovered', - 'allowaccess': 'telnet', - 'bonjour-profile': 'test_value_5', - 'coordinate-enable': 'enable', - 'coordinate-latitude': 'test_value_7', - 'coordinate-longitude': 'test_value_8', - 'coordinate-x': 'test_value_9', - 'coordinate-y': 'test_value_10', - 'image-download': 'enable', - 'index': '12', - 'ip-fragment-preventing': 'tcp-mss-adjust', - 'led-state': 'enable', - 'location': 'test_value_15', - 'login-passwd': 'test_value_16', - 'login-passwd-change': 'yes', - 'mesh-bridge-enable': 'default', - 'name': 'default_name_19', - 'override-allowaccess': 'enable', - 'override-ip-fragment': 'enable', - 'override-lan': 'enable', - 'override-led-state': 'enable', - 'override-login-passwd-change': 'enable', - 'override-split-tunnel': 'enable', - 'override-wan-port-mode': 'enable', - 'split-tunneling-acl-local-ap-subnet': 'enable', - 'split-tunneling-acl-path': 'tunnel', - 'tun-mtu-downlink': '29', - 'tun-mtu-uplink': '30', - 'wan-port-mode': 'wan-lan', - 'wtp-id': 'test_value_32', - 'wtp-mode': 'normal', - 'wtp-profile': 'test_value_34' - } - - set_method_mock.assert_called_with('wireless-controller', 'wtp', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wireless_controller_wtp_group.py b/test/units/modules/network/fortios/test_fortios_wireless_controller_wtp_group.py deleted file mode 100644 index 3490f945b5e..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wireless_controller_wtp_group.py +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wireless_controller_wtp_group -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wireless_controller_wtp_group.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wireless_controller_wtp_group_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_wtp_group': { - 'name': 'default_name_3', - 'platform_type': 'AP-11N', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_wtp_group.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'platform-type': 'AP-11N', - - } - - set_method_mock.assert_called_with('wireless-controller', 'wtp-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_wtp_group_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_wtp_group': { - 'name': 'default_name_3', - 'platform_type': 'AP-11N', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_wtp_group.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'platform-type': 'AP-11N', - - } - - set_method_mock.assert_called_with('wireless-controller', 'wtp-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_wtp_group_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_wtp_group': { - 'name': 'default_name_3', - 'platform_type': 'AP-11N', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_wtp_group.fortios_wireless_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller', 'wtp-group', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_wtp_group_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_wtp_group': { - 'name': 'default_name_3', - 'platform_type': 'AP-11N', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_wtp_group.fortios_wireless_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller', 'wtp-group', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_wtp_group_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_wtp_group': { - 'name': 'default_name_3', - 'platform_type': 'AP-11N', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_wtp_group.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'platform-type': 'AP-11N', - - } - - set_method_mock.assert_called_with('wireless-controller', 'wtp-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wireless_controller_wtp_group_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_wtp_group': { - 'random_attribute_not_valid': 'tag', - 'name': 'default_name_3', - 'platform_type': 'AP-11N', - - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_wtp_group.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'name': 'default_name_3', - 'platform-type': 'AP-11N', - - } - - set_method_mock.assert_called_with('wireless-controller', 'wtp-group', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 diff --git a/test/units/modules/network/fortios/test_fortios_wireless_controller_wtp_profile.py b/test/units/modules/network/fortios/test_fortios_wireless_controller_wtp_profile.py deleted file mode 100644 index d578db58021..00000000000 --- a/test/units/modules/network/fortios/test_fortios_wireless_controller_wtp_profile.py +++ /dev/null @@ -1,439 +0,0 @@ -# Copyright 2019 Fortinet, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -import json -import pytest -from mock import ANY -from ansible.module_utils.network.fortios.fortios import FortiOSHandler - -try: - from ansible.modules.network.fortios import fortios_wireless_controller_wtp_profile -except ImportError: - pytest.skip("Could not load required modules for testing", allow_module_level=True) - - -@pytest.fixture(autouse=True) -def connection_mock(mocker): - connection_class_mock = mocker.patch('ansible.modules.network.fortios.fortios_wireless_controller_wtp_profile.Connection') - return connection_class_mock - - -fos_instance = FortiOSHandler(connection_mock) - - -def test_wireless_controller_wtp_profile_creation(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_wtp_profile': { - 'allowaccess': 'telnet', - 'ap_country': 'NA', - 'ble_profile': 'test_value_5', - 'comment': 'Comment.', - 'control_message_offload': 'ebp-frame', - 'dtls_in_kernel': 'enable', - 'dtls_policy': 'clear-text', - 'energy_efficient_ethernet': 'enable', - 'ext_info_enable': 'enable', - 'handoff_roaming': 'enable', - 'handoff_rssi': '13', - 'handoff_sta_thresh': '14', - 'ip_fragment_preventing': 'tcp-mss-adjust', - 'led_state': 'enable', - 'lldp': 'enable', - 'login_passwd': 'test_value_18', - 'login_passwd_change': 'yes', - 'max_clients': '20', - 'name': 'default_name_21', - 'poe_mode': 'auto', - 'split_tunneling_acl_local_ap_subnet': 'enable', - 'split_tunneling_acl_path': 'tunnel', - 'tun_mtu_downlink': '25', - 'tun_mtu_uplink': '26', - 'wan_port_mode': 'wan-lan' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_wtp_profile.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'allowaccess': 'telnet', - 'ap-country': 'NA', - 'ble-profile': 'test_value_5', - 'comment': 'Comment.', - 'control-message-offload': 'ebp-frame', - 'dtls-in-kernel': 'enable', - 'dtls-policy': 'clear-text', - 'energy-efficient-ethernet': 'enable', - 'ext-info-enable': 'enable', - 'handoff-roaming': 'enable', - 'handoff-rssi': '13', - 'handoff-sta-thresh': '14', - 'ip-fragment-preventing': 'tcp-mss-adjust', - 'led-state': 'enable', - 'lldp': 'enable', - 'login-passwd': 'test_value_18', - 'login-passwd-change': 'yes', - 'max-clients': '20', - 'name': 'default_name_21', - 'poe-mode': 'auto', - 'split-tunneling-acl-local-ap-subnet': 'enable', - 'split-tunneling-acl-path': 'tunnel', - 'tun-mtu-downlink': '25', - 'tun-mtu-uplink': '26', - 'wan-port-mode': 'wan-lan' - } - - set_method_mock.assert_called_with('wireless-controller', 'wtp-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_wtp_profile_creation_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_wtp_profile': { - 'allowaccess': 'telnet', - 'ap_country': 'NA', - 'ble_profile': 'test_value_5', - 'comment': 'Comment.', - 'control_message_offload': 'ebp-frame', - 'dtls_in_kernel': 'enable', - 'dtls_policy': 'clear-text', - 'energy_efficient_ethernet': 'enable', - 'ext_info_enable': 'enable', - 'handoff_roaming': 'enable', - 'handoff_rssi': '13', - 'handoff_sta_thresh': '14', - 'ip_fragment_preventing': 'tcp-mss-adjust', - 'led_state': 'enable', - 'lldp': 'enable', - 'login_passwd': 'test_value_18', - 'login_passwd_change': 'yes', - 'max_clients': '20', - 'name': 'default_name_21', - 'poe_mode': 'auto', - 'split_tunneling_acl_local_ap_subnet': 'enable', - 'split_tunneling_acl_path': 'tunnel', - 'tun_mtu_downlink': '25', - 'tun_mtu_uplink': '26', - 'wan_port_mode': 'wan-lan' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_wtp_profile.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'allowaccess': 'telnet', - 'ap-country': 'NA', - 'ble-profile': 'test_value_5', - 'comment': 'Comment.', - 'control-message-offload': 'ebp-frame', - 'dtls-in-kernel': 'enable', - 'dtls-policy': 'clear-text', - 'energy-efficient-ethernet': 'enable', - 'ext-info-enable': 'enable', - 'handoff-roaming': 'enable', - 'handoff-rssi': '13', - 'handoff-sta-thresh': '14', - 'ip-fragment-preventing': 'tcp-mss-adjust', - 'led-state': 'enable', - 'lldp': 'enable', - 'login-passwd': 'test_value_18', - 'login-passwd-change': 'yes', - 'max-clients': '20', - 'name': 'default_name_21', - 'poe-mode': 'auto', - 'split-tunneling-acl-local-ap-subnet': 'enable', - 'split-tunneling-acl-path': 'tunnel', - 'tun-mtu-downlink': '25', - 'tun-mtu-uplink': '26', - 'wan-port-mode': 'wan-lan' - } - - set_method_mock.assert_called_with('wireless-controller', 'wtp-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_wtp_profile_removal(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_wtp_profile': { - 'allowaccess': 'telnet', - 'ap_country': 'NA', - 'ble_profile': 'test_value_5', - 'comment': 'Comment.', - 'control_message_offload': 'ebp-frame', - 'dtls_in_kernel': 'enable', - 'dtls_policy': 'clear-text', - 'energy_efficient_ethernet': 'enable', - 'ext_info_enable': 'enable', - 'handoff_roaming': 'enable', - 'handoff_rssi': '13', - 'handoff_sta_thresh': '14', - 'ip_fragment_preventing': 'tcp-mss-adjust', - 'led_state': 'enable', - 'lldp': 'enable', - 'login_passwd': 'test_value_18', - 'login_passwd_change': 'yes', - 'max_clients': '20', - 'name': 'default_name_21', - 'poe_mode': 'auto', - 'split_tunneling_acl_local_ap_subnet': 'enable', - 'split_tunneling_acl_path': 'tunnel', - 'tun_mtu_downlink': '25', - 'tun_mtu_uplink': '26', - 'wan_port_mode': 'wan-lan' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_wtp_profile.fortios_wireless_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller', 'wtp-profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200 - - -def test_wireless_controller_wtp_profile_deletion_fails(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - delete_method_result = {'status': 'error', 'http_method': 'POST', 'http_status': 500} - delete_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.delete', return_value=delete_method_result) - - input_data = { - 'username': 'admin', - 'state': 'absent', - 'wireless_controller_wtp_profile': { - 'allowaccess': 'telnet', - 'ap_country': 'NA', - 'ble_profile': 'test_value_5', - 'comment': 'Comment.', - 'control_message_offload': 'ebp-frame', - 'dtls_in_kernel': 'enable', - 'dtls_policy': 'clear-text', - 'energy_efficient_ethernet': 'enable', - 'ext_info_enable': 'enable', - 'handoff_roaming': 'enable', - 'handoff_rssi': '13', - 'handoff_sta_thresh': '14', - 'ip_fragment_preventing': 'tcp-mss-adjust', - 'led_state': 'enable', - 'lldp': 'enable', - 'login_passwd': 'test_value_18', - 'login_passwd_change': 'yes', - 'max_clients': '20', - 'name': 'default_name_21', - 'poe_mode': 'auto', - 'split_tunneling_acl_local_ap_subnet': 'enable', - 'split_tunneling_acl_path': 'tunnel', - 'tun_mtu_downlink': '25', - 'tun_mtu_uplink': '26', - 'wan_port_mode': 'wan-lan' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_wtp_profile.fortios_wireless_controller(input_data, fos_instance) - - delete_method_mock.assert_called_with('wireless-controller', 'wtp-profile', mkey=ANY, vdom='root') - schema_method_mock.assert_not_called() - assert is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 500 - - -def test_wireless_controller_wtp_profile_idempotent(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'error', 'http_method': 'DELETE', 'http_status': 404} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_wtp_profile': { - 'allowaccess': 'telnet', - 'ap_country': 'NA', - 'ble_profile': 'test_value_5', - 'comment': 'Comment.', - 'control_message_offload': 'ebp-frame', - 'dtls_in_kernel': 'enable', - 'dtls_policy': 'clear-text', - 'energy_efficient_ethernet': 'enable', - 'ext_info_enable': 'enable', - 'handoff_roaming': 'enable', - 'handoff_rssi': '13', - 'handoff_sta_thresh': '14', - 'ip_fragment_preventing': 'tcp-mss-adjust', - 'led_state': 'enable', - 'lldp': 'enable', - 'login_passwd': 'test_value_18', - 'login_passwd_change': 'yes', - 'max_clients': '20', - 'name': 'default_name_21', - 'poe_mode': 'auto', - 'split_tunneling_acl_local_ap_subnet': 'enable', - 'split_tunneling_acl_path': 'tunnel', - 'tun_mtu_downlink': '25', - 'tun_mtu_uplink': '26', - 'wan_port_mode': 'wan-lan' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_wtp_profile.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'allowaccess': 'telnet', - 'ap-country': 'NA', - 'ble-profile': 'test_value_5', - 'comment': 'Comment.', - 'control-message-offload': 'ebp-frame', - 'dtls-in-kernel': 'enable', - 'dtls-policy': 'clear-text', - 'energy-efficient-ethernet': 'enable', - 'ext-info-enable': 'enable', - 'handoff-roaming': 'enable', - 'handoff-rssi': '13', - 'handoff-sta-thresh': '14', - 'ip-fragment-preventing': 'tcp-mss-adjust', - 'led-state': 'enable', - 'lldp': 'enable', - 'login-passwd': 'test_value_18', - 'login-passwd-change': 'yes', - 'max-clients': '20', - 'name': 'default_name_21', - 'poe-mode': 'auto', - 'split-tunneling-acl-local-ap-subnet': 'enable', - 'split-tunneling-acl-path': 'tunnel', - 'tun-mtu-downlink': '25', - 'tun-mtu-uplink': '26', - 'wan-port-mode': 'wan-lan' - } - - set_method_mock.assert_called_with('wireless-controller', 'wtp-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert not changed - assert response['status'] == 'error' - assert response['http_status'] == 404 - - -def test_wireless_controller_wtp_profile_filter_foreign_attributes(mocker): - schema_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.schema') - - set_method_result = {'status': 'success', 'http_method': 'POST', 'http_status': 200} - set_method_mock = mocker.patch('ansible.module_utils.network.fortios.fortios.FortiOSHandler.set', return_value=set_method_result) - - input_data = { - 'username': 'admin', - 'state': 'present', - 'wireless_controller_wtp_profile': { - 'random_attribute_not_valid': 'tag', - 'allowaccess': 'telnet', - 'ap_country': 'NA', - 'ble_profile': 'test_value_5', - 'comment': 'Comment.', - 'control_message_offload': 'ebp-frame', - 'dtls_in_kernel': 'enable', - 'dtls_policy': 'clear-text', - 'energy_efficient_ethernet': 'enable', - 'ext_info_enable': 'enable', - 'handoff_roaming': 'enable', - 'handoff_rssi': '13', - 'handoff_sta_thresh': '14', - 'ip_fragment_preventing': 'tcp-mss-adjust', - 'led_state': 'enable', - 'lldp': 'enable', - 'login_passwd': 'test_value_18', - 'login_passwd_change': 'yes', - 'max_clients': '20', - 'name': 'default_name_21', - 'poe_mode': 'auto', - 'split_tunneling_acl_local_ap_subnet': 'enable', - 'split_tunneling_acl_path': 'tunnel', - 'tun_mtu_downlink': '25', - 'tun_mtu_uplink': '26', - 'wan_port_mode': 'wan-lan' - }, - 'vdom': 'root'} - - is_error, changed, response = fortios_wireless_controller_wtp_profile.fortios_wireless_controller(input_data, fos_instance) - - expected_data = { - 'allowaccess': 'telnet', - 'ap-country': 'NA', - 'ble-profile': 'test_value_5', - 'comment': 'Comment.', - 'control-message-offload': 'ebp-frame', - 'dtls-in-kernel': 'enable', - 'dtls-policy': 'clear-text', - 'energy-efficient-ethernet': 'enable', - 'ext-info-enable': 'enable', - 'handoff-roaming': 'enable', - 'handoff-rssi': '13', - 'handoff-sta-thresh': '14', - 'ip-fragment-preventing': 'tcp-mss-adjust', - 'led-state': 'enable', - 'lldp': 'enable', - 'login-passwd': 'test_value_18', - 'login-passwd-change': 'yes', - 'max-clients': '20', - 'name': 'default_name_21', - 'poe-mode': 'auto', - 'split-tunneling-acl-local-ap-subnet': 'enable', - 'split-tunneling-acl-path': 'tunnel', - 'tun-mtu-downlink': '25', - 'tun-mtu-uplink': '26', - 'wan-port-mode': 'wan-lan' - } - - set_method_mock.assert_called_with('wireless-controller', 'wtp-profile', data=expected_data, vdom='root') - schema_method_mock.assert_not_called() - assert not is_error - assert changed - assert response['status'] == 'success' - assert response['http_status'] == 200